Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows won't start after adware/malware removal


  • Please log in to reply
44 replies to this topic

#1 ivanmlerner

ivanmlerner

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 28 May 2017 - 11:52 PM

Hello,
 
I recently discovered malwarebytes, and got it running on a windows 10 PC (trial version), it discovered that I had a PUP called OpenCandy and removed it.
Just to be thorough I also used adwcleaner and it found i had PriceSparrow and some AVG thing installed (I run avast as an antivirus). I uninstalled price sparrow and let adwcleaner do its thing, but when I restarted the computer it started in repair mode, and none of the options managed to get it running (without reinstalling windows). I was sure I had a recent restore point, since I used one when this problem first appeared, but now its gone, and the one that exists, is from after the problem appeared, so same thing when I recover from it. I tried running a few antivirus with HIRENs boot cd, and it did show a few threats, but the problem persists after the scans. I also tried the CD version of avast, with recent definitions, and it discovered a few threats. I attached avasts output.

 

As requested in https://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help here is the FRST.txt. I managed to run the program from a usb through the prompt in the advanced options menu in the recovery menu, but it did not had the option of an Addition.txt. Lastly, I forgot to mention that the computer goes into diagnostic, and fails, going to the recovery menu, even when I try to boot in safe mode.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-05-2017
Ran by SISTEMA on MININT-BPOJOB2 (29-05-2017 01:44:13)
Running from h:\
Platform: Windows 10 Pro Version 1703 (X64) Language: Português (Brasil)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => %ProgramFiles%\Windows Defender\MSASCuiL.exe
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-10] (AVAST Software)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [954416 2017-03-22] (GAS Tecnologia LTDA)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [523144 2015-07-30] (Autodesk Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-12-12] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\system32\rstrui.exe /RUNONCE
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,
HKLM\...\Winlogon: [Shell] explorer.exe
HKLM-x32\...\Winlogon: [Shell] explorer.exe [ ] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2017-03-19] (Banco Itaú Unibanco)
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1129864 2015-07-30] (Autodesk Inc.)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
S2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.05\AsusFanControlService.exe [2005504 2012-10-12] (ASUSTeK Computer Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-10] (AVAST Software s.r.o.)
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-10] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [310496 2017-05-10] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-12-12] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-12-12] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [786136 2014-12-12] (BlueStack Systems, Inc.)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3801280 2017-05-04] (Microsoft Corporation)
S2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [590048 2017-03-19] (GAS Tecnologia)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1326408 2017-05-14] (Overwolf LTD)
S2 Simraceway Update Service; C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe [1630720 2013-07-11] ()
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [954416 2017-03-22] (GAS Tecnologia LTDA)
S3 AJRouter; %SystemRoot%\System32\AJRouter.dll [X]
S3 ALG; %SystemRoot%\System32\alg.exe [X]
S3 AppIDSvc; %SystemRoot%\System32\appidsvc.dll [X]
S3 Appinfo; %SystemRoot%\System32\appinfo.dll [X]
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [X]
S3 AppReadiness; %SystemRoot%\system32\AppReadiness.dll [X]
S4 AppVClient; %systemroot%\system32\AppVClient.exe [X]
S3 AppXSvc; %SystemRoot%\system32\appxdeploymentserver.dll [X]
S2 AudioEndpointBuilder; %SystemRoot%\System32\AudioEndpointBuilder.dll [X]
S2 Audiosrv; %SystemRoot%\System32\Audiosrv.dll [X]
S3 AxInstSV; %SystemRoot%\System32\AxInstSV.dll [X]
S3 BDESVC; %SystemRoot%\System32\bdesvc.dll [X]
S2 BFE; %SystemRoot%\System32\bfe.dll [X]
S2 BITS; %SystemRoot%\System32\qmgr.dll [X]
S2 BrokerInfrastructure; %SystemRoot%\System32\bisrv.dll [X]
S3 Browser; %SystemRoot%\System32\browser.dll [X]
S3 BthHFSrv; %SystemRoot%\System32\BthHFSrv.dll [X]
S3 bthserv; %SystemRoot%\system32\bthserv.dll [X]
S2 CDPSvc; %SystemRoot%\System32\CDPSvc.dll [X]
S2 CDPUserSvc; %SystemRoot%\System32\CDPUserSvc.dll [X]
S2 CDPUserSvc_6dfcb; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup [X]
S3 CertPropSvc; %SystemRoot%\System32\certprop.dll [X]
S3 ClipSVC; %SystemRoot%\System32\ClipSVC.dll [X]
S2 CoreMessagingRegistrar; %SystemRoot%\system32\coremessaging.dll [X]
S2 CryptSvc; %SystemRoot%\system32\cryptsvc.dll [X]
S2 CscService; %SystemRoot%\System32\cscsvc.dll [X]
S2 DcomLaunch; %SystemRoot%\system32\rpcss.dll [X]
S3 defragsvc; %Systemroot%\System32\defragsvc.dll [X]
S2 DeviceAssociationService; %SystemRoot%\system32\das.dll [X]
S3 DeviceInstall; %SystemRoot%\system32\umpnpmgr.dll [X]
S3 DevicesFlowUserSvc; %SystemRoot%\System32\DevicesFlowBroker.dll [X]
S3 DevicesFlowUserSvc_6dfcb; C:\WINDOWS\system32\svchost.exe -k DevicesFlow [X]
S3 DevQueryBroker; %SystemRoot%\system32\DevQueryBroker.dll [X]
S2 Dhcp; %SystemRoot%\system32\dhcpcore.dll [X]
S3 diagnosticshub.standardcollector.service; %SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [X]
S2 DiagTrack; %SystemRoot%\system32\diagtrack.dll [X]
S3 DmEnrollmentSvc; %systemroot%\system32\Windows.Internal.Management.dll [X]
S3 dmwappushservice; %SystemRoot%\system32\dmwappushsvc.dll [X]
S2 Dnscache; %SystemRoot%\System32\dnsrslvr.dll [X]
S2 DoSvc; %SystemRoot%\system32\dosvc.dll [X]
S3 dot3svc; %SystemRoot%\System32\dot3svc.dll [X]
S2 DPS; %SystemRoot%\system32\dps.dll [X]
S3 DsmSvc; %SystemRoot%\System32\DeviceSetupManager.dll [X]
S3 DsSvc; %SystemRoot%\System32\DsSvc.dll [X]
S2 DusmSvc; %SystemRoot%\System32\dusmsvc.dll [X]
S3 EapHost; %SystemRoot%\System32\eapsvc.dll [X]
S3 EFS; %SystemRoot%\system32\efssvc.dll [X]
S3 embeddedmode; %SystemRoot%\System32\embeddedmodesvc.dll [X]
S3 EntAppSvc; %SystemRoot%\system32\EnterpriseAppMgmtSvc.dll [X]
S2 EventLog; %SystemRoot%\System32\wevtsvc.dll [X]
S2 EventSystem; %systemroot%\system32\es.dll [X]
S3 Fax; %systemroot%\system32\fxssvc.exe [X]
S3 fdPHost; %SystemRoot%\system32\fdPHost.dll [X]
S3 FDResPub; %SystemRoot%\system32\fdrespub.dll [X]
S3 fhsvc; %SystemRoot%\system32\fhsvc.dll [X]
S2 FontCache; %SystemRoot%\system32\FntCache.dll [X]
S3 FontCache3.0.0.0; %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [X]
S3 FrameServer; %SystemRoot%\system32\FrameServer.dll [X]
S2 gpsvc; %SystemRoot%\System32\gpsvc.dll [X]
S3 hidserv; %SystemRoot%\system32\hidserv.dll [X]
S3 HomeGroupListener; %SystemRoot%\system32\ListSvc.dll [X]
S3 HomeGroupProvider; %SystemRoot%\system32\provsvc.dll [X]
S3 HvHost; %SystemRoot%\System32\hvhostsvc.dll [X]
S3 icssvc; %SystemRoot%\System32\tetheringservice.dll [X]
S2 IKEEXT; %SystemRoot%\System32\ikeext.dll [X]
S2 iphlpsvc; %SystemRoot%\System32\iphlpsvc.dll [X]
S3 IpxlatCfgSvc; %SystemRoot%\System32\IpxlatCfg.dll [X]
S3 irmon; %SystemRoot%\System32\irmon.dll [X]
S3 KeyIso; %SystemRoot%\system32\keyiso.dll [X]
S3 KtmRm; %systemroot%\system32\msdtckrm.dll [X]
S2 LanmanServer; %SystemRoot%\system32\srvsvc.dll [X]
S2 LanmanWorkstation; %SystemRoot%\System32\wkssvc.dll [X]
S3 lfsvc; %SystemRoot%\System32\lfsvc.dll [X]
S3 LicenseManager; %SystemRoot%\system32\LicenseManagerSvc.dll [X]
S3 lltdsvc; %SystemRoot%\System32\lltdsvc.dll [X]
S3 lmhosts; %SystemRoot%\System32\lmhsvc.dll [X]
S2 LSM; %SystemRoot%\System32\lsm.dll [X]
S2 MapsBroker; %SystemRoot%\System32\moshost.dll [X]
S3 MessagingService; %SystemRoot%\System32\MessagingService.dll [X]
S3 MessagingService_6dfcb; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup [X]
S2 MpsSvc; %SystemRoot%\system32\mpssvc.dll [X]
S3 MSDTC; %SystemRoot%\System32\msdtc.exe [X]
S3 MSiSCSI; %systemroot%\system32\iscsiexe.dll [X]
S3 msiserver; %systemroot%\system32\msiexec.exe /V [X]
S3 NaturalAuthentication; %SystemRoot%\System32\NaturalAuth.dll [X]
S3 NcaSvc; %SystemRoot%\System32\ncasvc.dll [X]
S3 NcbService; %SystemRoot%\System32\ncbservice.dll [X]
S3 NcdAutoSetup; %SystemRoot%\System32\NcdAutoSetup.dll [X]
S3 Netlogon; %SystemRoot%\system32\netlogon.dll [X]
S3 Netman; %SystemRoot%\System32\netman.dll [X]
S3 netprofm; %SystemRoot%\System32\netprofmsvc.dll [X]
S3 NetSetupSvc; %SystemRoot%\System32\NetSetupSvc.dll [X]
S4 NetTcpPortSharing; %systemroot%\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S3 NgcCtnrSvc; %SystemRoot%\System32\NgcCtnrSvc.dll [X]
S3 NgcSvc; %SystemRoot%\system32\ngcsvc.dll [X]
S2 NlaSvc; %SystemRoot%\System32\nlasvc.dll [X]
S2 nsi; %systemroot%\system32\nsisvc.dll [X]
S2 OneSyncSvc; %SystemRoot%\System32\APHostService.dll [X]
S2 OneSyncSvc_6dfcb; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup [X]
S3 p2pimsvc; %SystemRoot%\system32\pnrpsvc.dll [X]
S3 p2psvc; %SystemRoot%\system32\p2psvc.dll [X]
S2 PcaSvc; %SystemRoot%\System32\pcasvc.dll [X]
S3 PeerDistSvc; %SystemRoot%\system32\peerdistsvc.dll [X]
S3 PerfHost; %SystemRoot%\SysWow64\perfhost.exe [X]
S3 PhoneSvc; %SystemRoot%\System32\PhoneService.dll [X]
S3 PimIndexMaintenanceSvc; %SystemRoot%\System32\PimIndexMaintenance.dll [X]
S3 PimIndexMaintenanceSvc_6dfcb; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup [X]
S3 pla; %systemroot%\system32\pla.dll [X]
S3 PlugPlay; %SystemRoot%\system32\umpnpmgr.dll [X]
S3 PNRPAutoReg; %SystemRoot%\system32\pnrpauto.dll [X]
S3 PNRPsvc; %SystemRoot%\system32\pnrpsvc.dll [X]
S3 PolicyAgent; %SystemRoot%\System32\ipsecsvc.dll [X]
S2 Power; %SystemRoot%\system32\umpo.dll [X]
S2 ProfSvc; %systemroot%\system32\profsvc.dll [X]
S3 QWAVE; %windir%\system32\qwave.dll [X]
S3 RasAuto; %SystemRoot%\System32\rasauto.dll [X]
S3 RasMan; %SystemRoot%\System32\rasmans.dll [X]
S4 RemoteAccess; %SystemRoot%\System32\mprdim.dll [X]
S4 RemoteRegistry; %SystemRoot%\system32\regsvc.dll [X]
S3 RetailDemo; %SystemRoot%\system32\RDXService.dll [X]
S3 RmSvc; %SystemRoot%\System32\RMapi.dll [X]
S2 RpcEptMapper; %SystemRoot%\System32\RpcEpMap.dll [X]
S3 RpcLocator; %SystemRoot%\system32\locator.exe [X]
S2 RpcSs; %SystemRoot%\system32\rpcss.dll [X]
S2 SamSs; %SystemRoot%\system32\lsass.exe [X]
S4 SCardSvr; %SystemRoot%\System32\SCardSvr.dll [X]
S3 ScDeviceEnum; %SystemRoot%\System32\ScDeviceEnum.dll [X]
S2 Schedule; %systemroot%\system32\schedsvc.dll [X]
S3 SCPolicySvc; %SystemRoot%\System32\certprop.dll [X]
S3 SDRSVC; %Systemroot%\System32\SDRSVC.dll [X]
S3 seclogon; %windir%\system32\seclogon.dll [X]
S2 SecurityHealthService; %SystemRoot%\system32\SecurityHealthService.exe [X]
S3 SEMgrSvc; %SystemRoot%\system32\SEMgrSvc.dll [X]
S2 SENS; %SystemRoot%\System32\sens.dll [X]
S3 Sense; "%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe" [X]
S3 SensorDataService; %SystemRoot%\System32\SensorDataService.exe [X]
S3 SensorService; %SystemRoot%\system32\SensorService.dll [X]
S3 SensrSvc; %SystemRoot%\system32\sensrsvc.dll [X]
S3 SessionEnv; %SystemRoot%\system32\sessenv.dll [X]
S4 SharedAccess; %SystemRoot%\System32\ipnathlp.dll [X]
S2 ShellHWDetection; %SystemRoot%\System32\shsvcs.dll [X]
S4 shpamsvc; %systemroot%\system32\Windows.SharedPC.AccountManager.dll [X]
S3 smphost; %Systemroot%\System32\smphost.dll [X]
S3 SmsRouter; %SystemRoot%\system32\SmsRouterSvc.dll [X]
S3 SNMPTRAP; %SystemRoot%\System32\snmptrap.exe [X]
S3 spectrum; %systemroot%\system32\spectrum.exe [X]
S2 Spooler; %SystemRoot%\System32\spoolsv.exe [X]
S2 sppsvc; %SystemRoot%\system32\sppsvc.exe [X]
S3 SSDPSRV; %SystemRoot%\System32\ssdpsrv.dll [X]
S3 SstpSvc; %SystemRoot%\system32\sstpsvc.dll [X]
S3 StateRepository; %SystemRoot%\system32\windows.staterepository.dll [X]
S2 stisvc; %SystemRoot%\System32\wiaservc.dll [X]
S3 StorSvc; %SystemRoot%\system32\storsvc.dll [X]
S3 svsvc; %SystemRoot%\system32\svsvc.dll [X]
S3 swprv; %Systemroot%\System32\swprv.dll [X]
S2 SysMain; %systemroot%\system32\sysmain.dll [X]
S2 SystemEventsBroker; %SystemRoot%\System32\SystemEventsBrokerServer.dll [X]
S3 TabletInputService; %SystemRoot%\System32\TabSvc.dll [X]
S3 TapiSrv; %SystemRoot%\System32\tapisrv.dll [X]
S3 TermService; %SystemRoot%\System32\termsrv.dll [X]
S2 Themes; %SystemRoot%\system32\themeservice.dll [X]
S3 TieringEngineService; %SystemRoot%\system32\TieringEngineService.exe [X]
S3 TimeBrokerSvc; %SystemRoot%\System32\TimeBrokerServer.dll [X]
S3 TokenBroker; %SystemRoot%\System32\TokenBroker.dll [X]
S2 TrkWks; %SystemRoot%\System32\trkwks.dll [X]
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
S4 UevAgentService; %systemroot%\system32\AgentService.exe [X]
S3 UI0Detect; %SystemRoot%\system32\UI0Detect.exe [X]
S3 UmRdpService; %SystemRoot%\System32\umrdp.dll [X]
S3 UnistoreSvc; %SystemRoot%\System32\unistore.dll [X]
S3 UnistoreSvc_6dfcb; C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [X]
S3 upnphost; %SystemRoot%\System32\upnphost.dll [X]
S3 UserDataSvc; %SystemRoot%\System32\userdataservice.dll [X]
S3 UserDataSvc_6dfcb; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup [X]
S2 UserManager; %SystemRoot%\System32\usermgr.dll [X]
S3 UsoSvc; %systemroot%\system32\usocore.dll [X]
S3 VaultSvc; C:\Windows\System32\vaultsvc.dll [X]
S3 vds; %SystemRoot%\System32\vds.exe [X]
S3 vmicguestinterface; %SystemRoot%\System32\icsvc.dll [X]
S3 vmicheartbeat; %SystemRoot%\System32\icsvc.dll [X]
S3 vmickvpexchange; %SystemRoot%\System32\icsvc.dll [X]
S3 vmicrdv; %SystemRoot%\System32\icsvcext.dll [X]
S3 vmicshutdown; %SystemRoot%\System32\icsvc.dll [X]
S3 vmictimesync; %SystemRoot%\System32\icsvc.dll [X]
S3 vmicvmsession; %SystemRoot%\System32\icsvc.dll [X]
S3 vmicvss; %SystemRoot%\System32\icsvcext.dll [X]
S3 VSS; %systemroot%\system32\vssvc.exe [X]
S3 W32Time; %systemroot%\system32\w32time.dll [X]
S3 WalletService; %SystemRoot%\system32\WalletService.dll [X]
S3 wbengine; "%systemroot%\system32\wbengine.exe" [X]
S3 WbioSrvc; %SystemRoot%\System32\wbiosrvc.dll [X]
S3 wcncsvc; %SystemRoot%\System32\wcncsvc.dll [X]
S3 WdiServiceHost; %SystemRoot%\system32\wdi.dll [X]
S3 WdiSystemHost; %SystemRoot%\system32\wdi.dll [X]
S3 WdNisSvc; "%ProgramFiles%\Windows Defender\NisSrv.exe" [X]
S3 WebClient; %SystemRoot%\System32\webclnt.dll [X]
S3 Wecsvc; %SystemRoot%\system32\wecsvc.dll [X]
S3 WEPHOSTSVC; %systemroot%\system32\wephostsvc.dll [X]
S3 wercplsupport; %SystemRoot%\System32\wercplsupport.dll [X]
S3 WerSvc; %SystemRoot%\System32\WerSvc.dll [X]
S3 WFDSConMgrSvc; %SystemRoot%\System32\wfdsconmgrsvc.dll [X]
S3 WiaRpc; %SystemRoot%\System32\wiarpc.dll [X]
S3 WinDefend; "%ProgramFiles%\Windows Defender\MsMpEng.exe" [X]
S3 WinHttpAutoProxySvc; %SystemRoot%\system32\winhttp.dll [X]
S2 Winmgmt; %SystemRoot%\system32\wbem\WMIsvc.dll [X]
S3 WinRM; %SystemRoot%\system32\WsmSvc.dll [X]
S3 wisvc; %systemroot%\system32\flightsettings.dll [X]
S3 WlanSvc; %SystemRoot%\System32\wlansvc.dll [X]
S3 wlidsvc; %SystemRoot%\system32\wlidsvc.dll [X]
S3 wlpasvc; %SystemRoot%\System32\lpasvc.dll [X]
S3 wmiApSrv; %systemroot%\system32\wbem\WmiApSrv.exe [X]
S2 WMPNetworkSvc; "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" [X]
S3 workfolderssvc; %systemroot%\system32\workfolderssvc.dll [X]
S3 WPDBusEnum; %SystemRoot%\system32\wpdbusenum.dll [X]
S2 WpnService; %SystemRoot%\system32\WpnService.dll [X]
S2 WpnUserService; %SystemRoot%\System32\WpnUserService.dll [X]
S2 WpnUserService_6dfcb; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup [X]
S2 wscsvc; %SystemRoot%\System32\wscsvc.dll [X]
S3 wuauserv; %systemroot%\system32\wuaueng.dll [X]
S3 wudfsvc; %SystemRoot%\System32\WUDFSvc.dll [X]
S3 WwanSvc; %SystemRoot%\System32\wwansvc.dll [X]
S3 xbgm; %SystemRoot%\System32\xbgmsvc.dll [X]
S3 XblAuthManager; %SystemRoot%\System32\XblAuthManager.dll [X]
S3 XblGameSave; %SystemRoot%\System32\XblGameSave.dll [X]
S3 XboxGipSvc; %SystemRoot%\System32\XboxGipSvc.dll [X]
S3 XboxNetApiSvc; %SystemRoot%\system32\XboxNetApiSvc.dll [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-01-15] ()
S1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-05-10] (AVAST Software s.r.o.)
S0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-05-10] (AVAST Software s.r.o.)
S0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-05-10] (AVAST Software s.r.o.)
S0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-05-10] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-10] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-10] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-10] (AVAST Software)
S1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [507928 2017-05-10] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-10] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-10] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-10] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-10] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-05-12] (AVAST Software)
S0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-10] (AVAST Software)
S1 Beep; no ImagePath
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-12-12] (BlueStack Systems)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S1 Eve; C:\Windows\system32\DRIVERS\eve.sys [41304 2014-04-10] ()
S3 exfat; no ImagePath
S3 fastfat; no ImagePath
S0 Fs_Rec; no ImagePath
S1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2017-05-27] (GAS Tecnologia)
S1 gbpddfac; C:\Windows\SysWOW64\drivers\gbpddfac64.sys [28888 2017-03-19] (GAS Tecnologia)
S0 gbpddreg; C:\Windows\System32\drivers\gbpddreg64.sys [0 2017-05-27] () <==== ATTENTION (zero byte File/Folder)
S3 GBPRCM; C:\PROGRAM FILES (X86)\GBPLUGIN\gbprcm64.sys [29912 2017-03-19] (GAS Tecnologia)
S3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-19] (Intel Corporation)
S1 Msfs; no ImagePath
S3 MsRPC; no ImagePath
S2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc.)
S1 Npfs; no ImagePath
S3 NTFS; no ImagePath
S1 Null; no ImagePath
S3 ReFS; no ImagePath
S3 ReFSv1; no ImagePath
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2017-03-19] (GAS Tecnologia LTDA)
S1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [28376 2017-05-27] (GAS Tecnologia)
S1 wsddntf; C:\Windows\system32\DRIVERS\wsddntf.sys [47176 2017-03-22] (GAS Tecnologia)
S1 wsddpp; C:\WINDOWS\system32\drivers\wsddpp.sys [25184 2017-03-22] (GAS Tecnologia)
S3 wsddprm; C:\WINDOWS\system32\drivers\wsddprm.sys [25184 2017-03-22] (GAS Tecnologia)
S3 1394ohci; \SystemRoot\System32\drivers\1394ohci.sys [X]
S0 3ware; System32\drivers\3ware.sys [X]
S0 ACPI; System32\drivers\ACPI.sys [X]
S3 AcpiDev; \SystemRoot\System32\drivers\AcpiDev.sys [X]
S0 acpiex; System32\Drivers\acpiex.sys [X]
S3 acpipagr; \SystemRoot\System32\drivers\acpipagr.sys [X]
S3 AcpiPmi; \SystemRoot\System32\drivers\acpipmi.sys [X]
S3 acpitime; \SystemRoot\System32\drivers\acpitime.sys [X]
S0 ADP80XX; System32\drivers\ADP80XX.SYS [X]
S1 AFD; \SystemRoot\system32\drivers\afd.sys [X]
S1 ahcache; system32\DRIVERS\ahcache.sys [X]
S3 AmdK8; \SystemRoot\System32\drivers\amdk8.sys [X]
S3 AmdPPM; \SystemRoot\System32\drivers\amdppm.sys [X]
S0 amdsata; System32\drivers\amdsata.sys [X]
S0 amdsbs; System32\drivers\amdsbs.sys [X]
S0 amdxata; System32\drivers\amdxata.sys [X]
S3 AppID; system32\drivers\appid.sys [X]
S3 applockerfltr; system32\drivers\applockerfltr.sys [X]
S3 AppvStrm; \SystemRoot\system32\drivers\AppvStrm.sys [X]
S3 AppvVemgr; \SystemRoot\system32\drivers\AppvVemgr.sys [X]
S3 AppvVfs; \SystemRoot\system32\drivers\AppvVfs.sys [X]
S0 arcsas; System32\drivers\arcsas.sys [X]
S3 AsyncMac; \SystemRoot\System32\drivers\asyncmac.sys [X]
S0 atapi; System32\drivers\atapi.sys [X]
S0 b06bdrv; System32\drivers\bxvbda.sys [X]
S1 BasicDisplay; \SystemRoot\System32\drivers\BasicDisplay.sys [X]
S1 BasicRender; \SystemRoot\System32\drivers\BasicRender.sys [X]
S3 bcmfn2; \SystemRoot\System32\drivers\bcmfn2.sys [X]
S3 bowser; system32\DRIVERS\bowser.sys [X]
S3 BthAvrcpTg; \SystemRoot\System32\drivers\BthAvrcpTg.sys [X]
S3 BthHFEnum; \SystemRoot\System32\drivers\bthhfenum.sys [X]
S3 bthhfhid; \SystemRoot\System32\drivers\BthHFHid.sys [X]
S3 BTHMODEM; \SystemRoot\System32\drivers\bthmodem.sys [X]
S3 buttonconverter; \SystemRoot\System32\drivers\buttonconverter.sys [X]
S3 CAD; \SystemRoot\System32\drivers\CAD.sys [X]
S3 CapImg; \SystemRoot\System32\drivers\capimg.sys [X]
S4 cdfs; system32\DRIVERS\cdfs.sys [X]
S1 cdrom; \SystemRoot\System32\drivers\cdrom.sys [X]
S3 cht4iscsi; System32\drivers\cht4sx64.sys [X]
S3 cht4vbd; \SystemRoot\System32\drivers\cht4vx64.sys [X]
S3 circlass; \SystemRoot\System32\drivers\circlass.sys [X]
S2 CldFlt; system32\drivers\cldflt.sys [X]
S0 CLFS; System32\drivers\CLFS.sys [X]
S2 clreg; \SystemRoot\System32\drivers\registry.sys [X]
S3 CmBatt; \SystemRoot\System32\drivers\CmBatt.sys [X]
S0 CNG; System32\Drivers\cng.sys [X]
S4 cnghwassist; System32\DRIVERS\cnghwassist.sys [X]
S3 CompositeBus; \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys [X]
S3 condrv; System32\drivers\condrv.sys [X]
S1 CSC; system32\drivers\csc.sys [X]
S1 dam; system32\drivers\dam.sys [X]
S1 Dfsc; System32\Drivers\dfsc.sys [X]
S0 Disk; System32\drivers\disk.sys [X]
S3 dmvsc; \SystemRoot\System32\drivers\dmvsc.sys [X]
S3 drmkaud; \SystemRoot\system32\DRIVERS\drmkaud.sys [X]
S3 DXGKrnl; \SystemRoot\System32\drivers\dxgkrnl.sys [X]
S0 ebdrv; System32\drivers\evbda.sys [X]
S0 EhStorClass; System32\drivers\EhStorClass.sys [X]
S0 EhStorTcgDrv; System32\drivers\EhStorTcgDrv.sys [X]
S3 ErrDev; \SystemRoot\System32\drivers\errdev.sys [X]
S3 fdc; \SystemRoot\System32\drivers\fdc.sys [X]
S1 FileCrypt; system32\drivers\filecrypt.sys [X]
S0 FileInfo; System32\drivers\fileinfo.sys [X]
S3 Filetrace; system32\drivers\filetrace.sys [X]
S3 flpydisk; \SystemRoot\System32\drivers\flpydisk.sys [X]
S0 FltMgr; system32\drivers\fltmgr.sys [X]
S3 FsDepends; System32\drivers\FsDepends.sys [X]
S0 fvevol; System32\DRIVERS\fvevol.sys [X]
S3 gencounter; \SystemRoot\System32\drivers\vmgencounter.sys [X]
S3 genericusbfn; \SystemRoot\System32\drivers\genericusbfn.sys [X]
S3 GPIOClx0101; System32\Drivers\msgpioclx.sys [X]
S1 GpuEnergyDrv; System32\drivers\gpuenergydrv.sys [X]
S3 HDAudBus; \SystemRoot\System32\drivers\HDAudBus.sys [X]
S3 HidBatt; \SystemRoot\System32\drivers\HidBatt.sys [X]
S3 HidBth; \SystemRoot\System32\drivers\hidbth.sys [X]
S3 hidi2c; \SystemRoot\System32\drivers\hidi2c.sys [X]
S3 hidinterrupt; \SystemRoot\System32\drivers\hidinterrupt.sys [X]
S3 HidIr; \SystemRoot\System32\drivers\hidir.sys [X]
S3 HidUsb; \SystemRoot\System32\drivers\hidusb.sys [X]
S0 HpSAMD; System32\drivers\HpSAMD.sys [X]
S3 HTTP; system32\drivers\HTTP.sys [X]
S0 hwpolicy; System32\drivers\hwpolicy.sys [X]
S3 hyperkbd; \SystemRoot\System32\drivers\hyperkbd.sys [X]
S3 i8042prt; \SystemRoot\System32\drivers\i8042prt.sys [X]
S3 iagpio; \SystemRoot\System32\drivers\iagpio.sys [X]
S3 iai2c; \SystemRoot\System32\drivers\iai2c.sys [X]
S3 iaLPSS2i_GPIO2; \SystemRoot\System32\drivers\iaLPSS2i_GPIO2.sys [X]
S3 iaLPSS2i_GPIO2_BXT_P; \SystemRoot\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [X]
S3 iaLPSS2i_I2C; \SystemRoot\System32\drivers\iaLPSS2i_I2C.sys [X]
S3 iaLPSS2i_I2C_BXT_P; \SystemRoot\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [X]
S3 iaLPSSi_GPIO; \SystemRoot\System32\drivers\iaLPSSi_GPIO.sys [X]
S3 iaLPSSi_I2C; \SystemRoot\System32\drivers\iaLPSSi_I2C.sys [X]
S0 iaStorAV; System32\drivers\iaStorAV.sys [X]
S0 iaStorV; System32\drivers\iaStorV.sys [X]
S3 ibbus; \SystemRoot\System32\drivers\ibbus.sys [X]
S3 IndirectKmd; \SystemRoot\System32\drivers\IndirectKmd.sys [X]
S0 intelide; System32\drivers\intelide.sys [X]
S0 intelpep; System32\drivers\intelpep.sys [X]
S3 intelppm; \SystemRoot\System32\drivers\intelppm.sys [X]
S0 iorate; system32\drivers\iorate.sys [X]
S3 IpFilterDriver; system32\DRIVERS\ipfltdrv.sys [X]
S3 IPMIDRV; \SystemRoot\System32\drivers\IPMIDrv.sys [X]
S3 IPNAT; System32\drivers\ipnat.sys [X]
S3 irda; \SystemRoot\system32\drivers\irda.sys [X]
S3 IRENUM; system32\drivers\irenum.sys [X]
S0 isapnp; System32\drivers\isapnp.sys [X]
S3 iScsiPrt; \SystemRoot\System32\drivers\msiscsi.sys [X]
S3 kbdclass; \SystemRoot\System32\drivers\kbdclass.sys [X]
S3 kbdhid; \SystemRoot\System32\drivers\kbdhid.sys [X]
S3 kdnic; \SystemRoot\System32\drivers\kdnic.sys [X]
S0 KSecDD; System32\Drivers\ksecdd.sys [X]
S0 KSecPkg; System32\Drivers\ksecpkg.sys [X]
S3 ksthunk; \SystemRoot\system32\drivers\ksthunk.sys [X]
S2 lltdio; system32\drivers\lltdio.sys [X]
S0 LSI_SAS; System32\drivers\lsi_sas.sys [X]
S0 LSI_SAS2i; System32\drivers\lsi_sas2i.sys [X]
S0 LSI_SAS3i; System32\drivers\lsi_sas3i.sys [X]
S0 LSI_SSS; System32\drivers\lsi_sss.sys [X]
S2 luafv; \SystemRoot\system32\drivers\luafv.sys [X]
S3 mausbhost; \SystemRoot\System32\drivers\mausbhost.sys [X]
S3 mausbip; \SystemRoot\System32\drivers\mausbip.sys [X]
S0 megasas; System32\drivers\megasas.sys [X]
S0 megasas2i; System32\drivers\MegaSas2i.sys [X]
S0 megasr; System32\drivers\megasr.sys [X]
S3 mlx4_bus; \SystemRoot\System32\drivers\mlx4_bus.sys [X]
S2 MMCSS; \SystemRoot\system32\drivers\mmcss.sys [X]
S3 Modem; system32\drivers\modem.sys [X]
S3 monitor; \SystemRoot\System32\drivers\monitor.sys [X]
S3 mouclass; \SystemRoot\System32\drivers\mouclass.sys [X]
S3 mouhid; \SystemRoot\System32\drivers\mouhid.sys [X]
S0 mountmgr; System32\drivers\mountmgr.sys [X]
S3 mpsdrv; System32\drivers\mpsdrv.sys [X]
S3 MRxDAV; \SystemRoot\system32\drivers\mrxdav.sys [X]
S3 mrxsmb; system32\DRIVERS\mrxsmb.sys [X]
S2 mrxsmb10; system32\DRIVERS\mrxsmb10.sys [X]
S3 mrxsmb20; system32\DRIVERS\mrxsmb20.sys [X]
S3 MsBridge; System32\drivers\bridge.sys [X]
S3 msgpiowin32; \SystemRoot\System32\drivers\msgpiowin32.sys [X]
S3 mshidkmdf; \SystemRoot\System32\drivers\mshidkmdf.sys [X]
S3 mshidumdf; \SystemRoot\System32\drivers\mshidumdf.sys [X]
S0 msisadrv; System32\drivers\msisadrv.sys [X]
S3 MSKSSRV; \SystemRoot\system32\DRIVERS\MSKSSRV.sys [X]
S2 MsLldp; system32\drivers\mslldp.sys [X]
S3 MSPCLOCK; \SystemRoot\system32\DRIVERS\MSPCLOCK.sys [X]
S3 MSPQM; \SystemRoot\system32\DRIVERS\MSPQM.sys [X]
S3 MsSecFlt; system32\drivers\mssecflt.sys [X]
S1 mssmbios; \SystemRoot\System32\drivers\mssmbios.sys [X]
S3 MSTEE; \SystemRoot\system32\DRIVERS\MSTEE.sys [X]
S3 MTConfig; \SystemRoot\System32\drivers\MTConfig.sys [X]
S0 Mup; System32\Drivers\mup.sys [X]
S0 mvumis; System32\drivers\mvumis.sys [X]
S3 NativeWifiP; system32\DRIVERS\nwifi.sys [X]
S3 ndfltr; \SystemRoot\System32\drivers\ndfltr.sys [X]
S0 NDIS; system32\drivers\ndis.sys [X]
S3 NdisCap; System32\drivers\ndiscap.sys [X]
S3 NdisImPlatform; System32\drivers\NdisImPlatform.sys [X]
S3 NdisTapi; System32\DRIVERS\ndistapi.sys [X]
S3 Ndisuio; system32\drivers\ndisuio.sys [X]
S3 NdisVirtualBus; \SystemRoot\System32\drivers\NdisVirtualBus.sys [X]
S3 NdisWan; \SystemRoot\System32\drivers\ndiswan.sys [X]
S3 ndiswanlegacy; System32\DRIVERS\ndiswan.sys [X]
S3 ndproxy; System32\DRIVERS\NDProxy.sys [X]
S2 Ndu; system32\drivers\Ndu.sys [X]
S3 NetAdapterCx; system32\drivers\NetAdapterCx.sys [X]
S1 NetBIOS; system32\drivers\netbios.sys [X]
S1 NetBT; System32\DRIVERS\netbt.sys [X]
S3 netvsc; \SystemRoot\System32\drivers\netvsc.sys [X]
S1 npsvctrig; \SystemRoot\System32\drivers\npsvctrig.sys [X]
S1 nsiproxy; system32\drivers\nsiproxy.sys [X]
S3 nvdimmn; \SystemRoot\System32\drivers\nvdimmn.sys [X]
S0 nvraid; System32\drivers\nvraid.sys [X]
S0 nvstor; System32\drivers\nvstor.sys [X]
S3 Parport; \SystemRoot\System32\drivers\parport.sys [X]
S0 partmgr; System32\drivers\partmgr.sys [X]
S0 pci; System32\drivers\pci.sys [X]
S0 pciide; System32\drivers\pciide.sys [X]
S0 pcmcia; System32\drivers\pcmcia.sys [X]
S0 pcw; System32\drivers\pcw.sys [X]
S0 pdc; system32\drivers\pdc.sys [X]
S2 PEAUTH; system32\drivers\peauth.sys [X]
S0 percsas2i; System32\drivers\percsas2i.sys [X]
S0 percsas3i; System32\drivers\percsas3i.sys [X]
S3 pmem; \SystemRoot\System32\drivers\pmem.sys [X]
S3 PptpMiniport; \SystemRoot\System32\drivers\raspptp.sys [X]
S3 Processor; \SystemRoot\System32\drivers\processr.sys [X]
S1 Psched; System32\drivers\pacer.sys [X]
S3 QWAVEdrv; \SystemRoot\system32\drivers\qwavedrv.sys [X]
S3 RasAcd; System32\DRIVERS\rasacd.sys [X]
S3 RasAgileVpn; \SystemRoot\System32\drivers\AgileVpn.sys [X]
S3 Rasl2tp; \SystemRoot\System32\drivers\rasl2tp.sys [X]
S3 RasPppoe; System32\DRIVERS\raspppoe.sys [X]
S3 RasSstp; \SystemRoot\System32\drivers\rassstp.sys [X]
S1 rdbss; system32\DRIVERS\rdbss.sys [X]
S3 rdpbus; \SystemRoot\System32\drivers\rdpbus.sys [X]
S3 RDPDR; System32\drivers\rdpdr.sys [X]
S3 RdpVideoMiniport; System32\drivers\rdpvideominiport.sys [X]
S0 rdyboost; System32\drivers\rdyboost.sys [X]
S2 rspndr; system32\drivers\rspndr.sys [X]
S2 RtNdPt630; \SystemRoot\system32\DRIVERS\RtNdPt630.sys [X]
S3 RTTEAMPT; \SystemRoot\system32\DRIVERS\RtTeam620.sys [X]
S3 RTVLANPT; \SystemRoot\system32\DRIVERS\RtVlan620.sys [X]
S3 s3cap; \SystemRoot\System32\drivers\vms3cap.sys [X]
S0 sbp2port; System32\drivers\sbp2port.sys [X]
S3 scfilter; System32\DRIVERS\scfilter.sys [X]
S0 scmbus; System32\drivers\scmbus.sys [X]
S3 sdbus; \SystemRoot\System32\drivers\sdbus.sys [X]
S3 SDFRd; \SystemRoot\System32\drivers\SDFRd.sys [X]
S3 sdstor; \SystemRoot\System32\drivers\sdstor.sys [X]
S3 SerCx; system32\drivers\SerCx.sys [X]
S3 SerCx2; system32\drivers\SerCx2.sys [X]
S3 Serenum; \SystemRoot\System32\drivers\serenum.sys [X]
S3 Serial; \SystemRoot\System32\drivers\serial.sys [X]
S3 sermouse; \SystemRoot\System32\drivers\sermouse.sys [X]
S3 sfloppy; \SystemRoot\System32\drivers\sfloppy.sys [X]
S0 SiSRaid2; System32\drivers\SiSRaid2.sys [X]
S0 SiSRaid4; System32\drivers\sisraid4.sys [X]
S0 spaceport; System32\drivers\spaceport.sys [X]
S3 SpatialGraphFilter; System32\drivers\SpatialGraphFilter.sys [X]
S3 SpbCx; system32\drivers\SpbCx.sys [X]
S2 srv; System32\DRIVERS\srv.sys [X]
S3 srv2; System32\DRIVERS\srv2.sys [X]
S3 srvnet; System32\DRIVERS\srvnet.sys [X]
S0 stexstor; System32\drivers\stexstor.sys [X]
S0 storahci; System32\drivers\storahci.sys [X]
S0 storflt; System32\drivers\vmstorfl.sys [X]
S0 stornvme; System32\drivers\stornvme.sys [X]
S2 storqosflt; system32\drivers\storqosflt.sys [X]
S0 storufs; System32\drivers\storufs.sys [X]
S0 storvsc; System32\drivers\storvsc.sys [X]
S3 swenum; \SystemRoot\System32\drivers\swenum.sys [X]
S3 Synth3dVsc; \SystemRoot\System32\drivers\Synth3dVsc.sys [X]
S0 Tcpip; System32\drivers\tcpip.sys [X]
S3 Tcpip6; System32\drivers\tcpip.sys [X]
S2 tcpipreg; System32\drivers\tcpipreg.sys [X]
S1 tdx; \SystemRoot\system32\DRIVERS\tdx.sys [X]
S3 terminpt; \SystemRoot\System32\drivers\terminpt.sys [X]
S3 TPM; \SystemRoot\System32\drivers\tpm.sys [X]
S3 TsUsbFlt; system32\drivers\tsusbflt.sys [X]
S3 TsUsbGD; \SystemRoot\System32\drivers\TsUsbGD.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 tunnel; \SystemRoot\System32\drivers\tunnel.sys [X]
S3 UASPStor; \SystemRoot\System32\drivers\uaspstor.sys [X]
S3 UcmCx0101; System32\Drivers\UcmCx.sys [X]
S3 UcmTcpciCx0101; System32\Drivers\UcmTcpciCx.sys [X]
S3 UcmUcsi; \SystemRoot\System32\drivers\UcmUcsi.sys [X]
S3 Ucx01000; system32\drivers\ucx01000.sys [X]
S3 UdeCx; system32\drivers\udecx.sys [X]
S4 udfs; system32\DRIVERS\udfs.sys [X]
S3 UEFI; \SystemRoot\System32\drivers\UEFI.sys [X]
S4 UevAgentDriver; \SystemRoot\system32\drivers\UevAgentDriver.sys [X]
S3 Ufx01000; system32\drivers\ufx01000.sys [X]
S3 UfxChipidea; \SystemRoot\System32\drivers\UfxChipidea.sys [X]
S3 ufxsynopsys; \SystemRoot\System32\drivers\ufxsynopsys.sys [X]
S3 umbus; \SystemRoot\System32\drivers\umbus.sys [X]
S3 UrsChipidea; \SystemRoot\System32\drivers\urschipidea.sys [X]
S3 UrsCx01000; system32\drivers\urscx01000.sys [X]
S3 UrsSynopsys; \SystemRoot\System32\drivers\urssynopsys.sys [X]
S3 usbccgp; \SystemRoot\System32\drivers\usbccgp.sys [X]
S3 usbcir; \SystemRoot\System32\drivers\usbcir.sys [X]
S3 usbehci; \SystemRoot\System32\drivers\usbehci.sys [X]
S3 usbhub; \SystemRoot\System32\drivers\usbhub.sys [X]
S3 USBHUB3; \SystemRoot\System32\drivers\UsbHub3.sys [X]
S3 usbohci; \SystemRoot\System32\drivers\usbohci.sys [X]
S3 usbprint; \SystemRoot\System32\drivers\usbprint.sys [X]
S3 usbser; \SystemRoot\System32\drivers\usbser.sys [X]
S3 USBSTOR; \SystemRoot\System32\drivers\USBSTOR.SYS [X]
S3 usbuhci; \SystemRoot\System32\drivers\usbuhci.sys [X]
S3 USBXHCI; \SystemRoot\System32\drivers\USBXHCI.SYS [X]
S0 vdrvroot; System32\drivers\vdrvroot.sys [X]
S3 VerifierExt; system32\drivers\VerifierExt.sys [X]
S3 vhdmp; \SystemRoot\System32\drivers\vhdmp.sys [X]
S3 vhf; \SystemRoot\System32\drivers\vhf.sys [X]
S0 vmbus; System32\drivers\vmbus.sys [X]
S3 VMBusHID; \SystemRoot\System32\drivers\VMBusHID.sys [X]
S3 vmgid; \SystemRoot\System32\drivers\vmgid.sys [X]
S0 volmgr; System32\drivers\volmgr.sys [X]
S0 volmgrx; System32\drivers\volmgrx.sys [X]
S0 volsnap; System32\drivers\volsnap.sys [X]
S0 volume; System32\drivers\volume.sys [X]
S3 vpci; \SystemRoot\System32\drivers\vpci.sys [X]
S0 vsmraid; System32\drivers\vsmraid.sys [X]
S0 VSTXRAID; System32\drivers\vstxraid.sys [X]
S3 vwifibus; \SystemRoot\System32\drivers\vwifibus.sys [X]
S1 vwififlt; System32\drivers\vwififlt.sys [X]
S3 WacomPen; \SystemRoot\System32\drivers\wacompen.sys [X]
S3 wanarp; System32\DRIVERS\wanarp.sys [X]
S3 wanarpv6; System32\DRIVERS\wanarp.sys [X]
S2 wcifs; \SystemRoot\system32\drivers\wcifs.sys [X]
S3 wcnfs; \SystemRoot\system32\drivers\wcnfs.sys [X]
S3 WdBoot; \SystemRoot\system32\drivers\WdBoot.sys [X]
S0 Wdf01000; system32\drivers\Wdf01000.sys [X]
S3 WdFilter; \SystemRoot\system32\drivers\WdFilter.sys [X]
S3 wdiwifi; system32\DRIVERS\wdiwifi.sys [X]
S3 WdNisDrv; system32\Drivers\WdNisDrv.sys [X]
S0 WFPLWFS; System32\drivers\wfplwfs.sys [X]
S3 WIMMount; system32\drivers\wimmount.sys [X]
S0 WindowsTrustedRT; system32\drivers\WindowsTrustedRT.sys [X]
S0 WindowsTrustedRTProxy; System32\drivers\WindowsTrustedRTProxy.sys [X]
S3 WinMad; \SystemRoot\System32\drivers\winmad.sys [X]
S3 WinNat; system32\drivers\winnat.sys [X]
S3 WINUSB; \SystemRoot\System32\drivers\WinUSB.SYS [X]
S3 WinVerbs; \SystemRoot\System32\drivers\winverbs.sys [X]
S3 WmiAcpi; \SystemRoot\System32\drivers\wmiacpi.sys [X]
S3 WpdUpFltr; System32\drivers\WpdUpFltr.sys [X]
S4 ws2ifsl; \SystemRoot\system32\drivers\ws2ifsl.sys [X]
S3 WudfPf; system32\drivers\WudfPf.sys [X]
S3 WUDFRd; \SystemRoot\System32\drivers\WUDFRd.sys [X]
S3 WUDFWpdFs; \SystemRoot\system32\DRIVERS\WUDFRd.sys [X]
S3 xboxgip; \SystemRoot\System32\drivers\xboxgip.sys [X]
S3 xinputhid; \SystemRoot\System32\drivers\xinputhid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-28 08:01 - 2017-05-28 09:25 - 00000000 ____D C:\ape27D6.tmp
2017-05-28 07:58 - 2017-05-28 07:59 - 00000000 ____D C:\ape1920.tmp
2017-05-28 00:08 - 2017-05-29 01:28 - 00000000 ____D C:\FRST
2017-05-27 15:37 - 2017-05-27 15:48 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-05-27 15:36 - 2017-05-27 15:38 - 00000000 ____D C:\Users\TEMP\AppData\Local\Packages
2017-05-27 15:35 - 2017-05-27 15:38 - 00000000 ____D C:\users\TEMP
2017-05-27 07:46 - 2017-05-27 07:46 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2017-05-27 07:46 - 2017-05-27 07:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-27 07:24 - 2017-05-10 20:14 - 00400456 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2017-05-27 07:17 - 2017-05-27 07:17 - 00004134 _____ C:\Windows\System32\Tasks\EPSON L375 Series Update {A7A274EB-4CA5-4533-B8A1-087C7B262E84}
2017-05-27 07:17 - 2017-05-27 07:17 - 00000941 _____ C:\Windows\Tasks\EPSON L375 Series Update {A7A274EB-4CA5-4533-B8A1-087C7B262E84}.job
2017-05-27 07:15 - 2017-05-27 07:15 - 00000000 _____ C:\Windows\System32\Drivers\gbpddreg64.sys
2017-05-27 05:47 - 2017-05-27 15:01 - 00000000 ____D C:\Users\Todos os Usuários\MCShield
2017-05-27 05:47 - 2017-05-27 15:01 - 00000000 ____D C:\ProgramData\MCShield
2017-05-27 05:47 - 2017-05-27 15:01 - 00000000 ____D C:\Program Files (x86)\MCShield
2017-05-27 05:36 - 2017-05-27 05:36 - 00001500 _____ C:\Users\Sophia\Downloads\malware.txt
2017-05-27 04:18 - 2017-05-27 04:18 - 00010789 _____ C:\Users\Sophia\Downloads\zoek-results-2.txt
2017-05-21 18:24 - 2017-05-21 18:24 - 00000000 ____D C:\Users\Sophia\AppData\Local\DBG
2017-05-21 18:23 - 2017-05-21 18:23 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft OneDrive
2017-05-21 18:23 - 2017-05-21 18:23 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-05-21 18:21 - 2017-05-21 18:21 - 00000020 ___SH C:\Users\Sophia\ntuser.ini
2017-05-21 17:42 - 2017-05-21 17:45 - 00007623 _____ C:\Windows\diagwrn.xml
2017-05-21 17:42 - 2017-05-21 17:45 - 00007623 _____ C:\Windows\diagerr.xml
2017-05-21 17:37 - 2017-05-27 20:17 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-05-21 17:37 - 2017-05-27 07:26 - 00004018 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1475029988
2017-05-21 17:37 - 2017-05-27 07:25 - 00004174 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{46862C7C-BF2C-4C2E-B6C7-98EF82C8FAB3}
2017-05-21 17:37 - 2017-05-27 07:25 - 00003994 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-05-21 17:37 - 2017-05-27 07:15 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-21 17:37 - 2017-05-21 18:28 - 00003282 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-05-21 17:37 - 2017-05-21 17:38 - 00003514 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-21 17:37 - 2017-05-21 17:38 - 00002938 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-833356566-2915323984-3704581287-1001
2017-05-21 17:37 - 2017-05-21 17:38 - 00002826 _____ C:\Windows\System32\Tasks\pricesparrowSWU
2017-05-21 17:37 - 2017-05-21 17:38 - 00002764 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-sophiaml_2358@hotmail.com
2017-05-21 17:37 - 2017-05-21 17:38 - 00002682 _____ C:\Windows\System32\Tasks\Apple Diagnostics
2017-05-21 17:37 - 2017-05-21 17:38 - 00002332 _____ C:\Windows\System32\Tasks\0615tbUpdateInfo
2017-05-21 17:37 - 2017-05-21 17:37 - 00003488 _____ C:\Windows\System32\Tasks\EPSON L375 Series Update {667E27EE-E986-4DA3-9CE4-4B26CB13B516}
2017-05-21 17:37 - 2017-05-21 17:37 - 00003482 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-21 17:37 - 2017-05-21 17:37 - 00003290 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-05-21 17:37 - 2017-05-21 17:37 - 00003244 _____ C:\Windows\System32\Tasks\Overwolf Updater Task
2017-05-21 17:37 - 2017-05-21 17:37 - 00002452 _____ C:\Windows\System32\Tasks\{27E01802-0453-431F-84FE-DACFD69DC171}
2017-05-21 17:37 - 2017-05-21 17:37 - 00000000 ____D C:\Windows\System32\Tasks\ASUS
2017-05-21 17:37 - 2017-05-21 17:37 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2017-05-21 17:36 - 2017-05-27 07:22 - 01857520 _____ C:\Windows\System32\PerfStringBackup.INI
2017-05-21 17:23 - 2017-05-21 17:23 - 00000000 ____D C:\Users\Todos os Usuários\USOShared
2017-05-21 17:23 - 2017-05-21 17:23 - 00000000 ____D C:\ProgramData\USOShared
2017-05-21 17:18 - 2017-05-21 17:28 - 00000000 ____D C:\Windows\System32\config\bbimigrate
2017-05-21 17:15 - 2017-05-27 20:17 - 00000000 ____D C:\users\Sophia
2017-05-21 17:15 - 2017-05-21 17:15 - 00000000 _SHDL C:\Users\Sophia\Modelos
2017-05-21 17:15 - 2017-05-21 17:15 - 00000000 _SHDL C:\Users\Sophia\Meus Documentos
2017-05-21 17:15 - 2017-05-21 17:15 - 00000000 _SHDL C:\Users\Sophia\Menu Iniciar
2017-05-21 17:15 - 2017-05-21 17:15 - 00000000 _SHDL C:\Users\Sophia\Documents\Minhas Músicas
2017-05-21 17:15 - 2017-05-21 17:15 - 00000000 _SHDL C:\Users\Sophia\Documents\Minhas Imagens
2017-05-21 17:15 - 2017-05-21 17:15 - 00000000 _SHDL C:\Users\Sophia\Documents\Meus Vídeos
2017-05-21 17:15 - 2017-05-21 17:15 - 00000000 _SHDL C:\Users\Sophia\Dados de Aplicativos
2017-05-21 17:15 - 2017-05-21 17:15 - 00000000 _SHDL C:\Users\Sophia\Configurações Locais
2017-05-21 17:15 - 2017-05-21 17:15 - 00000000 _SHDL C:\Users\Sophia\AppData\Local\Histórico
2017-05-21 17:15 - 2017-05-21 17:15 - 00000000 _SHDL C:\Users\Sophia\AppData\Local\Dados de Aplicativos
2017-05-21 17:15 - 2017-05-21 17:15 - 00000000 _SHDL C:\Users\Sophia\Ambiente de Rede
2017-05-21 17:15 - 2017-05-21 17:15 - 00000000 _SHDL C:\Users\Sophia\Ambiente de Impressão
2017-05-21 17:15 - 2017-03-18 17:56 - 02233344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2017-05-21 17:14 - 2017-05-21 17:14 - 00018960 _____ (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2017-05-21 17:14 - 2017-05-21 17:14 - 00000000 ____H C:\Users\Todos os Usuários\DP45977C.lfl
2017-05-21 17:14 - 2017-05-21 17:14 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2017-05-21 17:14 - 2017-05-21 17:14 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2017-05-21 17:14 - 2017-05-21 17:14 - 00000000 ____D C:\Windows\System32\DAX2
2017-05-21 17:14 - 2017-05-21 17:14 - 00000000 ____D C:\Program Files\Realtek
2017-05-21 17:13 - 2017-05-21 17:19 - 00000000 ____D C:\Program Files\Intel
2017-05-21 17:13 - 2017-05-21 17:13 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-05-21 17:13 - 2017-05-21 17:13 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2017-05-21 17:13 - 2016-05-03 23:30 - 00081416 _____ (Khronos Group) C:\Windows\System32\OpenCL.DLL
2017-05-21 17:12 - 2017-05-27 18:39 - 00000000 ____D C:\Windows\System32\SleepStudy
2017-05-21 17:12 - 2017-05-27 07:16 - 00481312 _____ C:\Windows\System32\FNTCACHE.DAT
2017-05-21 17:09 - 2017-05-21 17:09 - 00000000 ____D C:\Windows.old
2017-05-21 17:08 - 2017-05-21 17:08 - 00457728 _____ (Microsoft Corporation) C:\Windows\System32\webplatstorageserver.dll
2017-05-21 17:08 - 2017-05-21 17:08 - 00032004 _____ C:\Windows\System32\edgehtmlpluginpolicy.bin
2017-05-21 17:04 - 2017-05-21 17:12 - 00000000 ____D C:\Windows\ServiceProfiles
2017-05-21 17:04 - 2017-05-21 17:04 - 00008192 _____ C:\Windows\System32\config\userdiff
2017-05-21 17:02 - 2017-05-21 17:02 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2017-05-21 17:02 - 2017-05-21 17:02 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-05-21 17:02 - 2017-05-21 17:02 - 00000000 ____D C:\Program Files\MSBuild
2017-05-21 17:02 - 2017-05-21 17:02 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-05-21 17:02 - 2017-05-21 17:02 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-05-21 05:45 - 2017-05-21 06:04 - 00000000 ____D C:\Users\Sophia\AppData\Roaming\CodeBlocks
2017-05-21 05:44 - 2017-05-21 05:45 - 00000000 ____D C:\Program Files (x86)\CodeBlocks
2017-05-21 05:44 - 2017-05-21 05:44 - 83783938 _____ (The Code::Blocks Team) C:\Users\Sophia\Downloads\codeblocks-16.01mingw-setup.exe
2017-05-21 05:44 - 2017-05-21 05:44 - 00001160 _____ C:\Users\Sophia\Desktop\CodeBlocks.lnk
2017-05-20 06:30 - 2017-05-20 06:30 - 00000000 ____D C:\Users\Sophia\AppData\Local\AVAST Software
2017-05-18 05:09 - 2017-05-18 05:09 - 00000000 ____D C:\Users\Sophia\AppData\Roaming\Google
2017-05-17 17:07 - 2017-05-17 17:07 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-05-17 17:07 - 2017-05-17 17:07 - 00000000 ____D C:\Program Files\iTunes
2017-05-17 17:07 - 2017-05-17 17:07 - 00000000 ____D C:\Program Files\iPod
2017-05-16 05:52 - 2017-05-21 18:21 - 00000000 ___DC C:\Windows\Panther
2017-05-15 05:15 - 2017-05-15 05:15 - 00000000 ____D C:\Users\Sophia\AppData\Local\UNP
2017-05-15 04:19 - 2017-05-21 17:28 - 00000000 ____D C:\Windows\System32\UNP
2017-05-15 04:19 - 2017-05-15 04:20 - 00000000 ____D C:\Program Files\UNP
2017-05-08 19:51 - 2017-05-08 19:56 - 00000795 _____ C:\Users\Sophia\Downloads\passa baixa - Copia.txt
2017-05-08 19:29 - 2017-05-08 19:29 - 00001007 _____ C:\Users\Sophia\Downloads\passa baixa.txt
2017-05-07 23:13 - 2017-05-27 20:17 - 00000000 ____D C:\Users\Sophia\AppData\Local\HearthSim
2017-05-06 00:20 - 2017-05-06 00:20 - 00000000 ____D C:\Program Files\7-Zip
2017-05-03 20:44 - 2017-05-27 20:17 - 00000000 ____D C:\Users\Sophia\AppData\Local\IgniteGT
2017-04-29 16:33 - 2017-05-18 16:05 - 01975606 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-04-29 16:25 - 2017-04-29 16:25 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ___SD C:\Windows\SysWOW64\Nui
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ___SD C:\Windows\SysWOW64\F12
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ___SD C:\Windows\System32\F12
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ___SD C:\Windows\System32\dsc
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ___SD C:\Windows\System32\DiagSvcs
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ___RD C:\Windows\PrintDialog
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ___RD C:\Windows\MiracastView
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\SysWOW64\WinMetadata
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\SysWOW64\setup
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\SysWOW64\ras
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\SysWOW64\oobe
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\SysWOW64\MailContactsCalendarSync
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\SysWOW64\icsxml
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\SysWOW64\es-MX
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\SysWOW64\downlevel
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\SysWOW64\Dism
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\SysWOW64\Com
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\System32\WinMetadata
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\System32\SystemResetPlatform
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\System32\setup
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\System32\ras
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\System32\oobe
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\System32\migwiz
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\System32\MailContactsCalendarSync
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\System32\lv-LV
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\System32\lt-LT
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\System32\icsxml
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\System32\ias
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\System32\et-EE
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\System32\es-MX
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\System32\en-GB
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\System32\Com
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\System32\appraiser
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\ShellExperiences
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\Provisioning
2017-05-28 09:45 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-28 09:45 - 2017-03-18 08:40 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2017-05-28 09:45 - 2017-03-18 08:40 - 00000000 ____D C:\Windows\System32\Sysprep
2017-05-28 09:45 - 2017-03-18 08:40 - 00000000 ____D C:\Windows\System32\downlevel
2017-05-28 09:45 - 2017-03-18 08:40 - 00000000 ____D C:\Windows\System32\Dism
2017-05-28 09:45 - 2017-03-18 08:40 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2017-05-28 09:45 - 2017-03-18 08:40 - 00000000 ____D C:\Windows\servicing
2017-05-28 09:44 - 2017-03-20 00:59 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2017-05-28 09:44 - 2017-03-20 00:59 - 00000000 ____D C:\Windows\HoloShell
2017-05-28 09:44 - 2017-03-20 00:59 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2017-05-28 09:44 - 2017-03-18 18:03 - 00000000 __RSD C:\Windows\Media
2017-05-28 09:44 - 2017-03-18 18:03 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-05-28 09:44 - 2017-03-18 18:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-05-28 09:44 - 2017-03-18 18:03 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-05-28 09:44 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\L2Schemas
2017-05-28 09:44 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\Cursors
2017-05-28 09:44 - 2017-03-18 18:03 - 00000000 ____D C:\Program Files\Windows Portable Devices
2017-05-28 09:44 - 2017-03-18 18:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-28 09:44 - 2017-03-18 18:03 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2017-05-28 09:44 - 2017-03-18 18:03 - 00000000 ____D C:\Program Files\Common Files\System
2017-05-28 09:44 - 2017-03-18 18:03 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2017-05-28 09:44 - 2017-03-18 18:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-28 09:44 - 2017-03-18 18:03 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2017-05-28 09:44 - 2017-03-18 18:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-05-28 09:44 - 2017-03-18 18:01 - 00000000 ____D C:\Windows\INF
2017-05-27 20:17 - 2017-04-22 18:25 - 00000000 ____D C:\Users\Sophia\AppData\Roaming\Simraceway
2017-05-27 20:17 - 2017-04-22 18:24 - 00000000 ____D C:\Program Files (x86)\SimracewayUpdater
2017-05-27 20:17 - 2017-04-22 18:23 - 00000000 ____D C:\Program Files (x86)\Simraceway
2017-05-27 20:17 - 2017-04-21 23:16 - 00000000 ____D C:\Users\Sophia\AppData\Local\Innkeeper
2017-05-27 20:17 - 2017-03-20 02:18 - 00000000 ____D C:\Users\Sophia\AppData\Roaming\Battle.net
2017-05-27 20:17 - 2017-03-20 00:59 - 00000000 ___SD C:\Windows\System32\AppV
2017-05-27 20:17 - 2017-03-18 23:51 - 00000000 ____D C:\Users\Sophia\AppData\Roaming\Resilio Sync
2017-05-27 20:17 - 2017-03-18 18:03 - 00000000 ___SD C:\Windows\System32\Nui
2017-05-27 20:17 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-27 20:17 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\System32\WinBioDatabase
2017-05-27 20:17 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\System32\Macromed
2017-05-27 20:17 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\System32\DDFs
2017-05-27 20:17 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\AppReadiness
2017-05-27 20:17 - 2016-08-30 18:05 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-05-27 20:17 - 2015-06-14 13:31 - 00000000 ____D C:\Users\Todos os Usuários\Avg_Update_0615tb
2017-05-27 20:17 - 2015-06-14 13:31 - 00000000 ____D C:\ProgramData\Avg_Update_0615tb
2017-05-27 20:17 - 2015-02-26 02:57 - 00000000 ____D C:\Users\Todos os Usuários\Avg_Update_0215tb
2017-05-27 20:17 - 2015-02-26 02:57 - 00000000 ____D C:\ProgramData\Avg_Update_0215tb
2017-05-27 20:17 - 2014-10-31 19:01 - 00000000 ____D C:\Users\Sophia\Documents\Ivan
2017-05-27 20:17 - 2014-10-30 22:49 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-27 20:17 - 2014-10-30 22:06 - 00000000 ___RD C:\Users\Sophia\iCloudDrive
2017-05-27 20:17 - 2014-10-30 19:30 - 00000000 ____D C:\Users\Todos os Usuários\Autodesk
2017-05-27 20:17 - 2014-10-30 19:30 - 00000000 ____D C:\Users\Sophia\AppData\Roaming\Autodesk
2017-05-27 20:17 - 2014-10-30 19:30 - 00000000 ____D C:\ProgramData\Autodesk
2017-05-27 20:17 - 2014-10-30 19:29 - 00000000 ____D C:\Users\Sophia\AppData\Local\Akamai
2017-05-27 20:17 - 2014-10-28 03:12 - 00000000 ____D C:\Users\Sophia\AppData\Roaming\OpenCandy
2017-05-27 20:17 - 2014-10-28 02:00 - 00000000 ____D C:\Users\Sophia\AppData\Roaming\Macromedia
2017-05-27 20:16 - 2014-12-23 11:10 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2017-05-27 20:16 - 2014-11-26 20:39 - 00000000 ____D C:\Program Files (x86)\PriceSparrow
2017-05-27 20:14 - 2017-03-18 18:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-27 20:11 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\registration
2017-05-27 20:07 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\appcompat
2017-05-27 20:03 - 2017-03-20 05:18 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2017-05-27 20:03 - 2014-10-28 04:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-05-27 19:43 - 2014-11-02 19:43 - 00000000 ____D C:\Users\Sophia\AppData\Local\A88A5376-41E5-427D-AEB9-B4C1B20D53E3.aplzod
2017-05-27 18:35 - 2014-12-19 16:48 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2017-05-27 18:35 - 2014-12-19 16:48 - 00000000 ____D C:\ProgramData\GbPlugin
2017-05-27 15:45 - 2014-10-30 20:41 - 00000000 ____D C:\Windows\System32\MRT
2017-05-27 15:42 - 2017-03-18 17:51 - 00000000 ____D C:\Windows\CbsTemp
2017-05-27 15:39 - 2014-10-28 02:21 - 00000000 __SHD C:\Users\Sophia\IntelGraphicsProfiles
2017-05-27 15:00 - 2013-08-22 12:36 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2017-05-27 07:28 - 2014-10-28 02:45 - 00000000 ____D C:\Users\Sophia\AppData\Local\Adobe
2017-05-27 07:22 - 2017-03-20 00:57 - 00797690 _____ C:\Windows\System32\prfh0416.dat
2017-05-27 07:22 - 2017-03-20 00:57 - 00160548 _____ C:\Windows\System32\prfc0416.dat
2017-05-27 07:20 - 2017-03-18 08:40 - 00032768 _____ C:\Windows\System32\config\ELAM
2017-05-27 07:16 - 2016-05-23 14:39 - 00028376 _____ (GAS Tecnologia) C:\Windows\System32\Drivers\wsddfac.sys
2017-05-27 07:15 - 2017-04-02 04:01 - 00028888 _____ (GAS Tecnologia) C:\Windows\System32\Drivers\gbpddfac64.sys
2017-05-27 07:15 - 2014-12-19 16:48 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2017-05-27 04:38 - 2017-03-20 02:19 - 00000000 ____D C:\Users\Sophia\AppData\Local\Battle.net
2017-05-25 17:03 - 2017-03-18 18:03 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft
2017-05-25 17:03 - 2017-03-18 18:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-25 00:52 - 2017-04-02 01:38 - 00000000 ____D C:\Users\Sophia\AppData\Local\SquirrelTemp
2017-05-21 18:38 - 2014-10-28 01:11 - 00000000 ____D C:\Users\Sophia\AppData\Local\Packages
2017-05-21 18:28 - 2014-10-30 22:49 - 00000000 ___RD C:\Users\Sophia\OneDrive
2017-05-21 18:26 - 2017-03-20 02:18 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-05-21 18:21 - 2016-09-22 00:37 - 00000000 ____D C:\Users\Sophia\AppData\Local\ConnectedDevicesPlatform
2017-05-21 18:21 - 2014-10-28 02:21 - 00000451 _____ C:\Windows\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2017-05-21 17:46 - 2017-03-18 18:03 - 00000000 ____D C:\Program Files\Windows NT
2017-05-21 17:44 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\rescache
2017-05-21 17:42 - 2016-07-16 08:47 - 00000000 ____D C:\Windows\System32\Tasks_Migrated
2017-05-21 17:38 - 2015-09-08 02:11 - 00023056 _____ C:\Windows\System32\emptyregdb.dat
2017-05-21 17:36 - 2017-03-18 18:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-05-21 17:28 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\LiveKernelReports
2017-05-21 17:28 - 2017-03-18 08:40 - 00524288 _____ C:\Windows\System32\config\BBI
2017-05-21 17:28 - 2014-10-31 13:27 - 00000000 ____D C:\Users\Todos os Usuários\regid.1986-12.com.adobe
2017-05-21 17:28 - 2014-10-31 13:27 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-05-21 17:23 - 2017-03-18 18:03 - 00000000 ____D C:\Users\Todos os Usuários\USOPrivate
2017-05-21 17:23 - 2017-03-18 18:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-05-21 17:20 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\System32\spool
2017-05-21 17:20 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\System32\NDF
2017-05-21 17:20 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\System32\InputMethod
2017-05-21 17:20 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\System32\WindowsInternal.Inbox.Shared
2017-05-21 17:20 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\System32\WindowsInternal.Inbox.Media.Shared
2017-05-21 17:19 - 2017-03-20 00:58 - 00000000 ____D C:\Windows\OCR
2017-05-21 17:19 - 2017-03-18 18:03 - 00000000 ___SD C:\Windows\Downloaded Program Files
2017-05-21 17:19 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\InputMethod
2017-05-21 17:19 - 2017-03-18 18:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-05-21 17:19 - 2014-10-28 02:49 - 00000000 ____D C:\Windows\System32\appmgmt
2017-05-21 17:11 - 2017-03-18 18:03 - 00028672 _____ C:\Windows\System32\config\BCD-Template
2017-05-21 17:09 - 2017-03-18 18:06 - 00000000 ____D C:\Windows\Setup
2017-05-21 17:02 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\SysWOW64\MUI
2017-05-21 17:02 - 2017-03-18 18:03 - 00000000 ____D C:\Windows\System32\MUI
2017-05-21 07:00 - 2017-03-20 01:28 - 00000000 ___HD C:\$WINDOWS.~BT
2017-05-18 13:13 - 2017-04-02 01:13 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-05-16 13:58 - 2017-03-20 02:23 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-05-12 20:15 - 2015-06-14 16:16 - 00158880 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2017-05-12 20:15 - 2015-06-14 16:16 - 00158880 _____ (AVAST Software) C:\Windows\System32\Drivers\asw417B.tmp
2017-05-12 18:47 - 2017-04-02 01:12 - 00000000 ____D C:\Users\Sophia\AppData\Local\Overwolf
2017-05-10 20:14 - 2017-03-18 23:50 - 00334576 _____ (AVAST Software s.r.o.) C:\Windows\System32\Drivers\aswbloga.sys
2017-05-10 20:14 - 2017-03-18 23:50 - 00334576 _____ (AVAST Software s.r.o.) C:\Windows\System32\Drivers\asw3F3F.tmp
2017-05-10 20:14 - 2017-03-18 23:50 - 00311808 _____ (AVAST Software s.r.o.) C:\Windows\System32\Drivers\aswbidsdrivera.sys
2017-05-10 20:14 - 2017-03-18 23:50 - 00311808 _____ (AVAST Software s.r.o.) C:\Windows\System32\Drivers\asw3F3D.tmp
2017-05-10 20:14 - 2017-03-18 23:50 - 00190256 _____ (AVAST Software s.r.o.) C:\Windows\System32\Drivers\aswbidsha.sys
2017-05-10 20:14 - 2017-03-18 23:50 - 00190256 _____ (AVAST Software s.r.o.) C:\Windows\System32\Drivers\asw3F3E.tmp
2017-05-10 20:14 - 2017-03-18 23:50 - 00049016 _____ (AVAST Software s.r.o.) C:\Windows\System32\Drivers\aswbuniva.sys
2017-05-10 20:14 - 2017-03-18 23:50 - 00049016 _____ (AVAST Software s.r.o.) C:\Windows\System32\Drivers\asw3F4F.tmp
2017-05-10 20:14 - 2016-09-26 17:22 - 00507928 _____ (AVAST Software) C:\Windows\System32\Drivers\aswNetSec.sys
2017-05-10 20:14 - 2016-09-26 17:22 - 00507928 _____ (AVAST Software) C:\Windows\System32\Drivers\asw3F2C.tmp
2017-05-10 20:14 - 2015-06-14 16:16 - 01007160 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2017-05-10 20:14 - 2015-06-14 16:16 - 01007160 _____ (AVAST Software) C:\Windows\System32\Drivers\asw4145.tmp
2017-05-10 20:14 - 2015-06-14 16:16 - 00569192 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2017-05-10 20:14 - 2015-06-14 16:16 - 00569192 _____ (AVAST Software) C:\Windows\System32\Drivers\asw4179.tmp
2017-05-10 20:14 - 2015-06-14 16:16 - 00339696 _____ (AVAST Software) C:\Windows\System32\Drivers\aswVmm.sys
2017-05-10 20:14 - 2015-06-14 16:16 - 00339696 _____ (AVAST Software) C:\Windows\System32\Drivers\asw417A.tmp
2017-05-10 20:14 - 2015-06-14 16:16 - 00128648 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2017-05-10 20:14 - 2015-06-14 16:16 - 00128648 _____ (AVAST Software) C:\Windows\System32\Drivers\asw4168.tmp
2017-05-10 20:14 - 2015-06-14 16:16 - 00101152 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2017-05-10 20:14 - 2015-06-14 16:16 - 00101152 _____ (AVAST Software) C:\Windows\System32\Drivers\asw4146.tmp
2017-05-10 20:14 - 2015-06-14 16:16 - 00075704 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRvrt.sys
2017-05-10 20:14 - 2015-06-14 16:16 - 00075704 _____ (AVAST Software) C:\Windows\System32\Drivers\asw4169.tmp
2017-05-10 20:14 - 2015-06-14 16:16 - 00038296 _____ (AVAST Software) C:\Windows\System32\Drivers\aswHwid.sys
2017-05-10 20:14 - 2015-06-14 16:16 - 00038296 _____ (AVAST Software) C:\Windows\System32\Drivers\asw4167.tmp
2017-05-10 20:14 - 2015-06-14 16:16 - 00032600 _____ (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2017-05-10 20:14 - 2015-06-14 16:16 - 00032600 _____ (AVAST Software) C:\Windows\System32\Drivers\asw3F50.tmp
2017-05-10 01:50 - 2014-10-30 20:41 - 156335152 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2017-05-03 02:36 - 2017-04-02 01:38 - 00000000 ____D C:\Users\Sophia\AppData\Roaming\HearthstoneDeckTracker
2017-05-03 02:34 - 2017-04-02 02:16 - 00000000 ____D C:\Users\Sophia\AppData\Local\HearthstoneDeckTracker
2017-04-29 16:44 - 2014-10-28 03:10 - 00000000 ____D C:\Program Files\Common Files\Apple
 
==================== Known DLLs (Whitelisted) =========================
 
C:\Windows\System32\advapi32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\advapi32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\clbcatq.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\clbcatq.dll IS MISSING <==== ATTENTION
C:\Windows\System32\combase.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\combase.dll IS MISSING <==== ATTENTION
C:\Windows\System32\COMDLG32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\COMDLG32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\coml2.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\coml2.dll IS MISSING <==== ATTENTION
C:\Windows\System32\difxapi.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\difxapi.dll IS MISSING <==== ATTENTION
C:\Windows\System32\gdi32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\gdi32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\gdiplus.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\gdiplus.dll IS MISSING <==== ATTENTION
C:\Windows\System32\IMAGEHLP.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\IMAGEHLP.dll IS MISSING <==== ATTENTION
C:\Windows\System32\IMM32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\IMM32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\kernel32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\kernel32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\MSCTF.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\MSCTF.dll IS MISSING <==== ATTENTION
C:\Windows\System32\MSVCRT.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\MSVCRT.dll IS MISSING <==== ATTENTION
C:\Windows\System32\NORMALIZ.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\NORMALIZ.dll IS MISSING <==== ATTENTION
C:\Windows\System32\NSI.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\NSI.dll IS MISSING <==== ATTENTION
C:\Windows\System32\ole32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\ole32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\OLEAUT32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\OLEAUT32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\PSAPI.DLL IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\PSAPI.DLL IS MISSING <==== ATTENTION
C:\Windows\System32\rpcrt4.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\rpcrt4.dll IS MISSING <==== ATTENTION
C:\Windows\System32\sechost.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\sechost.dll IS MISSING <==== ATTENTION
C:\Windows\System32\Setupapi.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\Setupapi.dll IS MISSING <==== ATTENTION
C:\Windows\System32\SHCORE.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\SHCORE.dll IS MISSING <==== ATTENTION
C:\Windows\System32\SHELL32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\SHELL32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\SHLWAPI.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\SHLWAPI.dll IS MISSING <==== ATTENTION
C:\Windows\System32\user32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\user32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\WLDAP32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\WLDAP32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\WS2_32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\WS2_32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\Wow64.dll IS MISSING <==== ATTENTION
C:\Windows\System32\Wow64cpu.dll IS MISSING <==== ATTENTION
C:\Windows\System32\Wow64win.dll IS MISSING <==== ATTENTION
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION
C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION
C:\Windows\explorer.exe IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION
C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION
C:\Windows\System32\dnsapi.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\dnsapi.dll IS MISSING <==== ATTENTION
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
Restore point date: 2017-05-28 09:47
 
==================== Memory info =========================== 
 
Percentage of memory in use: 6%
Total physical RAM: 16262.35 MB
Available physical RAM: 15223.39 MB
Total Virtual: 16262.35 MB
Available Virtual: 15268.41 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.73 GB) (Free:674.4 GB) NTFS
Drive e: () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
Drive h: (FreeAgent Drive) (Fixed) (Total:698.64 GB) (Free:268.28 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.49 GB) (Free:0.49 GB) NTFS
Drive y: (Reservado pelo Sistema) (Fixed) (Total:0.34 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A7D91B55)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
========================================================
Disk: 2 (Size: 698.6 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)
 
LastRegBack: 2017-05-21 17:11
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,743 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 AM

Posted 02 June 2017 - 11:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/647958 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 ivanmlerner

ivanmlerner
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 03 June 2017 - 01:47 AM

Hello, here are the informations asked:

I do have the windows CD, but I think it's from Windows 7, but I have another windows 10 computer that I can make a recovery CD from.

Getting this FRST.log was the last thing I did on the computer before posting here, and it has been turned off ever since, so this FRST.log is up to date.

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:33 PM

Posted 04 June 2017 - 07:55 AM

Greetings ivanmlerner and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I am not sure we will be able to recover from your current state but let's try a few things.

Please run this program for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format then check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\system32\rstrui.exe /RUNONCE
HKLM-x32\...\Winlogon: [Shell] explorer.exe [ ] ()
GroupPolicyScripts: Restriction <======= ATTENTION
S0 gbpddreg; C:\Windows\System32\drivers\gbpddreg64.sys
C:\Windows\System32\drivers\gbpddreg64.sys
2017-05-28 08:01 - 2017-05-28 09:25 - 00000000 ____D C:\ape27D6.tmp
2017-05-28 07:58 - 2017-05-28 07:59 - 00000000 ____D C:\ape1920.tmp
C:\Windows\System32\Tasks\pricesparrowSWU
2017-05-27 20:17 - 2014-10-28 03:12 - 00000000 ____D C:\Users\Sophia\AppData\Roaming\OpenCandy
2017-05-27 20:16 - 2014-11-26 20:39 - 00000000 ____D C:\Program Files (x86)\PriceSparrow
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up), select Repair Your Computer, then select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt). Copy and paste that information in your reply.
  • Please attempt to boot your computer into Normal Mode or, if not, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Does your computer boot properly?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 ivanmlerner

ivanmlerner
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 04 June 2017 - 07:19 PM

Hello Gary, thank you for your time and help. Please feel free to call me Ivan.

 
First of all, sorry for the log in portuguese, I forgot to change FRST.exe to EnglishFRST.exe. 
Most of the words I see are very similar to the english ones, but if you'd like me to translate them for you I'd gladly do it. (It looks like all fixes were successfully applied though)
 
The computer still does not turn on as expected. It turns on in auto repair and fails just like before, entering the recovery menu. 
Entering the advanced options, and then initialization configuration, where it tells me to restart the computer to be able to boot to safe mode doesn't work either, bringing me back to the recovery menu.
My computer is in portuguese, so these menus might be named slightly different from what I posted here.
 
 
FIXLOG
 
 
Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 02-06-2017
Executado por SISTEMA (04-06-2017 14:40:43) Run:1
Executando a partir de h:\
Modo da Inicialização: Recovery
==============================================
 
fixlist Conteúdo:
*****************
HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\system32\rstrui.exe /RUNONCE
HKLM-x32\...\Winlogon: [Shell] explorer.exe [ ] ()
GroupPolicyScripts: Restriction <======= ATTENTION
S0 gbpddreg; C:\Windows\System32\drivers\gbpddreg64.sys
C:\Windows\System32\drivers\gbpddreg64.sys
2017-05-28 08:01 - 2017-05-28 09:25 - 00000000 ____D C:\ape27D6.tmp
2017-05-28 07:58 - 2017-05-28 07:59 - 00000000 ____D C:\ape1920.tmp
C:\Windows\System32\Tasks\pricesparrowSWU
2017-05-27 20:17 - 2014-10-28 03:12 - 00000000 ____D C:\Users\Sophia\AppData\Roaming\OpenCandy
2017-05-27 20:16 - 2014-11-26 20:39 - 00000000 ____D C:\Program Files (x86)\PriceSparrow
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore => valor removido (a) com sucesso.
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => valor restaurado com sucesso
C:\Windows\System32\GroupPolicy\Machine => movido com sucesso
HKLM\System\ControlSet001\Services\gbpddreg => chave removido (a) com sucesso.
gbpddreg => serviço removido (a) com sucesso.
C:\Windows\System32\drivers\gbpddreg64.sys => movido com sucesso
C:\ape27D6.tmp => movido com sucesso
C:\ape1920.tmp => movido com sucesso
C:\Windows\System32\Tasks\pricesparrowSWU => movido com sucesso
C:\Users\Sophia\AppData\Roaming\OpenCandy => movido com sucesso
C:\Program Files (x86)\PriceSparrow => movido com sucesso
 
==== Fim de Fixlog 14:40:44 ====

 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:33 PM

Posted 04 June 2017 - 11:02 PM

Thank you Ivan. I am travelling today so this will most likely be my last post until tomorrow. I apologize for that.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format then check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
LastRegBack: 2017-05-21 17:11
SaveMbr: drive=0
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up), select Repair Your Computer, then select Command Prompt.
  • Run FRST as you did the first time, place a check mark in List BCD and press the Fix
  • The tool will create a log on the flashdrive Fixlog.txt. Copy and paste that information in your reply.
  • A mbrdump.txt will be placed on the flash drive. Please attach it to your reply. If you open the file you will not be able to read it.
  • Type user32.dll in the Search box and click Search Files
  • A Search.txt file will be created on your flash drive. Copy and paste that information in your reply
  • Please attempt to boot your computer into Normal Mode or, if not, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Attached mbrdump.txt file
  • Search.txt
  • Does your computer boot properly?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 ivanmlerner

ivanmlerner
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 07 June 2017 - 04:17 AM

Hello Gary, sorry for taking so long to reply, here are the information asked.

 

The computer boots with the same behavior as before, and I still can't boot in safe mode, since windows enters repair mode before I have a chance to choose an initialization option.

 

 

FIXLOG

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-06-2017
Ran by SISTEMA (05-06-2017 15:44:23) Run:2
Running from h:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
LastRegBack: 2017-05-21 17:11
SaveMbr: drive=0
*****************
 
DEFAULT => copied successfully to System32\config\HiveBackup
DEFAULT => restored successfully from registry back up
SAM => copied successfully to System32\config\HiveBackup
SAM => restored successfully from registry back up
SECURITY => copied successfully to System32\config\HiveBackup
SECURITY => restored successfully from registry back up
SOFTWARE => copied successfully to System32\config\HiveBackup
SOFTWARE => restored successfully from registry back up
SYSTEM => copied successfully to System32\config\HiveBackup
SYSTEM => restored successfully from registry back up
MBRDUMP.txt is made successfully.
 

 

==== End of Fixlog 15:44:27 ====
 
 
 
SEARCH
 
Farbar Recovery Scan Tool (x64) Version: 02-06-2017
Ran by SISTEMA (05-06-2017 15:45:38)
Running from h:\
Boot Mode: Recovery
 
================== Search Files: "user32.dll" =============
 
C:\Windows.old\WINDOWS\WinSxS\wow64_microsoft-windows-user32_31bf3856ad364e35_10.0.14393.0_none_0501820eb86fe594\user32.dll
[2016-07-16 08:42][2017-04-04 12:16] 0029582 _____ () 13D6E985D707841BEBC08EB17087E0C1
 
C:\Windows.old\WINDOWS\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_10.0.14393.0_none_faacd7bc840f2399\user32.dll
[2016-07-16 08:42][2017-04-04 11:56] 0020417 _____ () D89E8D6801A5B151B0316614A15C34F8
 
X:\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_10.0.15063.0_none_de4c457aa62b389a\user32.dll
[2017-03-18 18:38][2017-03-18 18:38] 1345088 _____ (Microsoft Corporation) 9F67071B597A3CCC8C11CE761CE88B04
 
X:\Windows\System32\user32.dll
[2017-03-18 18:38][2017-03-18 18:38] 1345088 _____ (Microsoft Corporation) 9F67071B597A3CCC8C11CE761CE88B04
 
====== End of Search ======

Attached Files



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:33 PM

Posted 07 June 2017 - 02:12 PM

Thanks for the information. This is not looking good but let's do this.

===================================================

Running sfc /scannow in Recovery Environment

-----------------
  • Boot into the System Recovery Options Command Prompt as you did previously
  • Type the following (there is a space before each "/") after the Command Prompt and hit Enter (if you receive an error when trying to run it stop and let me know)

SFC /SCANNOW /OFFBOOTDIR=Y:\ /OFFWINDIR=C:\WINDOWS

  • Attempt to boot your computer into Normal Mode, or Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 ivanmlerner

ivanmlerner
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 08 June 2017 - 05:09 AM

Hi again, I tried to run the command and received an error that said the Windows resource protection couldn't start the repair service. I attached a screen photo so you can check the command if you need to.

#10 ivanmlerner

ivanmlerner
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 08 June 2017 - 05:16 AM

Also, I just noticed I don't have a partition named Y could that be the issue?
I have attached a screen shot with the names of the partitions. E is the recovery partition from what I can see by it's contents and D is what usually is called C in Windows.

#11 ivanmlerner

ivanmlerner
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 08 June 2017 - 05:33 AM

Ok, the screenshots didn't upload correctly on the phone, just posting them again.

Attached Files



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:33 PM

Posted 08 June 2017 - 12:59 PM

Thanks,

Your FRST report was indicating a Y drive but that isn't always accurate when the information is created while in the Recovery Environment. Try these combinations to see if you can run sfc.

SFC /SCANNOW /OFFBOOTDIR=E:\ /OFFWINDIR=C:\WINDOWS
SFC /SCANNOW /OFFBOOTDIR=E:\ /OFFWINDIR=D:\WINDOWS


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:33 AM

Posted 11 June 2017 - 11:48 AM

Hello, do you still need help? If you do not reply to this topic within 48 hours, it will be locked.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 ivanmlerner

ivanmlerner
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 12 June 2017 - 07:00 PM

Hi, sorry for taking so much time, the suggested commands returned the same error message as before.

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:33 AM

Posted 13 June 2017 - 06:22 AM

Since you set up a trial, is there any particular reason why you want to repair this installation instead of reinstalling?

 

Also, have you tried booting in safe mode?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users