Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot boot windows 7 0x7B BSOD


  • This topic is locked This topic is locked
46 replies to this topic

#1 gercio

gercio

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 03 August 2017 - 12:48 PM

Hello,

 

I have seen your forum being successful in recovering Windows.

Problem:

When Windows 7 is booting - a few seconds into the booting I get a BSOD:

0x0000007b 0x80786A58 0xc0000034 0x0 0x0

(no additional information)

 

What I tried so far:

1. Safe Mode - same thing happens after the initial driver loading phase - cannot login

2. Startup Repair from the hard drive

RETURNS error: StartupRepairOffline, ManualRepair, BadDriver

In a different window the log shows also error 0x490: a recent driver installation or upgrade may be preventing the system from starting

3. Startup Repair from the Windows Installation Disk

4. full chkdsk

5. sfc /scannow (with offline options)

6. Rebuilding BCD stores

7. Changing active partition and rebuilding it there (previously running from EFI partition)

8. Switching back and forth between IDE and AHCI in BIOS

9. Disabling everything possible in BIOS (Network Controller, USB Controller, Serial ports etc)

10. Some tools for automated recovery

11. Antivirus Scanning

12. Putting the disk to a completely different rig with older hardware

13. Cloning the disk to a new had drive (in case it is a hard disk malfunction, but SMART says it's OK)

14. Windows does NOT write the ntbtlog.txt (!) - seems like it cannot access the disk after the initial boot load

15. Copy registry from regback

 

A fresh install is not an option here - I already bought Windows 10 and run it on a SSD - it is all the software, settings I would not like to get rid of.

 

Below the FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-07-2017
Ran by SYSTEM on MININT-EUDQ2BF (03-08-2017 19:46:26)
Running from G:\
Platform: Windows 7 Professional Service Pack 1 (X86) Language: Polski (Polska)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [amd_dc_opt] => C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [2183752 2017-03-10] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1683360 2010-05-24] (VIA)
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-03] (Intel Corporation)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12000984 2013-07-26] (Realtek Semiconductor)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [1002552 2017-04-11] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4153408 2017-04-11] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [935184 2016-12-06] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [606360 2017-04-11] (AVG Technologies CZ, s.r.o.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279144 2015-09-04] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [291432 2015-09-04] (Intel Corporation)
S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [586240 2013-05-11] (Intel® Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [637912 2013-05-11] (Intel® Corporation)
S2 Intel® ME Service; C:\Program Files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
S2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola)
S4 Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [155344 2011-06-29] (Avanquest Software)
S3 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [4566824 2011-07-29] ()
S2 vToolbarUpdater40.3.7; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [1354312 2017-03-10] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-03-10] ()
S2 AMD External Events Utility; %SystemRoot%\system32\atiesrxx.exe [X]
S2 HDDHealth; C:\Program Files\HDD Health\HDDHealthService.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 DualCoreCenter; C:\Program Files\MSI\OverclockingCenter\NTGLM7X.sys [36152 2010-04-12] (MICRO-STAR INT'L CO., LTD.)
S3 FLASHSYS; C:\Program Files\MSI\Live Update 4\LU4\FLASHSYS.sys [9216 2007-12-14] ()
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-07-18] ()
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 93B49FA857F7036A4EFF32371F6E7391
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys FE4F2ADE5DBB3B888E9EB0A1FBA1F152
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 33A60554882FDF59CDA3E1806370BBA1
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 780FFC005741C9316576086155E55F56
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Program Files\MSI\OverclockingCenter\NTGLM7X.sys D5CD741F793C389CD28E79DA55FB510D
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Program Files\MSI\Live Update 4\LU4\FLASHSYS.sys D3D9311624EDD435F42CDA7EAA0A6AED
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\system32\FsUsbExDisk.SYS DDEE99DC54EFA20BD5A442CD733C4462
C:\Windows\System32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys 487569E5DA56A5A432FF8AF6D3599CF9
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys A061E519ACDE34843DFA3F1C7358DAA2
C:\Windows\System32\Drivers\ksecpkg.sys 523091605C05F5DE880426A2FBA0F87C
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys BAD9C0366134BA181514E9263C8CE606
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 03F899F521D2AAED1C55008F734DF252
C:\Windows\System32\DRIVERS\mrxsmb.sys C7492026F6691A92C4508DDDB041CE4E
C:\Windows\System32\DRIVERS\mrxsmb10.sys 34779EBCFEAB87A236B33C365A637144
C:\Windows\System32\DRIVERS\mrxsmb20.sys C34DE43FDAD9C32383BB4A5EE60126D4
C:\Windows\System32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 9804FB2E46077F2977552347DFCA7E05
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys AEBC369F7DC72AB3F5B9BDF34FA0D43F
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys B41483A0DD9ACB7316C5A215D42BADA2
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\DRIVERS\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys BB8817D0508DD5EA69C770C8DEF5AB67
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 6C5139E4283249518F7743D7043775B3
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\System32\DRIVERS\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6
C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A
C:\Windows\System32\DRIVERS\usbohci.sys 9828C8D14CC2676421778F0DE638CF97
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS 144DA53294922A84FFAA3D90B1453745
C:\Windows\system32\drivers\usbuhci.sys 800AABFD625EEFF899F7E5496BDE37AB
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\System32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-03 18:10 - 2014-06-28 01:21 - 00391640 __RSH C:\bootmgr
2017-08-02 08:24 - 2017-08-02 08:24 - 126840239 _____ C:\Windows\System32\config.zip
2017-07-27 23:48 - 2017-07-27 23:48 - 05354144 __RSH C:\$UGM
2017-07-27 23:48 - 2017-07-27 23:48 - 00000073 _____ C:\Windows\{1aab8212-055c-4d8a-a88d-537556ba26fd}
2017-07-27 22:31 - 2017-07-27 22:32 - 125241876 _____ C:\Windows\System32\config_170727.zip
2017-07-27 22:30 - 2017-07-27 22:30 - 20011994 _____ C:\Windows\System32\config\RegBack.zip
2017-07-27 22:26 - 2017-07-27 22:27 - 08858854 _____ C:\pack.zip
2017-07-27 22:26 - 2017-07-27 22:26 - 00000000 ____D C:\Program Files\Windows Defender
2017-07-27 20:48 - 2017-07-27 20:48 - 00012112 ____N C:\bootsqm.dat
2017-07-26 04:40 - 2017-07-26 04:40 - 57933824 _____ C:\Windows\System32\config\SOFTWARE.bhv
2017-07-26 04:40 - 2017-07-26 04:40 - 38273024 _____ C:\Windows\System32\config\SYSTEM.bhv
2017-07-26 04:40 - 2017-07-26 04:40 - 00524288 _____ C:\Windows\System32\config\DEFAULT.bhv
2017-07-26 04:40 - 2017-07-26 04:40 - 00262144 _____ C:\Windows\System32\config\SECURITY.bhv
2017-07-26 04:40 - 2017-07-26 04:40 - 00262144 _____ C:\Windows\System32\config\SAM.bhv
2017-07-26 02:55 - 2017-07-26 02:55 - 00000000 ____D C:\$Anvi Rescue Disk$
2017-07-25 22:27 - 2017-07-25 22:39 - 00000000 ____D C:\cce_linux
2017-07-25 15:46 - 2017-08-03 19:46 - 00000000 ____D C:\FRST
2017-07-20 18:29 - 2017-07-20 18:29 - 35940646 _____ C:\ControlSet001.reg
2017-07-20 07:30 - 2017-07-20 07:30 - 00000000 ____D C:\Windows\System32\config.bak
2017-07-20 07:22 - 2017-07-20 07:22 - 00000000 __SHD C:\found.000
2017-07-19 21:57 - 2016-11-20 15:07 - 00373896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.bak
2017-07-19 21:57 - 2016-10-05 15:50 - 00068608 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.bak
2017-07-19 21:57 - 2016-09-08 15:49 - 00117248 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.bak
2017-07-19 21:57 - 2016-09-08 15:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.bak
2017-07-19 21:57 - 2016-08-23 12:10 - 00332160 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.bak
2017-07-19 21:57 - 2016-08-23 12:10 - 00143744 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2017-07-19 21:57 - 2016-08-23 12:10 - 00117120 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2017-07-19 21:57 - 2016-08-23 12:10 - 00080256 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.bak
2017-07-19 21:57 - 2016-08-23 12:10 - 00022400 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.bak
2017-07-19 21:57 - 2016-08-23 12:09 - 00188928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netbt.bak
2017-07-19 21:57 - 2016-08-23 12:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2017-07-19 21:57 - 2016-08-23 12:05 - 00057280 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\disk.bak
2017-07-19 21:57 - 2016-08-23 12:04 - 00177152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2017-07-19 21:57 - 2016-08-23 12:04 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2017-07-19 21:57 - 2016-08-23 12:04 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmkaud.bak
2017-07-19 21:57 - 2016-08-23 12:02 - 00712640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.bak
2017-07-19 21:57 - 2016-08-23 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\http.bak
2017-07-19 21:57 - 2016-08-23 11:55 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.bak
2017-07-19 21:57 - 2016-08-23 11:51 - 00234432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.bak
2017-07-19 21:57 - 2016-08-23 11:50 - 00019824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.bak
2017-07-19 21:57 - 2016-08-23 11:49 - 00527064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.bak
2017-07-19 21:57 - 2016-08-23 11:49 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00258560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00133056 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00025728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00020480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00006016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2017-07-19 21:57 - 2016-08-23 11:48 - 00026880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys
2017-07-19 21:57 - 2016-08-23 11:47 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2017-07-19 21:57 - 2016-08-23 11:45 - 00056176 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2017-07-19 21:57 - 2016-08-23 11:45 - 00047720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2017-07-19 21:57 - 2016-08-23 11:44 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2017-07-19 21:57 - 2016-08-23 11:44 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\terminpt.sys
2017-07-19 21:57 - 2016-08-23 11:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00304128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\HdAudio.bak
2017-07-19 21:57 - 2010-11-20 22:29 - 00274304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\acpi.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00246784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\udfs.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00245632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00242688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00190976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00173440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdyboost.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00164864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\1394ohci.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00160128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00153984 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00140160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\scsiport.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00130432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mpio.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00118784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndiswan.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00116096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msdsm.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00108544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tunnel.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00108544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hdaudbus.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00108544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cdrom.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00085376 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sbp2port.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\IPMIDrv.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00063488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00053120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volmgr.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00053120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\termdd.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00046080 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndisuio.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\umbus.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\CompositeBus.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\kbdhid.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00028032 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msahci.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00026624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\scfilter.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00026112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbrpm.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00025856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBCAMD2.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00025856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBCAMD.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00021504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdi.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00018432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdpipe.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00014208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hwpolicy.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_sd.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00010240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\acpipmi.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RDPCDD.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00422976 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\adp94xx.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00297552 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\adpahci.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00159312 _____ (AMD Technologies Inc.) C:\Windows\System32\Drivers\amdsbs.bak
2017-07-19 21:57 - 2009-07-14 02:26 - 00146512 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\adpu320.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00140864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Classpnp.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00086608 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\arcsas.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00076368 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\arc.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00053312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\AMDAGP.bak
2017-07-19 21:57 - 2009-07-14 02:26 - 00053312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\AGP440.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00025168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\battc.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00021584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\atapi.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00019024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\compbatt.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00015952 _____ (CMD Technology, Inc.) C:\Windows\System32\Drivers\cmdide.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00014912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdide.bak
2017-07-19 21:57 - 2009-07-14 02:26 - 00014400 _____ (Acer Laboratories Inc.) C:\Windows\System32\Drivers\aliide.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00453712 _____ (Emulex) C:\Windows\System32\Drivers\elxstor.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00235584 _____ (LSI Corporation, Inc.) C:\Windows\System32\Drivers\MegaSR.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00198208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fltMgr.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00162896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msrpc.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00105024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\NV_AGP.SYS
2017-07-19 21:57 - 2009-07-14 02:20 - 00096848 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_scsi.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00095824 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_fc.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00089168 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00070720 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\djsvs.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00067152 _____ (Hewlett-Packard Company) C:\Windows\System32\Drivers\HpSAMD.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00058448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fileinfo.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00057936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\GAGP30KX.SYS
2017-07-19 21:57 - 2009-07-14 02:20 - 00054864 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas2.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00049728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mup.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00046656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\isapnp.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00046160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fsdepends.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00044624 _____ (IBM Corporation) C:\Windows\System32\Drivers\nfrd960.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00042576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\kbdclass.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00041552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mouclass.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00041040 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\System32\Drivers\iirsp.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00035408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\crashdmp.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00030800 _____ (LSI Corporation) C:\Windows\System32\Drivers\megasas.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00028240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mssmbios.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00026704 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Dumpata.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00022096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\crcdisk.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00015424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\intelide.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00013888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msisadrv.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00012368 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pciide.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 01383488 _____ (QLogic Corporation) C:\Windows\System32\Drivers\ql2300.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00297040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volmgrx.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00180288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pcmcia.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00141904 _____ (VIA Technologies Inc.,Ltd) C:\Windows\System32\Drivers\vsmraid.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00106064 _____ (QLogic Corporation) C:\Windows\System32\Drivers\ql40xx.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00077888 _____ (Silicon Integrated Systems) C:\Windows\System32\Drivers\sisraid4.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00057424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ULIAGPKX.SYS
2017-07-19 21:57 - 2009-07-14 02:19 - 00055888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UAGP35.SYS
2017-07-19 21:57 - 2009-07-14 02:19 - 00053328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\VIAAGP.SYS
2017-07-19 21:57 - 2009-07-14 02:19 - 00052304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\SISAGP.SYS
2017-07-19 21:57 - 2009-07-14 02:19 - 00043088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pcw.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00042560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pciidex.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00040016 _____ (Silicon Integrated Systems Corp.) C:\Windows\System32\Drivers\sisraid2.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00032832 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vdrvroot.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00021072 _____ (Promise Technology) C:\Windows\System32\Drivers\stexstor.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00019024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wd.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00019008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wimmount.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00017472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\spldr.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00016976 _____ (VIA Technologies, Inc.) C:\Windows\System32\Drivers\viaide.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00014912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wmilib.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00012240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\swenum.sys
2017-07-19 21:57 - 2009-07-14 02:17 - 00055584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dumpfve.sys
2017-07-19 21:57 - 2009-07-14 01:57 - 00272128 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrSerId.sys
2017-07-19 21:57 - 2009-07-14 01:41 - 00078336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bridge.sys
2017-07-19 21:57 - 2009-07-14 01:17 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbprint.sys
2017-07-19 21:57 - 2009-07-14 01:02 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpbus.sys
2017-07-19 21:57 - 2009-07-14 01:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RDPREFMP.sys
2017-07-19 21:57 - 2009-07-14 01:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RDPENCDD.sys
2017-07-19 21:57 - 2009-07-14 00:55 - 00049152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\agilevpn.sys
2017-07-19 21:57 - 2009-07-14 00:55 - 00031744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\modem.sys
2017-07-19 21:57 - 2009-07-14 00:55 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ws2ifsl.sys
2017-07-19 21:57 - 2009-07-14 00:55 - 00008192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rootmdm.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00101888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ipnat.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00078848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rasl2tp.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\raspppoe.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00075264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rassstp.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\raspptp.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00058880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ipfltdrv.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00031744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\qwavedrv.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00020992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndistapi.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\asyncmac.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rasacd.sys
2017-07-19 21:57 - 2009-07-14 00:53 - 00104448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pacer.sys
2017-07-19 21:57 - 2009-07-14 00:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\irda.sys
2017-07-19 21:57 - 2009-07-14 00:53 - 00071168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\smb.sys
2017-07-19 21:57 - 2009-07-14 00:53 - 00060928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rspndr.sys
2017-07-19 21:57 - 2009-07-14 00:53 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\lltdio.sys
2017-07-19 21:57 - 2009-07-14 00:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netbios.sys
2017-07-19 21:57 - 2009-07-14 00:53 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\irenum.sys
2017-07-19 21:57 - 2009-07-14 00:53 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wfplwf.sys
2017-07-19 21:57 - 2009-07-14 00:52 - 00267264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys
2017-07-19 21:57 - 2009-07-14 00:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mpsdrv.sys
2017-07-19 21:57 - 2009-07-14 00:52 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwififlt.sys
2017-07-19 21:57 - 2009-07-14 00:52 - 00027136 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndiscap.sys
2017-07-19 21:57 - 2009-07-14 00:52 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwifibus.sys
2017-07-19 21:57 - 2009-07-14 00:52 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwifimp.sys
2017-07-19 21:57 - 2009-07-14 00:51 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
2017-07-19 21:57 - 2009-07-14 00:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ohci1394.sys
2017-07-19 21:57 - 2009-07-14 00:51 - 00056320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthmodem.sys
2017-07-19 21:57 - 2009-07-14 00:51 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\1394bus.sys
2017-07-19 21:57 - 2009-07-14 00:51 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidir.sys
2017-07-19 21:57 - 2009-07-14 00:51 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\circlass.sys
2017-07-19 21:57 - 2009-07-14 00:51 - 00008192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\umpass.sys
2017-07-19 21:57 - 2009-07-14 00:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mshidkmdf.sys
2017-07-19 21:57 - 2009-07-14 00:46 - 00021632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wacompen.sys
2017-07-19 21:57 - 2009-07-14 00:46 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\MTConfig.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00083456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\serial.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00079360 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\parport.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00026112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mouhid.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00025088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fdc.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tape.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sermouse.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\flpydisk.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00018432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mcd.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\serenum.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\smclib.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sfloppy.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_mmc.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sffdisk.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00008704 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\parvdm.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00008320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mskssrv.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mstee.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\beep.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00005888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mspclock.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00005504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mspqm.sys
2017-07-19 21:57 - 2009-07-14 00:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\videoprt.sys
2017-07-19 21:57 - 2009-07-14 00:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxg.sys
2017-07-19 21:57 - 2009-07-14 00:25 - 00026112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vgapnp.sys
2017-07-19 21:57 - 2009-07-14 00:25 - 00025088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vga.sys
2017-07-19 21:57 - 2009-07-14 00:25 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\monitor.sys
2017-07-19 21:57 - 2009-07-14 00:25 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxapi.sys
2017-07-19 21:57 - 2009-07-14 00:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\watchdog.sys
2017-07-19 21:57 - 2009-07-14 00:24 - 00032256 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\discache.sys
2017-07-19 21:57 - 2009-07-14 00:23 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\blbdrive.sys
2017-07-19 21:57 - 2009-07-14 00:19 - 00021504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidbatt.sys
2017-07-19 21:57 - 2009-07-14 00:19 - 00014080 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\CmBatt.sys
2017-07-19 21:57 - 2009-07-14 00:19 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wmiacpi.sys
2017-07-19 21:57 - 2009-07-14 00:19 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\errdev.sys
2017-07-19 21:57 - 2009-07-14 00:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\luafv.sys
2017-07-19 21:57 - 2009-07-14 00:15 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\filetrace.sys
2017-07-19 21:57 - 2009-07-14 00:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nsiproxy.sys
2017-07-19 21:57 - 2009-07-14 00:11 - 00080896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\i8042prt.sys
2017-07-19 21:57 - 2009-07-14 00:11 - 00070656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cdfs.sys
2017-07-19 21:57 - 2009-07-14 00:11 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdk8.bak
2017-07-19 21:57 - 2009-07-14 00:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\intelppm.sys
2017-07-19 21:57 - 2009-07-14 00:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\viac7.sys
2017-07-19 21:57 - 2009-07-14 00:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdppm.bak
2017-07-19 21:57 - 2009-07-14 00:11 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\processr.sys
2017-07-19 21:57 - 2009-07-14 00:11 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\npfs.sys
2017-07-19 21:57 - 2009-07-14 00:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msfs.sys
2017-07-19 21:57 - 2009-07-14 00:11 - 00004608 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\null.sys
2017-07-19 21:57 - 2009-07-13 23:54 - 00026624 _____ (Hauppauge Computer Works, Inc.) C:\Windows\System32\Drivers\hcw85cir.sys
2017-07-19 21:57 - 2009-07-13 23:53 - 00062336 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrSerWdm.sys
2017-07-19 21:57 - 2009-07-13 23:53 - 00013568 _____ (Brother Industries, Ltd.) C:\Windows\System32\Drivers\BrFiltLo.sys
2017-07-19 21:57 - 2009-07-13 23:53 - 00012160 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrUsbMdm.sys
2017-07-19 21:57 - 2009-07-13 23:53 - 00011904 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrUsbSer.sys
2017-07-19 21:57 - 2009-07-13 23:53 - 00005248 _____ (Brother Industries, Ltd.) C:\Windows\System32\Drivers\BrFiltUp.sys
2017-07-19 21:57 - 2009-07-13 23:02 - 03100160 _____ (Broadcom Corporation) C:\Windows\System32\Drivers\evbdx.sys
2017-07-19 21:57 - 2009-07-13 23:02 - 00430080 _____ (Broadcom Corporation) C:\Windows\System32\Drivers\bxvbdx.sys
2017-07-19 21:57 - 2009-07-13 23:02 - 00229888 _____ (Broadcom Corporation) C:\Windows\System32\Drivers\b57nd60x.sys
2017-07-19 21:57 - 2009-07-13 23:02 - 00118784 _____ (Intel Corporation) C:\Windows\System32\Drivers\E1G60I32.sys
2017-07-19 21:57 - 2009-07-13 21:50 - 00020480 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\System32\Drivers\secdrv.sys
2017-07-19 21:57 - 2009-07-13 21:34 - 00405504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\spsys.sys
2017-07-19 21:57 - 2009-06-10 22:39 - 00017463 _____ C:\Windows\System32\Drivers\etc\services
2017-07-19 21:57 - 2009-06-10 22:39 - 00003683 _____ C:\Windows\System32\Drivers\etc\lmhosts.sam
2017-07-19 21:57 - 2009-06-10 22:39 - 00001358 _____ C:\Windows\System32\Drivers\etc\protocol
2017-07-19 21:57 - 2009-06-10 22:39 - 00000407 _____ C:\Windows\System32\Drivers\etc\networks
2017-07-19 21:57 - 2009-06-10 22:14 - 03440660 _____ C:\Windows\System32\Drivers\gm.dls
2017-07-19 21:57 - 2009-06-10 22:14 - 00000646 _____ C:\Windows\System32\Drivers\gmreadme.txt
2017-07-19 21:50 - 2017-07-19 21:53 - 00000000 ____D C:\System32
2017-07-19 21:34 - 2017-07-19 21:34 - 00000000 ____D C:\test
2017-07-19 21:20 - 2017-07-19 20:55 - 26738688 _____ C:\Windows\System32\config\COMPONENTS..bak
2017-07-19 21:20 - 2017-07-19 20:54 - 57933824 _____ C:\Windows\System32\config\SOFTWARE..bak
2017-07-19 21:20 - 2017-07-19 20:54 - 38273024 _____ C:\Windows\System32\config\SYSTEM..bak
2017-07-19 21:20 - 2017-07-19 20:54 - 00524288 _____ C:\Windows\System32\config\DEFAULT..bak
2017-07-19 21:20 - 2017-07-19 20:54 - 00262144 _____ C:\Windows\System32\config\SECURITY..bak
2017-07-19 21:20 - 2017-07-19 20:54 - 00262144 _____ C:\Windows\System32\config\SAM..bak
2017-07-19 21:20 - 2010-07-21 21:39 - 00028672 _____ C:\Windows\System32\config\BCD-Template..bak
2017-07-17 22:18 - 2017-07-17 21:14 - 07986864 _____ ( ) C:\AVG_Remover.exe
2017-06-28 13:53 - 2017-04-04 15:52 - 00338944 _____ (Microsoft Corporation) C:\Windows\System32\afd.sys
2017-06-24 13:01 - 2017-06-24 13:01 - 405934182 _____ C:\Windows\MEMORY.DMP
2017-06-24 13:01 - 2017-06-24 13:01 - 00228432 _____ C:\Windows\Minidump\062417-26598-01.dmp
2017-06-24 12:47 - 2017-06-24 12:51 - 00000000 ____D C:\Users\Szymon\AppData\Local\CrashDumps
2017-06-24 10:16 - 2017-06-24 12:51 - 00000000 ____D C:\Users\Szymon\AppData\Local\NVIDIA Corporation
2017-06-24 09:22 - 2017-06-08 02:31 - 01477056 _____ (NVIDIA Corporation) C:\Windows\System32\nvspcap.dll
2017-06-24 09:22 - 2017-06-08 02:31 - 01317312 _____ (NVIDIA Corporation) C:\Windows\System32\nvspbridge.dll
2017-06-24 09:22 - 2017-06-08 02:31 - 00100288 _____ C:\Windows\System32\NvRtmpStreamer32.dll
2017-06-24 09:11 - 2017-06-08 02:31 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-06-24 09:09 - 2017-06-08 00:38 - 00134592 _____ (NVIDIA Corporation) C:\Windows\System32\nvStreaming.exe
2017-06-24 09:04 - 2017-06-24 09:04 - 00000000 ____D C:\Program Files\VulkanRT
2017-06-24 09:04 - 2017-03-10 22:17 - 00525600 _____ C:\Windows\System32\vulkan-1.bak
2017-06-24 09:04 - 2017-03-10 22:17 - 00233760 _____ C:\Windows\System32\vulkaninfo.bak
2017-06-24 09:03 - 2017-06-08 00:52 - 04019320 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2017-06-24 09:03 - 2017-06-08 00:52 - 02103416 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc.dll
2017-06-24 09:03 - 2017-06-08 00:52 - 01762936 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2017-06-24 09:03 - 2017-06-08 00:52 - 00462784 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll
2017-06-24 09:03 - 2017-06-08 00:52 - 00381888 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2017-06-24 09:03 - 2017-06-08 00:52 - 00082040 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll
2017-06-24 09:03 - 2017-06-08 00:52 - 00068728 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2017-06-24 09:03 - 2017-06-08 00:51 - 08075477 _____ C:\Windows\System32\nvcoproc.bin
2017-06-24 08:58 - 2017-06-24 12:50 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-24 08:58 - 2017-06-08 02:31 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-06-24 08:57 - 2017-06-24 10:13 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-06-24 08:45 - 2017-06-08 02:31 - 00143296 _____ (NVIDIA Corporation) C:\Windows\System32\nvaudcap32v.dll
2017-06-24 08:45 - 2017-06-08 02:31 - 00042904 _____ (NVIDIA Corporation) C:\Windows\System32\nvhdap32.dll
2017-06-24 08:44 - 2017-06-08 02:31 - 00944208 _____ (NVIDIA Corporation) C:\Windows\System32\nvhdagenco3220103.dll
2017-06-24 08:43 - 2017-06-08 02:31 - 35281344 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2017-06-24 08:43 - 2017-06-08 02:31 - 28593272 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
2017-06-24 08:43 - 2017-06-08 02:31 - 17424984 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2um.dll
2017-06-24 08:43 - 2017-06-08 02:31 - 13402816 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dum.dll
2017-06-24 08:43 - 2017-06-08 02:31 - 09248144 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2017-06-24 08:43 - 2017-06-08 02:31 - 09014976 _____ (NVIDIA Corporation) C:\Windows\System32\nvptxJitCompiler.dll
2017-06-24 08:43 - 2017-06-08 02:31 - 08808488 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2017-06-24 08:43 - 2017-06-08 02:31 - 03604184 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi.dll
2017-06-24 08:43 - 2017-06-08 02:31 - 03020920 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2017-06-24 08:43 - 2017-06-08 02:31 - 01095800 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco3238253.dll
2017-06-24 08:43 - 2017-06-08 02:31 - 00993728 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC.dll
2017-06-24 08:43 - 2017-06-08 02:31 - 00935032 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco3238253.dll
2017-06-24 08:43 - 2017-06-08 02:31 - 00914880 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR.dll
2017-06-24 08:43 - 2017-06-08 02:31 - 00577728 _____ (NVIDIA Corporation) C:\Windows\System32\nvfatbinaryLoader.dll
2017-06-24 08:43 - 2017-06-08 02:31 - 00499136 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFROpenGL.dll
2017-06-24 08:43 - 2017-06-08 02:31 - 00426128 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI.dll
2017-06-24 08:43 - 2017-06-08 02:31 - 00406552 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshim.dll
2017-06-24 08:43 - 2017-06-08 02:31 - 00148016 _____ (NVIDIA Corporation) C:\Windows\System32\nvinit.dll
2017-06-24 08:43 - 2017-06-08 02:31 - 00131720 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim32.dll
2017-06-24 08:43 - 2017-06-08 02:31 - 00037470 _____ C:\Windows\System32\nvinfo.pb
2017-06-24 08:43 - 2017-06-08 02:31 - 00000669 _____ C:\Windows\System32\nv-vk32.json
2017-06-24 08:39 - 2017-06-24 09:22 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-06-24 08:31 - 2017-06-24 08:31 - 00000000 ____D C:\NVIDIA
2017-06-24 07:46 - 2017-06-24 07:46 - 00000874 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2017-06-24 07:25 - 2017-06-24 07:25 - 00108824 _____ C:\Users\Szymon\AppData\Local\GDIPFONTCACHEV1.DAT
2017-06-24 07:05 - 2017-06-24 07:07 - 00411064 _____ C:\Windows\System32\FNTCACHE.DAT
2017-06-23 23:08 - 2015-05-08 05:14 - 00001904 ____N C:\Windows\System32\SetupBD.din
2017-06-23 23:07 - 2015-05-08 05:14 - 00357136 _____ (Intel Corporation) C:\Windows\System32\PROUnstl.exe
2017-06-23 22:12 - 2017-04-27 23:50 - 03550208 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_47.dll
2017-06-23 22:12 - 2016-09-15 15:51 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\UtcResources.dll
2017-06-23 22:12 - 2016-08-21 14:05 - 00935424 _____ (Microsoft Corporation) C:\Windows\System32\diagtrack.dll
2017-06-23 22:10 - 2017-05-21 05:10 - 00137960 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.bak
2017-06-23 22:10 - 2017-05-21 04:43 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.bak
2017-06-23 22:10 - 2017-05-21 04:42 - 00124416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.bak
2017-06-23 22:10 - 2017-05-21 04:42 - 00098304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.bak
2017-06-23 22:10 - 2017-05-07 16:14 - 00078568 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.bak
2017-06-23 22:10 - 2017-04-07 16:26 - 00730344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.bak
2017-06-23 22:10 - 2017-04-04 15:52 - 00338944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.bak
2017-06-23 22:10 - 2017-01-18 16:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\System32\ucrtbase.dll
2017-06-23 22:10 - 2017-01-18 16:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-private-l1-1-0.dll
2017-06-23 22:10 - 2017-01-18 16:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-math-l1-1-0.dll
2017-06-23 22:10 - 2017-01-18 16:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-06-23 22:10 - 2017-01-18 16:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-string-l1-1-0.dll
2017-06-23 22:10 - 2017-01-18 16:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-stdio-l1-1-0.dll
2017-06-23 22:10 - 2017-01-18 16:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-runtime-l1-1-0.dll
2017-06-23 22:10 - 2017-01-18 16:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-convert-l1-1-0.dll
2017-06-23 22:10 - 2017-01-18 16:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-time-l1-1-0.dll
2017-06-23 22:10 - 2017-01-18 16:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-2-0.dll
2017-06-23 22:10 - 2017-01-18 16:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-06-23 22:10 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-process-l1-1-0.dll
2017-06-23 22:10 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-heap-l1-1-0.dll
2017-06-23 22:10 - 2017-01-18 16:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-conio-l1-1-0.dll
2017-06-23 22:10 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-utility-l1-1-0.dll
2017-06-23 22:10 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-locale-l1-1-0.dll
2017-06-23 22:10 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-environment-l1-1-0.dll
2017-06-23 22:10 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2017-06-23 22:10 - 2017-01-18 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-1.dll
2017-06-23 22:10 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l2-1-0.dll
2017-06-23 22:10 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-timezone-l1-1-0.dll
2017-06-23 22:10 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l2-1-0.dll
2017-06-23 22:10 - 2017-01-18 16:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-2-0.dll
2017-06-23 22:09 - 2017-05-21 05:10 - 00067304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.bak
2017-06-23 22:09 - 2017-05-12 18:45 - 00050688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.bak
2017-06-23 22:03 - 2015-06-18 23:53 - 00003125 _____ C:\Windows\System32\e1d6232.din
2017-06-23 22:03 - 2015-06-17 15:28 - 00074224 _____ (Intel Corporation) C:\Windows\System32\NicInstD.dll
2017-06-23 22:03 - 2014-04-19 17:18 - 00073512 _____ (Intel Corporation) C:\Windows\System32\e1dmsg.dll
2017-06-23 22:03 - 2014-04-19 03:17 - 00111904 _____ (Intel Corporation) C:\Windows\System32\NicCo4.dll
2017-06-23 20:56 - 2015-12-08 22:54 - 01202688 _____ (Microsoft Corporation) C:\Windows\System32\WMALFXGFXDSP.dll
2017-06-23 20:56 - 2015-12-08 22:53 - 00338944 _____ (Microsoft Corporation) C:\Windows\System32\SysFxUI.dll
2017-06-23 20:46 - 2009-08-24 21:08 - 00028160 _____ (mst software GmbH, Germany) C:\Windows\System32\DfSdkBt.exe
2017-06-23 20:45 - 2017-06-23 20:45 - 00000000 ____D C:\ProgramData\Ashampoo
2017-06-23 20:45 - 2017-06-23 20:45 - 00000000 ____D C:\Program Files\Ashampoo
2017-06-23 20:21 - 2017-06-23 20:22 - 26123263 _____ C:\Users\Szymon\Downloads\Ashampoo WinOptimizer 15.00.02 Portable.rar
2017-06-23 20:18 - 2017-06-23 20:20 - 26914472 _____ (Ashampoo GmbH & Co. KG ) C:\Users\Szymon\Downloads\ashampoo_winoptimizer_15_15.00.02_sm.exe
2017-06-23 20:16 - 2017-06-23 20:16 - 00000000 ____D C:\Windows\pss
2017-06-23 18:46 - 2015-09-04 10:35 - 24050504 _____ (Intel Corporation) C:\Windows\System32\SET4DD6.tmp
2017-06-23 18:46 - 2015-09-04 10:35 - 24050504 _____ (Intel Corporation) C:\Windows\System32\igdumdim32.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 17331808 _____ C:\Windows\System32\igd11dxva32.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 10852352 _____ (Intel Corporation) C:\Windows\System32\igdfcl32.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 08683376 _____ (Intel Corporation) C:\Windows\System32\igd10iumd32.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 07508480 _____ (Intel Corporation) C:\Windows\System32\ig75icd32.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 06725182 _____ C:\Windows\System32\igdclbif.bin
2017-06-23 18:46 - 2015-09-04 10:35 - 04876008 _____ (Intel Corporation) C:\Windows\System32\igdusc32.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 03325440 _____ (Intel Corporation) C:\Windows\System32\igdrcl32.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 02000896 _____ (Intel Corporation) C:\Windows\System32\igfxLHM.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 01399240 _____ (Intel Corporation) C:\Windows\System32\iglhsip32.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 01131520 _____ (Intel Corporation) C:\Windows\System32\GfxResources.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 01064448 _____ (Intel Corporation) C:\Windows\System32\igfxcmjit32.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 01037928 _____ (Intel Corporation) C:\Windows\System32\Gfxv4_0.exe
2017-06-23 18:46 - 2015-09-04 10:35 - 01034344 _____ (Intel Corporation) C:\Windows\System32\Gfxv2_0.exe
2017-06-23 18:46 - 2015-09-04 10:35 - 01019664 _____ (Intel Corporation) C:\Windows\System32\igdmd32.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 00641530 _____ C:\Windows\System32\FilmModeDetection.wmv
2017-06-23 18:46 - 2015-09-04 10:35 - 00624128 _____ (Intel Corporation) C:\Windows\System32\MetroIntelGenericUIFramework.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 00623104 _____ (Intel Corporation) C:\Windows\System32\igfxDH.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 00413800 _____ C:\Windows\System32\igfxTray.exe
2017-06-23 18:46 - 2015-09-04 10:35 - 00403671 _____ C:\Windows\System32\ImageStabilization.wmv
2017-06-23 18:46 - 2015-09-04 10:35 - 00403048 _____ (Intel Corporation) C:\Windows\System32\GfxUIEx.exe
2017-06-23 18:46 - 2015-09-04 10:35 - 00375173 _____ C:\Windows\System32\ColorImageEnhancement.wmv
2017-06-23 18:46 - 2015-09-04 10:35 - 00374272 _____ (Intel Corporation) C:\Windows\System32\igdbcl32.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 00339560 _____ (Intel Corporation) C:\Windows\System32\DPTopologyApp.exe
2017-06-23 18:46 - 2015-09-04 10:35 - 00339048 _____ (Intel Corporation) C:\Windows\System32\DPTopologyAppv2_0.exe
2017-06-23 18:46 - 2015-09-04 10:35 - 00330240 _____ (Intel Corporation) C:\Windows\System32\igfxOSP.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 00304128 _____ (Intel Corporation) C:\Windows\System32\IntelOpenCL32.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 00291432 _____ (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
2017-06-23 18:46 - 2015-09-04 10:35 - 00279144 _____ (Intel Corporation) C:\Windows\System32\IntelCpHeciSvc.exe
2017-06-23 18:46 - 2015-09-04 10:35 - 00263120 _____ (Intel Corporation) C:\Windows\System32\igd10idpp32.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 00260200 _____ (Intel Corporation) C:\Windows\System32\igfxEM.exe
2017-06-23 18:46 - 2015-09-04 10:35 - 00252928 _____ (Intel Corporation) C:\Windows\System32\igfxDI.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 00232960 _____ C:\Windows\System32\igfxCPL.cpl
2017-06-23 18:46 - 2015-09-04 10:35 - 00209512 _____ (Intel Corporation) C:\Windows\System32\igfxHK.exe
2017-06-23 18:46 - 2015-09-04 10:35 - 00191488 _____ (Intel Corporation) C:\Windows\System32\igfxDTCM.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 00184352 _____ (Intel Corporation) C:\Windows\System32\iglhcp32.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 00183400 _____ (Intel Corporation) C:\Windows\System32\igfxext.exe
2017-06-23 18:46 - 2015-09-04 10:35 - 00179200 _____ (Intel Corporation) C:\Windows\System32\igfx11cmrt32.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 00178672 _____ (Intel Corporation) C:\Windows\System32\igfxcmrt32.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 00176128 _____ (Intel Corporation) C:\Windows\System32\igfxCoIn_v4280.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 00153088 _____ C:\Windows\System32\igdde32.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 00152064 _____ (Intel Corporation) C:\Windows\System32\igdail32.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 00086528 _____ (Khronos Group) C:\Windows\System32\Intel_OpenCL_ICD32.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 00084028 _____ C:\Windows\System32\iglhxs32.vp
2017-06-23 18:46 - 2015-09-04 10:35 - 00080384 _____ C:\Windows\System32\igfxCUIServicePS.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 00073728 _____ ( ) C:\Windows\System32\igfxDHLibv2_0.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 00060416 _____ ( ) C:\Windows\System32\igfxDHLib.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 00038640 _____ (Intel Corporation) C:\Windows\System32\igfxexps.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 00011264 _____ ( ) C:\Windows\System32\igfxDILib.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 00010752 _____ ( ) C:\Windows\System32\igfxDILibv2_0.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 00010240 _____ ( ) C:\Windows\System32\igfxEMLibv2_0.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 00010240 _____ ( ) C:\Windows\System32\igfxEMLib.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 00005120 _____ ( ) C:\Windows\System32\igfxLHMLibv2_0.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 00005120 _____ ( ) C:\Windows\System32\igfxLHMLib.dll
2017-06-23 18:46 - 2015-09-04 10:35 - 00000935 _____ C:\Windows\System32\Gfxv4_0.exe.config
2017-06-23 18:46 - 2015-09-04 10:35 - 00000935 _____ C:\Windows\System32\DPTopologyApp.exe.config
2017-06-23 18:46 - 2015-09-04 10:35 - 00000895 _____ C:\Windows\System32\Gfxv2_0.exe.config
2017-06-23 18:46 - 2015-09-04 10:35 - 00000895 _____ C:\Windows\System32\DPTopologyAppv2_0.exe.config
2017-06-23 17:33 - 2016-07-20 17:54 - 04273456 _____ (Realtek Semiconductor Corporation ) C:\Windows\System32\rtwlanu.sys
2017-06-23 17:33 - 2016-07-20 17:54 - 01034032 _____ (Realtek Semiconductor Corp. ) C:\Windows\System32\Rtlihvs.dll
2017-06-23 17:33 - 2016-07-20 17:54 - 00105784 _____ (Realtek Semiconductor Corp. ) C:\Windows\System32\RtlExtUI.dll
2017-06-23 17:33 - 2016-07-20 17:53 - 00020377 _____ C:\Windows\System32\netrtwlanu.cat
2017-06-23 17:33 - 2016-06-21 09:28 - 00000633 _____ C:\Windows\System32\TP_PHY_REG_PG_Enc.txt
2017-06-23 17:33 - 2016-06-21 09:27 - 00002101 _____ C:\Windows\System32\TP_TXPWR_LMT_Enc.txt
2017-06-23 08:48 - 2014-12-15 00:03 - 00019496 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\System32\fbnative.exe
2017-06-23 08:41 - 2017-06-23 09:04 - 27289666 _____ C:\Users\Szymon\Downloads\Niepotwierdzony 545951.crdownload
2017-06-23 08:33 - 2017-06-23 08:36 - 02808902 _____ C:\Users\Szymon\Downloads\INF(v10.1.1.8).zip
2017-06-22 17:22 - 2017-06-22 17:22 - 00015524 _____ C:\Windows\System32\results.xml
2017-06-22 16:48 - 2017-06-22 16:48 - 00000000 ____D C:\Windows\System32\RTCOM
2017-06-22 16:48 - 2013-07-30 10:14 - 02326744 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO.dll
2017-06-22 16:48 - 2013-07-30 07:04 - 00331544 _____ (Creative Technology Ltd.) C:\Windows\System32\MBWrp32.dll
2017-06-22 16:48 - 2013-07-29 11:41 - 00121560 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoInstII.dll
2017-06-22 16:48 - 2013-07-24 03:07 - 01932544 _____ (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioEQ.dll
2017-06-22 16:48 - 2013-07-24 03:07 - 00788224 _____ (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPOShell.dll
2017-06-22 16:48 - 2013-07-22 08:37 - 00769752 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApoApi.dll
2017-06-22 16:48 - 2013-07-18 07:48 - 02536664 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkPgExt.dll
2017-06-22 16:48 - 2013-04-24 10:16 - 01596488 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RTSndMgr.cpl
2017-06-22 16:48 - 2012-06-08 09:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\System32\MBAPO32.dll
2017-06-22 16:48 - 2011-12-16 07:57 - 00054360 _____ (Creative Technology Ltd.) C:\Windows\System32\MBppld32.dll
2017-06-22 16:48 - 2011-11-22 09:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoLDR.dll
2017-06-22 16:48 - 2010-11-08 00:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP32A.dll
2017-06-22 16:48 - 2010-11-08 00:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT32.dll
2017-06-22 16:48 - 2010-11-08 00:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA32.dll
2017-06-22 16:48 - 2010-11-08 00:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED32A.dll
2017-06-22 16:48 - 2010-11-08 00:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL32A.dll
2017-06-22 16:48 - 2010-11-08 00:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG32A.dll
2017-06-22 16:48 - 2010-09-27 02:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO20.dll
2017-06-22 16:48 - 2009-12-04 08:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO.dll
2017-06-22 16:48 - 2009-11-24 02:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\System32\SRSTSXT.dll
2017-06-22 16:48 - 2009-11-24 02:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\System32\SRSTSHD.dll
2017-06-22 16:48 - 2009-11-24 02:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\System32\SRSHP360.dll
2017-06-22 16:48 - 2009-11-24 02:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\System32\SRSWOW.dll
2017-06-22 16:48 - 2009-11-18 11:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\System32\WavesLib.dll
2017-06-22 16:48 - 2009-11-18 00:13 - 00050776 _____ (Creative Technology Ltd.) C:\Windows\System32\MBPPCn32.dll
2017-06-22 16:47 - 2013-07-17 09:16 - 02396192 _____ (Fortemedia Corporation) C:\Windows\System32\FMAPO.dll
2017-06-22 16:47 - 2013-06-05 14:42 - 00181960 _____ (Andrea Electronics Corporation) C:\Windows\System32\AERTACap.dll
2017-06-22 16:47 - 2012-06-20 10:26 - 00090624 _____ (Real Sound Lab SIA) C:\Windows\System32\CONEQMSAPOGUILibrary.dll
2017-06-22 16:47 - 2012-03-08 04:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\System32\AERTARen.dll
2017-06-22 16:38 - 2017-06-22 16:38 - 00000000 ____D C:\Program Files\Marvell
2017-06-22 16:27 - 2017-06-22 16:28 - 00000000 ____D C:\ProgramData\Intel
2017-06-22 16:27 - 2017-06-22 16:27 - 00000000 ____D C:\Program Files\Common Files\postureAgent
2017-06-22 16:26 - 2013-09-03 15:52 - 01629040 _____ (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01011.dll
2017-06-22 16:24 - 2017-06-24 07:43 - 00000000 ____D C:\Program Files\Common Files\Intel
2017-06-22 16:23 - 2014-05-21 09:31 - 00187348 __RSH C:\Windows\System32\resTHA.cui
2017-06-22 16:23 - 2014-05-21 09:31 - 00180164 __RSH C:\Windows\System32\resELL.cui
2017-06-22 16:23 - 2014-05-21 09:31 - 00176020 __RSH C:\Windows\System32\resRUS.cui
2017-06-22 16:23 - 2014-05-21 09:31 - 00161876 __RSH C:\Windows\System32\resARA.cui
2017-06-22 16:23 - 2014-05-21 09:31 - 00161332 __RSH C:\Windows\System32\resHEB.cui
2017-06-22 16:23 - 2014-05-21 09:31 - 00161268 __RSH C:\Windows\System32\resJPN.cui
2017-06-22 16:23 - 2014-05-21 09:31 - 00156692 __RSH C:\Windows\System32\resFRA.cui
2017-06-22 16:23 - 2014-05-21 09:31 - 00156676 __RSH C:\Windows\System32\resHUN.cui
2017-06-22 16:23 - 2014-05-21 09:31 - 00154980 __RSH C:\Windows\System32\resKOR.cui
2017-06-22 16:23 - 2014-05-21 09:31 - 00154884 __RSH C:\Windows\System32\resITA.cui
2017-06-22 16:23 - 2014-05-21 09:31 - 00154884 __RSH C:\Windows\System32\resDEU.cui
2017-06-22 16:23 - 2014-05-21 09:31 - 00154724 __RSH C:\Windows\System32\resROM.cui
2017-06-22 16:23 - 2014-05-21 09:31 - 00154612 __RSH C:\Windows\System32\resESN.cui
2017-06-22 16:23 - 2014-05-21 09:31 - 00154180 __RSH C:\Windows\System32\resPLK.cui
2017-06-22 16:23 - 2014-05-21 09:31 - 00154036 __RSH C:\Windows\System32\resSKY.cui
2017-06-22 16:23 - 2014-05-21 09:31 - 00153844 __RSH C:\Windows\System32\resNLD.cui
2017-06-22 16:23 - 2014-05-21 09:31 - 00153284 __RSH C:\Windows\System32\resPTB.cui
2017-06-22 16:23 - 2014-05-21 09:31 - 00153140 __RSH C:\Windows\System32\resTRK.cui
2017-06-22 16:23 - 2014-05-21 09:31 - 00153108 __RSH C:\Windows\System32\resCSY.cui
2017-06-22 16:23 - 2014-05-21 09:31 - 00152980 __RSH C:\Windows\System32\resPTG.cui
2017-06-22 16:23 - 2014-05-21 09:31 - 00152564 __RSH C:\Windows\System32\resFIN.cui
2017-06-22 16:23 - 2014-05-21 09:31 - 00152132 __RSH C:\Windows\System32\resHRV.cui
2017-06-22 16:23 - 2014-05-21 09:31 - 00151684 __RSH C:\Windows\System32\resSVE.cui
2017-06-22 16:23 - 2014-05-21 09:31 - 00151508 __RSH C:\Windows\System32\resSLV.cui
2017-06-22 16:23 - 2014-05-21 09:31 - 00150580 __RSH C:\Windows\System32\resNOR.cui
2017-06-22 16:23 - 2014-05-21 09:31 - 00150068 __RSH C:\Windows\System32\resDAN.cui
2017-06-22 16:23 - 2014-05-21 09:31 - 00148756 __RSH C:\Windows\System32\resENU.cui
2017-06-22 16:23 - 2014-05-21 09:31 - 00146980 __RSH C:\Windows\System32\resCHT.cui
2017-06-22 16:23 - 2014-05-21 09:31 - 00146148 __RSH C:\Windows\System32\resCHS.cui
2017-06-22 16:23 - 2014-05-21 09:30 - 02108679 _____ C:\Windows\System32\iglhxa32.cpa
2017-06-22 16:23 - 2014-05-21 09:30 - 00153600 _____ (Intel Corporation) C:\Windows\System32\igfxCoIn_v3621.dll
2017-06-22 16:23 - 2014-05-21 09:30 - 00094208 _____ C:\Windows\System32\IccLibDll.dll
2017-06-22 16:23 - 2014-05-21 09:30 - 00044235 _____ C:\Windows\System32\iglhxo32.vp
2017-06-22 16:23 - 2014-05-21 09:30 - 00044053 _____ C:\Windows\System32\iglhxo32_dev.vp
2017-06-22 16:23 - 2014-05-21 09:30 - 00043760 _____ C:\Windows\System32\iglhxg32_dev.vp
2017-06-22 16:23 - 2014-05-21 09:30 - 00043270 _____ C:\Windows\System32\iglhxc32.vp
2017-06-22 16:23 - 2014-05-21 09:30 - 00042654 _____ C:\Windows\System32\iglhxc32_dev.vp
2017-06-22 16:23 - 2014-05-21 09:30 - 00001125 _____ C:\Windows\System32\iglhxa32.vp
2017-06-22 16:23 - 2014-05-21 09:30 - 00000895 _____ C:\Windows\System32\CustomModeAppv2_0.exe.config
2017-06-22 16:23 - 2014-05-21 09:30 - 00000889 _____ C:\Windows\System32\CustomModeApp.exe.config
2017-06-22 16:21 - 2014-05-21 09:30 - 00044474 _____ C:\Windows\System32\iglhxg32.vp
2017-06-22 16:20 - 2017-06-24 07:46 - 00000000 ____D C:\Program Files\Intel
2017-06-22 16:20 - 2013-08-05 04:50 - 00053248 ____R (Windows XP Bundled build C-Centric Single User) C:\Windows\System32\CSVer.dll
2017-06-22 16:19 - 2017-06-24 07:44 - 00000000 ____D C:\Intel
2017-06-22 16:19 - 2017-06-22 16:19 - 00000000 ____D C:\Users\Szymon\Downloads\ASRSetup
2017-05-06 18:53 - 2017-05-06 18:53 - 00000000 ____D C:\Program Files\KCP
2017-05-06 18:52 - 2017-05-06 18:53 - 17138368 _____ (Haruhichan.com ) C:\Users\Szymon\Downloads\KCP-0.6.0.6_[A5299F73].exe
 
==================== Three Months Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-02 08:06 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2017-08-01 20:51 - 2009-07-14 09:29 - 00000000 ____D C:\Program Files\Windows Journal
2017-08-01 20:50 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\DVD Maker
2017-08-01 20:49 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\migwiz
2017-08-01 20:48 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-08-01 20:46 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\Dism
2017-07-26 04:40 - 2010-09-04 17:58 - 00000000 ____D C:\Users\Szymon\Downloads\LSoft.Active.Undelete.Enterprise.Edition.v7.1.050-Lz0
2017-07-26 04:40 - 2010-07-21 20:52 - 00000000 ____D C:\users\Szymon
2017-07-20 07:30 - 2012-09-22 21:00 - 00155146 ____H C:\treeinfo.wc
2017-07-17 22:31 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\drivers.bak
 
Some files in TEMP:
====================
2008-03-28 21:09 - 2008-03-28 21:09 - 0459400 ____R (Macrovision Corporation) C:\Users\Szymon\AppData\Local\Temp\_isE13.exe
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points  =========================
 
 
==================== BCD ================================
 
Menedľer rozruchu systemu Windows
---------------------------------
Identyfikator              {bootmgr}
device                  partition=C:
path                    \bootmgr
description             Windows Boot Manager
locale                  pl-PL
default                 {default}
displayorder            {default}
timeout                 30
 
Modu adujĄcy rozruchu systemu Windows
---------------------------------------
Identyfikator              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7 Professional (odzyskano) 
locale                  pl-PL
recoverysequence        {7435e105-786e-11e7-814d-fc63c21fd750}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
 
Modu adujĄcy rozruchu systemu Windows
---------------------------------------
Identyfikator              {7435e105-786e-11e7-814d-fc63c21fd750}
device                  ramdisk=[C:]\Recovery\1a190fb4-9508-11df-a327-ec5951198d1a\Winre.wim,{7435e106-786e-11e7-814d-fc63c21fd750}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment (odzyskano) 
locale                  
osdevice                ramdisk=[C:]\Recovery\1a190fb4-9508-11df-a327-ec5951198d1a\Winre.wim,{7435e106-786e-11e7-814d-fc63c21fd750}
systemroot              \windows
winpe                   Yes
 
Modu testujĄcy pami©† systemu Windows
--------------------------------------
Identyfikator              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  pl-PL
 
Opcje urzĄdzenia
----------------
Identyfikator              {7435e106-786e-11e7-814d-fc63c21fd750}
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\1a190fb4-9508-11df-a327-ec5951198d1a\boot.sdi
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 14%
Total physical RAM: 3975.01 MB
Available physical RAM: 3396.44 MB
Total Virtual: 3973.3 MB
Available Virtual: 3402.3 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:293.65 GB) (Free:18.89 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Zastrzeżone przez system) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Data) (Fixed) (Total:1103.51 GB) (Free:369.03 GB) NTFS
Drive g: (GSP1RMCULFRER_PL_DVD) (Removable) (Total:14.44 GB) (Free:6.67 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 5BC53D8B)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=293.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1103.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 14.4 GB) (Disk ID: 0C7246F3)
Partition 1: (Active) - (Size=14.4 GB) - (Type=07 NTFS)
 
LastRegBack: 2017-06-22 18:17
 
==================== End of FRST.txt ============================

 



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,692 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:53 PM

Posted 03 August 2017 - 03:26 PM

Welcome. :)
 
Why are there drivers with  a ,bak extension?
 
Please download the enclosed file. [attachment=196679:Fixlist.txt] Save it n the same location FRST (FRST64) is saved. Open FRST (FRST64) as you did before and click on the Fix button.
 
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.  Please copy and paste its contents in your next reply.


Edited by JSntgRvr, 03 August 2017 - 03:30 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,692 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:53 PM

Posted 05 August 2017 - 09:32 PM

Are you still with us?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 gercio

gercio
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 10 August 2017 - 04:00 AM

Hi, absolutely. You are my last resort.

The *.bak are because I was trying to see if removing drivers would help (specifically the AMD ones - the rig is on i3).

 

The output:

1394bus.sys
1394ohci.sys
acpi.sys
acpipmi.sys
adp94xx.sys
adpahci.sys
adpu320.sys
afd.bak
afd.sys
agilevpn.sys
AGP440.sys
aliide.sys
AMDAGP.bak
amdide.bak
amdk8.bak
amdppm.bak
amdsata.bak
amdsbs.bak
amdxata.bak
appid.bak
appid.sys
arc.sys
arcsas.sys
asyncmac.sys
atapi.sys
ataport.sys
b57nd60x.sys
battc.sys
beep.sys
blbdrive.sys
bowser.bak
bowser.sys
BrFiltLo.sys
BrFiltUp.sys
bridge.sys
BrSerId.sys
BrSerWdm.sys
BrUsbMdm.sys
BrUsbSer.sys
bthmodem.sys
bxvbdx.sys
cdfs.sys
cdrom.sys
circlass.sys
Classpnp.sys
CmBatt.sys
cmdide.sys
cng.bak
cng.sys
compbatt.sys
CompositeBus.sys
crashdmp.sys
crcdisk.sys
csc.sys
dfsc.bak
dfsc.sys
discache.sys
disk.bak
Diskdump.sys
djsvs.sys
drmk.sys
drmkaud.bak
Dumpata.sys
dumpfve.sys
dxapi.sys
dxg.sys
dxgkrnl.bak
dxgkrnl.sys
dxgmms1.sys
E1G60I32.sys
elxstor.sys
en-US
errdev.sys
etc
evbdx.sys
exfat.sys
fastfat.sys
fdc.sys
fileinfo.sys
filetrace.sys
flpydisk.sys
fltMgr.sys
fsdepends.sys
fs_rec.bak
fs_rec.sys
fvevol.bak
fvevol.sys
FWPKCLNT.SYS
GAGP30KX.SYS
gm.dls
gmreadme.txt
hcw85cir.sys
hdaudbus.sys
HdAudio.bak
hidbatt.sys
hidbth.sys
hidclass.sys
hidir.sys
hidparse.sys
hidusb.sys
HpSAMD.sys
http.bak
http.sys
hwpolicy.sys
i8042prt.sys
iaStorV.bak
iirsp.sys
intelide.sys
intelppm.sys
ipfltdrv.sys
IPMIDrv.sys
ipnat.sys
irda.sys
irenum.sys
isapnp.sys
kbdclass.sys
kbdhid.sys
ks.sys
ksecdd.bak
ksecdd.sys
ksecpkg.bak
ksecpkg.sys
lltdio.sys
lsi_fc.sys
lsi_sas.sys
lsi_sas2.sys
lsi_scsi.sys
luafv.sys
mcd.sys
megasas.sys
MegaSR.sys
modem.sys
monitor.sys
mouclass.sys
mouhid.sys
mountmgr.bak
mountmgr.sys
mpio.sys
mpsdrv.sys
mrxdav.bak
mrxdav.sys
mrxsmb.bak
mrxsmb.sys
mrxsmb10.bak
mrxsmb10.sys
mrxsmb20.bak
mrxsmb20.sys
msahci.sys
msdsm.sys
msfs.sys
MsftWdf_Kernel_01011_Inbox_Critical.Wdf
mshidkmdf.sys
msisadrv.sys
msiscsi.bak
mskssrv.sys
mspclock.sys
mspqm.sys
msrpc.sys
mssmbios.sys
mstee.sys
MTConfig.sys
mup.sys
ndis.bak
ndis.sys
ndiscap.sys
ndistapi.sys
ndisuio.sys
ndiswan.sys
ndproxy.sys
netbios.sys
netbt.bak
netbt.sys
netio.sys
nfrd960.sys
npfs.sys
nsiproxy.sys
ntfs.sys
null.sys
nvraid.sys
nvstor.sys
NV_AGP.SYS
nwifi.sys
ohci1394.sys
pacer.sys
parport.sys
partmgr.sys
parvdm.sys
pci.sys
pciide.sys
pciidex.sys
pcmcia.sys
pcw.sys
PEAuth.sys
pl-PL
portcls.sys
processr.sys
ql2300.sys
ql40xx.sys
qwavedrv.sys
rasacd.sys
rasl2tp.sys
raspppoe.sys
raspptp.sys
rassstp.sys
rdbss.sys
rdpbus.sys
RDPCDD.sys
rdpdr.sys
RDPENCDD.sys
RDPREFMP.sys
rdpvideominiport.sys
rdpwd.bak
rdpwd.sys
rdyboost.sys
rmcast.sys
RNDISMP.sys
rootmdm.sys
rspndr.sys
sbp2port.sys
scfilter.sys
scsiport.sys
secdrv.sys
serenum.sys
serial.sys
sermouse.sys
sffdisk.sys
sffp_mmc.sys
sffp_sd.sys
sfloppy.sys
SISAGP.SYS
sisraid2.sys
sisraid4.sys
smb.sys
smclib.sys
spldr.sys
spsys.sys
srv.sys
srv2.sys
srvnet.sys
stexstor.sys
storport.sys
stream.sys
swenum.sys
tape.sys
tcpip.sys
tcpipreg.sys
tdi.sys
tdpipe.sys
tdtcp.sys
tdx.sys
termdd.sys
terminpt.sys
tssecsrv.sys
TsUsbFlt.sys
TsUsbGD.sys
tunnel.sys
UAGP35.SYS
udfs.sys
ULIAGPKX.SYS
umbus.sys
UMDF
umpass.sys
usb8023.sys
USBCAMD.sys
USBCAMD2.sys
usbccgp.sys
usbcir.sys
usbd.sys
usbehci.sys
usbhub.sys
usbohci.sys
usbport.sys
usbprint.sys
usbrpm.sys
USBSTOR.SYS
usbuhci.sys
vdrvroot.sys
vga.sys
vgapnp.sys
vhdmp.sys
VIAAGP.SYS
viac7.sys
viaide.sys
videoprt.sys
volmgr.sys
volmgrx.sys
volsnap.sys
vsmraid.sys
vwifibus.sys
vwififlt.sys
vwifimp.sys
wacompen.sys
wanarp.sys
watchdog.sys
wd.sys
Wdf01000.bak
Wdf01000.sys
WdfLdr.sys
wfplwf.sys
wimmount.sys
wmiacpi.sys
wmilib.sys
ws2ifsl.sys
WUDFPf.sys
WUDFRd.sys


#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,692 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:53 PM

Posted 10 August 2017 - 11:17 AM

Please download the enclosed file. [attachment=196847:Fixlist.txt] Save it n the same location FRST (FRST64) is saved. Open FRST (FRST64) as you did before and click on the Fix button.
 
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.  Please copy and paste its contents in your next reply.

 

 

Afterwards, re-scan with FRST and port the new log.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 gercio

gercio
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 11 August 2017 - 01:58 AM

Hi,

This is the log after the fix.

Later today I will post the log result.

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 23-07-2017
Ran by SYSTEM (11-08-2017 07:31:28) Run:1
Running from G:\
Boot Mode: Recovery
 
==============================================
 
fixlist content:
*****************
CMD: Ren C:\Windows\System32\Drivers\disk.bak disk.sys
CMD: Ren C:\Windows\System32\Drivers\msiscsi.bak msiscsi.sys
CMD: Ren C:\Windows\System32\Drivers\drmkaud.bak drmkaud.sys
CMD: Ren C:\Windows\System32\Drivers\amdxata.bak amdxata.sys
CMD: Ren C:\Windows\System32\Drivers\amdsbs.bak amdsbs.sys
CMD: Ren C:\Windows\System32\Drivers\amdsata.bak amdsata.sys
CMD: Ren C:\Windows\System32\Drivers\amdppm.bak amdppm.sys
CMD: Ren C:\Windows\System32\Drivers\amdk8.bak amdk8.sys
CMD: Ren C:\Windows\System32\Drivers\amdide.bak amdide.sys
CMD: Ren C:\Windows\System32\Drivers\AMDAGP.bak AMDAGP.sys
CMD: Ren C:\Windows\System32\Drivers\HdAudio.bak HdAudio.sys
CMD: Ren C:\Windows\System32\Drivers\iaStorV.bak iaStorV.sys
C:\Windows\System32\Drivers\fvevol.bak
C:\Windows\System32\Drivers\fs_rec.bak
C:\Windows\System32\Drivers\dfsc.bak
C:\Windows\System32\Drivers\appid.bak
C:\Windows\System32\Drivers\bowser.bak
C:\Windows\System32\Drivers\cng.bak
C:\Windows\System32\Drivers\dxgkrnl.bak
C:\Windows\System32\Drivers\fs_rec.bak
C:\Windows\System32\Drivers\http.bak
C:\Windows\System32\Drivers\ksecdd.bak
C:\Windows\System32\Drivers\ksecpkg.bak
C:\Windows\System32\Drivers\mountmgr.bak
C:\Windows\System32\Drivers\mrxdav.bak
C:\Windows\System32\Drivers\mrxsmb.bak
C:\Windows\System32\Drivers\mrxsmb10.bak
C:\Windows\System32\Drivers\mrxsmb20.bak
C:\Windows\System32\Drivers\ndis.bak
C:\Windows\System32\Drivers\netbt.bak
C:\Windows\System32\Drivers\rdpwd.bak
C:\Windows\System32\Drivers\Wdf01000.bak
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CMD: Dir /a /b C:\Windows\System32\Drivers.bak
 
*****************
 
 
========= Ren C:\Windows\System32\Drivers\disk.bak disk.sys =========
 
 
========= End of CMD: =========
 
 
========= Ren C:\Windows\System32\Drivers\msiscsi.bak msiscsi.sys =========
 
 
========= End of CMD: =========
 
 
========= Ren C:\Windows\System32\Drivers\drmkaud.bak drmkaud.sys =========
 
 
========= End of CMD: =========
 
 
========= Ren C:\Windows\System32\Drivers\amdxata.bak amdxata.sys =========
 
 
========= End of CMD: =========
 
 
========= Ren C:\Windows\System32\Drivers\amdsbs.bak amdsbs.sys =========
 
 
========= End of CMD: =========
 
 
========= Ren C:\Windows\System32\Drivers\amdsata.bak amdsata.sys =========
 
 
========= End of CMD: =========
 
 
========= Ren C:\Windows\System32\Drivers\amdppm.bak amdppm.sys =========
 
 
========= End of CMD: =========
 
 
========= Ren C:\Windows\System32\Drivers\amdk8.bak amdk8.sys =========
 
 
========= End of CMD: =========
 
 
========= Ren C:\Windows\System32\Drivers\amdide.bak amdide.sys =========
 
 
========= End of CMD: =========
 
 
========= Ren C:\Windows\System32\Drivers\AMDAGP.bak AMDAGP.sys =========
 
 
========= End of CMD: =========
 
 
========= Ren C:\Windows\System32\Drivers\HdAudio.bak HdAudio.sys =========
 
 
========= End of CMD: =========
 
 
========= Ren C:\Windows\System32\Drivers\iaStorV.bak iaStorV.sys =========
 
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\fvevol.bak => moved successfully
C:\Windows\System32\Drivers\fs_rec.bak => moved successfully
C:\Windows\System32\Drivers\dfsc.bak => moved successfully
C:\Windows\System32\Drivers\appid.bak => moved successfully
C:\Windows\System32\Drivers\bowser.bak => moved successfully
C:\Windows\System32\Drivers\cng.bak => moved successfully
C:\Windows\System32\Drivers\dxgkrnl.bak => moved successfully
"C:\Windows\System32\Drivers\fs_rec.bak" => not found.
C:\Windows\System32\Drivers\http.bak => moved successfully
C:\Windows\System32\Drivers\ksecdd.bak => moved successfully
C:\Windows\System32\Drivers\ksecpkg.bak => moved successfully
C:\Windows\System32\Drivers\mountmgr.bak => moved successfully
C:\Windows\System32\Drivers\mrxdav.bak => moved successfully
C:\Windows\System32\Drivers\mrxsmb.bak => moved successfully
C:\Windows\System32\Drivers\mrxsmb10.bak => moved successfully
C:\Windows\System32\Drivers\mrxsmb20.bak => moved successfully
C:\Windows\System32\Drivers\ndis.bak => moved successfully
C:\Windows\System32\Drivers\netbt.bak => moved successfully
C:\Windows\System32\Drivers\rdpwd.bak => moved successfully
C:\Windows\System32\Drivers\Wdf01000.bak => moved successfully
C:\Windows\System32\GroupPolicy\Machine => moved successfully
C:\Windows\System32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\System32\GroupPolicy\User => moved successfully
 
========= Dir /a /b C:\Windows\System32\Drivers.bak =========
 
1394bus.sys
1394ohci.sys
acpi.sys
acpipmi.sys
adp94xx.sys
adpahci.sys
adpu320.sys
afd.sys
agilevpn.sys
AGP440.sys
aliide.sys
amdacpksd.sys
AMDAGP.SYS
amdide.sys
amdk8.sys
amdppm.sys
amdsata.sys
amdsbs.sys
amdxata.sys
appid.sys
arc.sys
arcsas.sys
ASACPI.sys
AsIO.sys
AsrDrv101.sys
AsUpIO.sys
asyncmac.sys
atapi.sys
ataport.sys
athr.sys
ati2erec.dll
AtihdW73.sys
atikmdag.sys
atikmpag.sys
AtiPcie.sys.bak
ativcaxx.cpa
ativcaxx.vp
ativdkxx.vp
ativokxx.vp
ativpkxx.vp
ativvpxx.vp
avgdiskx.sys.bak
avgidsdriverx.sys.bak
avgidshx.sys.bak
avgidsshimx.sys.bak
avgldx86.sys.bak
avglogx.sys.bak
avgmfx86.sys.bak
avgrkx86.sys.bak
avgtdix.sys.bak
avgunivx.sys.bak
b57nd60x.sys
battc.sys
BazisVirtualCDBus.sys
beep.sys
blbdrive.sys
bowser.sys
BrFiltLo.sys
BrFiltUp.sys
bridge.sys
BrSerId.sys
BrSerWdm.sys
BrUsbMdm.sys
BrUsbSer.sys
bthmodem.sys
bxvbdx.sys
ccdcmb.sys
ccdcmbo.sys
cdfs.sys
cdr4_xp.sys
cdralw2k.sys
cdrom.sys
circlass.sys
Classpnp.sys
CmBatt.sys
cmdide.sys
cng.sys
compbatt.sys
CompositeBus.sys
crashdmp.sys
crcdisk.sys
csc.sys
dfsc.sys
discache.sys
disk.sys
Diskdump.sys
djsvs.sys
drmk.sys
drmkaud.sys
DSI_SiUSBXp_3_1.sys
Dumpata.sys
dumpfve.sys
dxapi.sys
dxg.sys
dxgkrnl.sys
dxgmms1.sys
e1d6232.sys
ElbyCDIO.sys
elxstor.sys
en-US
errdev.sys
etc
eubakup.sys
EUBKMON.sys
eudskacs.sys
EuFdDisk.sys
evbdx.sys
exfat.sys
fastfat.sys
fdc.sys
fileinfo.sys
filetrace.sys
flpydisk.sys
fltMgr.sys
fsdepends.sys
fs_rec.sys
fvevol.sys
FWPKCLNT.SYS
GAGP30KX.SYS
GEARAspiWDM.sys
gm.dls
gmreadme.txt
hcw85cir.sys
hdaudbus.sys
HdAudio.sys
hidbatt.sys
hidbth.sys
hidclass.sys
hidir.sys
hidparse.sys
hidusb.sys
HpSAMD.sys
http.sys
hwpolicy.sys
i8042prt.sys
iANSW60.sys
iaStorV.sys
igdkmd32.sys
iirsp.sys
IntcDAud.sys
intelide.sys
IntelMEFWVer.dll
intelppm.sys
ipfltdrv.sys
IPMIDrv.sys
ipnat.sys
iqvw32.sys
irda.sys
irenum.sys
isapnp.sys
iusb3hcs.sys
iusb3hub.sys
iusb3xhc.sys
kbdclass.sys
kbdhid.sys
ks.sys
ksecdd.sys
ksecpkg.sys
lltdio.sys
lsi_fc.sys
lsi_sas.sys
lsi_sas2.sys
lsi_scsi.sys
luafv.sys
mcd.sys
megasas.sys
MegaSR.sys
modem.sys
monitor.sys
motccgp.sys
motfilt.sys
motoandroid.sys
Motousbnet.sys
motswch.sys
mouclass.sys
mouhid.sys
mountmgr.sys
mpio.sys
mpsdrv.sys
mrxdav.sys
mrxsmb.sys
mrxsmb10.sys
mrxsmb20.sys
msahci.sys
msdsm.sys
msfs.sys
MsftWdf_Kernel_01011_Inbox_Critical.Wdf
Msft_Kernel_ccdcmb_01009.Wdf
Msft_Kernel_iusb3hcs_01009.Wdf
Msft_Kernel_motccgp_01009.Wdf
Msft_Kernel_motfilt_01009.Wdf
Msft_Kernel_motoandroid_01009.Wdf
Msft_Kernel_Motousbnet_01009.Wdf
Msft_Kernel_ssadadb_01005.Wdf
Msft_Kernel_TeeDriver_01011.Wdf
Msft_User_WpdFs_01_09_00.Wdf
Msft_User_WpdMtpDr_01_09_00.Wdf
mshidkmdf.sys
msisadrv.sys
msiscsi.sys
mskssrv.sys
mspclock.sys
mspqm.sys
msrpc.sys
mssmbios.sys
mstee.sys
MTConfig.sys
mup.sys
ndis.sys
ndiscap.sys
ndistapi.sys
ndisuio.sys
ndiswan.sys
ndproxy.sys
netbios.sys
netbt.sys
netio.sys
nfrd960.sys
npfs.sys
nsiproxy.sys
ntfs.sys
null.sys
nvhda32v.sys
nvlddmkm.sys
nvraid.sys
nvstor.sys
nvvad32v.sys
nvvhci.sys
NV_AGP.SYS
nwifi.sys
ohci1394.sys
pacer.sys
parport.sys
partmgr.sys
parvdm.sys
pccsmcfd.sys
pci.sys
pciide.sys
pciidex.sys
pcmcia.sys
pcw.sys
PEAuth.sys
pl-PL
portcls.sys
processr.sys
pxhelp20.sys
ql2300.sys
ql40xx.sys
qwavedrv.sys
rasacd.sys
rasl2tp.sys
raspppoe.sys
raspptp.sys
rassstp.sys
rdbss.sys
rdpbus.sys
RDPCDD.sys
rdpdr.sys
RDPENCDD.sys
RDPREFMP.sys
rdpwd.sys
rdyboost.sys
rmcast.sys
RNDISMP.sys
rootmdm.sys
rspndr.sys
Rt86win7.sys
RTAIODAT.DAT
RTKVHDA.sys
rtwlanu.sys
s1039bus.sys
s1039cm.sys
s1039cmnt.sys
s1039cr.sys
s1039mdfl.sys
s1039mdm.sys
s1039mgmt.sys
s1039nd5.sys
s1039obex.sys
s1039unic.sys
s1039wh.sys
s1039whnt.sys
sbp2port.sys
scfilter.sys
scsiport.sys
secdrv.sys
serenum.sys
serial.sys
sermouse.sys
sffdisk.sys
sffp_mmc.sys
sffp_sd.sys
sfloppy.sys
SiLib.sys
SISAGP.SYS
sisraid2.sys
sisraid4.sys
smb.sys
smclib.sys
spldr.sys
spsys.sys
srv.sys
srv2.sys
srvnet.sys
ssadadb.sys
ssadbus.sys
ssadcm.sys
ssadcmnt.sys
ssadmdfl.sys
ssadmdm.sys
ssadserd.sys
ssadwh.sys
ssadwhnt.sys
sscdbus.sys
sscdcm.sys
sscdcmnt.sys
sscdmdfl.sys
sscdmdm.sys
sscdwh.sys
sscdwhnt.sys
stexstor.sys
storport.sys
storvsc.sys
stream.sys
swenum.sys
tape.sys
tcpip.sys
tcpipreg.sys
tdi.sys
tdpipe.sys
tdtcp.sys
tdx.sys
TeeDriver.sys
termdd.sys
TP_PHY_REG_PG_Enc.txt
TP_TXPWR_LMT_Enc.txt
tssecsrv.sys
TsUsbFlt.sys
tunnel.sys
UAGP35.SYS
udfs.sys
ULIAGPKX.SYS
umbus.sys
UMDF
umpass.sys
USB3Ver.dll
usb8023.sys
usbaapl.sys
USBCAMD.sys
USBCAMD2.sys
usbccgp.sys
usbcir.sys
usbd.sys
usbehci.sys
usbhub.sys
usbohci.sys
usbport.sys
usbprint.sys
usbrpm.sys
usbser.sys
usbser_lowerflt.sys
usbser_lowerfltj.sys
USBSTOR.SYS
usbuhci.sys
VClone.sys
vdrvroot.sys
vd_filedisk.sys
vga.sys
vgapnp.sys
vhdmp.sys
VIAAGP.SYS
viac7.sys
viahduaa.sys
viaide.sys
videoprt.sys
vmbus.sys
VMBusHID.sys
vms3cap.sys
vmstorfl.sys
volmgr.sys
volmgrx.sys
volsnap.sys
vsmraid.sys
vwifibus.sys
vwififlt.sys
vwifimp.sys
wacompen.sys
wanarp.sys
watchdog.sys
wd.sys
Wdf01000.sys
WdfCoInstaller01005.dll
WdfLdr.sys
wfplwf.sys
wimmount.sys
winhv.sys
winusb.sys
wmiacpi.sys
wmilib.sys
ws2ifsl.sys
WUDFPf.sys
WUDFRd.sys
 
========= End of CMD: =========
 
 
==== End of Fixlog 07:31:29 ====


#7 gercio

gercio
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 11 August 2017 - 01:13 PM

Scan result:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-07-2017
Ran by SYSTEM on MININT-U3TBH7L (11-08-2017 20:09:32)
Running from F:\
Platform: Windows 7 Professional Service Pack 1 (X86) Language: Polski (Polska)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [amd_dc_opt] => C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [2183752 2017-03-10] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1683360 2010-05-24] (VIA)
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-03] (Intel Corporation)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12000984 2013-07-26] (Realtek Semiconductor)
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [1002552 2017-04-11] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4153408 2017-04-11] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [935184 2016-12-06] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [606360 2017-04-11] (AVG Technologies CZ, s.r.o.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279144 2015-09-04] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [291432 2015-09-04] (Intel Corporation)
S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [586240 2013-05-11] (Intel® Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [637912 2013-05-11] (Intel® Corporation)
S2 Intel® ME Service; C:\Program Files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
S2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola)
S4 Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [155344 2011-06-29] (Avanquest Software)
S3 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [4566824 2011-07-29] ()
S2 vToolbarUpdater40.3.7; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [1354312 2017-03-10] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-03-10] ()
S2 AMD External Events Utility; %SystemRoot%\system32\atiesrxx.exe [X]
S2 HDDHealth; C:\Program Files\HDD Health\HDDHealthService.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 DualCoreCenter; C:\Program Files\MSI\OverclockingCenter\NTGLM7X.sys [36152 2010-04-12] (MICRO-STAR INT'L CO., LTD.)
S3 FLASHSYS; C:\Program Files\MSI\Live Update 4\LU4\FLASHSYS.sys [9216 2007-12-14] ()
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-07-18] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-03 18:10 - 2014-06-28 01:21 - 00391640 __RSH C:\bootmgr
2017-08-02 08:24 - 2017-08-02 08:24 - 126840239 _____ C:\Windows\System32\config.zip
2017-07-27 23:48 - 2017-07-27 23:48 - 05354144 __RSH C:\$UGM
2017-07-27 23:48 - 2017-07-27 23:48 - 00000073 _____ C:\Windows\{1aab8212-055c-4d8a-a88d-537556ba26fd}
2017-07-27 22:31 - 2017-07-27 22:32 - 125241876 _____ C:\Windows\System32\config_170727.zip
2017-07-27 22:30 - 2017-07-27 22:30 - 20011994 _____ C:\Windows\System32\config\RegBack.zip
2017-07-27 22:26 - 2017-07-27 22:27 - 08858854 _____ C:\pack.zip
2017-07-27 22:26 - 2017-07-27 22:26 - 00000000 ____D C:\Program Files\Windows Defender
2017-07-26 04:40 - 2017-07-26 04:40 - 57933824 _____ C:\Windows\System32\config\SOFTWARE.bhv
2017-07-26 04:40 - 2017-07-26 04:40 - 38273024 _____ C:\Windows\System32\config\SYSTEM.bhv
2017-07-26 04:40 - 2017-07-26 04:40 - 00524288 _____ C:\Windows\System32\config\DEFAULT.bhv
2017-07-26 04:40 - 2017-07-26 04:40 - 00262144 _____ C:\Windows\System32\config\SECURITY.bhv
2017-07-26 04:40 - 2017-07-26 04:40 - 00262144 _____ C:\Windows\System32\config\SAM.bhv
2017-07-26 02:55 - 2017-07-26 02:55 - 00000000 ____D C:\$Anvi Rescue Disk$
2017-07-25 22:27 - 2017-07-25 22:39 - 00000000 ____D C:\cce_linux
2017-07-25 15:46 - 2017-08-11 20:09 - 00000000 ____D C:\FRST
2017-07-20 18:29 - 2017-07-20 18:29 - 35940646 _____ C:\ControlSet001.reg
2017-07-20 07:30 - 2017-07-20 07:30 - 00000000 ____D C:\Windows\System32\config.bak
2017-07-20 07:22 - 2017-07-20 07:22 - 00000000 __SHD C:\found.000
2017-07-19 21:57 - 2016-08-23 12:10 - 00332160 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2017-07-19 21:57 - 2016-08-23 12:10 - 00143744 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2017-07-19 21:57 - 2016-08-23 12:10 - 00117120 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2017-07-19 21:57 - 2016-08-23 12:10 - 00080256 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2017-07-19 21:57 - 2016-08-23 12:10 - 00022400 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2017-07-19 21:57 - 2016-08-23 12:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2017-07-19 21:57 - 2016-08-23 12:05 - 00057280 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\disk.sys
2017-07-19 21:57 - 2016-08-23 12:04 - 00177152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2017-07-19 21:57 - 2016-08-23 12:04 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2017-07-19 21:57 - 2016-08-23 12:04 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmkaud.sys
2017-07-19 21:57 - 2016-08-23 11:51 - 00234432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00258560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00133056 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00025728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00020480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00006016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2017-07-19 21:57 - 2016-08-23 11:48 - 00026880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys
2017-07-19 21:57 - 2016-08-23 11:47 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2017-07-19 21:57 - 2016-08-23 11:45 - 00056176 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2017-07-19 21:57 - 2016-08-23 11:45 - 00047720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2017-07-19 21:57 - 2016-08-23 11:44 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2017-07-19 21:57 - 2016-08-23 11:44 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\terminpt.sys
2017-07-19 21:57 - 2016-08-23 11:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00304128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\HdAudio.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00274304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\acpi.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00246784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\udfs.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00245632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00242688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00190976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00173440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdyboost.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00164864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\1394ohci.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00160128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00153984 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00140160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\scsiport.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00130432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mpio.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00118784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndiswan.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00116096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msdsm.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00108544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tunnel.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00108544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hdaudbus.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00108544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cdrom.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00085376 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sbp2port.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\IPMIDrv.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00063488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00053120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volmgr.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00053120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\termdd.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00046080 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndisuio.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\umbus.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\CompositeBus.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\kbdhid.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00028032 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msahci.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00026624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\scfilter.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00026112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbrpm.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00025856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBCAMD2.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00025856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBCAMD.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00021504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdi.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00018432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdpipe.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00014208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hwpolicy.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_sd.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00010240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\acpipmi.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RDPCDD.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00422976 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\adp94xx.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00297552 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\adpahci.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00159312 _____ (AMD Technologies Inc.) C:\Windows\System32\Drivers\amdsbs.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00146512 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\adpu320.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00140864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Classpnp.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00086608 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\arcsas.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00076368 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\arc.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00053312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\AMDAGP.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00053312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\AGP440.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00025168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\battc.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00021584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\atapi.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00019024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\compbatt.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00015952 _____ (CMD Technology, Inc.) C:\Windows\System32\Drivers\cmdide.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00014912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdide.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00014400 _____ (Acer Laboratories Inc.) C:\Windows\System32\Drivers\aliide.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00453712 _____ (Emulex) C:\Windows\System32\Drivers\elxstor.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00235584 _____ (LSI Corporation, Inc.) C:\Windows\System32\Drivers\MegaSR.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00198208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fltMgr.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00162896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msrpc.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00105024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\NV_AGP.SYS
2017-07-19 21:57 - 2009-07-14 02:20 - 00096848 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_scsi.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00095824 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_fc.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00089168 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00070720 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\djsvs.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00067152 _____ (Hewlett-Packard Company) C:\Windows\System32\Drivers\HpSAMD.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00058448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fileinfo.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00057936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\GAGP30KX.SYS
2017-07-19 21:57 - 2009-07-14 02:20 - 00054864 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas2.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00049728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mup.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00046656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\isapnp.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00046160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fsdepends.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00044624 _____ (IBM Corporation) C:\Windows\System32\Drivers\nfrd960.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00042576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\kbdclass.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00041552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mouclass.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00041040 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\System32\Drivers\iirsp.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00035408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\crashdmp.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00030800 _____ (LSI Corporation) C:\Windows\System32\Drivers\megasas.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00028240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mssmbios.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00026704 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Dumpata.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00022096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\crcdisk.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00015424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\intelide.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00013888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msisadrv.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00012368 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pciide.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 01383488 _____ (QLogic Corporation) C:\Windows\System32\Drivers\ql2300.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00297040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volmgrx.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00180288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pcmcia.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00141904 _____ (VIA Technologies Inc.,Ltd) C:\Windows\System32\Drivers\vsmraid.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00106064 _____ (QLogic Corporation) C:\Windows\System32\Drivers\ql40xx.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00077888 _____ (Silicon Integrated Systems) C:\Windows\System32\Drivers\sisraid4.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00057424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ULIAGPKX.SYS
2017-07-19 21:57 - 2009-07-14 02:19 - 00055888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UAGP35.SYS
2017-07-19 21:57 - 2009-07-14 02:19 - 00053328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\VIAAGP.SYS
2017-07-19 21:57 - 2009-07-14 02:19 - 00052304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\SISAGP.SYS
2017-07-19 21:57 - 2009-07-14 02:19 - 00043088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pcw.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00042560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pciidex.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00040016 _____ (Silicon Integrated Systems Corp.) C:\Windows\System32\Drivers\sisraid2.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00032832 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vdrvroot.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00021072 _____ (Promise Technology) C:\Windows\System32\Drivers\stexstor.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00019024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wd.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00019008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wimmount.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00017472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\spldr.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00016976 _____ (VIA Technologies, Inc.) C:\Windows\System32\Drivers\viaide.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00014912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wmilib.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00012240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\swenum.sys
2017-07-19 21:57 - 2009-07-14 02:17 - 00055584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dumpfve.sys
2017-07-19 21:57 - 2009-07-14 01:57 - 00272128 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrSerId.sys
2017-07-19 21:57 - 2009-07-14 01:41 - 00078336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bridge.sys
2017-07-19 21:57 - 2009-07-14 01:17 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbprint.sys
2017-07-19 21:57 - 2009-07-14 01:02 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpbus.sys
2017-07-19 21:57 - 2009-07-14 01:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RDPREFMP.sys
2017-07-19 21:57 - 2009-07-14 01:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RDPENCDD.sys
2017-07-19 21:57 - 2009-07-14 00:55 - 00049152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\agilevpn.sys
2017-07-19 21:57 - 2009-07-14 00:55 - 00031744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\modem.sys
2017-07-19 21:57 - 2009-07-14 00:55 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ws2ifsl.sys
2017-07-19 21:57 - 2009-07-14 00:55 - 00008192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rootmdm.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00101888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ipnat.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00078848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rasl2tp.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\raspppoe.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00075264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rassstp.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\raspptp.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00058880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ipfltdrv.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00031744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\qwavedrv.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00020992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndistapi.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\asyncmac.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rasacd.sys
2017-07-19 21:57 - 2009-07-14 00:53 - 00104448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pacer.sys
2017-07-19 21:57 - 2009-07-14 00:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\irda.sys
2017-07-19 21:57 - 2009-07-14 00:53 - 00071168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\smb.sys
2017-07-19 21:57 - 2009-07-14 00:53 - 00060928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rspndr.sys
2017-07-19 21:57 - 2009-07-14 00:53 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\lltdio.sys
2017-07-19 21:57 - 2009-07-14 00:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netbios.sys
2017-07-19 21:57 - 2009-07-14 00:53 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\irenum.sys
2017-07-19 21:57 - 2009-07-14 00:53 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wfplwf.sys
2017-07-19 21:57 - 2009-07-14 00:52 - 00267264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys
2017-07-19 21:57 - 2009-07-14 00:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mpsdrv.sys
2017-07-19 21:57 - 2009-07-14 00:52 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwififlt.sys
2017-07-19 21:57 - 2009-07-14 00:52 - 00027136 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndiscap.sys
2017-07-19 21:57 - 2009-07-14 00:52 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwifibus.sys
2017-07-19 21:57 - 2009-07-14 00:52 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwifimp.sys
2017-07-19 21:57 - 2009-07-14 00:51 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
2017-07-19 21:57 - 2009-07-14 00:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ohci1394.sys
2017-07-19 21:57 - 2009-07-14 00:51 - 00056320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthmodem.sys
2017-07-19 21:57 - 2009-07-14 00:51 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\1394bus.sys
2017-07-19 21:57 - 2009-07-14 00:51 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidir.sys
2017-07-19 21:57 - 2009-07-14 00:51 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\circlass.sys
2017-07-19 21:57 - 2009-07-14 00:51 - 00008192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\umpass.sys
2017-07-19 21:57 - 2009-07-14 00:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mshidkmdf.sys
2017-07-19 21:57 - 2009-07-14 00:46 - 00021632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wacompen.sys
2017-07-19 21:57 - 2009-07-14 00:46 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\MTConfig.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00083456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\serial.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00079360 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\parport.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00026112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mouhid.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00025088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fdc.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tape.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sermouse.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\flpydisk.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00018432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mcd.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\serenum.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\smclib.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sfloppy.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_mmc.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sffdisk.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00008704 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\parvdm.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00008320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mskssrv.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mstee.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\beep.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00005888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mspclock.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00005504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mspqm.sys
2017-07-19 21:57 - 2009-07-14 00:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\videoprt.sys
2017-07-19 21:57 - 2009-07-14 00:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxg.sys
2017-07-19 21:57 - 2009-07-14 00:25 - 00026112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vgapnp.sys
2017-07-19 21:57 - 2009-07-14 00:25 - 00025088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vga.sys
2017-07-19 21:57 - 2009-07-14 00:25 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\monitor.sys
2017-07-19 21:57 - 2009-07-14 00:25 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxapi.sys
2017-07-19 21:57 - 2009-07-14 00:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\watchdog.sys
2017-07-19 21:57 - 2009-07-14 00:24 - 00032256 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\discache.sys
2017-07-19 21:57 - 2009-07-14 00:23 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\blbdrive.sys
2017-07-19 21:57 - 2009-07-14 00:19 - 00021504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidbatt.sys
2017-07-19 21:57 - 2009-07-14 00:19 - 00014080 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\CmBatt.sys
2017-07-19 21:57 - 2009-07-14 00:19 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wmiacpi.sys
2017-07-19 21:57 - 2009-07-14 00:19 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\errdev.sys
2017-07-19 21:57 - 2009-07-14 00:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\luafv.sys
2017-07-19 21:57 - 2009-07-14 00:15 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\filetrace.sys
2017-07-19 21:57 - 2009-07-14 00:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nsiproxy.sys
2017-07-19 21:57 - 2009-07-14 00:11 - 00080896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\i8042prt.sys
2017-07-19 21:57 - 2009-07-14 00:11 - 00070656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cdfs.sys
2017-07-19 21:57 - 2009-07-14 00:11 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdk8.sys
2017-07-19 21:57 - 2009-07-14 00:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\intelppm.sys
2017-07-19 21:57 - 2009-07-14 00:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\viac7.sys
2017-07-19 21:57 - 2009-07-14 00:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdppm.sys
2017-07-19 21:57 - 2009-07-14 00:11 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\processr.sys
2017-07-19 21:57 - 2009-07-14 00:11 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\npfs.sys
2017-07-19 21:57 - 2009-07-14 00:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msfs.sys
2017-07-19 21:57 - 2009-07-14 00:11 - 00004608 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\null.sys
2017-07-19 21:57 - 2009-07-13 23:54 - 00026624 _____ (Hauppauge Computer Works, Inc.) C:\Windows\System32\Drivers\hcw85cir.sys
2017-07-19 21:57 - 2009-07-13 23:53 - 00062336 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrSerWdm.sys
2017-07-19 21:57 - 2009-07-13 23:53 - 00013568 _____ (Brother Industries, Ltd.) C:\Windows\System32\Drivers\BrFiltLo.sys
2017-07-19 21:57 - 2009-07-13 23:53 - 00012160 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrUsbMdm.sys
2017-07-19 21:57 - 2009-07-13 23:53 - 00011904 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrUsbSer.sys
2017-07-19 21:57 - 2009-07-13 23:53 - 00005248 _____ (Brother Industries, Ltd.) C:\Windows\System32\Drivers\BrFiltUp.sys
2017-07-19 21:57 - 2009-07-13 23:02 - 03100160 _____ (Broadcom Corporation) C:\Windows\System32\Drivers\evbdx.sys
2017-07-19 21:57 - 2009-07-13 23:02 - 00430080 _____ (Broadcom Corporation) C:\Windows\System32\Drivers\bxvbdx.sys
2017-07-19 21:57 - 2009-07-13 23:02 - 00229888 _____ (Broadcom Corporation) C:\Windows\System32\Drivers\b57nd60x.sys
2017-07-19 21:57 - 2009-07-13 23:02 - 00118784 _____ (Intel Corporation) C:\Windows\System32\Drivers\E1G60I32.sys
2017-07-19 21:57 - 2009-07-13 21:50 - 00020480 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\System32\Drivers\secdrv.sys
2017-07-19 21:57 - 2009-07-13 21:34 - 00405504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\spsys.sys
2017-07-19 21:57 - 2009-06-10 22:39 - 00017463 _____ C:\Windows\System32\Drivers\etc\services
2017-07-19 21:57 - 2009-06-10 22:39 - 00003683 _____ C:\Windows\System32\Drivers\etc\lmhosts.sam
2017-07-19 21:57 - 2009-06-10 22:39 - 00001358 _____ C:\Windows\System32\Drivers\etc\protocol
2017-07-19 21:57 - 2009-06-10 22:39 - 00000407 _____ C:\Windows\System32\Drivers\etc\networks
2017-07-19 21:57 - 2009-06-10 22:14 - 03440660 _____ C:\Windows\System32\Drivers\gm.dls
2017-07-19 21:57 - 2009-06-10 22:14 - 00000646 _____ C:\Windows\System32\Drivers\gmreadme.txt
2017-07-19 21:50 - 2017-07-19 21:53 - 00000000 ____D C:\System32
2017-07-19 21:34 - 2017-07-19 21:34 - 00000000 ____D C:\test
2017-07-19 21:20 - 2017-07-19 20:55 - 26738688 _____ C:\Windows\System32\config\COMPONENTS..bak
2017-07-19 21:20 - 2017-07-19 20:54 - 57933824 _____ C:\Windows\System32\config\SOFTWARE..bak
2017-07-19 21:20 - 2017-07-19 20:54 - 38273024 _____ C:\Windows\System32\config\SYSTEM..bak
2017-07-19 21:20 - 2017-07-19 20:54 - 00524288 _____ C:\Windows\System32\config\DEFAULT..bak
2017-07-19 21:20 - 2017-07-19 20:54 - 00262144 _____ C:\Windows\System32\config\SECURITY..bak
2017-07-19 21:20 - 2017-07-19 20:54 - 00262144 _____ C:\Windows\System32\config\SAM..bak
2017-07-19 21:20 - 2010-07-21 21:39 - 00028672 _____ C:\Windows\System32\config\BCD-Template..bak
2017-07-17 22:18 - 2017-07-17 21:14 - 07986864 _____ ( ) C:\AVG_Remover.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-11 07:31 - 2009-07-14 03:37 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2017-08-02 08:06 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2017-08-01 20:51 - 2009-07-14 09:29 - 00000000 ____D C:\Program Files\Windows Journal
2017-08-01 20:50 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\DVD Maker
2017-08-01 20:49 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\migwiz
2017-08-01 20:48 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-08-01 20:46 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\Dism
2017-07-26 04:40 - 2010-09-04 17:58 - 00000000 ____D C:\Users\Szymon\Downloads\LSoft.Active.Undelete.Enterprise.Edition.v7.1.050-Lz0
2017-07-26 04:40 - 2010-07-21 20:52 - 00000000 ____D C:\users\Szymon
2017-07-20 07:30 - 2012-09-22 21:00 - 00155146 ____H C:\treeinfo.wc
2017-07-17 22:31 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\drivers.bak
 
Some files in TEMP:
====================
2008-03-28 21:09 - 2008-03-28 21:09 - 0459400 ____R (Macrovision Corporation) C:\Users\Szymon\AppData\Local\Temp\_isE13.exe
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 2%
Total physical RAM: 32421.1 MB
Available physical RAM: 31630.39 MB
Total Virtual: 32419.38 MB
Available Virtual: 31660 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:293.65 GB) (Free:18.89 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Zastrzeżone przez system) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Data) (Fixed) (Total:1103.51 GB) (Free:369.03 GB) NTFS
Drive f: (GSP1RMCULFRER_PL_DVD) (Removable) (Total:14.44 GB) (Free:6.67 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 5BC53D8B)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=293.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1103.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 14.4 GB) (Disk ID: 0C7246F3)
Partition 1: (Active) - (Size=14.4 GB) - (Type=07 NTFS)
 
LastRegBack: 2017-06-22 18:17
 
==================== End of FRST.txt ============================


#8 gercio

gercio
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 11 August 2017 - 01:17 PM

The drivers.bak directory is the old one.

If I can start the windows recovery from a bootable disk, and it works fine, I mounted the installation disk, moved drivers to driver.bak and copied the drivers catalog from the mounted install. So there should be more drivers than needed.



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,692 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:53 PM

Posted 11 August 2017 - 03:09 PM

The drivers.bak directory is the old one.

If I can start the windows recovery from a bootable disk, and it works fine, I mounted the installation disk, moved drivers to driver.bak and copied the drivers catalog from the mounted install. So there should be more drivers than needed.

 

But perhaps the wrong version.

 

Lets attempt to create a boot log.

 

Please download the enclosed file. [attachment=196872:Fixlist.txt] Save it in the same location FRST (FRST64) is saved. Open FRST (FRST64) as you did before and click on the Fix button.
 
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.  Please copy and paste its contents in your next reply.

 

Try to boot in Normal Mode a few times, then Run FRST and create a new log. Post it in your next reply.


Edited by JSntgRvr, 11 August 2017 - 04:07 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,692 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:53 PM

Posted 11 August 2017 - 03:19 PM

Where is your SATA configuration now,  AHCI or ATA or IDE?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 gercio

gercio
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 12 August 2017 - 01:45 AM

If you want to generate the ntbtlog.txt I think it wont work. At least it did not from the boot manager.
The versions should be compatible enough. All in all this operation did not make things worse.
The bios settings are currently ahci but quite often I switch it to ide just to check if there is any progress with fixing. The registry should have 01 flaga for appropriate ahci drivers.

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,692 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:53 PM

Posted 12 August 2017 - 11:11 AM

One of the drivers that allows windows to read the hard drive was renamed to a .bak file. We then rename it to back disk.sys. Since you have perform so many things, I must try to see what is missing, as that is the error message stands for. I need to know if the entire registry is in place and if there is a substitute in the system. Once we know where we are, then we can try changes to make it boot.  In addition I see that one of the hives has the same size, and I have never seen this.

 

57933824 _____ C:\Windows\System32\config\SOFTWARE.bhv

38273024 _____ C:\Windows\System32\config\SYSTEM.bhv
00524288 _____ C:\Windows\System32\config\DEFAULT.bhv
00262144 _____ C:\Windows\System32\config\SECURITY.bhv
00262144 _____ C:\Windows\System32\config\SAM.bhv

 

 

Open FRST as you did before.

Type the following in the edit box on FRST, after "Search:".

SOFTWARE*;SYSTEM*;DEFAULT*;SECURITY*;SAM*

It then should look like:

Search: SOFTWARE*;SYSTEM*;DEFAULT*;SECURITY*;SAM*

Click Search Files button and post the log (Search.txt) it makes on the USB drive in your next reply.
 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 gercio

gercio
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 12 August 2017 - 01:42 PM

OK, before that the fixlog and scanlog from yesterday.

Indeed this is strange with registry - I suppose you are trying to look for some backups. I have some of them.

Which driver specifically are you talking about?

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 23-07-2017
Ran by SYSTEM (12-08-2017 18:56:22) Run:2
Running from F:\
Boot Mode: Recovery
 
==============================================
 
fixlist content:
*****************
CMD: bcdedit /set {default} bootlog yes
CMD: Dir /a C:\Windows\System32\config
 
*****************
 
 
========= bcdedit /set {default} bootlog yes =========
 
Operacja ukoäczona pomylnie.
 
========= End of CMD: =========
 
 
========= Dir /a C:\Windows\System32\config =========
 
 Wolumin w stacji C nie ma etykiety.
 Numer seryjny woluminu: 0403-CA02
 
 Katalog: C:\Windows\System32\config
 
2017-08-02  08:25    <DIR>          .
2017-08-02  08:25    <DIR>          ..
2010-07-21  21:39            28˙672 BCD-Template
2010-07-21  21:39            28˙672 BCD-Template..bak
2010-07-21  21:39            25˙600 BCD-Template.LOG
2017-08-03  18:52        27˙000˙832 COMPONENTS
2017-07-19  20:55        26˙738˙688 COMPONENTS..bak
2009-07-14  09:33             1˙024 COMPONENTS.LOG
2017-08-03  18:52            11˙264 COMPONENTS.LOG1
2009-07-14  03:03                 0 COMPONENTS.LOG2
2010-11-07  20:42            65˙536 COMPONENTS{6cced2ed-6e01-11de-8bed-001e0bcd1824}.TM.blf
2010-08-12  21:32           524˙288 COMPONENTS{6cced2ed-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
2010-11-07  20:42           524˙288 COMPONENTS{6cced2ed-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
2016-02-23  21:39            65˙536 COMPONENTS{7b81b209-8bdb-11e5-8e6d-e0cb4ee2d0a5}.TM.blf
2016-02-23  21:39           524˙288 COMPONENTS{7b81b209-8bdb-11e5-8e6d-e0cb4ee2d0a5}.TMContainer00000000000000000001.regtrans-ms
2015-11-15  22:51           524˙288 COMPONENTS{7b81b209-8bdb-11e5-8e6d-e0cb4ee2d0a5}.TMContainer00000000000000000002.regtrans-ms
2015-11-14  18:08            65˙536 COMPONENTS{8022efba-ee6c-11df-9e9d-002421f25795}.TM.blf
2015-11-14  18:08           524˙288 COMPONENTS{8022efba-ee6c-11df-9e9d-002421f25795}.TMContainer00000000000000000001.regtrans-ms
2015-11-14  18:08           524˙288 COMPONENTS{8022efba-ee6c-11df-9e9d-002421f25795}.TMContainer00000000000000000002.regtrans-ms
2015-11-15  11:28            65˙536 COMPONENTS{c671691f-8af2-11e5-81a7-e0cb4ee2d0a5}.TM.blf
2015-11-15  11:28           524˙288 COMPONENTS{c671691f-8af2-11e5-81a7-e0cb4ee2d0a5}.TMContainer00000000000000000001.regtrans-ms
2015-11-14  18:29           524˙288 COMPONENTS{c671691f-8af2-11e5-81a7-e0cb4ee2d0a5}.TMContainer00000000000000000002.regtrans-ms
2017-06-24  09:21            65˙536 COMPONENTS{f26571ad-dcd4-11e5-949f-e0cb4ee2d0a5}.TM.blf
2017-06-24  07:02           524˙288 COMPONENTS{f26571ad-dcd4-11e5-949f-e0cb4ee2d0a5}.TMContainer00000000000000000001.regtrans-ms
2017-06-24  09:21           524˙288 COMPONENTS{f26571ad-dcd4-11e5-949f-e0cb4ee2d0a5}.TMContainer00000000000000000002.regtrans-ms
2017-08-03  18:25           270˙336 DEFAULT
2017-07-19  20:54           524˙288 DEFAULT..bak
2017-07-26  04:40           524˙288 DEFAULT.bhv
2009-07-14  09:33             1˙024 DEFAULT.LOG
2017-08-03  18:47            20˙480 DEFAULT.LOG1
2010-07-27  21:38                 0 DEFAULT.LOG2
2017-07-19  07:41            65˙536 DEFAULT{99655361-6c4a-11e7-9a10-d43d7e1937f9}.TM.blf
2017-07-19  07:41           524˙288 DEFAULT{99655361-6c4a-11e7-9a10-d43d7e1937f9}.TMContainer00000000000000000001.regtrans-ms
2017-07-19  07:41           524˙288 DEFAULT{99655361-6c4a-11e7-9a10-d43d7e1937f9}.TMContainer00000000000000000002.regtrans-ms
2017-08-02  07:21            65˙536 DEFAULT{b0c33050-7748-11e7-9a1c-d43d7e1937f9}.TM.blf
2017-08-02  07:21           524˙288 DEFAULT{b0c33050-7748-11e7-9a1c-d43d7e1937f9}.TMContainer00000000000000000001.regtrans-ms
2017-08-02  07:21           524˙288 DEFAULT{b0c33050-7748-11e7-9a1c-d43d7e1937f9}.TMContainer00000000000000000002.regtrans-ms
2009-07-14  03:04    <DIR>          Journal
2017-06-22  18:18    <DIR>          RegBack
2017-07-27  22:30        20˙011˙994 RegBack.zip
2017-08-03  18:25            32˙768 SAM
2017-07-19  20:54           262˙144 SAM..bak
2017-07-26  04:40           262˙144 SAM.bhv
2009-07-14  09:33             1˙024 SAM.LOG
2017-08-03  18:47            20˙480 SAM.LOG1
2010-07-27  21:38                 0 SAM.LOG2
2017-07-19  07:41            65˙536 SAM{6cced2f5-6e01-11de-8bed-001e0bcd1824}.TM.blf
2017-07-19  07:41           524˙288 SAM{6cced2f5-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
2017-07-19  07:41           524˙288 SAM{6cced2f5-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
2017-08-03  18:25            24˙576 SECURITY
2017-07-19  20:54           262˙144 SECURITY..bak
2017-07-26  04:40           262˙144 SECURITY.bhv
2009-07-14  09:33             1˙024 SECURITY.LOG
2017-08-03  18:47             5˙120 SECURITY.LOG1
2010-07-27  21:38                 0 SECURITY.LOG2
2017-07-19  07:41            65˙536 SECURITY{6cced2f9-6e01-11de-8bed-001e0bcd1824}.TM.blf
2017-07-19  07:41           524˙288 SECURITY{6cced2f9-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
2017-07-19  07:41           524˙288 SECURITY{6cced2f9-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
2017-08-03  18:33        63˙291˙392 SOFTWARE
2017-07-19  20:54        57˙933˙824 SOFTWARE..bak
2017-07-26  04:40        57˙933˙824 SOFTWARE.bhv
2009-07-14  09:33             1˙024 SOFTWARE.LOG
2017-08-12  18:51            32˙768 SOFTWARE.LOG1
2010-07-27  21:38                 0 SOFTWARE.LOG2
2017-07-19  07:41            65˙536 SOFTWARE{6cced2fd-6e01-11de-8bed-001e0bcd1824}.TM.blf
2017-07-19  07:41           524˙288 SOFTWARE{6cced2fd-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
2017-07-19  07:41           524˙288 SOFTWARE{6cced2fd-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
2017-08-03  18:32        37˙322˙752 SYSTEM
2017-07-19  20:54        38˙273˙024 SYSTEM..bak
2017-07-26  04:40        38˙273˙024 SYSTEM.bhv
2009-07-14  09:33             1˙024 SYSTEM.LOG
2017-08-12  18:51         2˙097˙152 SYSTEM.LOG1
2010-07-27  21:38           262˙144 SYSTEM.LOG2
2017-06-22  16:46    <DIR>          systemprofile
2017-06-28  14:05            65˙536 SYSTEM{6cced301-6e01-11de-8bed-001e0bcd1824}.TM.blf
2017-06-28  14:05           524˙288 SYSTEM{6cced301-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
2017-06-28  14:05           524˙288 SYSTEM{6cced301-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
2010-07-21  20:44    <DIR>          TxR
              72 plik(˘w)        383˙997˙914 bajt˘w
               6 katalog(˘w)  20˙283˙691˙008 bajt˘w wolnych
 
========= End of CMD: =========
 
 
==== End of Fixlog 18:56:23 ====
 
 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-07-2017
Ran by SYSTEM on MININT-A87E35G (12-08-2017 19:22:33)
Running from F:\
Platform: Windows 7 Professional Service Pack 1 (X86) Language: Polski (Polska)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [amd_dc_opt] => C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [2183752 2017-03-10] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220944 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1683360 2010-05-24] (VIA)
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-03] (Intel Corporation)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12000984 2013-07-26] (Realtek Semiconductor)
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [1002552 2017-04-11] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4153408 2017-04-11] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [935184 2016-12-06] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [606360 2017-04-11] (AVG Technologies CZ, s.r.o.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279144 2015-09-04] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [291432 2015-09-04] (Intel Corporation)
S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [586240 2013-05-11] (Intel® Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [637912 2013-05-11] (Intel® Corporation)
S2 Intel® ME Service; C:\Program Files\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
S2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola)
S4 Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [155344 2011-06-29] (Avanquest Software)
S3 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [4566824 2011-07-29] ()
S2 vToolbarUpdater40.3.7; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [1354312 2017-03-10] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-03-10] ()
S2 AMD External Events Utility; %SystemRoot%\system32\atiesrxx.exe [X]
S2 HDDHealth; C:\Program Files\HDD Health\HDDHealthService.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 DualCoreCenter; C:\Program Files\MSI\OverclockingCenter\NTGLM7X.sys [36152 2010-04-12] (MICRO-STAR INT'L CO., LTD.)
S3 FLASHSYS; C:\Program Files\MSI\Live Update 4\LU4\FLASHSYS.sys [9216 2007-12-14] ()
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-07-18] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-03 18:10 - 2014-06-28 01:21 - 00391640 __RSH C:\bootmgr
2017-08-02 08:24 - 2017-08-02 08:24 - 126840239 _____ C:\Windows\System32\config.zip
2017-07-27 23:48 - 2017-07-27 23:48 - 05354144 __RSH C:\$UGM
2017-07-27 23:48 - 2017-07-27 23:48 - 00000073 _____ C:\Windows\{1aab8212-055c-4d8a-a88d-537556ba26fd}
2017-07-27 22:31 - 2017-07-27 22:32 - 125241876 _____ C:\Windows\System32\config_170727.zip
2017-07-27 22:30 - 2017-07-27 22:30 - 20011994 _____ C:\Windows\System32\config\RegBack.zip
2017-07-27 22:26 - 2017-07-27 22:27 - 08858854 _____ C:\pack.zip
2017-07-27 22:26 - 2017-07-27 22:26 - 00000000 ____D C:\Program Files\Windows Defender
2017-07-26 04:40 - 2017-07-26 04:40 - 57933824 _____ C:\Windows\System32\config\SOFTWARE.bhv
2017-07-26 04:40 - 2017-07-26 04:40 - 38273024 _____ C:\Windows\System32\config\SYSTEM.bhv
2017-07-26 04:40 - 2017-07-26 04:40 - 00524288 _____ C:\Windows\System32\config\DEFAULT.bhv
2017-07-26 04:40 - 2017-07-26 04:40 - 00262144 _____ C:\Windows\System32\config\SECURITY.bhv
2017-07-26 04:40 - 2017-07-26 04:40 - 00262144 _____ C:\Windows\System32\config\SAM.bhv
2017-07-26 02:55 - 2017-07-26 02:55 - 00000000 ____D C:\$Anvi Rescue Disk$
2017-07-25 22:27 - 2017-07-25 22:39 - 00000000 ____D C:\cce_linux
2017-07-25 15:46 - 2017-08-12 19:22 - 00000000 ____D C:\FRST
2017-07-20 18:29 - 2017-07-20 18:29 - 35940646 _____ C:\ControlSet001.reg
2017-07-20 07:30 - 2017-07-20 07:30 - 00000000 ____D C:\Windows\System32\config.bak
2017-07-20 07:22 - 2017-07-20 07:22 - 00000000 __SHD C:\found.000
2017-07-19 21:57 - 2016-08-23 12:10 - 00332160 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2017-07-19 21:57 - 2016-08-23 12:10 - 00143744 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2017-07-19 21:57 - 2016-08-23 12:10 - 00117120 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2017-07-19 21:57 - 2016-08-23 12:10 - 00080256 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2017-07-19 21:57 - 2016-08-23 12:10 - 00022400 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2017-07-19 21:57 - 2016-08-23 12:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2017-07-19 21:57 - 2016-08-23 12:05 - 00057280 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\disk.sys
2017-07-19 21:57 - 2016-08-23 12:04 - 00177152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2017-07-19 21:57 - 2016-08-23 12:04 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2017-07-19 21:57 - 2016-08-23 12:04 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmkaud.sys
2017-07-19 21:57 - 2016-08-23 11:51 - 00234432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00258560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00133056 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00025728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00020480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2017-07-19 21:57 - 2016-08-23 11:49 - 00006016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2017-07-19 21:57 - 2016-08-23 11:48 - 00026880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys
2017-07-19 21:57 - 2016-08-23 11:47 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2017-07-19 21:57 - 2016-08-23 11:45 - 00056176 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2017-07-19 21:57 - 2016-08-23 11:45 - 00047720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2017-07-19 21:57 - 2016-08-23 11:44 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2017-07-19 21:57 - 2016-08-23 11:44 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\terminpt.sys
2017-07-19 21:57 - 2016-08-23 11:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00304128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\HdAudio.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00274304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\acpi.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00246784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\udfs.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00245632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00242688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00190976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00173440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdyboost.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00164864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\1394ohci.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00160128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00153984 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00140160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\scsiport.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00130432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mpio.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00118784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndiswan.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00116096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msdsm.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00108544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tunnel.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00108544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hdaudbus.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00108544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cdrom.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00085376 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sbp2port.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\IPMIDrv.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00063488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00053120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volmgr.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00053120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\termdd.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00046080 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndisuio.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\umbus.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\CompositeBus.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\kbdhid.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00028032 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msahci.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00026624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\scfilter.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00026112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbrpm.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00025856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBCAMD2.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00025856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBCAMD.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00021504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdi.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00018432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdpipe.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00014208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hwpolicy.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_sd.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00010240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\acpipmi.sys
2017-07-19 21:57 - 2010-11-20 22:29 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RDPCDD.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00422976 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\adp94xx.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00297552 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\adpahci.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00159312 _____ (AMD Technologies Inc.) C:\Windows\System32\Drivers\amdsbs.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00146512 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\adpu320.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00140864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Classpnp.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00086608 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\arcsas.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00076368 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\arc.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00053312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\AMDAGP.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00053312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\AGP440.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00025168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\battc.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00021584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\atapi.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00019024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\compbatt.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00015952 _____ (CMD Technology, Inc.) C:\Windows\System32\Drivers\cmdide.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00014912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdide.sys
2017-07-19 21:57 - 2009-07-14 02:26 - 00014400 _____ (Acer Laboratories Inc.) C:\Windows\System32\Drivers\aliide.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00453712 _____ (Emulex) C:\Windows\System32\Drivers\elxstor.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00235584 _____ (LSI Corporation, Inc.) C:\Windows\System32\Drivers\MegaSR.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00198208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fltMgr.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00162896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msrpc.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00105024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\NV_AGP.SYS
2017-07-19 21:57 - 2009-07-14 02:20 - 00096848 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_scsi.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00095824 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_fc.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00089168 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00070720 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\djsvs.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00067152 _____ (Hewlett-Packard Company) C:\Windows\System32\Drivers\HpSAMD.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00058448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fileinfo.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00057936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\GAGP30KX.SYS
2017-07-19 21:57 - 2009-07-14 02:20 - 00054864 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas2.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00049728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mup.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00046656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\isapnp.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00046160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fsdepends.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00044624 _____ (IBM Corporation) C:\Windows\System32\Drivers\nfrd960.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00042576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\kbdclass.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00041552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mouclass.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00041040 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\System32\Drivers\iirsp.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00035408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\crashdmp.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00030800 _____ (LSI Corporation) C:\Windows\System32\Drivers\megasas.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00028240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mssmbios.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00026704 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Dumpata.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00022096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\crcdisk.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00015424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\intelide.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00013888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msisadrv.sys
2017-07-19 21:57 - 2009-07-14 02:20 - 00012368 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pciide.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 01383488 _____ (QLogic Corporation) C:\Windows\System32\Drivers\ql2300.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00297040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volmgrx.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00180288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pcmcia.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00141904 _____ (VIA Technologies Inc.,Ltd) C:\Windows\System32\Drivers\vsmraid.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00106064 _____ (QLogic Corporation) C:\Windows\System32\Drivers\ql40xx.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00077888 _____ (Silicon Integrated Systems) C:\Windows\System32\Drivers\sisraid4.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00057424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ULIAGPKX.SYS
2017-07-19 21:57 - 2009-07-14 02:19 - 00055888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UAGP35.SYS
2017-07-19 21:57 - 2009-07-14 02:19 - 00053328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\VIAAGP.SYS
2017-07-19 21:57 - 2009-07-14 02:19 - 00052304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\SISAGP.SYS
2017-07-19 21:57 - 2009-07-14 02:19 - 00043088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pcw.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00042560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pciidex.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00040016 _____ (Silicon Integrated Systems Corp.) C:\Windows\System32\Drivers\sisraid2.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00032832 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vdrvroot.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00021072 _____ (Promise Technology) C:\Windows\System32\Drivers\stexstor.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00019024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wd.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00019008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wimmount.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00017472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\spldr.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00016976 _____ (VIA Technologies, Inc.) C:\Windows\System32\Drivers\viaide.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00014912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wmilib.sys
2017-07-19 21:57 - 2009-07-14 02:19 - 00012240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\swenum.sys
2017-07-19 21:57 - 2009-07-14 02:17 - 00055584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dumpfve.sys
2017-07-19 21:57 - 2009-07-14 01:57 - 00272128 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrSerId.sys
2017-07-19 21:57 - 2009-07-14 01:41 - 00078336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bridge.sys
2017-07-19 21:57 - 2009-07-14 01:17 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbprint.sys
2017-07-19 21:57 - 2009-07-14 01:02 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpbus.sys
2017-07-19 21:57 - 2009-07-14 01:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RDPREFMP.sys
2017-07-19 21:57 - 2009-07-14 01:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RDPENCDD.sys
2017-07-19 21:57 - 2009-07-14 00:55 - 00049152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\agilevpn.sys
2017-07-19 21:57 - 2009-07-14 00:55 - 00031744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\modem.sys
2017-07-19 21:57 - 2009-07-14 00:55 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ws2ifsl.sys
2017-07-19 21:57 - 2009-07-14 00:55 - 00008192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rootmdm.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00101888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ipnat.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00078848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rasl2tp.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\raspppoe.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00075264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rassstp.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\raspptp.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00058880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ipfltdrv.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00031744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\qwavedrv.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00020992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndistapi.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\asyncmac.sys
2017-07-19 21:57 - 2009-07-14 00:54 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rasacd.sys
2017-07-19 21:57 - 2009-07-14 00:53 - 00104448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pacer.sys
2017-07-19 21:57 - 2009-07-14 00:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\irda.sys
2017-07-19 21:57 - 2009-07-14 00:53 - 00071168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\smb.sys
2017-07-19 21:57 - 2009-07-14 00:53 - 00060928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rspndr.sys
2017-07-19 21:57 - 2009-07-14 00:53 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\lltdio.sys
2017-07-19 21:57 - 2009-07-14 00:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netbios.sys
2017-07-19 21:57 - 2009-07-14 00:53 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\irenum.sys
2017-07-19 21:57 - 2009-07-14 00:53 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wfplwf.sys
2017-07-19 21:57 - 2009-07-14 00:52 - 00267264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys
2017-07-19 21:57 - 2009-07-14 00:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mpsdrv.sys
2017-07-19 21:57 - 2009-07-14 00:52 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwififlt.sys
2017-07-19 21:57 - 2009-07-14 00:52 - 00027136 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndiscap.sys
2017-07-19 21:57 - 2009-07-14 00:52 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwifibus.sys
2017-07-19 21:57 - 2009-07-14 00:52 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwifimp.sys
2017-07-19 21:57 - 2009-07-14 00:51 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
2017-07-19 21:57 - 2009-07-14 00:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ohci1394.sys
2017-07-19 21:57 - 2009-07-14 00:51 - 00056320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthmodem.sys
2017-07-19 21:57 - 2009-07-14 00:51 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\1394bus.sys
2017-07-19 21:57 - 2009-07-14 00:51 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidir.sys
2017-07-19 21:57 - 2009-07-14 00:51 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\circlass.sys
2017-07-19 21:57 - 2009-07-14 00:51 - 00008192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\umpass.sys
2017-07-19 21:57 - 2009-07-14 00:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mshidkmdf.sys
2017-07-19 21:57 - 2009-07-14 00:46 - 00021632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wacompen.sys
2017-07-19 21:57 - 2009-07-14 00:46 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\MTConfig.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00083456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\serial.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00079360 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\parport.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00026112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mouhid.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00025088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fdc.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tape.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sermouse.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\flpydisk.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00018432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mcd.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\serenum.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\smclib.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sfloppy.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_mmc.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sffdisk.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00008704 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\parvdm.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00008320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mskssrv.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mstee.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\beep.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00005888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mspclock.sys
2017-07-19 21:57 - 2009-07-14 00:45 - 00005504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mspqm.sys
2017-07-19 21:57 - 2009-07-14 00:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\videoprt.sys
2017-07-19 21:57 - 2009-07-14 00:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxg.sys
2017-07-19 21:57 - 2009-07-14 00:25 - 00026112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vgapnp.sys
2017-07-19 21:57 - 2009-07-14 00:25 - 00025088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vga.sys
2017-07-19 21:57 - 2009-07-14 00:25 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\monitor.sys
2017-07-19 21:57 - 2009-07-14 00:25 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxapi.sys
2017-07-19 21:57 - 2009-07-14 00:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\watchdog.sys
2017-07-19 21:57 - 2009-07-14 00:24 - 00032256 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\discache.sys
2017-07-19 21:57 - 2009-07-14 00:23 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\blbdrive.sys
2017-07-19 21:57 - 2009-07-14 00:19 - 00021504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidbatt.sys
2017-07-19 21:57 - 2009-07-14 00:19 - 00014080 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\CmBatt.sys
2017-07-19 21:57 - 2009-07-14 00:19 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wmiacpi.sys
2017-07-19 21:57 - 2009-07-14 00:19 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\errdev.sys
2017-07-19 21:57 - 2009-07-14 00:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\luafv.sys
2017-07-19 21:57 - 2009-07-14 00:15 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\filetrace.sys
2017-07-19 21:57 - 2009-07-14 00:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nsiproxy.sys
2017-07-19 21:57 - 2009-07-14 00:11 - 00080896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\i8042prt.sys
2017-07-19 21:57 - 2009-07-14 00:11 - 00070656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cdfs.sys
2017-07-19 21:57 - 2009-07-14 00:11 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdk8.sys
2017-07-19 21:57 - 2009-07-14 00:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\intelppm.sys
2017-07-19 21:57 - 2009-07-14 00:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\viac7.sys
2017-07-19 21:57 - 2009-07-14 00:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdppm.sys
2017-07-19 21:57 - 2009-07-14 00:11 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\processr.sys
2017-07-19 21:57 - 2009-07-14 00:11 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\npfs.sys
2017-07-19 21:57 - 2009-07-14 00:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msfs.sys
2017-07-19 21:57 - 2009-07-14 00:11 - 00004608 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\null.sys
2017-07-19 21:57 - 2009-07-13 23:54 - 00026624 _____ (Hauppauge Computer Works, Inc.) C:\Windows\System32\Drivers\hcw85cir.sys
2017-07-19 21:57 - 2009-07-13 23:53 - 00062336 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrSerWdm.sys
2017-07-19 21:57 - 2009-07-13 23:53 - 00013568 _____ (Brother Industries, Ltd.) C:\Windows\System32\Drivers\BrFiltLo.sys
2017-07-19 21:57 - 2009-07-13 23:53 - 00012160 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrUsbMdm.sys
2017-07-19 21:57 - 2009-07-13 23:53 - 00011904 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrUsbSer.sys
2017-07-19 21:57 - 2009-07-13 23:53 - 00005248 _____ (Brother Industries, Ltd.) C:\Windows\System32\Drivers\BrFiltUp.sys
2017-07-19 21:57 - 2009-07-13 23:02 - 03100160 _____ (Broadcom Corporation) C:\Windows\System32\Drivers\evbdx.sys
2017-07-19 21:57 - 2009-07-13 23:02 - 00430080 _____ (Broadcom Corporation) C:\Windows\System32\Drivers\bxvbdx.sys
2017-07-19 21:57 - 2009-07-13 23:02 - 00229888 _____ (Broadcom Corporation) C:\Windows\System32\Drivers\b57nd60x.sys
2017-07-19 21:57 - 2009-07-13 23:02 - 00118784 _____ (Intel Corporation) C:\Windows\System32\Drivers\E1G60I32.sys
2017-07-19 21:57 - 2009-07-13 21:50 - 00020480 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\System32\Drivers\secdrv.sys
2017-07-19 21:57 - 2009-07-13 21:34 - 00405504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\spsys.sys
2017-07-19 21:57 - 2009-06-10 22:39 - 00017463 _____ C:\Windows\System32\Drivers\etc\services
2017-07-19 21:57 - 2009-06-10 22:39 - 00003683 _____ C:\Windows\System32\Drivers\etc\lmhosts.sam
2017-07-19 21:57 - 2009-06-10 22:39 - 00001358 _____ C:\Windows\System32\Drivers\etc\protocol
2017-07-19 21:57 - 2009-06-10 22:39 - 00000407 _____ C:\Windows\System32\Drivers\etc\networks
2017-07-19 21:57 - 2009-06-10 22:14 - 03440660 _____ C:\Windows\System32\Drivers\gm.dls
2017-07-19 21:57 - 2009-06-10 22:14 - 00000646 _____ C:\Windows\System32\Drivers\gmreadme.txt
2017-07-19 21:50 - 2017-07-19 21:53 - 00000000 ____D C:\System32
2017-07-19 21:34 - 2017-07-19 21:34 - 00000000 ____D C:\test
2017-07-19 21:20 - 2017-07-19 20:55 - 26738688 _____ C:\Windows\System32\config\COMPONENTS..bak
2017-07-19 21:20 - 2017-07-19 20:54 - 57933824 _____ C:\Windows\System32\config\SOFTWARE..bak
2017-07-19 21:20 - 2017-07-19 20:54 - 38273024 _____ C:\Windows\System32\config\SYSTEM..bak
2017-07-19 21:20 - 2017-07-19 20:54 - 00524288 _____ C:\Windows\System32\config\DEFAULT..bak
2017-07-19 21:20 - 2017-07-19 20:54 - 00262144 _____ C:\Windows\System32\config\SECURITY..bak
2017-07-19 21:20 - 2017-07-19 20:54 - 00262144 _____ C:\Windows\System32\config\SAM..bak
2017-07-19 21:20 - 2010-07-21 21:39 - 00028672 _____ C:\Windows\System32\config\BCD-Template..bak
2017-07-17 22:18 - 2017-07-17 21:14 - 07986864 _____ ( ) C:\AVG_Remover.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-11 07:31 - 2009-07-14 03:37 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2017-08-02 08:06 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2017-08-01 20:51 - 2009-07-14 09:29 - 00000000 ____D C:\Program Files\Windows Journal
2017-08-01 20:50 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\DVD Maker
2017-08-01 20:49 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\migwiz
2017-08-01 20:48 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-08-01 20:46 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\Dism
2017-07-26 04:40 - 2010-09-04 17:58 - 00000000 ____D C:\Users\Szymon\Downloads\LSoft.Active.Undelete.Enterprise.Edition.v7.1.050-Lz0
2017-07-26 04:40 - 2010-07-21 20:52 - 00000000 ____D C:\users\Szymon
2017-07-20 07:30 - 2012-09-22 21:00 - 00155146 ____H C:\treeinfo.wc
2017-07-17 22:31 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\drivers.bak
 
Some files in TEMP:
====================
2008-03-28 21:09 - 2008-03-28 21:09 - 0459400 ____R (Macrovision Corporation) C:\Users\Szymon\AppData\Local\Temp\_isE13.exe
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 2%
Total physical RAM: 32421.1 MB
Available physical RAM: 31635.77 MB
Total Virtual: 32419.38 MB
Available Virtual: 31663.95 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:293.65 GB) (Free:18.89 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Zastrzeżone przez system) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Data) (Fixed) (Total:1103.51 GB) (Free:369.03 GB) NTFS
Drive f: (GSP1RMCULFRER_PL_DVD) (Removable) (Total:14.44 GB) (Free:6.67 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 5BC53D8B)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=293.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1103.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 14.4 GB) (Disk ID: 0C7246F3)
Partition 1: (Active) - (Size=14.4 GB) - (Type=07 NTFS)
 
LastRegBack: 2017-06-22 18:17
 
==================== End of FRST.txt ============================


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,692 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:53 PM

Posted 12 August 2017 - 04:10 PM

Sorry, but missed this:

 

Open FRST as you did before.

Type the following in the edit box on FRST, after "Search:".

SOFTWARE*;SYSTEM*;DEFAULT*;SECURITY*;SAM*;winload.exe;ntoskrnl.exe;hal.dll

It then should look like:

Search: SOFTWARE*;SYSTEM*;DEFAULT*;SECURITY*;SAM*;winload.exe;ntoskrnl.exe;hal.dll

Click Search Files button and post the log (Search.txt) it makes on the USB drive in your next reply.

 

Edited: Added more items to search.

 

===============================================================================

 

 

At the prompt type the following and press Enter:

 

BootRec.exe /FixBoot

BootRec.exe /ScanOs

 

Does it Scans all disks for Windows installations and displays the current OS existence?
 


Edited by JSntgRvr, 12 August 2017 - 04:27 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 gercio

gercio
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 13 August 2017 - 12:52 PM

Hi,

 

The search.txt was over 1.5MB. I cut everything except locations with registry hives. I also have some zipped backups somewhere. I will run some Total Commander or something to also search in zipped files.

The bootrec shows 0 installations found.

 

 

Farbar Recovery Scan Tool (x86) Version: 23-07-2017
Ran by SYSTEM (13-08-2017 08:33:07)
Running from F:\
Boot Mode: Recovery
 
================== Search Files: "SOFTWARE*;SYSTEM*;DEFAULT*;SECURITY*;SAM*;winload.exe;ntoskrnl.exe;hal.dll" =============
 
<CUT>
 
C:\Windows\System32\defaultlocationcpl.dll
[2011-07-01 16:27][2010-11-20 13:18] 0220672 _____ (Microsoft Corporation) 73CB55D2E8099D24FD077C990FFE3DDB
 
C:\Windows\System32\hal.dll
[2011-07-01 16:27][2010-11-20 13:29] 0194432 _____ (Microsoft Corporation) 1BF0D4727FDB437D513CFF8A9359C050
 
C:\Windows\System32\ntoskrnl.exe
[2015-11-14 18:20][2015-10-20 01:52] 3935680 _____ (Microsoft Corporation) A860CAA340D18B2CB7B93A9C67FDDB49
 
C:\Windows\System32\samcli.dll
[2011-07-01 16:27][2010-11-20 13:21] 0051200 _____ (Microsoft Corporation) 68ECCA523ED760AAFC03C5D587569859
 
C:\Windows\System32\samlib.dll
[2009-07-14 00:37][2009-07-14 02:16] 0060928 _____ (Microsoft Corporation) C30A3E5DEEEBA22E782AC54C5AF5F352
 
C:\Windows\System32\SampleRes.dll
[2009-07-14 01:06][2009-07-14 02:09] 0002048 _____ (Microsoft Corporation) 2465A837EF42E7DAF691F962A552F47F
 
C:\Windows\System32\samsrv.dll
[2011-07-01 16:28][2010-11-20 13:21] 0551424 _____ (Microsoft Corporation) 245F4691314F42D4D1BC06442F0B2086
 
C:\Windows\System32\security.dll
[2009-07-14 00:33][2009-07-14 02:09] 0004608 _____ (Microsoft Corporation) 4F6E72B34ED3DC53DCC5E8708E60B61F
 
C:\Windows\System32\system.drv
[2009-07-13 22:41][2009-07-13 22:41] 0003360 _____ (Microsoft Corporation) 4A00D59AE6D75BDFC2C8E5182C4B1376
 
C:\Windows\System32\systemcpl.dll
[2011-07-01 16:27][2010-11-20 13:21] 0410624 _____ (Microsoft Corporation) 4AC64014668BB2B4834A66B73406AB63
 
C:\Windows\System32\systemcpl.dll.bak
[2009-07-14 00:40][2009-07-14 02:16] 0410624 _____ (Microsoft Corporation) 4EE1F86F0380EE6F57C5283D945861EA
 
C:\Windows\System32\systeminfo.exe
[2009-07-14 00:57][2009-07-14 02:14] 0075776 _____ (Microsoft Corporation) 258B2ED54FC7F74E2FDCCE5861549C1A
 
C:\Windows\System32\SystemPropertiesAdvanced.exe
[2009-07-14 00:40][2009-07-14 02:14] 0081920 _____ (Microsoft Corporation) 976D873B005E11C5F61CAE5EFCB955A1
 
C:\Windows\System32\SystemPropertiesComputerName.exe
[2009-07-14 00:40][2009-07-14 02:14] 0081920 _____ (Microsoft Corporation) A1DD060EA542D1B53F1F145D5F0325A0
 
C:\Windows\System32\SystemPropertiesDataExecutionPrevention.exe
[2009-07-14 00:40][2009-07-14 02:14] 0081920 _____ (Microsoft Corporation) 8F1323D58A47EA912E6F954920EDE85D
 
C:\Windows\System32\SystemPropertiesHardware.exe
[2009-07-14 00:40][2009-07-14 02:14] 0081920 _____ (Microsoft Corporation) BB1E4126282097BCDEB1419E26E453BC
 
C:\Windows\System32\SystemPropertiesPerformance.exe
[2009-07-14 00:40][2009-07-14 02:14] 0081920 _____ (Microsoft Corporation) 1969A81CA0CFAF3DC732C89B38854997
 
C:\Windows\System32\SystemPropertiesProtection.exe
[2009-07-14 00:40][2009-07-14 02:14] 0081920 _____ (Microsoft Corporation) 637C76FBF5249B75C3E3BA08FFDABF5C
 
C:\Windows\System32\SystemPropertiesRemote.exe
[2009-07-14 00:40][2009-07-14 02:14] 0081920 _____ (Microsoft Corporation) AE8D597C94F84FDDFE80747B941615CC
 
C:\Windows\System32\systemsf.ebd
[2011-07-01 16:28][2010-11-05 03:20] 0146852 _____ () B8CBB46B42570D373C9933FBDF25EBCE
 
C:\Windows\System32\winload.exe
[2015-11-14 18:18][2015-06-03 21:16] 0521384 _____ (Microsoft Corporation) 7DD3B3971D45197FA059C7CF55387BE8
 
<CUT>
 
C:\Windows\System32\config.bak\DEFAULT
[2017-07-20 07:30][2017-07-19 21:37] 0524288 _____ () D80657B81ADBA5D113E38C829161BC5B
 
C:\Windows\System32\config.bak\DEFAULT..bak
[2017-07-20 07:30][2017-07-19 20:54] 0524288 _____ () 3460542D46844472AB4BFD81B662E12D
 
C:\Windows\System32\config.bak\DEFAULT.LOG
[2017-07-20 07:30][2009-07-14 09:33] 0001024 ____H () C22D04A9C6189B8CE4F7B5608A57C108
 
C:\Windows\System32\config.bak\DEFAULT.LOG1
[2017-07-20 07:30][2017-07-19 21:37] 0012288 ____H () 50EEE02C6C327DBE32973EE2FA6411D0
 
C:\Windows\System32\config.bak\DEFAULT.LOG2
[2017-07-20 07:30][2009-07-14 03:03] 0000000 ____H () 
 
C:\Windows\System32\config.bak\DEFAULT{99655361-6c4a-11e7-9a10-d43d7e1937f9}.TM.blf
[2017-07-20 07:30][2017-07-19 07:41] 0065536 ___SH () 3B1A2C49E80B12F457E2FB897E10ED52
 
C:\Windows\System32\config.bak\DEFAULT{99655361-6c4a-11e7-9a10-d43d7e1937f9}.TMContainer00000000000000000001.regtrans-ms
[2017-07-20 07:30][2017-07-19 07:41] 0524288 ___SH () 3255403EB3A33A47441867095063EF01
 
C:\Windows\System32\config.bak\DEFAULT{99655361-6c4a-11e7-9a10-d43d7e1937f9}.TMContainer00000000000000000002.regtrans-ms
[2017-07-20 07:30][2017-07-19 07:41] 0524288 ___SH () 59071590099D21DD439896592338BF95
 
C:\Windows\System32\config.bak\SAM
[2017-07-20 07:30][2017-07-19 21:37] 0262144 _____ () DD9B41E47322515F61E2148D3BA64B56
 
C:\Windows\System32\config.bak\SAM..bak
[2017-07-20 07:30][2017-07-19 20:54] 0262144 _____ () 9BB049A17B412814631A08867DF61343
 
C:\Windows\System32\config.bak\SAM.LOG
[2017-07-20 07:30][2009-07-14 09:33] 0001024 ____H () F39E755E40A3F8AB3C495184266F82F9
 
C:\Windows\System32\config.bak\SAM.LOG1
[2017-07-20 07:30][2017-07-19 21:37] 0029696 ____H () D735F26DEB77E72CE89E35CCD8D523D7
 
C:\Windows\System32\config.bak\SAM.LOG2
[2017-07-20 07:30][2009-07-14 03:03] 0000000 ____H () 
 
C:\Windows\System32\config.bak\SAM{6cced2f5-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2017-07-20 07:30][2017-07-19 07:41] 0065536 ___SH () 49FB64B89D0C163E675409FFE76C8A00
 
C:\Windows\System32\config.bak\SAM{6cced2f5-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2017-07-20 07:30][2017-07-19 07:41] 0524288 ___SH () 48C39ABE6268E6FB5FE22B952623004B
 
C:\Windows\System32\config.bak\SAM{6cced2f5-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2017-07-20 07:30][2017-07-19 07:41] 0524288 ___SH () 59071590099D21DD439896592338BF95
 
C:\Windows\System32\config.bak\SECURITY
[2017-07-20 07:30][2017-07-19 21:37] 0262144 _____ () E46A3FBCCE0D9F595A7038FD56C26182
 
C:\Windows\System32\config.bak\SECURITY..bak
[2017-07-20 07:30][2017-07-19 20:54] 0262144 _____ () 56AFE67DD405BA7BCC3767820AD02DA6
 
C:\Windows\System32\config.bak\SECURITY.LOG
[2017-07-20 07:30][2009-07-14 09:33] 0001024 ____H () 70D62700E949ED3FE4AFEFCA2C26CA6D
 
C:\Windows\System32\config.bak\SECURITY.LOG1
[2017-07-20 07:30][2017-07-19 21:37] 0021504 ____H () 66DF3873E9D5AEF7A14CC4A4DD18CD19
 
C:\Windows\System32\config.bak\SECURITY.LOG2
[2017-07-20 07:30][2009-07-14 03:03] 0000000 ____H () 
 
C:\Windows\System32\config.bak\SECURITY{6cced2f9-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2017-07-20 07:30][2017-07-19 07:41] 0065536 ___SH () 1E884EEDB37541428B80244E6EE8A37A
 
C:\Windows\System32\config.bak\SECURITY{6cced2f9-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2017-07-20 07:30][2017-07-19 07:41] 0524288 ___SH () 43947BA3964FB671C4A39F1B365899EA
 
C:\Windows\System32\config.bak\SECURITY{6cced2f9-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2017-07-20 07:30][2017-07-19 07:41] 0524288 ___SH () 59071590099D21DD439896592338BF95
 
C:\Windows\System32\config.bak\SOFTWARE
[2017-07-20 07:30][2017-07-19 21:37] 57933824 _____ () 
 
C:\Windows\System32\config.bak\SOFTWARE..bak
[2017-07-20 07:30][2017-07-19 20:54] 57933824 _____ () 
 
C:\Windows\System32\config.bak\SOFTWARE.LOG
[2017-07-20 07:30][2009-07-14 09:33] 0001024 ____H () 31085D6637B32C52602174053983C5BC
 
C:\Windows\System32\config.bak\SOFTWARE.LOG1
[2017-07-20 07:30][2017-07-19 21:37] 0018944 ____H () DD796B5D7EC5F9A67F1F9F2035977472
 
C:\Windows\System32\config.bak\SOFTWARE.LOG2
[2017-07-20 07:30][2009-07-14 03:03] 0000000 ____H () 
 
C:\Windows\System32\config.bak\SOFTWARE{6cced2fd-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2017-07-20 07:30][2017-07-19 07:41] 0065536 ___SH () 243B63D3FAA247293EF5ED31FB582ECB
 
C:\Windows\System32\config.bak\SOFTWARE{6cced2fd-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2017-07-20 07:30][2017-07-19 07:41] 0524288 ___SH () B647F5D030A54593FF94FA8ECDC1798A
 
C:\Windows\System32\config.bak\SOFTWARE{6cced2fd-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2017-07-20 07:30][2017-07-19 07:41] 0524288 ___SH () 59071590099D21DD439896592338BF95
 
C:\Windows\System32\config.bak\SYSTEM
[2017-07-20 07:30][2017-07-19 21:37] 38273024 _____ () 
 
C:\Windows\System32\config.bak\SYSTEM..bak
[2017-07-20 07:30][2017-07-19 20:54] 38273024 _____ () 
 
C:\Windows\System32\config.bak\SYSTEM.LOG
[2017-07-20 07:30][2009-07-14 09:33] 0001024 ____H () D0F39A527DD3086AF74150367912809A
 
C:\Windows\System32\config.bak\SYSTEM.LOG1
[2017-07-20 07:30][2017-07-19 21:37] 9553920 ____H () DC9C7DE07279605B4BAC999EEBBDDC0D
 
C:\Windows\System32\config.bak\SYSTEM.LOG2
[2017-07-20 07:30][2009-07-14 03:03] 0008192 ____H () 6070EC3736FC2C12A1CB736E18E9C754
 
C:\Windows\System32\config.bak\SYSTEM{6cced301-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2017-07-20 07:30][2017-06-28 14:05] 0065536 ___SH () AC8954D7CEE195578598989E802BBA21
 
C:\Windows\System32\config.bak\SYSTEM{6cced301-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2017-07-20 07:30][2017-06-28 14:05] 0524288 ___SH () 4BC6DAE0B0CD861CC6545246DB11DC05
 
C:\Windows\System32\config.bak\SYSTEM{6cced301-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2017-07-20 07:30][2017-06-28 14:05] 0524288 ___SH () 59071590099D21DD439896592338BF95
 
C:\Windows\System32\config.bak\RegBack\DEFAULT
[2017-07-20 07:30][2017-06-22 18:18] 0270336 _____ () 1CFB92D5B30DC0D2CAF2CD885C6317A7
 
C:\Windows\System32\config.bak\RegBack\DEFAULT.LOG1
[2017-07-20 07:30][2010-07-27 21:38] 0000000 ___SH () 
 
C:\Windows\System32\config.bak\RegBack\DEFAULT.LOG2
[2017-07-20 07:30][2010-07-27 21:38] 0000000 ___SH () 
 
C:\Windows\System32\config.bak\RegBack\SAM
[2017-07-20 07:30][2017-06-22 18:18] 0032768 _____ () 3FE25044D1CCAB3CE8E61F99749CFFDC
 
C:\Windows\System32\config.bak\RegBack\SAM.LOG1
[2017-07-20 07:30][2010-07-27 21:38] 0000000 ___SH () 
 
C:\Windows\System32\config.bak\RegBack\SAM.LOG2
[2017-07-20 07:30][2010-07-27 21:38] 0000000 ___SH () 
 
C:\Windows\System32\config.bak\RegBack\SECURITY
[2017-07-20 07:30][2017-06-22 18:17] 0024576 _____ () 2BE6846F2A8A8239FB2307A318278B58
 
C:\Windows\System32\config.bak\RegBack\SECURITY.LOG1
[2017-07-20 07:30][2010-07-27 21:38] 0000000 ___SH () 
 
C:\Windows\System32\config.bak\RegBack\SECURITY.LOG2
[2017-07-20 07:30][2010-07-27 21:38] 0000000 ___SH () 
 
C:\Windows\System32\config.bak\RegBack\SOFTWARE
[2017-07-20 07:30][2017-06-22 18:17] 63291392 _____ () 
 
C:\Windows\System32\config.bak\RegBack\SOFTWARE.LOG1
[2017-07-20 07:30][2010-07-27 21:38] 0000000 ___SH () 
 
C:\Windows\System32\config.bak\RegBack\SOFTWARE.LOG2
[2017-07-20 07:30][2010-07-27 21:38] 0000000 ___SH () 
 
C:\Windows\System32\config.bak\RegBack\SYSTEM
[2017-07-20 07:30][2017-06-22 18:18] 37322752 _____ () 
 
C:\Windows\System32\config.bak\RegBack\SYSTEM.LOG1
[2017-07-20 07:30][2010-07-27 21:38] 0262144 ___SH () EC87A838931D4D5D2E94A04644788A55
 
C:\Windows\System32\config.bak\RegBack\SYSTEM.LOG2
[2017-07-20 07:30][2010-07-27 21:38] 0262144 ___SH () EC87A838931D4D5D2E94A04644788A55
 
C:\Windows\System32\config\DEFAULT
[2009-07-14 03:03][2017-08-03 18:25] 0270336 _____ () 9C7DE4C748DE7C4EA8FA52605963B301
 
C:\Windows\System32\config\DEFAULT..bak
[2017-07-19 21:20][2017-07-19 20:54] 0524288 _____ () 3460542D46844472AB4BFD81B662E12D
 
C:\Windows\System32\config\DEFAULT.bhv
[2017-07-26 04:40][2017-07-26 04:40] 0524288 _____ () C91CDFC311E9A06D1C23DE6D76304320
 
C:\Windows\System32\config\DEFAULT.LOG
[2009-07-14 09:02][2009-07-14 09:33] 0001024 ____H () C22D04A9C6189B8CE4F7B5608A57C108
 
C:\Windows\System32\config\DEFAULT.LOG1
[2009-07-14 03:03][2017-08-03 18:47] 0020480 ___SH () 674270CDC37C0C516900C8505618B9DE
 
C:\Windows\System32\config\DEFAULT.LOG2
[2009-07-14 03:03][2010-07-27 21:38] 0000000 ___SH () 
 
C:\Windows\System32\config\DEFAULT{99655361-6c4a-11e7-9a10-d43d7e1937f9}.TM.blf
[2017-07-19 07:41][2017-07-19 07:41] 0065536 ___SH () 3B1A2C49E80B12F457E2FB897E10ED52
 
C:\Windows\System32\config\DEFAULT{99655361-6c4a-11e7-9a10-d43d7e1937f9}.TMContainer00000000000000000001.regtrans-ms
[2017-07-19 07:41][2017-07-19 07:41] 0524288 ___SH () 3255403EB3A33A47441867095063EF01
 
C:\Windows\System32\config\DEFAULT{99655361-6c4a-11e7-9a10-d43d7e1937f9}.TMContainer00000000000000000002.regtrans-ms
[2017-07-19 07:41][2017-07-19 07:41] 0524288 ___SH () 59071590099D21DD439896592338BF95
 
C:\Windows\System32\config\DEFAULT{b0c33050-7748-11e7-9a1c-d43d7e1937f9}.TM.blf
[2017-08-02 07:21][2017-08-02 07:21] 0065536 ___SH () C2C969B30F68E4E4742AABC4E317A145
 
C:\Windows\System32\config\DEFAULT{b0c33050-7748-11e7-9a1c-d43d7e1937f9}.TMContainer00000000000000000001.regtrans-ms
[2017-08-02 07:21][2017-08-02 07:21] 0524288 ___SH () 0C95AE763F9130E922BD0A4661FEC7D7
 
C:\Windows\System32\config\DEFAULT{b0c33050-7748-11e7-9a1c-d43d7e1937f9}.TMContainer00000000000000000002.regtrans-ms
[2017-08-02 07:21][2017-08-02 07:21] 0524288 ___SH () 59071590099D21DD439896592338BF95
 
C:\Windows\System32\config\SAM
[2009-07-14 03:03][2017-08-03 18:25] 0032768 _____ () 5ED5C49E50271E16A44802ABA85AA67B
 
C:\Windows\System32\config\SAM..bak
[2017-07-19 21:20][2017-07-19 20:54] 0262144 _____ () 9BB049A17B412814631A08867DF61343
 
C:\Windows\System32\config\SAM.bhv
[2017-07-26 04:40][2017-07-26 04:40] 0262144 _____ () A0FCF2B276AC8E873AC61C1636C7C29E
 
C:\Windows\System32\config\SAM.LOG
[2009-07-14 09:02][2009-07-14 09:33] 0001024 ____H () F39E755E40A3F8AB3C495184266F82F9
 
C:\Windows\System32\config\SAM.LOG1
[2009-07-14 03:03][2017-08-03 18:47] 0020480 ___SH () 93945EDAF01DBB01EF6DC3A47452A382
 
C:\Windows\System32\config\SAM.LOG2
[2009-07-14 03:03][2010-07-27 21:38] 0000000 ___SH () 
 
C:\Windows\System32\config\SAM{6cced2f5-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2017-07-19 07:41][2017-07-19 07:41] 0065536 ___SH () 49FB64B89D0C163E675409FFE76C8A00
 
C:\Windows\System32\config\SAM{6cced2f5-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2017-07-19 07:41][2017-07-19 07:41] 0524288 ___SH () 48C39ABE6268E6FB5FE22B952623004B
 
C:\Windows\System32\config\SAM{6cced2f5-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2017-07-19 07:41][2017-07-19 07:41] 0524288 ___SH () 59071590099D21DD439896592338BF95
 
C:\Windows\System32\config\SECURITY
[2009-07-14 03:03][2017-08-03 18:25] 0024576 _____ () 7BE122F6371028B8F2DCFD75FDFA11FA
 
C:\Windows\System32\config\SECURITY..bak
[2017-07-19 21:20][2017-07-19 20:54] 0262144 _____ () 56AFE67DD405BA7BCC3767820AD02DA6
 
C:\Windows\System32\config\SECURITY.bhv
[2017-07-26 04:40][2017-07-26 04:40] 0262144 _____ () D1B7E8755145347C34E875AB8AC3999B
 
C:\Windows\System32\config\SECURITY.LOG
[2009-07-14 09:02][2009-07-14 09:33] 0001024 ____H () 70D62700E949ED3FE4AFEFCA2C26CA6D
 
C:\Windows\System32\config\SECURITY.LOG1
[2009-07-14 03:03][2017-08-03 18:47] 0005120 ___SH () 6E16E9C30073AAABE0D2D2C83BEAD1F2
 
C:\Windows\System32\config\SECURITY.LOG2
[2009-07-14 03:03][2010-07-27 21:38] 0000000 ___SH () 
 
C:\Windows\System32\config\SECURITY{6cced2f9-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2017-07-19 07:41][2017-07-19 07:41] 0065536 ___SH () 1E884EEDB37541428B80244E6EE8A37A
 
C:\Windows\System32\config\SECURITY{6cced2f9-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2017-07-19 07:41][2017-07-19 07:41] 0524288 ___SH () 43947BA3964FB671C4A39F1B365899EA
 
C:\Windows\System32\config\SECURITY{6cced2f9-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2017-07-19 07:41][2017-07-19 07:41] 0524288 ___SH () 59071590099D21DD439896592338BF95
 
C:\Windows\System32\config\SOFTWARE
[2009-07-14 03:03][2017-08-03 18:33] 63291392 _____ () 
 
C:\Windows\System32\config\SOFTWARE..bak
[2017-07-19 21:20][2017-07-19 20:54] 57933824 _____ () 
 
C:\Windows\System32\config\SOFTWARE.bhv
[2017-07-26 04:40][2017-07-26 04:40] 57933824 _____ () 
 
C:\Windows\System32\config\SOFTWARE.LOG
[2009-07-14 09:02][2009-07-14 09:33] 0001024 ____H () 31085D6637B32C52602174053983C5BC
 
C:\Windows\System32\config\SOFTWARE.LOG1
[2009-07-14 03:03][2017-08-13 08:31] 0032768 ___SH () 41686D8481A3B6E3F0AD24AA2871C96E
 
C:\Windows\System32\config\SOFTWARE.LOG2
[2009-07-14 03:03][2010-07-27 21:38] 0000000 ___SH () 
 
C:\Windows\System32\config\SOFTWARE{6cced2fd-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2017-07-19 07:41][2017-07-19 07:41] 0065536 ___SH () 243B63D3FAA247293EF5ED31FB582ECB
 
C:\Windows\System32\config\SOFTWARE{6cced2fd-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2017-07-19 07:41][2017-07-19 07:41] 0524288 ___SH () B647F5D030A54593FF94FA8ECDC1798A
 
C:\Windows\System32\config\SOFTWARE{6cced2fd-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2017-07-19 07:41][2017-07-19 07:41] 0524288 ___SH () 59071590099D21DD439896592338BF95
 
C:\Windows\System32\config\SYSTEM
[2009-07-14 03:03][2017-08-03 18:32] 37322752 _____ () 
 
C:\Windows\System32\config\SYSTEM..bak
[2017-07-19 21:20][2017-07-19 20:54] 38273024 _____ () 
 
C:\Windows\System32\config\SYSTEM.bhv
[2017-07-26 04:40][2017-07-26 04:40] 38273024 _____ () 
 
C:\Windows\System32\config\SYSTEM.LOG
[2009-07-14 09:02][2009-07-14 09:33] 0001024 ____H () D0F39A527DD3086AF74150367912809A
 
C:\Windows\System32\config\SYSTEM.LOG1
[2009-07-14 03:03][2017-08-13 08:31] 2097152 ___SH () F3BBCFC524FF5E897D032E26C13FD621
 
C:\Windows\System32\config\SYSTEM.LOG2
[2009-07-14 03:03][2010-07-27 21:38] 0262144 ___SH () EC87A838931D4D5D2E94A04644788A55
 
C:\Windows\System32\config\SYSTEM{6cced301-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2017-06-28 14:00][2017-06-28 14:05] 0065536 ___SH () AC8954D7CEE195578598989E802BBA21
 
C:\Windows\System32\config\SYSTEM{6cced301-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2017-06-28 14:00][2017-06-28 14:05] 0524288 ___SH () 4BC6DAE0B0CD861CC6545246DB11DC05
 
C:\Windows\System32\config\SYSTEM{6cced301-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2017-06-28 14:00][2017-06-28 14:05] 0524288 ___SH () 59071590099D21DD439896592338BF95
 
C:\Windows\System32\config\RegBack\DEFAULT
[2010-07-21 20:41][2017-06-22 18:18] 0270336 _____ () 1CFB92D5B30DC0D2CAF2CD885C6317A7
 
C:\Windows\System32\config\RegBack\DEFAULT.LOG1
[2010-07-27 21:38][2010-07-27 21:38] 0000000 ___SH () 
 
C:\Windows\System32\config\RegBack\DEFAULT.LOG2
[2010-07-27 21:38][2010-07-27 21:38] 0000000 ___SH () 
 
C:\Windows\System32\config\RegBack\SAM
[2010-07-21 20:41][2017-06-22 18:18] 0032768 _____ () 3FE25044D1CCAB3CE8E61F99749CFFDC
 
C:\Windows\System32\config\RegBack\SAM.LOG1
[2010-07-27 21:38][2010-07-27 21:38] 0000000 ___SH () 
 
C:\Windows\System32\config\RegBack\SAM.LOG2
[2010-07-27 21:38][2010-07-27 21:38] 0000000 ___SH () 
 
C:\Windows\System32\config\RegBack\SECURITY
[2010-07-21 20:41][2017-06-22 18:17] 0024576 _____ () 2BE6846F2A8A8239FB2307A318278B58
 
C:\Windows\System32\config\RegBack\SECURITY.LOG1
[2010-07-27 21:38][2010-07-27 21:38] 0000000 ___SH () 
 
C:\Windows\System32\config\RegBack\SECURITY.LOG2
[2010-07-27 21:38][2010-07-27 21:38] 0000000 ___SH () 
 
C:\Windows\System32\config\RegBack\SOFTWARE
[2010-07-21 20:41][2017-06-22 18:17] 63291392 _____ () 
 
C:\Windows\System32\config\RegBack\SOFTWARE.LOG1
[2010-07-27 21:38][2010-07-27 21:38] 0000000 ___SH () 
 
C:\Windows\System32\config\RegBack\SOFTWARE.LOG2
[2010-07-27 21:38][2010-07-27 21:38] 0000000 ___SH () 
 
C:\Windows\System32\config\RegBack\SYSTEM
[2010-07-21 20:41][2017-06-22 18:18] 37322752 _____ () 
 
C:\Windows\System32\config\RegBack\SYSTEM.LOG1
[2010-07-27 21:38][2010-07-27 21:38] 0262144 ___SH () EC87A838931D4D5D2E94A04644788A55
 
C:\Windows\System32\config\RegBack\SYSTEM.LOG2
[2010-07-27 21:38][2010-07-27 21:38] 0262144 ___SH () EC87A838931D4D5D2E94A04644788A55
 
C:\Windows\System32\Boot\winload.exe
[2015-11-14 18:18][2015-06-03 21:16] 0521384 _____ (Microsoft Corporation) 7DD3B3971D45197FA059C7CF55387BE8
 
C:\Windows\system\system.drv
[2009-07-13 22:41][2009-07-13 22:41] 0003360 _____ (Microsoft Corporation) 4A00D59AE6D75BDFC2C8E5182C4B1376
 
 
C:\System32\defaultlocationcpl.dll
[2017-07-19 21:50][2010-11-20 13:18] 0220672 _____ (Microsoft Corporation) 73CB55D2E8099D24FD077C990FFE3DDB
 
C:\System32\hal.dll
[2017-07-19 21:50][2010-11-20 13:29] 0194432 _____ (Microsoft Corporation) 1BF0D4727FDB437D513CFF8A9359C050
 
C:\System32\ntoskrnl.exe
[2017-07-19 21:50][2017-05-12 19:07] 3945704 _____ (Microsoft Corporation) BECFF07257DD80EEF20904B4A2D3B319
 
C:\System32\samcli.dll
[2017-07-19 21:51][2010-11-20 13:21] 0051200 _____ (Microsoft Corporation) 68ECCA523ED760AAFC03C5D587569859
 
C:\System32\samlib.dll
[2017-07-19 21:51][2017-02-09 17:14] 0060416 _____ (Microsoft Corporation) F3E69E053D4FA762A663ED7B77A5F4DD
 
C:\System32\SampleRes.dll
[2017-07-19 21:51][2009-07-14 02:09] 0002048 _____ (Microsoft Corporation) 2465A837EF42E7DAF691F962A552F47F
 
C:\System32\samsrv.dll
[2017-07-19 21:51][2017-02-09 17:14] 0575488 _____ (Microsoft Corporation) 2B2967A22F1331DD5E6F8B1C5745F143
 
C:\System32\security.dll
[2017-07-19 21:51][2009-07-14 02:09] 0004608 _____ (Microsoft Corporation) 4F6E72B34ED3DC53DCC5E8708E60B61F
 
C:\System32\system.drv
[2017-07-19 21:51][2009-07-13 22:41] 0003360 _____ (Microsoft Corporation) 4A00D59AE6D75BDFC2C8E5182C4B1376
 
C:\System32\systemcpl.dll
[2017-07-19 21:51][2010-11-20 13:21] 0410624 _____ (Microsoft Corporation) 4AC64014668BB2B4834A66B73406AB63
 
C:\System32\systemcpl.dll.bak
[2017-07-19 21:51][2009-07-14 02:16] 0410624 _____ (Microsoft Corporation) 4EE1F86F0380EE6F57C5283D945861EA
 
C:\System32\systeminfo.exe
[2017-07-19 21:51][2009-07-14 02:14] 0075776 _____ (Microsoft Corporation) 258B2ED54FC7F74E2FDCCE5861549C1A
 
C:\System32\SystemPropertiesAdvanced.exe
[2017-07-19 21:51][2009-07-14 02:14] 0081920 _____ (Microsoft Corporation) 976D873B005E11C5F61CAE5EFCB955A1
 
C:\System32\SystemPropertiesComputerName.exe
[2017-07-19 21:51][2009-07-14 02:14] 0081920 _____ (Microsoft Corporation) A1DD060EA542D1B53F1F145D5F0325A0
 
C:\System32\SystemPropertiesDataExecutionPrevention.exe
[2017-07-19 21:51][2009-07-14 02:14] 0081920 _____ (Microsoft Corporation) 8F1323D58A47EA912E6F954920EDE85D
 
C:\System32\SystemPropertiesHardware.exe
[2017-07-19 21:51][2009-07-14 02:14] 0081920 _____ (Microsoft Corporation) BB1E4126282097BCDEB1419E26E453BC
 
C:\System32\SystemPropertiesPerformance.exe
[2017-07-19 21:51][2009-07-14 02:14] 0081920 _____ (Microsoft Corporation) 1969A81CA0CFAF3DC732C89B38854997
 
C:\System32\SystemPropertiesProtection.exe
[2017-07-19 21:51][2009-07-14 02:14] 0081920 _____ (Microsoft Corporation) 637C76FBF5249B75C3E3BA08FFDABF5C
 
C:\System32\SystemPropertiesRemote.exe
[2017-07-19 21:51][2009-07-14 02:14] 0081920 _____ (Microsoft Corporation) AE8D597C94F84FDDFE80747B941615CC
 
C:\System32\systemsf.ebd
[2017-07-19 21:51][2010-11-05 03:20] 0146852 _____ () B8CBB46B42570D373C9933FBDF25EBCE
 
C:\System32\winload.exe
[2017-07-19 21:51][2016-10-08 14:05] 0534600 _____ (Microsoft Corporation) 7B125B0729DA7539CC12C3AC9CC1FA1C
 
C:\System32\winevt\Logs\Security.evtx
[2017-07-19 21:53][2017-06-24 13:16] 20975616 _____ () 1988E0DA38926DD864BE053B9C91BD6A
 
C:\System32\winevt\Logs\System.evtx
[2017-07-19 21:53][2017-06-24 13:16] 20975616 _____ () BC52E2F78B68CCE3000D0A656D22B8B3
 
C:\System32\WindowsPowerShell\v1.0\en-US\default.help.txt
[2017-07-19 21:53][2009-07-14 09:07] 0002223 _____ () E179134DDC1C768D862464D6E4A8511F
 
C:\System32\WindowsPowerShell\v1.0\en-US\System.Management.Automation.dll-Help.xml
[2017-07-19 21:53][2009-07-14 09:07] 1268150 _____ () 2170B1C7496307C0949B54A6DD6F0A54
 
C:\System32\wbem\samsrv.mof
[2017-07-19 21:53][2009-06-10 22:18] 0062541 _____ () 3A7926F427B2745D678AFCB7B37AFAF2
 
C:\System32\wbem\system.mof
[2017-07-19 21:53][2009-07-13 21:34] 0126920 _____ () C43C6B105196C5F904655B89CA0E8330
 
C:\System32\wbem\pl-PL\system.mfl
[2017-07-19 21:53][2009-07-14 09:07] 0103258 _____ () 8FC9B54147AB509DA142F29B4142CA18
 
C:\System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders
[2017-07-19 21:53][2010-07-21 20:53] 0003792 _____ () 7A5D84B49ECC723CD56ED27564191528
 
C:\System32\Tasks\Microsoft\Windows\Multimedia\SystemSoundsService
[2017-07-19 21:53][2009-07-14 05:42] 0002602 _____ () 6F62E1E1A09E1B5A5DC647CD401ECC11
 
C:\System32\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask
[2017-07-19 21:53][2009-07-14 05:41] 0004130 _____ () FC102D35223A637D33E9426D5D95B725
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-OEM-NONSLP-pl.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0013307 _____ () 6C9E4203C0624564FBBCC6FDC0A161BD
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-OEM-NONSLP-ul-oob.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0013081 _____ () B1F22FA5AA289D5F7787B8615AED4B46
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-OEM-NONSLP-ul-phn.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0016299 _____ () 4B64F9F3954978F978F44E2CE4808152
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-OEM-NONSLP1-pl.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0013307 _____ () 6B2D290A8173D09013E12F6229EB80F9
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-OEM-NONSLP1-ul-oob.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0013081 _____ () B90EA1501795280B3815A88192F25C36
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-OEM-NONSLP1-ul-phn.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0016299 _____ () 65C0EADEB3075FF0B64CFA74FAF894BF
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-OEM-NONSLP2-pl.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0013307 _____ () 9FE88A1709AD5A0C1619BD37D645084A
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-OEM-NONSLP2-ul-oob.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0013081 _____ () D9539ED5FC6A65E02BB70BFA428D469C
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-OEM-NONSLP2-ul-phn.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0016299 _____ () 6CCE13CC70691E5E260CF0EE0D31F717
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-OEM-NONSLP3-pl.xrm-ms
[2017-07-19 21:53][2010-11-20 13:34] 0013307 _____ () 6FEC3CD54F9CE168C0097B0BAED4004A
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-OEM-NONSLP3-ul-oob.xrm-ms
[2017-07-19 21:53][2010-11-20 13:34] 0013081 _____ () BC589974C5B480F2502276DED5814535
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-OEM-NONSLP3-ul-phn.xrm-ms
[2017-07-19 21:53][2010-11-20 13:34] 0016299 _____ () 044CA1443EAC86401C6B0592E91AC249
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-OEM-SLP-ul-oob.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0013071 _____ () B5949CC1785DC614C38869116E26DE6C
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-OEM-SLP-ul.xrm-ms
[2017-07-19 21:53][2010-11-20 13:34] 0011524 _____ () 9A7E5EBA6FABB7958C143A32A42BEE4E
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-OEM-SLP1-ul-oob.xrm-ms
[2017-07-19 21:53][2010-11-20 13:34] 0013071 _____ () 75B11036FA93751ECE64141C2BD28C64
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-OEM-SLP1-ul.xrm-ms
[2017-07-19 21:53][2010-11-20 13:34] 0011524 _____ () 17668329BC02E33817999B0DF38E4BE5
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-OEM-SLPCOA-pl.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0013307 _____ () CA304A4B773EC7CD45C31C1B1FEC9C16
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-OEM-SLPCOA-ul-oob.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0013079 _____ () FE004E67556A919A88A035B313688D41
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-OEM-SLPCOA-ul-phn.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0016297 _____ () 2F245B565E53301E4F41570586B47391
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-OEM-SLPCOA1-pl.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0013307 _____ () 05426F64F6411B7B44CF1A83F4EBC839
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-OEM-SLPCOA1-ul-oob.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0013079 _____ () F97FDE9B5202EFFC26C8B6FF0E9FB1D7
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-OEM-SLPCOA1-ul-phn.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0016297 _____ () EF8AFCDA674398E30C0D7465BB3682CA
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-OEM-SLPCOA2-pl.xrm-ms
[2017-07-19 21:53][2010-11-20 13:34] 0013307 _____ () 7200C87C95F9CF7E5F8CD9E6F2516D88
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-OEM-SLPCOA2-ul-oob.xrm-ms
[2017-07-19 21:53][2010-11-20 13:34] 0013079 _____ () 6BE748FB713188F365B37F6ADD88EAA0
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-OEM-SLPCOA2-ul-phn.xrm-ms
[2017-07-19 21:53][2010-11-20 13:34] 0016297 _____ () 1B914BC8308BD533B4134F629E16D8FC
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-pl.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0013307 _____ () 2CD64DBF7E55281ECEA4CD3155A373DF
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-RETAIL1-pl.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0013307 _____ () 14130425BDCEE4D692E6E2A18814DB64
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-RETAIL1-ul-oob.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0013069 _____ () 07D5EE88D96B813660A9EF80D77B15E9
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-RETAIL1-ul-phn.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0016287 _____ () 5F49775DB3937BE7BD3481488C60B609
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-RETAIL2-pl.xrm-ms
[2017-07-19 21:53][2010-11-20 13:34] 0013307 _____ () A57041A8705B70929DEE6A1971BB8BDE
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-RETAIL2-ul-oob.xrm-ms
[2017-07-19 21:53][2010-11-20 13:34] 0013069 _____ () 568F1ED8EF5FF4EDDD7495DD6D78AD16
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-RETAIL2-ul-phn.xrm-ms
[2017-07-19 21:53][2010-11-20 13:34] 0016287 _____ () 20E62DDFE50CF83D4478ED2D2A866928
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-RETAIL3-pl.xrm-ms
[2017-07-19 21:53][2010-11-20 13:34] 0013307 _____ () 8B7DA580E13DDE84725705925E869A9B
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-RETAIL3-ul-oob.xrm-ms
[2017-07-19 21:53][2010-11-20 13:34] 0013069 _____ () 44F834F1719FC2408738A45AF5C268C7
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-RETAIL3-ul-phn.xrm-ms
[2017-07-19 21:53][2010-11-20 13:34] 0016287 _____ () 9D2BAA1AE225B50F81A58B984A9D07C2
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-TIMEBASEDSUB-pl.xrm-ms
[2017-07-19 21:53][2010-11-20 13:34] 0013823 _____ () 95AD5AF03B0B8D464D0C37FD3EA98795
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-TIMEBASEDSUB-ul-oob.xrm-ms
[2017-07-19 21:53][2010-11-20 13:34] 0013083 _____ () AFA8A08ECC53A36F8621FE96F7E97582
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-ul-oob.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0013069 _____ () 56D6F229847D798BE5D4E060794E36D5
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-ul-phn.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0016287 _____ () 1E43F49772223ACA67DDABC2273BA6F4
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VL-BYPASS-RAC-private.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0005278 _____ () 884E228CBB3D2A380D4964F2444EEA72
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VL-BYPASS-RAC-public.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0004116 _____ () 877957FB5FA10F4EE2A19FE79F1D988B
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VL-BYPASS-ul-oob.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0013084 _____ () 588C6246412193995C66DFE13A14927B
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VL-BYPASS-ul.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0013011 _____ () 73520F9068D5F0E8F06F1A9A56035B58
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VL-DMAK-pl.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0013307 _____ () 922138BC2CED724A747035E308126F5C
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VL-DMAK-ul-oob.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0013073 _____ () B23192A139773282A33052DFE9180DE9
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VL-DMAK-ul-phn.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0016291 _____ () 69A05E410C80E800FEC296B0E5D0C11A
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VL-DMAK1-pl.xrm-ms
[2017-07-19 21:53][2010-11-20 13:34] 0013307 _____ () ECE18EC24AE129EE04F3601AC2A7269F
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VL-DMAK1-ul-oob.xrm-ms
[2017-07-19 21:53][2010-11-20 13:34] 0013073 _____ () 6242C8DCA3A381A82EBD293535A2FC47
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VL-DMAK1-ul-phn.xrm-ms
[2017-07-19 21:53][2010-11-20 13:34] 0016291 _____ () 68F42FAAEBA6C324271202E12F4721F7
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VL-DMAK2-pl.xrm-ms
[2017-07-19 21:53][2010-11-20 13:34] 0013307 _____ () E4A77406797F52E653E74191B39741D4
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VL-DMAK2-ul-oob.xrm-ms
[2017-07-19 21:53][2010-11-20 13:34] 0013073 _____ () C6039A2C17D4698938C73391752B6DCF
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VL-DMAK2-ul-phn.xrm-ms
[2017-07-19 21:53][2010-11-20 13:34] 0016291 _____ () 114E6D34BA30EF44CEB4BB501A2A9DB5
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VLKMS1-pl.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0013563 _____ () B380182B15E51BF20FB95102EE4C81A6
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VLKMS1-ul-oob.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0013336 _____ () A92A394C1497256AFF543E92083913CF
 
C:\System32\spp\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VLKMS1-ul-phn.xrm-ms
[2017-07-19 21:53][2009-07-14 02:26] 0016554 _____ () 19EC8CAEC934EBE18FA83297BDD98DDA
 
C:\System32\spp\tokens\ppdlic\Security-SPP-Component-SKU-OCUR-ppdlic.xrm-ms
[2017-07-19 21:53][2009-07-14 02:25] 0003074 _____ () 0C3FDE8673610F69D28FB6E033BFAFD2
 
C:\System32\spp\tokens\ppdlic\Security-SPP-Component-SKU-Professional-ppdlic.xrm-ms
[2017-07-19 21:53][2010-11-20 13:33] 0014794 _____ () 8A1EE79D4387775DD1B5CC5E33250DAF
 
C:\System32\spp\tokens\ppdlic\Security-SPP-ppdlic.xrm-ms
[2017-07-19 21:53][2010-11-20 13:33] 0003787 _____ () DFBBE23A1E1897D6B39D8488D17666DD
 
C:\System32\spp\tokens\ppdlic\Security-SPP-UX-ppdlic.xrm-ms
[2017-07-19 21:53][2009-07-14 02:25] 0003030 _____ () 85F2950D444F7CAF23E156C8EA699E23
 
C:\System32\spp\tokens\channels\OCUR\Security-SPP-Component-SKU-OCUR-pl.xrm-ms
[2017-07-19 21:53][2010-11-20 13:36] 0013361 _____ () 29B2B5B7262270F0F1F14A4E671F76E4
 
C:\System32\spp\tokens\channels\OCUR\Security-SPP-Component-SKU-OCUR-RETAIL1-pl.xrm-ms
[2017-07-19 21:53][2010-11-20 13:36] 0013361 _____ () 00F6CFECB6D8C55048E0C7264478A691
 
C:\System32\spp\tokens\channels\OCUR\Security-SPP-Component-SKU-OCUR-RETAIL1-ul-oob.xrm-ms
[2017-07-19 21:53][2010-11-20 13:36] 0011880 _____ () AB16F4832B20A507CDCBFE47256F0387
 
C:\System32\spp\tokens\channels\OCUR\Security-SPP-Component-SKU-OCUR-RETAIL1-ul-phn.xrm-ms
[2017-07-19 21:53][2010-11-20 13:36] 0016402 _____ () 7D32E9D02F8123CA909A3A07DC596E32
 
C:\System32\spp\tokens\channels\OCUR\Security-SPP-Component-SKU-OCUR-ul-oob.xrm-ms
[2017-07-19 21:53][2010-11-20 13:36] 0011880 _____ () 8A9896AA0341A54228B6C3473C7D1C6A
 
C:\System32\spp\tokens\channels\OCUR\Security-SPP-Component-SKU-OCUR-ul-phn.xrm-ms
[2017-07-19 21:53][2010-11-20 13:36] 0016402 _____ () 0F866D998E6F0133F54A4B955AD1E81A
 
C:\System32\pl-PL\defaultlocationcpl.dll.mui
[2017-07-19 21:53][2009-07-14 09:07] 0006144 _____ (Microsoft Corporation) AB9D713367CF76AC4E12C65D7CC13CF6
 
C:\System32\pl-PL\SampleRes.dll.mui
[2017-07-19 21:53][2009-07-14 09:07] 0003072 _____ (Microsoft Corporation) D6EE85F67042BAF434DFF4FDE73ACA04
 
C:\System32\pl-PL\samsrv.dll.mui
[2017-07-19 21:53][2017-03-09 17:31] 0079360 _____ (Microsoft Corporation) 034BC86E7B902327B7D5FDD6229683DF
 
C:\System32\pl-PL\systemcpl.dll.mui
[2017-07-19 21:53][2009-07-14 09:07] 0025600 _____ (Microsoft Corporation) 17CF3F86692906B501542B695F0E0B91
 
C:\System32\pl-PL\systeminfo.exe.mui
[2017-07-19 21:53][2009-07-14 09:07] 0014848 _____ (Microsoft Corporation) C857E466DCE3834CD3A1B2D1D7E83B29
 
C:\System32\pl-PL\SystemPropertiesAdvanced.exe.mui
[2017-07-19 21:53][2010-11-20 13:55] 0002560 _____ (Microsoft Corporation) 264657B88A06D394C6DF2A15A6C5D661
 
C:\System32\pl-PL\SystemPropertiesComputerName.exe.mui
[2017-07-19 21:53][2009-07-14 09:07] 0002048 _____ (Microsoft Corporation) 9F05B4DA74695D4A030F117249E0C434
 
C:\System32\pl-PL\SystemPropertiesDataExecutionPrevention.exe.mui
[2017-07-19 21:53][2009-07-14 09:07] 0002560 _____ (Microsoft Corporation) 04BD39EA4DD7CFB48A68B50DE67323C2
 
C:\System32\pl-PL\SystemPropertiesHardware.exe.mui
[2017-07-19 21:53][2009-07-14 09:07] 0002048 _____ (Microsoft Corporation) 81657D94271FAD535FDEA9C747B7C235
 
C:\System32\pl-PL\SystemPropertiesPerformance.exe.mui
[2017-07-19 21:53][2009-07-14 09:07] 0002560 _____ (Microsoft Corporation) 6045C757DF2312F639B3C91BE4B894EE
 
C:\System32\pl-PL\SystemPropertiesProtection.exe.mui
[2017-07-19 21:53][2009-07-14 09:07] 0002048 _____ (Microsoft Corporation) 73952BFA7893913CAEC444F56924B28D
 
C:\System32\pl-PL\SystemPropertiesRemote.exe.mui
[2017-07-19 21:53][2009-07-14 09:07] 0002048 _____ (Microsoft Corporation) 92B27203D91BC1ADA56D07C95FB94222
 
C:\System32\migwiz\PostMigRes\Web\base_images\System.gif
[2017-07-19 21:53][2009-06-10 22:43] 0001907 _____ () 4FC0E61F9C53A8C74038430E31B88AB8
 
C:\System32\migwiz\dlmanifests\Security-Digest-DL.man
[2017-07-19 21:53][2009-06-10 22:40] 0000803 _____ () 96A1EA47C23147B0857999CD049CED2E
 
C:\System32\migwiz\dlmanifests\Security-Kerberos-DL.man
[2017-07-19 21:53][2009-06-10 22:40] 0000803 _____ () C580489B33EBC3988FDBCC38070DDC72
 
C:\System32\migwiz\dlmanifests\Security-NTLM-DL.man
[2017-07-19 21:53][2009-06-10 22:40] 0001458 _____ () CDF723CC361E061608949DC23572CCE7
 
C:\System32\en-US\SaMinDrv.dll.mui
[2017-07-19 21:53][2009-07-14 02:04] 0002560 _____ () 21B585DBD93ADD61B62B33056127EA67
 
C:\System32\DriverStore\FileRepository\wiasa002.inf_x86_neutral_d00cb75222cc8460\SaMinDrv.dll
[2017-07-19 21:53][2009-07-14 02:16] 0159232 _____ () DFF607D3809FAE24A3B62214DC685E70
 
C:\System32\config\DEFAULT
[2017-07-19 21:52][2017-07-19 21:37] 0524288 _____ () D80657B81ADBA5D113E38C829161BC5B
 
C:\System32\config\DEFAULT..bak
[2017-07-19 21:52][2017-07-19 20:54] 0524288 _____ () 3460542D46844472AB4BFD81B662E12D
 
C:\System32\config\DEFAULT.LOG
[2017-07-19 21:52][2009-07-14 09:33] 0001024 ____H () C22D04A9C6189B8CE4F7B5608A57C108
 
C:\System32\config\DEFAULT.LOG1
[2017-07-19 21:52][2017-07-19 21:37] 0012288 ____H () 50EEE02C6C327DBE32973EE2FA6411D0
 
C:\System32\config\DEFAULT.LOG2
[2017-07-19 21:52][2009-07-14 03:03] 0000000 ____H () 
 
C:\System32\config\DEFAULT{99655361-6c4a-11e7-9a10-d43d7e1937f9}.TM.blf
[2017-07-19 21:52][2017-07-19 07:41] 0065536 ___SH () 3B1A2C49E80B12F457E2FB897E10ED52
 
C:\System32\config\DEFAULT{99655361-6c4a-11e7-9a10-d43d7e1937f9}.TMContainer00000000000000000001.regtrans-ms
[2017-07-19 21:52][2017-07-19 07:41] 0524288 ___SH () 3255403EB3A33A47441867095063EF01
 
C:\System32\config\DEFAULT{99655361-6c4a-11e7-9a10-d43d7e1937f9}.TMContainer00000000000000000002.regtrans-ms
[2017-07-19 21:52][2017-07-19 07:41] 0524288 ___SH () 59071590099D21DD439896592338BF95
 
C:\System32\config\SAM
[2017-07-19 21:52][2017-07-19 21:37] 0262144 _____ () DD9B41E47322515F61E2148D3BA64B56
 
C:\System32\config\SAM..bak
[2017-07-19 21:52][2017-07-19 20:54] 0262144 _____ () 9BB049A17B412814631A08867DF61343
 
C:\System32\config\SAM.LOG
[2017-07-19 21:52][2009-07-14 09:33] 0001024 ____H () F39E755E40A3F8AB3C495184266F82F9
 
C:\System32\config\SAM.LOG1
[2017-07-19 21:52][2017-07-19 21:37] 0029696 ____H () D735F26DEB77E72CE89E35CCD8D523D7
 
C:\System32\config\SAM.LOG2
[2017-07-19 21:52][2009-07-14 03:03] 0000000 ____H () 
 
C:\System32\config\SAM{6cced2f5-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2017-07-19 21:52][2017-07-19 07:41] 0065536 ___SH () 49FB64B89D0C163E675409FFE76C8A00
 
C:\System32\config\SAM{6cced2f5-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2017-07-19 21:52][2017-07-19 07:41] 0524288 ___SH () 48C39ABE6268E6FB5FE22B952623004B
 
C:\System32\config\SAM{6cced2f5-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2017-07-19 21:52][2017-07-19 07:41] 0524288 ___SH () 59071590099D21DD439896592338BF95
 
C:\System32\config\SECURITY
[2017-07-19 21:52][2017-07-19 21:37] 0262144 _____ () E46A3FBCCE0D9F595A7038FD56C26182
 
C:\System32\config\SECURITY..bak
[2017-07-19 21:52][2017-07-19 20:54] 0262144 _____ () 56AFE67DD405BA7BCC3767820AD02DA6
 
C:\System32\config\SECURITY.LOG
[2017-07-19 21:52][2009-07-14 09:33] 0001024 ____H () 70D62700E949ED3FE4AFEFCA2C26CA6D
 
C:\System32\config\SECURITY.LOG1
[2017-07-19 21:52][2017-07-19 21:37] 0021504 ____H () 66DF3873E9D5AEF7A14CC4A4DD18CD19
 
C:\System32\config\SECURITY.LOG2
[2017-07-19 21:52][2009-07-14 03:03] 0000000 ____H () 
 
C:\System32\config\SECURITY{6cced2f9-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2017-07-19 21:52][2017-07-19 07:41] 0065536 ___SH () 1E884EEDB37541428B80244E6EE8A37A
 
C:\System32\config\SECURITY{6cced2f9-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2017-07-19 21:52][2017-07-19 07:41] 0524288 ___SH () 43947BA3964FB671C4A39F1B365899EA
 
C:\System32\config\SECURITY{6cced2f9-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2017-07-19 21:52][2017-07-19 07:41] 0524288 ___SH () 59071590099D21DD439896592338BF95
 
C:\System32\config\SOFTWARE
[2017-07-19 21:52][2017-07-19 21:37] 57933824 _____ () 
 
C:\System32\config\SOFTWARE..bak
[2017-07-19 21:52][2017-07-19 20:54] 57933824 _____ () 
 
C:\System32\config\SOFTWARE.LOG
[2017-07-19 21:52][2009-07-14 09:33] 0001024 ____H () 31085D6637B32C52602174053983C5BC
 
C:\System32\config\SOFTWARE.LOG1
[2017-07-19 21:52][2017-07-19 21:37] 0018944 ____H () DD796B5D7EC5F9A67F1F9F2035977472
 
C:\System32\config\SOFTWARE.LOG2
[2017-07-19 21:52][2009-07-14 03:03] 0000000 ____H () 
 
C:\System32\config\SOFTWARE{6cced2fd-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2017-07-19 21:52][2017-07-19 07:41] 0065536 ___SH () 243B63D3FAA247293EF5ED31FB582ECB
 
C:\System32\config\SOFTWARE{6cced2fd-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2017-07-19 21:52][2017-07-19 07:41] 0524288 ___SH () B647F5D030A54593FF94FA8ECDC1798A
 
C:\System32\config\SOFTWARE{6cced2fd-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2017-07-19 21:52][2017-07-19 07:41] 0524288 ___SH () 59071590099D21DD439896592338BF95
 
C:\System32\config\SYSTEM
[2017-07-19 21:52][2017-07-19 21:37] 38273024 _____ () 
 
C:\System32\config\SYSTEM..bak
[2017-07-19 21:52][2017-07-19 20:54] 38273024 _____ () 
 
C:\System32\config\SYSTEM.LOG
[2017-07-19 21:52][2009-07-14 09:33] 0001024 ____H () D0F39A527DD3086AF74150367912809A
 
C:\System32\config\SYSTEM.LOG1
[2017-07-19 21:52][2017-07-19 21:37] 9553920 ____H () DC9C7DE07279605B4BAC999EEBBDDC0D
 
C:\System32\config\SYSTEM.LOG2
[2017-07-19 21:52][2009-07-14 03:03] 0008192 ____H () 6070EC3736FC2C12A1CB736E18E9C754
 
C:\System32\config\SYSTEM{6cced301-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2017-07-19 21:52][2017-06-28 14:05] 0065536 ___SH () AC8954D7CEE195578598989E802BBA21
 
C:\System32\config\SYSTEM{6cced301-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2017-07-19 21:52][2017-06-28 14:05] 0524288 ___SH () 4BC6DAE0B0CD861CC6545246DB11DC05
 
C:\System32\config\SYSTEM{6cced301-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2017-07-19 21:52][2017-06-28 14:05] 0524288 ___SH () 59071590099D21DD439896592338BF95
 
C:\System32\config\RegBack\DEFAULT
[2017-07-19 21:52][2017-06-22 18:18] 0270336 _____ () 1CFB92D5B30DC0D2CAF2CD885C6317A7
 
C:\System32\config\RegBack\DEFAULT.LOG1
[2017-07-19 21:52][2010-07-27 21:38] 0000000 ___SH () 
 
C:\System32\config\RegBack\DEFAULT.LOG2
[2017-07-19 21:52][2010-07-27 21:38] 0000000 ___SH () 
 
C:\System32\config\RegBack\SAM
[2017-07-19 21:52][2017-06-22 18:18] 0032768 _____ () 3FE25044D1CCAB3CE8E61F99749CFFDC
 
C:\System32\config\RegBack\SAM.LOG1
[2017-07-19 21:52][2010-07-27 21:38] 0000000 ___SH () 
 
C:\System32\config\RegBack\SAM.LOG2
[2017-07-19 21:52][2010-07-27 21:38] 0000000 ___SH () 
 
C:\System32\config\RegBack\SECURITY
[2017-07-19 21:52][2017-06-22 18:17] 0024576 _____ () 2BE6846F2A8A8239FB2307A318278B58
 
C:\System32\config\RegBack\SECURITY.LOG1
[2017-07-19 21:52][2010-07-27 21:38] 0000000 ___SH () 
 
C:\System32\config\RegBack\SECURITY.LOG2
[2017-07-19 21:52][2010-07-27 21:38] 0000000 ___SH () 
 
C:\System32\config\RegBack\SOFTWARE
[2017-07-19 21:52][2017-06-22 18:17] 63291392 _____ () 
 
C:\System32\config\RegBack\SOFTWARE.LOG1
[2017-07-19 21:52][2010-07-27 21:38] 0000000 ___SH () 
 
C:\System32\config\RegBack\SOFTWARE.LOG2
[2017-07-19 21:52][2010-07-27 21:38] 0000000 ___SH () 
 
C:\System32\config\RegBack\SYSTEM
[2017-07-19 21:52][2017-06-22 18:18] 37322752 _____ () 
 
C:\System32\config\RegBack\SYSTEM.LOG1
[2017-07-19 21:52][2010-07-27 21:38] 0262144 ___SH () EC87A838931D4D5D2E94A04644788A55
 
C:\System32\config\RegBack\SYSTEM.LOG2
[2017-07-19 21:52][2010-07-27 21:38] 0262144 ___SH () EC87A838931D4D5D2E94A04644788A55
 
C:\System32\Boot\winload.exe
[2017-07-19 21:51][2016-10-08 14:05] 0534600 _____ (Microsoft Corporation) 7B125B0729DA7539CC12C3AC9CC1FA1C
 
 
<CUT>
 
C:\FRST\Hives\DEFAULT
[2017-07-25 15:46][2017-07-19 21:37] 0524288 _____ () D80657B81ADBA5D113E38C829161BC5B
 
C:\FRST\Hives\SAM
[2017-07-25 15:46][2017-07-21 21:10] 0262144 _____ () 0198CC73B824827D6FCC843541ED40B2
 
C:\FRST\Hives\SECURITY
[2017-07-25 15:46][2017-07-21 21:10] 0262144 _____ () 6BDFCEA51C09828D4C7F2909FD0816F8
 
C:\FRST\Hives\SOFTWARE
[2017-07-25 15:46][2017-07-21 21:13] 57933824 _____ () 
 
C:\FRST\Hives\SYSTEM
[2017-07-25 15:46][2017-07-21 21:13] 38273024 _____ () 
 
 
 
====== End of Search ======





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users