Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't open any .exe , vicious malware..


  • This topic is locked This topic is locked
45 replies to this topic

#1 kolz2788

kolz2788

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 20 August 2017 - 08:14 PM

Yayyyyyyyy, I got infected! I'm stumped and not sure what to do :/

I tried safe mode, but this damn virus is preventing me from opening any .exe files. Please help!



BC AdBot (Login to Remove)

 


#2 kolz2788

kolz2788
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 21 August 2017 - 09:55 AM

Bump.

Correction: i can open .exe files, but I cant open malwarebytes or any malware removal program(it seems)

#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:49 AM

Posted 21 August 2017 - 03:24 PM

Welcome :)

 

Lets check for a rootkit.

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the installer.
  • Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
  • Click Next, followed by Update. Upon update completion, click Next.
  • Ensure Drivers, Sectors & System are checked and click Scan.
  • Note: Do not use your computer during the scan.
  • Upon completion:
    • If no infection is found, close the MBAR window.
    • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.

  • Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.

 

Please do not use the computer while running this scan as it will stall. It may look as if the scan has stopped, let it run


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 kolz2788

kolz2788
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 21 August 2017 - 04:35 PM

Hello sir, thank you for your help. I tried running MBAR and the program opened, but it said that the DDA driver was not installed. It prompted me to restart my pc, which I did. Upon rebooting the program told me that the "DDA Driver is not active. Scan can not continue."


Edited by kolz2788, 21 August 2017 - 04:37 PM.


#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:49 AM

Posted 21 August 2017 - 07:12 PM

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 kolz2788

kolz2788
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 22 August 2017 - 04:46 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by karol (administrator) on KAROL-PC (22-08-2017 17:42:43)
Running from C:\Users\karol\Downloads
Loaded Profiles: karol (Available Profiles: karol)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\Temp\msftyyxsrv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
() C:\Windows\System32\PnkBstrA.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Flux Software LLC) C:\Users\karol\AppData\Local\FluxSoftware\Flux\flux.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.5.0\ToolbarUpdater.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [610152 2013-06-21] (Razer Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [1707080 2016-08-22] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4270519728-934631989-3906202889-1000\...\Run: [f.lux] => C:\Users\karol\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-4270519728-934631989-3906202889-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-4270519728-934631989-3906202889-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-4270519728-934631989-3906202889-1000\...\MountPoints2: {7f4af96e-f7ec-11e1-a93a-806e6f6e6963} - D:\ASRSetup.exe
HKU\S-1-5-21-4270519728-934631989-3906202889-1000\...\MountPoints2: {c9403f86-574f-11e2-a37c-bc5ff46563c4} - E:\LaunchU3.exe -a
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2015-03-28]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{96DEF60A-890D-44F1-A0E7-726BEF60CA76}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{DD4816CF-3673-4197-8A3D-E9D482214BFB}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={F3D02C59-D7A9-11E2-A28B-BC5FF46563C4}
HKU\S-1-5-21-4270519728-934631989-3906202889-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?SearchSource=10&CUI=UN51983907518033124&UM=2&ctid=CT3294791&UP=SP1D680128-2D37-4870-B0A1-54B9F0036C7E&SSPV=
HKU\S-1-5-21-4270519728-934631989-3906202889-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {FF86C3EE-D47C-465A-87A4-A522117631A8} URL =
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={F3D02C59-D7A9-11E2-A28B-BC5FF46563C4}
SearchScopes: HKU\S-1-5-21-4270519728-934631989-3906202889-1000 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://start.sweetpacks.com?src=6&q={searchTerms}&barid={F3D02C59-D7A9-11E2-A28B-BC5FF46563C4}&crg=3.5000006.10042&st=23
SearchScopes: HKU\S-1-5-21-4270519728-934631989-3906202889-1000 -> {FF86C3EE-D47C-465A-87A4-A522117631A8} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3294791&CUI=UN51983907518033124&UM=2
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-08-17] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-08-17] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-08-17] (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-08-17] (Microsoft Corporation)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll [2015-05-04] (PasswordBox, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-20] (Oracle Corporation)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\19.6.0.592\AVG SafeGuard toolbar_toolbar.dll [2016-08-22] (AVG Secure Search)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-08-17] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-08-17] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-20] (Oracle Corporation)
BHO-x32: SweetPacks Browser Helper -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2013-04-03] (SweetIM Technologies Ltd.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2013-04-03] (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\19.6.0.592\AVG SafeGuard toolbar_toolbar.dll [2016-08-22] (AVG Secure Search)
Toolbar: HKU\S-1-5-21-4270519728-934631989-3906202889-1000 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-17] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-17] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-17] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-17] (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.5.0\ViProtocol.dll [2016-08-22] (AVG Secure Search)

FireFox:
========
FF ProfilePath: C:\Users\karol\AppData\Roaming\Mozilla\Firefox\Profiles\ftkxptfp.default [2017-08-22]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ftkxptfp.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\ftkxptfp.default -> Google
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\ftkxptfp.default -> hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3294791&CUI=UN33684960976593131&UM=2&SearchSource=3&q={searchTerms}
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\ftkxptfp.default -> Trovi search
FF Homepage: Mozilla\Firefox\Profiles\ftkxptfp.default -> www.google.com
FF Keyword.URL: Mozilla\Firefox\Profiles\ftkxptfp.default -> hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3294791&SearchSource=2&CUI=UN33684960976593131&UM=2&q=
FF Extension: (AS Magic Player) - C:\Users\karol\AppData\Roaming\Mozilla\Firefox\Profiles\ftkxptfp.default\Extensions\magicplayer@acestream.org [2015-05-27] [not signed]
FF Extension: (Adblock Plus) - C:\Users\karol\AppData\Roaming\Mozilla\Firefox\Profiles\ftkxptfp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-27]
FF SearchPlugin: C:\Users\karol\AppData\Roaming\Mozilla\Firefox\Profiles\ftkxptfp.default\searchplugins\conduit.xml [2013-10-26]
FF SearchPlugin: C:\Users\karol\AppData\Roaming\Mozilla\Firefox\Profiles\ftkxptfp.default\searchplugins\trovi-search.xml [2014-06-01]
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-11-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: (PasswordBox) - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\19.0.0.10 => not found
FF HKU\S-1-5-21-4270519728-934631989-3906202889-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2017-07-24]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-09] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-09] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.5.0\\npsitesafety.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-08-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-08-17] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={403EEBF9-1EE9-4E7B-B16B-68B2D681C630}&mid=619592280ae847d3810d6d16b2818a37-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=ft013&coid=avgtbdisft&pr=sa&d=2013-11-13 14:23:44&v=17.0.1.12&pid=safeguard&sg=90&sap=hp","hxxp://mysearch.avg.com?cid={403EEBF9-1EE9-4E7B-B16B-68B2D681C630}&mid=619592280ae847d3810d6d16b2818a37-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=ft013&coid=avgtbdisft&pr=sa&d=2013-11-13 14:23:44&v=17.1.2.1&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={403EEBF9-1EE9-4E7B-B16B-68B2D681C630}&mid=619592280ae847d3810d6d16b2818a37-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=ft013&coid=avgtbdisft&cmpid=&pr=sa&d=2014-02-05 17:00:28&v=17.3.1.204&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={403EEBF9-1EE9-4E7B-B16B-68B2D681C630}&mid=619592280ae847d3810d6d16b2818a37-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=ft013&coid=avgtbdisft&cmpid=&pr=sa&d=2014-02-06 06:38:57&v=17.3.1.204&pid=safeguard&sg=0&sap=hp","hxxps://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8","hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghFdg5dBQxFQxgWdwgLTA1DR1cOIQhaAhRHEgEVeVoMUA9IE1QFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE8TkdGC1dXFg==","hxxp://www.google.com/"
CHR NewTab: Default ->  Not-active:"chrome-extension://jddmnkdeojnommcapgiojabnpecbpage/newtab/newtab.html", Not-active:"chrome-extension://bckfgjjcdgcgnhameacibhldbahddkoj/redirect.html"
CHR Profile: C:\Users\karol\AppData\Local\Google\Chrome\User Data\Backup default [2017-08-20]
CHR Extension: (Google Drive) - C:\Users\karol\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-25]
CHR Extension: (Adblock Plus) - C:\Users\karol\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\karol\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (Google Wallet) - C:\Users\karol\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-03]
CHR Profile: C:\Users\karol\AppData\Local\Google\Chrome\User Data\Default [2017-08-22]
CHR Extension: (Google Slides) - C:\Users\karol\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-11]
CHR Extension: (Google Docs) - C:\Users\karol\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-11]
CHR Extension: (Google Drive) - C:\Users\karol\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Newtab-TV) - C:\Users\karol\AppData\Local\Google\Chrome\User Data\Default\Extensions\bckfgjjcdgcgnhameacibhldbahddkoj [2017-08-20]
CHR Extension: (YouTube) - C:\Users\karol\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Honey) - C:\Users\karol\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-08-10]
CHR Extension: (Adblock Plus) - C:\Users\karol\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-19]
CHR Extension: (Google Search) - C:\Users\karol\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Default) - C:\Users\karol\AppData\Local\Google\Chrome\User Data\Default\Extensions\eobpeabjjohccnmhaddcingpmafhiaob [2017-08-20]
CHR Extension: (Google Sheets) - C:\Users\karol\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-11]
CHR Extension: (Google Docs Offline) - C:\Users\karol\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Screen Addict) - C:\Users\karol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddmnkdeojnommcapgiojabnpecbpage [2017-08-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\karol\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\karol\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-11]
CHR Extension: (Chrome Media Router) - C:\Users\karol\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-10]
CHR HKU\S-1-5-21-4270519728-934631989-3906202889-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cbjibcbpmbcabnfnohhgjjmkgkimajko] - C:\Users\karol\AppData\Local\CRE\cbjibcbpmbcabnfnohhgjjmkgkimajko.crx [2013-10-22]
CHR HKLM-x32\...\Chrome\Extension: [cbjibcbpmbcabnfnohhgjjmkgkimajko] - C:\Users\karol\AppData\Local\CRE\cbjibcbpmbcabnfnohhgjjmkgkimajko.crx [2013-10-22]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kkfggacklibaabdomphfdpcodjgihgon] - C:\Program Files (x86)\FirstRowSportApp.com\stv10.crx <not found>
StartMenuInternet: Google Chrome.PYQ4RX5BUMXT4HWUNF7AJHVA4I - C:\Users\karol\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S2 bdc857bd4761501414c0fc6a88c722ad; C:\Program Files\bdc857bd4761501414c0fc6a88c722ad\c1cc79bb4c8c81fb06e932f34f3b88c9.exe [1402368 2017-08-18] () [File not signed] <==== ATTENTION
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424392 2017-08-10] (Microsoft Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] () [File not signed]
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-03] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-03] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-03] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-09-03] (Electronic Arts)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-09-26] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-09-25] ()
R2 vToolbarUpdater19.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.5.0\ToolbarUpdater.exe [1277512 2016-08-22] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 mediatek_86; "C:\Windows\TEMP\WS\mediatek_86.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 114d4096a11b474304782936a4463077; C:\Windows\system32\drivers\114d4096a11b474304782936a4463077.sys [77184 2017-08-18] (36IHD8) <==== ATTENTION
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-01] (Disc Soft Ltd)
S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-06-27] ()
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
S2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188352 2017-08-20] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [101784 2017-08-20] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-08-20] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [194776 2017-08-21] (Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48064 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-05-03] (NVIDIA Corporation)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [25600 2013-06-06] (Razer Inc)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [23040 2013-06-06] (Razer Inc)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2017-08-22] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-22 17:42 - 2017-08-22 17:43 - 000029062 _____ C:\Users\karol\Downloads\FRST.txt
2017-08-22 17:42 - 2017-08-22 17:42 - 002395648 _____ (Farbar) C:\Users\karol\Downloads\FRST64.exe
2017-08-22 17:42 - 2017-08-22 17:42 - 000000000 ____D C:\FRST
2017-08-22 17:39 - 2017-08-22 17:39 - 000000000 ____D C:\Users\karol\AppData\LocalLow\Mozilla
2017-08-21 19:07 - 2017-08-22 17:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-21 17:30 - 2017-08-21 17:35 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-08-21 17:28 - 2017-08-21 17:28 - 016564750 _____ (Malwarebytes Corp.) C:\Users\karol\Downloads\mbar-1.09.4.1001(2).exe
2017-08-21 17:26 - 2017-08-21 17:26 - 000000000 ____D C:\Windows\Trend Micro
2017-08-21 17:26 - 2017-08-21 17:26 - 000000000 ____D C:\Users\karol\AppData\Local\Trend Micro
2017-08-21 17:26 - 2017-08-21 17:26 - 000000000 ____D C:\ProgramData\Trend Micro
2017-08-21 17:24 - 2017-08-21 17:24 - 002527376 _____ (Trend Micro Inc.) C:\Users\karol\Downloads\HousecallLauncher64.exe
2017-08-21 17:24 - 2017-08-21 17:24 - 000000036 _____ C:\Users\karol\AppData\Local\housecall.guid.cache
2017-08-21 17:24 - 2016-08-22 15:20 - 000332512 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2017-08-20 21:31 - 2017-08-20 21:31 - 016564750 _____ (Malwarebytes Corp.) C:\Users\karol\Downloads\mbar-1.09.4.1001(1).exe
2017-08-20 21:05 - 2017-08-22 17:37 - 000094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2017-08-20 20:59 - 2017-08-20 20:59 - 000000000 ____D C:\Users\karol\Desktop\l
2017-08-20 20:58 - 2017-08-21 17:47 - 000000000 ____D C:\Users\karol\Desktop\mbar
2017-08-20 20:58 - 2017-08-20 20:58 - 016564750 _____ (Malwarebytes Corp.) C:\Users\karol\Downloads\mbar-1.09.4.1001.exe
2017-08-20 20:52 - 2017-08-20 20:52 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\karol\Downloads\Unconfirmed 81066.crdownload
2017-08-20 20:48 - 2017-08-20 20:48 - 000110534 _____ C:\Windows\ntbtlog.txt
2017-08-20 20:45 - 2017-08-20 20:45 - 016563352 _____ (Malwarebytes Corp.) C:\Users\karol\Downloads\mbar-1.09.3.1001.exe
2017-08-20 20:42 - 2017-08-20 20:42 - 005659788 _____ (Swearware) C:\Users\karol\Downloads\ComboFix.exe
2017-08-20 20:41 - 2017-08-20 20:41 - 008185288 _____ (Malwarebytes) C:\Users\karol\Downloads\adwcleaner_7.0.1.0.exe
2017-08-20 20:37 - 2017-08-20 20:37 - 000953288 _____ (Malwarebytes) C:\Users\karol\Downloads\mb-clean-3.1.0.1023.exe
2017-08-20 20:21 - 2017-08-20 20:21 - 000000000 ____D C:\Program Files\nisscak
2017-08-20 20:20 - 2017-08-20 20:20 - 000000000 ____D C:\Program Files\regtool
2017-08-20 20:18 - 2017-08-21 17:46 - 000194776 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-20 20:18 - 2017-08-20 20:31 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-08-20 20:18 - 2017-08-20 20:18 - 000188352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-08-20 20:18 - 2017-08-20 20:18 - 000101784 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-08-20 20:18 - 2017-08-20 20:18 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-08-20 20:18 - 2017-08-20 20:18 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-08-20 20:18 - 2017-08-20 20:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-20 20:18 - 2017-06-27 12:06 - 000077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-08-20 20:17 - 2017-08-20 20:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-20 20:17 - 2017-08-20 20:17 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-20 20:16 - 2017-08-20 20:17 - 065033984 _____ (Malwarebytes ) C:\Users\karol\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-08-20 20:07 - 2017-08-20 20:07 - 000406488 _____ C:\Windows\Minidump\082017-18564-01.dmp
2017-08-20 20:05 - 2017-08-20 20:22 - 000000000 ___HD C:\Program Files (x86)\Forint
2017-08-20 20:05 - 2017-08-20 20:19 - 000000000 ____D C:\Program Files (x86)\Celebratory
2017-08-20 20:05 - 2017-08-20 20:07 - 000000000 ____D C:\Program Files (x86)\s5
2017-08-20 20:05 - 2017-08-20 20:05 - 000003802 _____ C:\Windows\System32\Tasks\43430122
2017-08-20 20:05 - 2017-08-20 20:05 - 000003798 _____ C:\Windows\System32\Tasks\k71863414
2017-08-20 20:05 - 2017-08-20 20:05 - 000003796 _____ C:\Windows\System32\Tasks\71863414
2017-08-20 20:05 - 2017-08-20 20:05 - 000003790 _____ C:\Windows\System32\Tasks\80754651
2017-08-20 20:05 - 2017-08-20 20:05 - 000003644 _____ C:\Windows\System32\Tasks\ga4343012243430122
2017-08-20 20:05 - 2017-08-20 20:05 - 000003634 _____ C:\Windows\System32\Tasks\gak71863414k71863414
2017-08-20 20:05 - 2017-08-20 20:05 - 000003634 _____ C:\Windows\System32\Tasks\ga7186341471863414
2017-08-20 20:05 - 2017-08-20 20:05 - 000003632 _____ C:\Windows\System32\Tasks\ga8075465180754651
2017-08-20 20:05 - 2017-08-20 20:05 - 000000020 _____ C:\Windows\b43430122
2017-08-20 20:05 - 2017-08-20 20:05 - 000000000 ___HD C:\Program Files (x86)\belated
2017-08-20 20:05 - 2017-08-20 20:05 - 000000000 ____D C:\Windows\SysWOW64\vmahfwn
2017-08-20 20:05 - 2017-08-20 20:05 - 000000000 ____D C:\Windows\system32\vmahfwn
2017-08-20 20:05 - 2017-08-20 20:05 - 000000000 ____D C:\Users\karol\AppData\Roaming\et
2017-08-20 20:05 - 2017-08-20 20:05 - 000000000 ____D C:\Users\karol\AppData\Local\ztmeajk
2017-08-20 20:05 - 2017-08-20 20:05 - 000000000 ____D C:\Program Files (x86)\slocum
2017-08-20 20:04 - 2017-08-20 20:05 - 000000000 ____D C:\Windows\SysWOW64\SSL
2017-08-20 20:04 - 2017-08-20 20:04 - 000031411 _____ C:\Windows\8ab77b4137a7f5ef7a47997e9b7bcbd9.ps1
2017-08-20 20:04 - 2017-08-20 20:04 - 000003474 _____ C:\Windows\System32\Tasks\8ab77b4137a7f5ef7a47997e9b7bcbd9
2017-08-20 20:04 - 2017-08-20 20:04 - 000003158 _____ C:\Windows\System32\Tasks\bdc857bd4761501414c0fc6a88c722ad
2017-08-20 20:04 - 2017-08-20 20:04 - 000000000 ____D C:\Program Files\bdc857bd4761501414c0fc6a88c722ad
2017-08-20 19:59 - 2017-08-20 19:59 - 001859966 _____ C:\HEADERS
2017-08-20 19:59 - 2017-08-20 19:59 - 000003072 _____ C:\Users\karol\AppData\Local\uninstallce.exe
2017-08-20 19:58 - 2017-08-20 20:07 - 000000000 ____D C:\Program Files (x86)\AnonymizerGadget
2017-08-20 19:58 - 2017-08-20 19:59 - 000000000 ____D C:\Users\karol\AppData\Roaming\AGData
2017-08-20 19:58 - 2017-08-20 19:59 - 000000000 ____D C:\Program Files (x86)\KMSPico 10.2.1 Final
2017-08-20 19:58 - 2017-08-20 19:58 - 003643392 _____ C:\Users\karol\Downloads\Windows Loader 3.1 [DazTeam].iso
2017-08-20 19:50 - 2010-09-05 15:30 - 000000000 ____D C:\Users\karol\Desktop\Remove WAT v2.2.5.2 - Windows 7 Activation
2017-08-20 19:47 - 2017-08-20 19:47 - 000000600 _____ C:\Users\karol\AppData\Roaming\winscp.rnd
2017-08-20 19:28 - 2017-08-20 19:30 - 001115980 _____ C:\Users\karol\Desktop\IMG_1018.JPG (2).jpeg
2017-08-20 19:28 - 2017-08-20 19:28 - 002547928 _____ C:\Users\karol\Downloads\IMG_1018.JPG (1).jpeg
2017-08-20 14:11 - 2017-08-20 14:11 - 002547928 _____ C:\Users\karol\Downloads\IMG_1018.JPG.jpeg
2017-08-20 10:10 - 2017-08-20 10:10 - 000011264 _____ (Carlyle) C:\Windows\sikh.exe
2017-08-18 04:38 - 2017-08-18 04:38 - 001721344 _____ C:\Windows\c95d0b959afde9d6ad0b6bc6c8f1e2cf.exe
2017-08-18 04:38 - 2017-08-18 04:38 - 000077184 _____ (36IHD8) C:\Windows\system32\Drivers\114d4096a11b474304782936a4463077.sys
2017-08-18 04:38 - 2017-08-18 04:38 - 000037168 _____ C:\Windows\uninstaller.dat
2017-08-06 14:11 - 2017-08-06 14:11 - 000218876 _____ C:\Users\karol\Desktop\halina_resume.pdf
2017-07-30 11:18 - 2017-08-20 19:49 - 000000000 ____D C:\Users\karol\Documents\BitLord
2017-07-30 11:18 - 2017-07-30 11:18 - 000001805 _____ C:\Users\karol\Desktop\Spotify.lnk
2017-07-30 11:18 - 2017-07-30 11:18 - 000001791 _____ C:\Users\karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-07-30 11:18 - 2017-07-30 11:18 - 000000000 ____D C:\Users\karol\AppData\Local\BitLord
2017-07-30 11:18 - 2017-07-30 11:18 - 000000000 ____D C:\Users\karol\.QtWebEngineProcess
2017-07-30 11:18 - 2017-07-30 11:18 - 000000000 ____D C:\Users\karol\.BitLord
2017-07-30 11:18 - 2017-07-30 11:18 - 000000000 ____D C:\Program Files (x86)\BitLord
2017-07-30 10:53 - 2017-07-30 10:53 - 001618337 _____ ( ) C:\Users\karol\Downloads\BitlordSetup_VLvQx7_2449410681.exe
2017-07-30 10:53 - 2017-07-30 10:53 - 000676560 _____ (Spotify Ltd) C:\Users\karol\Downloads\SpotifySetup.exe
2017-07-28 22:05 - 2017-07-28 22:05 - 000000000 ____D C:\Users\TEMP\AppData\Local\Apple
2017-07-28 21:57 - 2017-07-28 21:57 - 000000000 ____D C:\Users\TEMP\AppData\Local\NVIDIA Corporation
2017-07-28 21:56 - 2017-07-28 21:56 - 000000000 ____D C:\Users\Default\AppData\Local\NVIDIA Corporation
2017-07-28 21:56 - 2017-07-28 21:56 - 000000000 ____D C:\Users\Default\AppData\Local\CEF
2017-07-28 21:56 - 2017-07-28 21:56 - 000000000 ____D C:\Users\Default User\AppData\Local\NVIDIA Corporation
2017-07-28 21:56 - 2017-07-28 21:56 - 000000000 ____D C:\Users\Default User\AppData\Local\CEF
2017-07-28 21:55 - 2017-07-30 10:07 - 000000000 ____D C:\Users\TEMP
2017-07-28 21:55 - 2017-07-28 21:55 - 000000000 ____D C:\Users\Default\AppData\Local\NVIDIA
2017-07-28 21:55 - 2017-07-28 21:55 - 000000000 ____D C:\Users\Default User\AppData\Local\NVIDIA
2017-07-28 21:55 - 2014-09-10 20:19 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Macromedia
2017-07-28 21:55 - 2014-09-01 00:20 - 000000000 ____D C:\Users\TEMP\AppData\Local\Microsoft Help
2017-07-28 21:55 - 2009-07-14 03:45 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Media Center Programs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-22 17:41 - 2009-07-14 01:13 - 000784588 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-22 17:41 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2017-08-22 17:39 - 2012-09-06 00:08 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-22 17:39 - 2009-07-13 22:34 - 024379392 _____ C:\Windows\system32\config\HARDWARE
2017-08-22 17:37 - 2014-03-05 20:30 - 000003112 _____ C:\Windows\Tasks\HQ-Video-Pro-1.4-chromeinstaller.job
2017-08-22 17:37 - 2014-03-05 20:30 - 000002592 _____ C:\Windows\Tasks\HQ-Video-Pro-1.4-firefoxinstaller.job
2017-08-22 17:37 - 2014-03-05 20:30 - 000001538 _____ C:\Windows\Tasks\HQ-Video-Pro-1.4-updater.job
2017-08-22 17:37 - 2014-03-05 20:30 - 000001494 _____ C:\Windows\Tasks\HQ-Video-Pro-1.4-codedownloader.job
2017-08-22 17:37 - 2014-03-05 20:30 - 000001392 _____ C:\Windows\Tasks\HQ-Video-Pro-1.4-enabler.job
2017-08-22 17:37 - 2012-09-05 23:50 - 000034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys
2017-08-22 17:37 - 2012-09-05 23:49 - 000000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2017-08-22 17:37 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-20 21:32 - 2017-04-14 01:57 - 000000000 ____D C:\Users\karol\Desktop\969.37
2017-08-20 21:03 - 2012-11-17 14:01 - 000000000 ____D C:\Windows\pss
2017-08-20 20:56 - 2015-07-27 23:08 - 000000000 ____D C:\Users\karol\AppData\Local\ElevatedDiagnostics
2017-08-20 20:07 - 2016-12-19 11:23 - 000000000 ____D C:\Windows\Minidump
2017-08-20 20:03 - 2014-01-31 22:43 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-20 20:01 - 2012-09-07 12:53 - 014790585 _____ C:\IFRToolLog.txt
2017-08-20 19:59 - 2013-10-26 12:17 - 000000002 _____ C:\END
2017-08-20 19:54 - 2012-09-05 10:28 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2017-08-20 19:54 - 2009-07-14 00:45 - 000014512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-20 19:54 - 2009-07-14 00:45 - 000014512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-20 19:45 - 2014-03-05 20:29 - 000000000 ____D C:\Users\karol\AppData\Roaming\DAEMON Tools Lite
2017-08-20 19:42 - 2015-05-12 18:41 - 000000000 ____D C:\Users\karol\AppData\Roaming\uTorrent
2017-08-20 19:42 - 2012-09-08 21:39 - 000000000 ____D C:\Users\karol\AppData\Local\CrashDumps
2017-08-20 10:30 - 2017-04-23 21:20 - 000000000 ____D C:\ProgramData\KMSAutoS
2017-08-19 12:22 - 2012-09-05 23:49 - 000000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2017-08-19 09:42 - 2017-07-22 18:38 - 000000000 ____D C:\Users\karol\AppData\Roaming\Spotify
2017-08-17 18:46 - 2017-07-22 18:38 - 000000000 ____D C:\Users\karol\AppData\Local\Spotify
2017-08-17 17:40 - 2017-04-23 21:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-08-17 17:40 - 2013-12-25 21:32 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-08-17 17:27 - 2015-04-11 12:32 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-17 17:27 - 2015-04-11 12:32 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-14 17:24 - 2016-05-27 16:43 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-10 17:05 - 2014-12-26 11:53 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-08-09 17:25 - 2014-02-08 17:41 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-08-09 17:25 - 2014-02-08 17:41 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-08-09 17:25 - 2014-02-08 17:41 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-09 17:25 - 2012-09-12 21:08 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-09 17:25 - 2012-09-12 21:08 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-30 11:19 - 2012-09-06 01:12 - 000000000 ____D C:\Users\karol\AppData\Roaming\BitLord
2017-07-30 11:18 - 2013-10-29 14:47 - 000000000 ____D C:\ProgramData\Package Cache
2017-07-30 11:18 - 2012-09-06 01:18 - 000001865 _____ C:\Users\karol\Desktop\bitlord.lnk
2017-07-30 11:18 - 2012-09-06 01:18 - 000000000 ____D C:\Users\karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord
2017-07-30 11:18 - 2012-09-05 23:41 - 000000000 ____D C:\Users\karol
2017-07-30 10:07 - 2017-04-23 21:14 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-07-30 10:07 - 2015-03-28 11:59 - 000000000 ____D C:\Users\karol\AppData\Roaming\TP-LINK
2017-07-30 10:07 - 2013-11-21 19:41 - 000000000 ____D C:\Program Files (x86)\PasswordBox
2017-07-30 10:07 - 2013-09-03 16:48 - 000000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2017-07-30 10:07 - 2013-07-22 17:33 - 000000000 ____D C:\ProgramData\Razer
2017-07-30 10:07 - 2013-07-22 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2017-07-30 10:07 - 2009-07-14 03:45 - 000000000 ___RD C:\Users\Public\Recorded TV
2017-07-30 10:07 - 2009-07-14 01:09 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2017-07-30 10:07 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\registration
2017-07-30 10:07 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\AppCompat

==================== Files in the root of some directories =======

2014-03-02 21:15 - 2014-06-24 21:42 - 000000000 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2012-09-06 01:12 - 2012-09-06 01:12 - 000000000 _____ () C:\Users\karol\AppData\Roaming\bitlord_log.txt
2017-08-20 19:47 - 2017-08-20 19:47 - 000000600 _____ () C:\Users\karol\AppData\Roaming\winscp.rnd
2017-08-21 17:24 - 2017-08-21 17:24 - 000000036 _____ () C:\Users\karol\AppData\Local\housecall.guid.cache
2016-08-06 17:47 - 2016-08-06 17:47 - 000000218 _____ () C:\Users\karol\AppData\Local\recently-used.xbel
2017-08-20 19:59 - 2017-08-20 19:59 - 000003072 _____ () C:\Users\karol\AppData\Local\uninstallce.exe
2012-11-12 11:51 - 2012-11-12 11:53 - 000000822 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
2017-08-20 19:59 - 2017-08-20 19:59 - 001859966 _____ () C:\Users\karol\AppData\Local\Temp\FullVersion.exe
2017-08-20 19:58 - 2017-08-20 19:58 - 000061440 _____ (The Gentee Group) C:\Users\karol\AppData\Local\Temp\genteert.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-21 18:10

==================== End of FRST.txt ============================

Attached Files



#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:49 AM

Posted 22 August 2017 - 06:35 PM

  • Highlight the entire content of the quote box below.

Start::
HKLM-x32\...\Run: [] => [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 mediatek_86; "C:\Windows\TEMP\WS\mediatek_86.exe" [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
S2 bdc857bd4761501414c0fc6a88c722ad; C:\Program Files\bdc857bd4761501414c0fc6a88c722ad\c1cc79bb4c8c81fb06e932f34f3b88c9.exe [1402368 2017-08-18] () [File not signed] <==== ATTENTION
R1 114d4096a11b474304782936a4463077; C:\Windows\system32\drivers\114d4096a11b474304782936a4463077.sys [77184 2017-08-18] (36IHD8) <==== ATTENTION
Task: {3F805E44-30E3-440B-A459-2FB9F7EDAC2F} - System32\Tasks\HQ-Video-Pro-1.4-codedownloader => C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-codedownloader.exe <==== ATTENTION
Task: {54581C81-5C55-4508-9E6D-2A3046C13212} - System32\Tasks\71863414 => C:\Program Files (x86)\Forint\carlyle.exe <==== ATTENTION
Task: {746CA226-30A3-4FC4-8FFF-31C28DC416E3} - System32\Tasks\80754651 => C:\Users\karol\AppData\Local\carlyle.exe <==== ATTENTION
Task: {853E66A1-4AA3-4331-8A92-C244D3794188} - System32\Tasks\HQ-Video-Pro-1.4-chromeinstaller => C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-chromeinstaller.exe <==== ATTENTION
Task: {AA90AE55-191B-4627-84B9-CDA568D196B0} - System32\Tasks\HQ-Video-Pro-1.4-updater => C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-updater.exe <==== ATTENTION
Task: {C1D853E6-FFD9-4C01-A39D-5150770499FB} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {C3749191-1665-4AA9-8155-C1D82B392E8D} - System32\Tasks\43430122 => C:\Program Files (x86)\Celebratory\carlyle.exe <==== ATTENTION
Task: {E649A16C-4070-4FCB-BE55-F742C72C7F45} - System32\Tasks\HQ-Video-Pro-1.4-enabler => C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-enabler.exe <==== ATTENTION
Task: {EDDF48B4-C507-4271-A60B-F15EA4748792} - System32\Tasks\bdc857bd4761501414c0fc6a88c722ad => sc start bdc857bd4761501414c0fc6a88c722ad <==== ATTENTION
Task: {F29044B4-68E4-4E99-B7E7-AA6AD2C0C812} - System32\Tasks\8ab77b4137a7f5ef7a47997e9b7bcbd9 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File "C:\Windows\8ab77b4137a7f5ef7a47997e9b7bcbd9.ps1" <==== ATTENTION
Task: {FA56050C-4767-4F93-BA8C-1215A39236EE} - System32\Tasks\HQ-Video-Pro-1.4-firefoxinstaller => C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\HQ-Video-Pro-1.4-chromeinstaller.job => C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\HQ-Video-Pro-1.4-codedownloader.job => C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-codedownloader.exe?/reinstallapp /runfrom=task /agentregpath='HQ-Video-Pro-1.4' /appid=52920 /srcid='001176' /subid='0' /zdata='0' /bic=73D9F8BC2F014FA5BA0588F83D5D7576IE /verifier=e8abbb80427a573c4e403fa91e7c6f42 /installerversion=1_34_2_13 /installerfullversion=1.34.2.13 /installationtime=1394065826 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /codedownloaddomain=hxxp:/app-static.crossrider.com /defbro=ch /allusers /autoupdateulr='hxxp:/update.srvstatsdata.com/ie_code_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\Windows\Tasks\HQ-Video-Pro-1.4-enabler.job => C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-enabler.exe?/enablebho /agentregpath='HQ-Video-Pro-1.4' /appid=52920 /srcid='001176' /subid='0' /zdata='0' /bic=73D9F8BC2F014FA5BA0588F83D5D7576IE /verifier=e8abbb80427a573c4e403fa91e7c6f42 /installerversion=1_34_2_13 /installationtime=1394065826 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /bhoguid=11111111-1111-1111-1111-110511291120 /defbro=ch /useiepol /allusers /autoupdateulr='hxxp:/update.srvstatsdata.com/ie_enable_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\Windows\Tasks\HQ-Video-Pro-1.4-firefoxinstaller.job => C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-firefoxinstaller.exe?/installxpi /agentregpath='HQ-Video-Pro-1.4' /extensionfilepath C:\Program Files (x86)\HQ-Video-Pro-1.4\52920.xpi' /appid=52920 /srcid='001176' /subid='0' /zdata='0' /bic=73D9F8BC2F014FA5BA0588F83D5D7576IE /verifier=e8abbb80427a573c4e403fa91e7c6f42 /installerversion=1_34_2_13 /installerfullversion=1.34.2.13 /installationtime=1394065826 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /waitforbrowser=300 /extensionid=f6b78e05-0819-4914-a9b1-53baf8fa3cd8@5f1a7616-ab87-4cb2-b56e-1218d848ce49.com /extensionversion=0.93 /prefsbranch=af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920 /updateurl=hxxps:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/52920.rdf /extensionname='HQ-Video-Pro-1.4' /extensiondesc='HQ Videos is an add-on for your Internet browser that enhances your online experience by displaying online videos in their highest quality format available.' /publishername='HQ-Video' /defbro=ch /allusers /allprofiles /checkfflist /autoupdateulr='hxxp:/update.srvstatsdata.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\Windows\Tasks\HQ-Video-Pro-1.4-updater.job => C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-updater.exe?/runupdater /agentregpath='HQ-Video-Pro-1.4' /appid=52920 /srcid='001176' /subid='0' /zdata='0' /bic=73D9F8BC2F014FA5BA0588F83D5D7576IE /verifier=e8abbb80427a573c4e403fa91e7c6f42 /installerversion=1_34_2_13 /installationtime=1394065826 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /geoserviceurl=hxxp:/ipgeoapi.com/ /updatejsondomain=hxxp:/update.srvstatsdata.com /updaterversion=2 /monetizationdomain=hxxp:/stats.mstatsserv.com /autoupdateulr='hxxp:/update.srvstatsdata.com/updater_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
Toolbar: HKU\S-1-5-21-4270519728-934631989-3906202889-1000 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.5.0\\npsitesafety.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
2017-08-20 19:59 - 2017-08-20 19:59 - 001859966 _____ () C:\Users\karol\AppData\Local\Temp\FullVersion.exe
2017-08-20 19:58 - 2017-08-20 19:58 - 000061440 _____ (The Gentee Group) C:\Users\karol\AppData\Local\Temp\genteert.dll
FirewallRules: [{D57E05D9-7728-40A4-ACAD-14D51C145B15}] => (Allow) C:\Users\karol\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe
FirewallRules: [{CA5EE546-A8BC-40BC-A7C4-A1EC7B8C08B0}] => (Allow) C:\Users\karol\AppData\Local\Temp\HouseCall\tmase\drs\DrScaner.exe
2014-03-02 21:15 - 2014-06-24 21:42 - 000000000 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2012-09-06 01:12 - 2012-09-06 01:12 - 000000000 _____ () C:\Users\karol\AppData\Roaming\bitlord_log.txt
2017-08-20 19:47 - 2017-08-20 19:47 - 000000600 _____ () C:\Users\karol\AppData\Roaming\winscp.rnd
2017-08-21 17:24 - 2017-08-21 17:24 - 000000036 _____ () C:\Users\karol\AppData\Local\housecall.guid.cache
2016-08-06 17:47 - 2016-08-06 17:47 - 000000218 _____ () C:\Users\karol\AppData\Local\recently-used.xbel
2017-08-20 19:59 - 2017-08-20 19:59 - 000003072 _____ () C:\Users\karol\AppData\Local\uninstallce.exe
2012-11-12 11:51 - 2012-11-12 11:53 - 000000822 _____ () C:\ProgramData\hpzinstall.log
2017-08-20 20:05 - 2017-08-20 20:05 - 000003802 _____ C:\Windows\System32\Tasks\43430122
2017-08-20 20:05 - 2017-08-20 20:05 - 000003798 _____ C:\Windows\System32\Tasks\k71863414
2017-08-20 20:05 - 2017-08-20 20:05 - 000003796 _____ C:\Windows\System32\Tasks\71863414
2017-08-20 20:05 - 2017-08-20 20:05 - 000003790 _____ C:\Windows\System32\Tasks\80754651
2017-08-20 20:05 - 2017-08-20 20:05 - 000003644 _____ C:\Windows\System32\Tasks\ga4343012243430122
2017-08-20 20:05 - 2017-08-20 20:05 - 000003634 _____ C:\Windows\System32\Tasks\gak71863414k71863414
2017-08-20 20:05 - 2017-08-20 20:05 - 000003634 _____ C:\Windows\System32\Tasks\ga7186341471863414
2017-08-20 20:05 - 2017-08-20 20:05 - 000003632 _____ C:\Windows\System32\Tasks\ga8075465180754651
2017-08-20 20:05 - 2017-08-20 20:05 - 000000020 _____ C:\Windows\b43430122
2017-08-20 20:05 - 2017-08-20 20:05 - 000000000 ___HD C:\Program Files (x86)\belated
2017-08-20 20:05 - 2017-08-20 20:05 - 000000000 ____D C:\Windows\SysWOW64\vmahfwn
2017-08-20 20:05 - 2017-08-20 20:05 - 000000000 ____D C:\Windows\system32\vmahfwn
2017-08-20 20:05 - 2017-08-20 20:05 - 000000000 ____D C:\Users\karol\AppData\Roaming\et
2017-08-20 20:05 - 2017-08-20 20:05 - 000000000 ____D C:\Users\karol\AppData\Local\ztmeajk
2017-08-20 20:05 - 2017-08-20 20:05 - 000000000 ____D C:\Program Files (x86)\slocum
2017-08-20 20:04 - 2017-08-20 20:05 - 000000000 ____D C:\Windows\SysWOW64\SSL
2017-08-20 20:04 - 2017-08-20 20:04 - 000031411 _____ C:\Windows\8ab77b4137a7f5ef7a47997e9b7bcbd9.ps1
2017-08-20 20:04 - 2017-08-20 20:04 - 000003474 _____ C:\Windows\System32\Tasks\8ab77b4137a7f5ef7a47997e9b7bcbd9
2017-08-20 20:04 - 2017-08-20 20:04 - 000003158 _____ C:\Windows\System32\Tasks\bdc857bd4761501414c0fc6a88c722ad
2017-08-20 20:04 - 2017-08-20 20:04 - 000000000 ____D C:\Program Files\bdc857bd4761501414c0fc6a88c722ad
C:\Program Files (x86)\Forint
2017-08-20 20:05 - 2017-08-20 20:19 - 000000000 ____D C:\Program Files (x86)\Celebratory
2017-08-20 20:05 - 2017-08-20 20:07 - 000000000 ____D C:\Program Files (x86)\s5
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. (FRST will process the contents of the clipboard that you copied earlier automatically)
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 kolz2788

kolz2788
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 24 August 2017 - 05:26 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by karol (24-08-2017 17:28:53) Run:3
Running from C:\Users\karol\Downloads
Loaded Profiles: karol (Available Profiles: karol)
Boot Mode: Normal
==============================================

fixlist content:
*****************

HKLM-x32\...\Run: [] => [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 mediatek_86; "C:\Windows\TEMP\WS\mediatek_86.exe" [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
S2 bdc857bd4761501414c0fc6a88c722ad; C:\Program Files\bdc857bd4761501414c0fc6a88c722ad\c1cc79bb4c8c81fb06e932f34f3b88c9.exe [1402368 2017-08-18] () [File not signed] <==== ATTENTION
R1 114d4096a11b474304782936a4463077; C:\Windows\system32\drivers\114d4096a11b474304782936a4463077.sys [77184 2017-08-18] (36IHD8) <==== ATTENTION
Task: {3F805E44-30E3-440B-A459-2FB9F7EDAC2F} - System32\Tasks\HQ-Video-Pro-1.4-codedownloader => C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-codedownloader.exe <==== ATTENTION
Task: {54581C81-5C55-4508-9E6D-2A3046C13212} - System32\Tasks\71863414 => C:\Program Files (x86)\Forint\carlyle.exe <==== ATTENTION
Task: {746CA226-30A3-4FC4-8FFF-31C28DC416E3} - System32\Tasks\80754651 => C:\Users\karol\AppData\Local\carlyle.exe <==== ATTENTION
Task: {853E66A1-4AA3-4331-8A92-C244D3794188} - System32\Tasks\HQ-Video-Pro-1.4-chromeinstaller => C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-chromeinstaller.exe <==== ATTENTION
Task: {AA90AE55-191B-4627-84B9-CDA568D196B0} - System32\Tasks\HQ-Video-Pro-1.4-updater => C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-updater.exe <==== ATTENTION
Task: {C1D853E6-FFD9-4C01-A39D-5150770499FB} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {C3749191-1665-4AA9-8155-C1D82B392E8D} - System32\Tasks\43430122 => C:\Program Files (x86)\Celebratory\carlyle.exe <==== ATTENTION
Task: {E649A16C-4070-4FCB-BE55-F742C72C7F45} - System32\Tasks\HQ-Video-Pro-1.4-enabler => C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-enabler.exe <==== ATTENTION
Task: {EDDF48B4-C507-4271-A60B-F15EA4748792} - System32\Tasks\bdc857bd4761501414c0fc6a88c722ad => sc start bdc857bd4761501414c0fc6a88c722ad <==== ATTENTION
Task: {F29044B4-68E4-4E99-B7E7-AA6AD2C0C812} - System32\Tasks\8ab77b4137a7f5ef7a47997e9b7bcbd9 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File "C:\Windows\8ab77b4137a7f5ef7a47997e9b7bcbd9.ps1" <==== ATTENTION
Task: {FA56050C-4767-4F93-BA8C-1215A39236EE} - System32\Tasks\HQ-Video-Pro-1.4-firefoxinstaller => C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\HQ-Video-Pro-1.4-chromeinstaller.job => C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\HQ-Video-Pro-1.4-codedownloader.job => C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-codedownloader.exe?/reinstallapp /runfrom=task /agentregpath='HQ-Video-Pro-1.4' /appid=52920 /srcid='001176' /subid='0' /zdata='0' /bic=73D9F8BC2F014FA5BA0588F83D5D7576IE /verifier=e8abbb80427a573c4e403fa91e7c6f42 /installerversion=1_34_2_13 /installerfullversion=1.34.2.13 /installationtime=1394065826 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /codedownloaddomain=hxxp:/app-static.crossrider.com /defbro=ch /allusers /autoupdateulr='hxxp:/update.srvstatsdata.com/ie_code_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\Windows\Tasks\HQ-Video-Pro-1.4-enabler.job => C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-enabler.exe?/enablebho /agentregpath='HQ-Video-Pro-1.4' /appid=52920 /srcid='001176' /subid='0' /zdata='0' /bic=73D9F8BC2F014FA5BA0588F83D5D7576IE /verifier=e8abbb80427a573c4e403fa91e7c6f42 /installerversion=1_34_2_13 /installationtime=1394065826 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /bhoguid=11111111-1111-1111-1111-110511291120 /defbro=ch /useiepol /allusers /autoupdateulr='hxxp:/update.srvstatsdata.com/ie_enable_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\Windows\Tasks\HQ-Video-Pro-1.4-firefoxinstaller.job => C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-firefoxinstaller.exe?/installxpi /agentregpath='HQ-Video-Pro-1.4' /extensionfilepath C:\Program Files (x86)\HQ-Video-Pro-1.4\52920.xpi' /appid=52920 /srcid='001176' /subid='0' /zdata='0' /bic=73D9F8BC2F014FA5BA0588F83D5D7576IE /verifier=e8abbb80427a573c4e403fa91e7c6f42 /installerversion=1_34_2_13 /installerfullversion=1.34.2.13 /installationtime=1394065826 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /waitforbrowser=300 /extensionid=f6b78e05-0819-4914-a9b1-53baf8fa3cd8@5f1a7616-ab87-4cb2-b56e-1218d848ce49.com /extensionversion=0.93 /prefsbranch=af6b78e0508194914a9b153baf8fa3cd85f1a7616ab874cb2b56e1218d848ce49com52920 /updateurl=hxxps:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/52920.rdf /extensionname='HQ-Video-Pro-1.4' /extensiondesc='HQ Videos is an add-on for your Internet browser that enhances your online experience by displaying online videos in their highest quality format available.' /publishername='HQ-Video' /defbro=ch /allusers /allprofiles /checkfflist /autoupdateulr='hxxp:/update.srvstatsdata.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\Windows\Tasks\HQ-Video-Pro-1.4-updater.job => C:\Program Files (x86)\HQ-Video-Pro-1.4\HQ-Video-Pro-1.4-updater.exe?/runupdater /agentregpath='HQ-Video-Pro-1.4' /appid=52920 /srcid='001176' /subid='0' /zdata='0' /bic=73D9F8BC2F014FA5BA0588F83D5D7576IE /verifier=e8abbb80427a573c4e403fa91e7c6f42 /installerversion=1_34_2_13 /installationtime=1394065826 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /geoserviceurl=hxxp:/ipgeoapi.com/ /updatejsondomain=hxxp:/update.srvstatsdata.com /updaterversion=2 /monetizationdomain=hxxp:/stats.mstatsserv.com /autoupdateulr='hxxp:/update.srvstatsdata.com/updater_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
Toolbar: HKU\S-1-5-21-4270519728-934631989-3906202889-1000 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.5.0\\npsitesafety.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
2017-08-20 19:59 - 2017-08-20 19:59 - 001859966 _____ () C:\Users\karol\AppData\Local\Temp\FullVersion.exe
2017-08-20 19:58 - 2017-08-20 19:58 - 000061440 _____ (The Gentee Group) C:\Users\karol\AppData\Local\Temp\genteert.dll
FirewallRules: [{D57E05D9-7728-40A4-ACAD-14D51C145B15}] => (Allow) C:\Users\karol\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe
FirewallRules: [{CA5EE546-A8BC-40BC-A7C4-A1EC7B8C08B0}] => (Allow) C:\Users\karol\AppData\Local\Temp\HouseCall\tmase\drs\DrScaner.exe
2014-03-02 21:15 - 2014-06-24 21:42 - 000000000 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2012-09-06 01:12 - 2012-09-06 01:12 - 000000000 _____ () C:\Users\karol\AppData\Roaming\bitlord_log.txt
2017-08-20 19:47 - 2017-08-20 19:47 - 000000600 _____ () C:\Users\karol\AppData\Roaming\winscp.rnd
2017-08-21 17:24 - 2017-08-21 17:24 - 000000036 _____ () C:\Users\karol\AppData\Local\housecall.guid.cache
2016-08-06 17:47 - 2016-08-06 17:47 - 000000218 _____ () C:\Users\karol\AppData\Local\recently-used.xbel
2017-08-20 19:59 - 2017-08-20 19:59 - 000003072 _____ () C:\Users\karol\AppData\Local\uninstallce.exe
2012-11-12 11:51 - 2012-11-12 11:53 - 000000822 _____ () C:\ProgramData\hpzinstall.log
2017-08-20 20:05 - 2017-08-20 20:05 - 000003802 _____ C:\Windows\System32\Tasks\43430122
2017-08-20 20:05 - 2017-08-20 20:05 - 000003798 _____ C:\Windows\System32\Tasks\k71863414
2017-08-20 20:05 - 2017-08-20 20:05 - 000003796 _____ C:\Windows\System32\Tasks\71863414
2017-08-20 20:05 - 2017-08-20 20:05 - 000003790 _____ C:\Windows\System32\Tasks\80754651
2017-08-20 20:05 - 2017-08-20 20:05 - 000003644 _____ C:\Windows\System32\Tasks\ga4343012243430122
2017-08-20 20:05 - 2017-08-20 20:05 - 000003634 _____ C:\Windows\System32\Tasks\gak71863414k71863414
2017-08-20 20:05 - 2017-08-20 20:05 - 000003634 _____ C:\Windows\System32\Tasks\ga7186341471863414
2017-08-20 20:05 - 2017-08-20 20:05 - 000003632 _____ C:\Windows\System32\Tasks\ga8075465180754651
2017-08-20 20:05 - 2017-08-20 20:05 - 000000020 _____ C:\Windows\b43430122
2017-08-20 20:05 - 2017-08-20 20:05 - 000000000 ___HD C:\Program Files (x86)\belated
2017-08-20 20:05 - 2017-08-20 20:05 - 000000000 ____D C:\Windows\SysWOW64\vmahfwn
2017-08-20 20:05 - 2017-08-20 20:05 - 000000000 ____D C:\Windows\system32\vmahfwn
2017-08-20 20:05 - 2017-08-20 20:05 - 000000000 ____D C:\Users\karol\AppData\Roaming\et
2017-08-20 20:05 - 2017-08-20 20:05 - 000000000 ____D C:\Users\karol\AppData\Local\ztmeajk
2017-08-20 20:05 - 2017-08-20 20:05 - 000000000 ____D C:\Program Files (x86)\slocum
2017-08-20 20:04 - 2017-08-20 20:05 - 000000000 ____D C:\Windows\SysWOW64\SSL
2017-08-20 20:04 - 2017-08-20 20:04 - 000031411 _____ C:\Windows\8ab77b4137a7f5ef7a47997e9b7bcbd9.ps1
2017-08-20 20:04 - 2017-08-20 20:04 - 000003474 _____ C:\Windows\System32\Tasks\8ab77b4137a7f5ef7a47997e9b7bcbd9
2017-08-20 20:04 - 2017-08-20 20:04 - 000003158 _____ C:\Windows\System32\Tasks\bdc857bd4761501414c0fc6a88c722ad
2017-08-20 20:04 - 2017-08-20 20:04 - 000000000 ____D C:\Program Files\bdc857bd4761501414c0fc6a88c722ad
C:\Program Files (x86)\Forint
2017-08-20 20:05 - 2017-08-20 20:19 - 000000000 ____D C:\Program Files (x86)\Celebratory
2017-08-20 20:05 - 2017-08-20 20:07 - 000000000 ____D C:\Program Files (x86)\s5
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
gupdate => service not found.
gupdatem => service not found.
mediatek_86 => service not found.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key not found.
"C:\Windows\system32\GroupPolicy\Machine" => not found.
"C:\Windows\system32\GroupPolicy\User" => not found.
bdc857bd4761501414c0fc6a88c722ad => service not found.
114d4096a11b474304782936a4463077 => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F805E44-30E3-440B-A459-2FB9F7EDAC2F} => key not found.
C:\Windows\System32\Tasks\HQ-Video-Pro-1.4-codedownloader => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HQ-Video-Pro-1.4-codedownloader => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54581C81-5C55-4508-9E6D-2A3046C13212} => key not found.
C:\Windows\System32\Tasks\71863414 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\71863414 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{746CA226-30A3-4FC4-8FFF-31C28DC416E3} => key not found.
C:\Windows\System32\Tasks\80754651 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\80754651 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{853E66A1-4AA3-4331-8A92-C244D3794188} => key not found.
C:\Windows\System32\Tasks\HQ-Video-Pro-1.4-chromeinstaller => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HQ-Video-Pro-1.4-chromeinstaller => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA90AE55-191B-4627-84B9-CDA568D196B0} => key not found.
C:\Windows\System32\Tasks\HQ-Video-Pro-1.4-updater => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HQ-Video-Pro-1.4-updater => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1D853E6-FFD9-4C01-A39D-5150770499FB} => key not found.
C:\Windows\System32\Tasks\Desk 365 RunAsStdUser => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3749191-1665-4AA9-8155-C1D82B392E8D} => key not found.
C:\Windows\System32\Tasks\43430122 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\43430122 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E649A16C-4070-4FCB-BE55-F742C72C7F45} => key not found.
C:\Windows\System32\Tasks\HQ-Video-Pro-1.4-enabler => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HQ-Video-Pro-1.4-enabler => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDDF48B4-C507-4271-A60B-F15EA4748792} => key not found.
C:\Windows\System32\Tasks\bdc857bd4761501414c0fc6a88c722ad => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bdc857bd4761501414c0fc6a88c722ad => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F29044B4-68E4-4E99-B7E7-AA6AD2C0C812} => key not found.
C:\Windows\System32\Tasks\8ab77b4137a7f5ef7a47997e9b7bcbd9 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\8ab77b4137a7f5ef7a47997e9b7bcbd9 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA56050C-4767-4F93-BA8C-1215A39236EE} => key not found.
C:\Windows\System32\Tasks\HQ-Video-Pro-1.4-firefoxinstaller => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HQ-Video-Pro-1.4-firefoxinstaller => key not found.
C:\Windows\Tasks\HQ-Video-Pro-1.4-chromeinstaller.job => not found.
C:\Windows\Tasks\HQ-Video-Pro-1.4-codedownloader.job => not found.
C:\Windows\Tasks\HQ-Video-Pro-1.4-enabler.job => not found.
C:\Windows\Tasks\HQ-Video-Pro-1.4-firefoxinstaller.job => not found.
C:\Windows\Tasks\HQ-Video-Pro-1.4-updater.job => not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
HKLM\Software\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
HKU\S-1-5-21-4270519728-934631989-3906202889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} => value not found.
HKLM\Software\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} => key not found.
HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1 => key not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.3.1 => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.5.1 => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => key not found.
"C:\Users\karol\AppData\Local\Temp\FullVersion.exe" => not found.
"C:\Users\karol\AppData\Local\Temp\genteert.dll" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D57E05D9-7728-40A4-ACAD-14D51C145B15} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CA5EE546-A8BC-40BC-A7C4-A1EC7B8C08B0} => value not found.
"C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml" => not found.
"C:\Users\karol\AppData\Roaming\bitlord_log.txt" => not found.
"C:\Users\karol\AppData\Roaming\winscp.rnd" => not found.
"C:\Users\karol\AppData\Local\housecall.guid.cache" => not found.
"C:\Users\karol\AppData\Local\recently-used.xbel" => not found.
"C:\Users\karol\AppData\Local\uninstallce.exe" => not found.
"C:\ProgramData\hpzinstall.log" => not found.
"C:\Windows\System32\Tasks\43430122" => not found.
"C:\Windows\System32\Tasks\k71863414" => not found.
"C:\Windows\System32\Tasks\71863414" => not found.
"C:\Windows\System32\Tasks\80754651" => not found.
"C:\Windows\System32\Tasks\ga4343012243430122" => not found.
"C:\Windows\System32\Tasks\gak71863414k71863414" => not found.
"C:\Windows\System32\Tasks\ga7186341471863414" => not found.
"C:\Windows\System32\Tasks\ga8075465180754651" => not found.
"C:\Windows\b43430122" => not found.
"C:\Program Files (x86)\belated" => not found.
"C:\Windows\SysWOW64\vmahfwn" => not found.

"C:\Windows\system32\vmahfwn" folder move:

Could not move "C:\Windows\system32\vmahfwn" => Scheduled to move on reboot.

"C:\Users\karol\AppData\Roaming\et" => not found.
"C:\Users\karol\AppData\Local\ztmeajk" => not found.
"C:\Program Files (x86)\slocum" => not found.
"C:\Windows\SysWOW64\SSL" => not found.
"C:\Windows\8ab77b4137a7f5ef7a47997e9b7bcbd9.ps1" => not found.
"C:\Windows\System32\Tasks\8ab77b4137a7f5ef7a47997e9b7bcbd9" => not found.
"C:\Windows\System32\Tasks\bdc857bd4761501414c0fc6a88c722ad" => not found.
"C:\Program Files\bdc857bd4761501414c0fc6a88c722ad" => not found.
"C:\Program Files (x86)\Forint" => not found.
"C:\Program Files (x86)\Celebratory" => not found.
"C:\Program Files (x86)\s5" => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-4270519728-934631989-3906202889-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4270519728-934631989-3906202889-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset C:\resettcpip.txt =========

Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========


========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1393131 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2721712 B
Edge => 0 B
Chrome => 0 B
Firefox => 5905347 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
karol => 1073651 B
UpdatusUser => 0 B
UpdatusUser => 0 B
UpdatusUser => 0 B
UpdatusUser => 0 B
UpdatusUser => 0 B
UpdatusUser => 0 B

RecycleBin => 0 B
EmptyTemp: => 18.6 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 24-08-2017 18:25:40)

"C:\Windows\system32\vmahfwn" => Could not move

==== End of Fixlog 18:25:42 ====



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:49 AM

Posted 24 August 2017 - 07:37 PM

  • Highlight the entire content of the quote box below.

Start::

Folder: C:\Windows\system32\vmahfwn

Folder: C:\Windows\system32\drivers

End::


  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 kolz2788

kolz2788
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 25 August 2017 - 02:57 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by karol (25-08-2017 15:56:45) Run:4
Running from C:\Users\karol\Downloads
Loaded Profiles: karol (Available Profiles: karol)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Folder: C:\Windows\system32\vmahfwnFolder: C:\Windows\system32\drivers
*****************


========================= Folder: C:\Windows\system32\vmahfwnFolder: C:\Windows\system32\drivers ========================

not found.

====== End of Folder: ======


==== End of Fixlog 15:56:45 ====



#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:49 AM

Posted 25 August 2017 - 06:21 PM

fixlist content:
*****************
Folder: C:\Windows\system32\vmahfwnFolder: C:\Windows\system32\drivers
*****************

 

Somehow the script was read incorrectly.

 

Download the enclosed file.   Save it in the same location FRST64 is saved. Open FRST64 as an Administrator and click on the Fix button. Post the resultant Fixlog.txt.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 kolz2788

kolz2788
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 27 August 2017 - 10:35 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by karol (27-08-2017 11:35:07) Run:5
Running from C:\Users\karol\Desktop
Loaded Profiles: karol (Available Profiles: karol)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Folder: C:\Windows\system32\vmahfwn
Folder: C:\Windows\system32\drivers
*****************


========================= Folder: C:\Windows\system32\vmahfwn ========================

2017-08-20 08:38 - 2017-08-20 08:38 - 002798080 ____N () C:\Windows\system32\vmahfwn\msftyyx.exe
2013-07-06 13:26 - 2013-07-06 13:26 - 000065824 ____N () C:\Windows\system32\vmahfwn\msftyyx.sys

====== End of Folder: ======


========================= Folder: C:\Windows\system32\drivers ========================

2017-08-18 04:38 - 2017-08-18 04:38 - 000077184 _____ (36IHD8) C:\Windows\system32\drivers\114d4096a11b474304782936a4463077.sys
2009-07-13 20:06 - 2009-07-13 20:06 - 000068096 _____ (Microsoft Corporation) C:\Windows\system32\drivers\1394bus.sys
2012-09-05 10:28 - 2010-11-20 06:44 - 000229888 _____ (Microsoft Corporation) C:\Windows\system32\drivers\1394ohci.sys
2012-09-05 10:28 - 2010-11-20 09:32 - 000334208 _____ (Microsoft Corporation) C:\Windows\system32\drivers\acpi.sys
2012-09-05 10:28 - 2010-11-20 05:30 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\drivers\acpipmi.sys
2009-06-10 16:36 - 2009-07-13 21:52 - 000491088 _____ (Adaptec, Inc.) C:\Windows\system32\drivers\adp94xx.sys
2009-07-13 17:59 - 2009-07-13 21:52 - 000339536 _____ (Adaptec, Inc.) C:\Windows\system32\drivers\adpahci.sys
2009-07-13 17:59 - 2009-07-13 21:52 - 000182864 _____ (Adaptec, Inc.) C:\Windows\system32\drivers\adpu320.sys
2014-07-08 18:10 - 2014-05-30 02:45 - 000497152 _____ (Microsoft Corporation) C:\Windows\system32\drivers\afd.sys
2009-07-13 20:10 - 2009-07-13 20:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\drivers\agilevpn.sys
2009-07-13 19:38 - 2009-07-13 21:52 - 000061008 _____ (Microsoft Corporation) C:\Windows\system32\drivers\AGP440.sys
2009-07-13 19:19 - 2009-07-13 21:52 - 000015440 _____ (Acer Laboratories Inc.) C:\Windows\system32\drivers\aliide.sys
2009-07-13 19:19 - 2009-07-13 21:52 - 000015440 _____ (Microsoft Corporation) C:\Windows\system32\drivers\amdide.sys
2009-07-13 19:19 - 2009-07-13 19:19 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\drivers\amdk8.sys
2009-07-13 19:19 - 2009-07-13 19:19 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\drivers\amdppm.sys
2013-03-12 17:29 - 2011-03-11 02:41 - 000107904 _____ (Advanced Micro Devices) C:\Windows\system32\drivers\amdsata.sys
2009-06-10 16:37 - 2009-07-13 21:52 - 000194128 _____ (AMD Technologies Inc.) C:\Windows\system32\drivers\amdsbs.sys
2013-03-12 17:29 - 2011-03-11 02:41 - 000027008 _____ (Advanced Micro Devices) C:\Windows\system32\drivers\amdxata.sys
2012-09-05 10:28 - 2010-11-20 06:14 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\drivers\appid.sys
2009-07-13 17:59 - 2009-07-13 21:52 - 000087632 _____ (Adaptec, Inc.) C:\Windows\system32\drivers\arc.sys
2009-07-13 17:59 - 2009-07-13 21:52 - 000097856 _____ (Adaptec, Inc.) C:\Windows\system32\drivers\arcsas.sys
2012-09-05 23:51 - 2011-05-10 16:28 - 000017192 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\drivers\AsrAppCharger.sys
2009-07-13 20:10 - 2009-07-13 20:10 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\drivers\asyncmac.sys
2009-07-13 19:19 - 2009-07-13 21:52 - 000024128 _____ (Microsoft Corporation) C:\Windows\system32\drivers\atapi.sys
2012-09-05 10:28 - 2010-11-20 09:32 - 000155520 _____ (Microsoft Corporation) C:\Windows\system32\drivers\ataport.sys
2015-03-28 11:59 - 2014-02-25 09:57 - 002736640 _____ (Atheros Communications, Inc.) C:\Windows\system32\drivers\athrx.sys
2009-06-10 16:34 - 2009-06-10 16:34 - 000270848 _____ (Broadcom Corporation) C:\Windows\system32\drivers\b57nd60a.sys
2009-07-13 19:31 - 2009-07-13 21:52 - 000028240 _____ (Microsoft Corporation) C:\Windows\system32\drivers\battc.sys
2009-07-13 20:00 - 2009-07-13 20:00 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\drivers\beep.sys
2009-07-13 19:35 - 2009-07-13 19:35 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\drivers\blbdrive.sys
2012-09-06 03:08 - 2011-02-23 00:55 - 000090624 _____ (Microsoft Corporation) C:\Windows\system32\drivers\bowser.sys
2009-07-13 21:19 - 2009-06-10 16:41 - 000018432 _____ (Brother Industries, Ltd.) C:\Windows\system32\drivers\BrFiltLo.sys
2009-07-13 21:20 - 2009-06-10 16:41 - 000008704 _____ (Brother Industries, Ltd.) C:\Windows\system32\drivers\BrFiltUp.sys
2009-07-13 21:05 - 2009-07-13 21:01 - 000095232 _____ (Microsoft Corporation) C:\Windows\system32\drivers\bridge.sys
2009-07-13 21:19 - 2009-07-13 21:19 - 000286720 _____ (Brother Industries Ltd.) C:\Windows\system32\drivers\BrSerId.sys
2009-07-13 21:20 - 2009-06-10 16:41 - 000047104 _____ (Brother Industries Ltd.) C:\Windows\system32\drivers\BrSerWdm.sys
2009-07-13 21:20 - 2009-06-10 16:41 - 000014976 _____ (Brother Industries Ltd.) C:\Windows\system32\drivers\BrUsbMdm.sys
2009-07-13 21:20 - 2009-06-10 16:41 - 000014720 _____ (Brother Industries Ltd.) C:\Windows\system32\drivers\BrUsbSer.sys
2009-07-13 20:06 - 2009-07-13 20:06 - 000072192 _____ (Microsoft Corporation) C:\Windows\system32\drivers\bthmodem.sys
2009-06-10 16:34 - 2009-06-10 16:34 - 000468480 _____ (Broadcom Corporation) C:\Windows\system32\drivers\bxvbda.sys
2012-12-21 23:15 - 2012-04-09 17:27 - 000352144 _____ (EldoS Corporation) C:\Windows\system32\drivers\cbfs3.sys
2009-07-13 19:19 - 2009-07-13 19:19 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\drivers\cdfs.sys
2012-09-05 10:28 - 2010-11-20 05:19 - 000147456 _____ (Microsoft Corporation) C:\Windows\system32\drivers\cdrom.sys
2009-07-13 20:06 - 2009-07-13 20:06 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\drivers\circlass.sys
2012-09-05 10:28 - 2010-11-20 09:32 - 000179072 _____ (Microsoft Corporation) C:\Windows\system32\drivers\Classpnp.sys
2009-07-13 19:31 - 2009-07-13 19:31 - 000017664 _____ (Microsoft Corporation) C:\Windows\system32\drivers\CmBatt.sys
2009-07-13 19:19 - 2009-07-13 21:52 - 000017488 _____ (CMD Technology, Inc.) C:\Windows\system32\drivers\cmdide.sys
2013-11-13 16:29 - 2013-07-04 08:18 - 000458712 _____ (Microsoft Corporation) C:\Windows\system32\drivers\cng.sys
2009-07-13 19:31 - 2009-07-13 21:52 - 000021584 _____ (Microsoft Corporation) C:\Windows\system32\drivers\compbatt.sys
2012-09-05 10:28 - 2010-11-20 06:33 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\drivers\CompositeBus.sys
2009-07-13 20:01 - 2009-07-13 21:47 - 000039504 _____ (Microsoft Corporation) C:\Windows\system32\drivers\crashdmp.sys
2009-07-13 20:01 - 2009-07-13 21:47 - 000024144 _____ (Microsoft Corporation) C:\Windows\system32\drivers\crcdisk.sys
2012-09-05 10:28 - 2010-11-20 05:27 - 000514560 _____ (Microsoft Corporation) C:\Windows\system32\drivers\csc.sys
2012-09-05 10:28 - 2010-11-20 05:26 - 000102400 _____ (Microsoft Corporation) C:\Windows\system32\drivers\dfsc.sys
2009-07-13 19:37 - 2009-07-13 19:37 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\drivers\discache.sys
2009-07-13 19:19 - 2009-07-13 21:47 - 000073280 _____ (Microsoft Corporation) C:\Windows\system32\drivers\disk.sys
2013-03-12 17:29 - 2011-04-22 18:15 - 000027520 _____ (Microsoft Corporation) C:\Windows\system32\drivers\Diskdump.sys
2009-07-13 20:00 - 2009-07-13 20:00 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\drivers\Dot4.sys
2012-09-05 10:28 - 2010-11-20 06:32 - 000019968 _____ (Microsoft Corporation) C:\Windows\system32\drivers\Dot4Prt.sys
2009-07-13 20:00 - 2009-07-13 20:00 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\drivers\Dot4usb.sys
2013-12-11 11:18 - 2013-10-03 22:16 - 000116736 _____ (Microsoft Corporation) C:\Windows\system32\drivers\drmk.sys
2009-07-13 20:06 - 2009-07-13 20:06 - 000005632 _____ (Microsoft Corporation) C:\Windows\system32\drivers\drmkaud.sys
2014-06-01 18:34 - 2014-06-01 18:34 - 000283064 _____ (Disc Soft Ltd) C:\Windows\system32\drivers\dtsoftbus01.sys
2009-07-13 19:19 - 2009-07-13 21:47 - 000028736 _____ (Microsoft Corporation) C:\Windows\system32\drivers\Dumpata.sys
2009-07-13 19:21 - 2009-07-13 21:43 - 000055128 _____ (Microsoft Corporation) C:\Windows\system32\drivers\dumpfve.sys
2009-07-13 19:38 - 2009-07-13 19:38 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\drivers\dxapi.sys
2009-07-13 19:38 - 2009-07-13 19:38 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\drivers\dxg.sys
2014-08-14 08:07 - 2014-06-15 22:10 - 000985536 _____ (Microsoft Corporation) C:\Windows\system32\drivers\dxgkrnl.sys
2013-05-15 11:48 - 2013-04-10 02:01 - 000265064 _____ (Microsoft Corporation) C:\Windows\system32\drivers\dxgmms1.sys
2009-06-10 16:36 - 2009-07-13 21:47 - 000530496 _____ (Emulex) C:\Windows\system32\drivers\elxstor.sys
2009-07-13 19:31 - 2009-07-13 19:31 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\drivers\errdev.sys
2009-06-10 16:34 - 2009-06-10 16:34 - 003286016 _____ (Broadcom Corporation) C:\Windows\system32\drivers\evbda.sys
2009-07-13 19:23 - 2009-07-13 19:23 - 000195072 _____ (Microsoft Corporation) C:\Windows\system32\drivers\exfat.sys
2017-08-20 20:18 - 2017-08-20 20:18 - 000101784 _____ (Malwarebytes) C:\Windows\system32\drivers\farflt.sys
2009-07-13 19:23 - 2009-07-13 19:23 - 000204800 _____ (Microsoft Corporation) C:\Windows\system32\drivers\fastfat.sys
2009-07-13 20:00 - 2009-07-13 20:00 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\drivers\fdc.sys
2009-07-13 19:34 - 2009-07-13 21:47 - 000070224 _____ (Microsoft Corporation) C:\Windows\system32\drivers\fileinfo.sys
2009-07-13 19:25 - 2009-07-13 19:25 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\drivers\filetrace.sys
2009-07-13 20:00 - 2009-07-13 20:00 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\drivers\flpydisk.sys
2012-09-05 10:28 - 2010-11-20 09:33 - 000289664 _____ (Microsoft Corporation) C:\Windows\system32\drivers\fltMgr.sys
2012-09-05 05:17 - 2012-03-01 02:46 - 000023408 _____ (Microsoft Corporation) C:\Windows\system32\drivers\fs_rec.sys
2009-07-13 19:26 - 2009-07-13 21:47 - 000055376 _____ (Microsoft Corporation) C:\Windows\system32\drivers\fsdepends.sys
2012-09-05 10:28 - 2010-11-20 09:28 - 000223248 _____ (Microsoft Corporation) C:\Windows\system32\drivers\fvevol.sys
2014-06-11 07:52 - 2014-04-04 22:47 - 000288192 _____ (Microsoft Corporation) C:\Windows\system32\drivers\FWPKCLNT.SYS
2009-07-13 19:38 - 2009-07-13 21:47 - 000065088 _____ (Microsoft Corporation) C:\Windows\system32\drivers\GAGP30KX.SYS
2009-06-10 16:30 - 2009-06-10 16:30 - 003440660 _____ () C:\Windows\system32\drivers\gm.dls
2009-07-13 18:13 - 2009-06-10 16:30 - 000000646 _____ () C:\Windows\system32\drivers\gmreadme.txt
2009-03-18 18:35 - 2009-03-18 18:35 - 000033856 ____H (LogMeIn, Inc.) C:\Windows\system32\drivers\hamachi.sys
2009-07-13 18:53 - 2009-06-10 16:31 - 000031232 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\drivers\hcw85cir.sys
2012-09-05 10:28 - 2010-11-20 06:43 - 000122368 _____ (Microsoft Corporation) C:\Windows\system32\drivers\hdaudbus.sys
2012-09-05 10:28 - 2010-11-20 06:44 - 000350208 _____ (Microsoft Corporation) C:\Windows\system32\drivers\HdAudio.sys
2012-09-05 23:49 - 2011-11-10 01:04 - 000060184 _____ (Intel Corporation) C:\Windows\system32\drivers\HECIx64.sys
2009-07-13 19:31 - 2009-07-13 19:31 - 000026624 _____ (Microsoft Corporation) C:\Windows\system32\drivers\hidbatt.sys
2009-07-13 20:06 - 2009-07-13 20:06 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\drivers\hidbth.sys
2013-10-09 15:38 - 2013-07-03 00:05 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\drivers\hidclass.sys
2009-07-13 20:06 - 2009-07-13 20:06 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\drivers\hidir.sys
2013-10-09 15:38 - 2013-07-03 00:05 - 000032896 _____ (Microsoft Corporation) C:\Windows\system32\drivers\hidparse.sys
2012-09-05 10:28 - 2010-11-20 06:43 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\drivers\hidusb.sys
2012-09-05 10:28 - 2010-11-20 09:33 - 000078720 _____ (Hewlett-Packard Company) C:\Windows\system32\drivers\HpSAMD.sys
2012-09-05 10:28 - 2010-11-20 05:25 - 000753664 _____ (Microsoft Corporation) C:\Windows\system32\drivers\http.sys
2012-09-05 10:28 - 2010-11-20 09:33 - 000014720 _____ (Microsoft Corporation) C:\Windows\system32\drivers\hwpolicy.sys
2009-07-13 19:19 - 2009-07-13 19:19 - 000105472 _____ (Microsoft Corporation) C:\Windows\system32\drivers\i8042prt.sys
2012-09-05 23:49 - 2011-11-29 19:40 - 000568600 _____ (Intel Corporation) C:\Windows\system32\drivers\iaStor.sys
2013-03-12 17:29 - 2011-03-11 02:41 - 000410496 _____ (Intel Corporation) C:\Windows\system32\drivers\iaStorV.sys
2009-07-13 17:59 - 2009-07-13 21:48 - 000044112 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\drivers\iirsp.sys
2012-02-09 16:24 - 2012-02-09 16:24 - 000025536 _____ () C:\Windows\system32\drivers\ikbevent.sys
2012-02-09 16:24 - 2012-02-09 16:24 - 000025536 _____ () C:\Windows\system32\drivers\imsevent.sys
2009-07-13 19:19 - 2009-07-13 21:48 - 000016960 _____ (Microsoft Corporation) C:\Windows\system32\drivers\intelide.sys
2012-09-05 23:49 - 2012-02-07 17:40 - 000015128 _____ () C:\Windows\system32\drivers\IntelMEFWVer.dll
2009-07-13 19:19 - 2009-07-13 19:19 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\drivers\intelppm.sys
2012-09-05 10:28 - 2010-11-20 06:52 - 000082944 _____ (Microsoft Corporation) C:\Windows\system32\drivers\ipfltdrv.sys
2012-09-05 10:28 - 2010-11-20 06:04 - 000078848 _____ (Microsoft Corporation) C:\Windows\system32\drivers\IPMIDrv.sys
2009-07-13 20:10 - 2009-07-13 20:10 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\drivers\ipnat.sys
2009-07-13 20:09 - 2009-07-13 20:09 - 000120320 _____ (Microsoft Corporation) C:\Windows\system32\drivers\irda.sys
2009-07-13 20:08 - 2009-07-13 20:08 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\drivers\irenum.sys
2009-07-13 19:31 - 2009-07-13 21:48 - 000020544 _____ (Microsoft Corporation) C:\Windows\system32\drivers\isapnp.sys
2012-02-09 16:24 - 2012-02-09 16:24 - 000044992 _____ () C:\Windows\system32\drivers\ISCTD64.sys
2012-09-05 23:50 - 2012-01-26 13:39 - 000016152 _____ (Intel Corporation) C:\Windows\system32\drivers\iusb3hcs.sys
2012-09-05 23:50 - 2012-01-26 13:39 - 000356120 _____ (Intel Corporation) C:\Windows\system32\drivers\iusb3hub.sys
2012-09-05 23:50 - 2012-01-26 13:39 - 000787736 _____ (Intel Corporation) C:\Windows\system32\drivers\iusb3xhc.sys
2009-07-13 19:19 - 2009-07-13 21:48 - 000050768 _____ (Microsoft Corporation) C:\Windows\system32\drivers\kbdclass.sys
2012-09-05 10:28 - 2010-11-20 06:33 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\drivers\kbdhid.sys
2012-09-05 10:28 - 2010-11-20 06:33 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\drivers\ks.sys
2014-05-14 07:45 - 2014-04-11 22:22 - 000095680 _____ (Microsoft Corporation) C:\Windows\system32\drivers\ksecdd.sys
2014-11-12 12:34 - 2014-10-13 22:16 - 000155064 _____ (Microsoft Corporation) C:\Windows\system32\drivers\ksecpkg.sys
2009-07-13 20:00 - 2009-07-13 20:00 - 000020992 _____ (Microsoft Corporation) C:\Windows\system32\drivers\ksthunk.sys
2013-05-23 02:12 - 2013-05-23 02:12 - 000076568 _____ (Logitech, Inc.) C:\Windows\system32\drivers\LHidFilt.Sys
2009-07-13 20:08 - 2009-07-13 20:08 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\drivers\lltdio.sys
2013-05-23 02:12 - 2013-05-23 02:12 - 000059160 _____ (Logitech, Inc.) C:\Windows\system32\drivers\LMouFilt.Sys
2012-09-06 01:31 - 2013-07-18 17:51 - 000018960 _____ (Logitech, Inc.) C:\Windows\system32\drivers\LNonPnP.sys
2009-07-13 17:59 - 2009-07-13 21:48 - 000114752 _____ (LSI Corporation) C:\Windows\system32\drivers\lsi_fc.sys
2009-07-13 17:59 - 2009-07-13 21:48 - 000106560 _____ (LSI Corporation) C:\Windows\system32\drivers\lsi_sas.sys
2009-07-13 17:59 - 2009-07-13 21:48 - 000065600 _____ (LSI Corporation) C:\Windows\system32\drivers\lsi_sas2.sys
2009-07-13 17:59 - 2009-07-13 21:48 - 000115776 _____ (LSI Corporation) C:\Windows\system32\drivers\lsi_scsi.sys
2009-07-13 19:26 - 2009-07-13 19:26 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\drivers\luafv.sys
2017-08-20 20:18 - 2017-06-27 12:06 - 000077376 _____ () C:\Windows\system32\drivers\mbae64.sys
2017-08-20 20:18 - 2017-08-20 20:18 - 000045472 _____ (Malwarebytes) C:\Windows\system32\drivers\mbam.sys
2017-08-20 20:18 - 2017-08-20 20:18 - 000188352 _____ (Malwarebytes) C:\Windows\system32\drivers\MBAMChameleon.sys
2017-08-20 20:18 - 2017-08-21 17:46 - 000194776 _____ (Malwarebytes) C:\Windows\system32\drivers\MBAMSwissArmy.sys
2012-09-05 23:48 - 2009-11-17 19:12 - 000032344 _____ (Creative Technology Ltd.) C:\Windows\system32\drivers\MBfilt64.sys
2009-07-13 20:01 - 2009-07-13 20:01 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\drivers\mcd.sys
2009-06-10 16:37 - 2009-07-13 21:48 - 000035392 _____ (LSI Corporation) C:\Windows\system32\drivers\megasas.sys
2009-07-13 17:59 - 2009-07-13 21:48 - 000284736 _____ (LSI Corporation, Inc.) C:\Windows\system32\drivers\MegaSR.sys
2009-07-13 20:10 - 2009-07-13 20:10 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\drivers\modem.sys
2009-07-13 19:38 - 2009-07-13 19:38 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\drivers\monitor.sys
2009-07-13 19:19 - 2009-07-13 21:48 - 000049216 _____ (Microsoft Corporation) C:\Windows\system32\drivers\mouclass.sys
2013-08-19 23:17 - 2013-08-19 23:17 - 000107296 ____N () C:\Windows\system32\drivers\moughroz.sys
2009-07-13 20:00 - 2009-07-13 20:00 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\drivers\mouhid.sys
2012-09-05 10:28 - 2010-11-20 09:33 - 000094592 _____ (Microsoft Corporation) C:\Windows\system32\drivers\mountmgr.sys
2012-09-05 10:28 - 2010-11-20 09:33 - 000155008 _____ (Microsoft Corporation) C:\Windows\system32\drivers\mpio.sys
2009-07-13 20:08 - 2009-07-13 20:08 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\drivers\mpsdrv.sys
2012-09-05 10:28 - 2010-11-20 05:26 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\drivers\mrxdav.sys
2012-09-06 03:17 - 2011-04-26 22:40 - 000158208 _____ (Microsoft Corporation) C:\Windows\system32\drivers\mrxsmb.sys
2012-09-06 03:17 - 2011-07-08 22:46 - 000288768 _____ (Microsoft Corporation) C:\Windows\system32\drivers\mrxsmb10.sys
2012-09-06 03:17 - 2011-04-26 22:39 - 000128000 _____ (Microsoft Corporation) C:\Windows\system32\drivers\mrxsmb20.sys
2012-09-05 10:28 - 2010-11-20 09:33 - 000031104 _____ (Microsoft Corporation) C:\Windows\system32\drivers\msahci.sys
2012-09-05 10:28 - 2010-11-20 09:33 - 000140672 _____ (Microsoft Corporation) C:\Windows\system32\drivers\msdsm.sys
2009-07-13 19:19 - 2009-07-13 19:19 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\drivers\msfs.sys
2012-09-05 23:50 - 2012-09-05 23:50 - 000000000 ____H () C:\Windows\system32\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2015-09-30 01:33 - 2015-09-30 01:33 - 000000000 ____H () C:\Windows\system32\drivers\Msft_Kernel_netaapl64_01009.Wdf
2013-07-22 17:36 - 2013-07-22 17:36 - 000000000 ____H () C:\Windows\system32\drivers\Msft_Kernel_rzdaendpt_01009.Wdf
2013-07-22 17:36 - 2013-07-22 17:36 - 000000000 ____H () C:\Windows\system32\drivers\Msft_Kernel_rzudd_01009.Wdf
2012-12-19 14:41 - 2012-12-19 14:41 - 000000000 ____H () C:\Windows\system32\drivers\Msft_Kernel_xusb21_01009.Wdf
2012-12-08 18:02 - 2012-12-08 18:02 - 000000000 ____H () C:\Windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-09-06 01:27 - 2012-09-06 01:27 - 000000000 ____H () C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-10-09 15:38 - 2012-11-28 18:56 - 000000003 _____ () C:\Windows\system32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-03-12 17:33 - 2012-06-02 10:57 - 000000003 _____ () C:\Windows\system32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2009-07-13 20:06 - 2009-07-13 20:06 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\drivers\mshidkmdf.sys
2009-07-13 19:19 - 2009-07-13 21:48 - 000015424 _____ (Microsoft Corporation) C:\Windows\system32\drivers\msisadrv.sys
2012-09-05 10:28 - 2010-11-20 09:33 - 000273792 _____ (Microsoft Corporation) C:\Windows\system32\drivers\msiscsi.sys
2009-07-13 20:00 - 2009-07-13 20:00 - 000011136 _____ (Microsoft Corporation) C:\Windows\system32\drivers\mskssrv.sys
2009-07-13 20:00 - 2009-07-13 20:00 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\drivers\mspclock.sys
2009-07-13 20:00 - 2009-07-13 20:00 - 000006784 _____ (Microsoft Corporation) C:\Windows\system32\drivers\mspqm.sys
2012-09-05 10:28 - 2010-11-20 09:33 - 000366976 _____ (Microsoft Corporation) C:\Windows\system32\drivers\msrpc.sys
2009-07-13 19:31 - 2009-07-13 21:48 - 000032320 _____ (Microsoft Corporation) C:\Windows\system32\drivers\mssmbios.sys
2009-07-13 20:00 - 2009-07-13 20:00 - 000008064 _____ (Microsoft Corporation) C:\Windows\system32\drivers\mstee.sys
2009-07-13 20:02 - 2009-07-13 20:02 - 000015360 _____ (Microsoft Corporation) C:\Windows\system32\drivers\MTConfig.sys
2009-07-13 19:23 - 2009-07-13 21:48 - 000060496 _____ (Microsoft Corporation) C:\Windows\system32\drivers\mup.sys
2017-08-20 20:18 - 2017-08-20 20:18 - 000084256 _____ (Malwarebytes) C:\Windows\system32\drivers\mwac.sys
2013-03-12 17:29 - 2012-08-22 14:12 - 000950128 _____ (Microsoft Corporation) C:\Windows\system32\drivers\ndis.sys
2009-07-13 20:08 - 2009-07-13 20:08 - 000035328 _____ (Microsoft Corporation) C:\Windows\system32\drivers\ndiscap.sys
2009-07-13 20:10 - 2009-07-13 20:10 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\drivers\ndistapi.sys
2012-09-05 10:28 - 2010-11-20 06:50 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\drivers\ndisuio.sys
2012-09-05 10:28 - 2010-11-20 06:52 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\drivers\ndiswan.sys
2012-09-05 10:28 - 2010-11-20 06:52 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\drivers\ndproxy.sys
2013-08-06 16:13 - 2013-08-06 16:13 - 000023040 _____ (Apple Inc.) C:\Windows\system32\drivers\netaapl64.sys
2009-07-13 20:09 - 2009-07-13 20:09 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\drivers\netbios.sys
2012-09-05 10:28 - 2010-11-20 05:23 - 000261632 _____ (Microsoft Corporation) C:\Windows\system32\drivers\netbt.sys
2014-06-11 07:52 - 2013-11-26 07:40 - 000376768 _____ (Microsoft Corporation) C:\Windows\system32\drivers\netio.sys
2009-07-13 17:59 - 2009-07-13 21:48 - 000051264 _____ (IBM Corporation) C:\Windows\system32\drivers\nfrd960.sys
2009-07-13 19:19 - 2009-07-13 19:19 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\drivers\npfs.sys
2009-07-13 19:21 - 2009-07-13 19:21 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\drivers\nsiproxy.sys
2013-04-24 10:28 - 2013-04-12 10:45 - 001656680 _____ (Microsoft Corporation) C:\Windows\system32\drivers\ntfs.sys
2009-07-13 19:19 - 2009-07-13 19:19 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\drivers\null.sys
2009-07-13 19:38 - 2009-07-13 21:48 - 000122960 _____ (Microsoft Corporation) C:\Windows\system32\drivers\NV_AGP.SYS
2016-09-04 21:37 - 2016-08-25 19:28 - 000223304 _____ (NVIDIA Corporation) C:\Windows\system32\drivers\nvhda64v.sys
2016-09-04 21:37 - 2016-08-25 19:28 - 014093368 _____ (NVIDIA Corporation) C:\Windows\system32\drivers\nvlddmkm.sys
2013-03-12 17:29 - 2011-03-11 02:41 - 000148352 _____ (NVIDIA Corporation) C:\Windows\system32\drivers\nvraid.sys
2013-03-12 17:29 - 2011-03-11 02:41 - 000166272 _____ (NVIDIA Corporation) C:\Windows\system32\drivers\nvstor.sys
2017-07-04 14:59 - 2017-05-03 16:24 - 000048064 _____ (NVIDIA Corporation) C:\Windows\system32\drivers\nvvad64v.sys
2017-07-04 14:59 - 2017-05-03 16:24 - 000057792 _____ (NVIDIA Corporation) C:\Windows\system32\drivers\nvvhci.sys
2009-07-13 20:07 - 2009-07-13 20:07 - 000318976 _____ (Microsoft Corporation) C:\Windows\system32\drivers\nwifi.sys
2009-07-13 20:06 - 2009-07-13 20:06 - 000072832 _____ (Microsoft Corporation) C:\Windows\system32\drivers\ohci1394.sys
2012-09-05 10:28 - 2010-11-20 06:52 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\drivers\pacer.sys
2009-07-13 20:00 - 2009-07-13 20:00 - 000097280 _____ (Microsoft Corporation) C:\Windows\system32\drivers\parport.sys
2012-09-06 03:13 - 2012-03-17 03:58 - 000075120 _____ (Microsoft Corporation) C:\Windows\system32\drivers\partmgr.sys
2012-09-05 10:28 - 2010-11-20 09:33 - 000184704 _____ (Microsoft Corporation) C:\Windows\system32\drivers\pci.sys
2009-07-13 19:19 - 2009-07-13 21:45 - 000012352 _____ (Microsoft Corporation) C:\Windows\system32\drivers\pciide.sys
2009-07-13 19:19 - 2009-07-13 21:45 - 000048720 _____ (Microsoft Corporation) C:\Windows\system32\drivers\pciidex.sys
2009-07-13 19:31 - 2009-07-13 21:45 - 000220752 _____ (Microsoft Corporation) C:\Windows\system32\drivers\pcmcia.sys
2009-07-13 19:19 - 2009-07-13 21:45 - 000050768 _____ (Microsoft Corporation) C:\Windows\system32\drivers\pcw.sys
2009-07-13 19:51 - 2009-07-13 21:01 - 000651264 _____ (Microsoft Corporation) C:\Windows\system32\drivers\PEAuth.sys
2013-12-11 11:18 - 2013-10-03 21:36 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\drivers\portcls.sys
2009-07-13 19:19 - 2009-07-13 19:19 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\drivers\processr.sys
2009-06-10 16:37 - 2009-07-13 21:45 - 001524816 _____ (QLogic Corporation) C:\Windows\system32\drivers\ql2300.sys
2009-07-13 17:59 - 2009-07-13 21:45 - 000128592 _____ (QLogic Corporation) C:\Windows\system32\drivers\ql40xx.sys
2009-07-13 20:09 - 2009-07-13 20:09 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\drivers\qwavedrv.sys
2009-07-13 20:10 - 2009-07-13 20:10 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\drivers\rasacd.sys
2012-09-05 10:28 - 2010-11-20 06:52 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\drivers\rasl2tp.sys
2009-07-13 20:10 - 2009-07-13 20:10 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\drivers\raspppoe.sys
2012-09-05 10:28 - 2010-11-20 06:52 - 000111104 _____ (Microsoft Corporation) C:\Windows\system32\drivers\raspptp.sys
2009-07-13 20:10 - 2009-07-13 20:10 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\drivers\rassstp.sys
2012-09-05 10:28 - 2010-11-20 05:27 - 000309248 _____ (Microsoft Corporation) C:\Windows\system32\drivers\rdbss.sys
2009-07-13 20:17 - 2009-07-13 20:17 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\drivers\rdpbus.sys
2009-07-13 20:16 - 2009-07-13 20:16 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\drivers\RDPCDD.sys
2012-09-05 10:28 - 2010-11-20 07:06 - 000165888 _____ (Microsoft Corporation) C:\Windows\system32\drivers\rdpdr.sys
2009-07-13 20:16 - 2009-07-13 20:16 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\drivers\RDPENCDD.sys
2009-07-13 20:16 - 2009-07-13 20:16 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\drivers\RDPREFMP.sys
2013-03-12 17:35 - 2012-08-23 10:10 - 000019456 _____ (Microsoft Corporation) C:\Windows\system32\drivers\rdpvideominiport.sys
2014-10-15 20:30 - 2014-07-16 21:21 - 000212480 _____ (Microsoft Corporation) C:\Windows\system32\drivers\rdpwd.sys
2012-09-05 10:28 - 2010-11-20 09:33 - 000213888 _____ (Microsoft Corporation) C:\Windows\system32\drivers\rdyboost.sys
2012-09-05 10:28 - 2010-11-20 06:49 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\drivers\rmcast.sys
2013-03-12 17:29 - 2012-07-04 16:26 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\drivers\RNDISMP.sys
2009-07-13 20:10 - 2009-07-13 20:10 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\drivers\rootmdm.sys
2009-07-13 20:08 - 2009-07-13 20:08 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\drivers\rspndr.sys
2012-09-05 23:48 - 2011-08-23 09:57 - 000565352 _____ (Realtek ) C:\Windows\system32\drivers\Rt64win7.sys
2012-09-05 23:48 - 2011-10-18 04:41 - 000150996 _____ () C:\Windows\system32\drivers\RTAIODAT.DAT
2012-09-05 23:48 - 2011-10-18 07:53 - 002957544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\drivers\RTKVHD64.sys
2012-09-05 23:48 - 2010-10-15 07:20 - 002261764 _____ () C:\Windows\system32\drivers\rtvienna.dat
2013-06-06 23:30 - 2013-06-06 23:30 - 000025600 _____ (Razer Inc) C:\Windows\system32\drivers\rzdaendpt.sys
2013-06-06 23:29 - 2013-06-06 23:29 - 000126464 _____ (Razer Inc) C:\Windows\system32\drivers\rzudd.sys
2013-06-06 23:30 - 2013-06-06 23:30 - 000023040 _____ (Razer Inc) C:\Windows\system32\drivers\rzvkeyboard.sys
2012-09-05 10:28 - 2010-11-20 09:33 - 000103808 _____ (Microsoft Corporation) C:\Windows\system32\drivers\sbp2port.sys
2012-09-05 10:28 - 2010-11-20 06:09 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\drivers\scfilter.sys
2012-09-05 10:28 - 2010-11-20 09:33 - 000171392 _____ (Microsoft Corporation) C:\Windows\system32\drivers\scsiport.sys
2009-07-13 22:36 - 2009-06-10 16:37 - 000023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\drivers\secdrv.sys
2009-07-13 20:00 - 2009-07-13 20:00 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\drivers\serenum.sys
2009-07-13 20:00 - 2009-07-13 20:00 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\drivers\serial.sys
2009-07-13 20:00 - 2009-07-13 20:00 - 000026624 _____ (Microsoft Corporation) C:\Windows\system32\drivers\sermouse.sys
2009-07-13 20:01 - 2009-07-13 20:01 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\drivers\sffdisk.sys
2009-07-13 20:01 - 2009-07-13 20:01 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\drivers\sffp_mmc.sys
2012-09-05 10:28 - 2010-11-20 06:34 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\drivers\sffp_sd.sys
2009-07-13 20:01 - 2009-07-13 20:01 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\drivers\sfloppy.sys
2009-06-10 16:37 - 2009-07-13 21:45 - 000043584 _____ (Silicon Integrated Systems Corp.) C:\Windows\system32\drivers\sisraid2.sys
2009-07-13 17:59 - 2009-07-13 21:45 - 000080464 _____ (Silicon Integrated Systems) C:\Windows\system32\drivers\sisraid4.sys
2009-07-13 20:09 - 2009-07-13 20:09 - 000093184 _____ (Microsoft Corporation) C:\Windows\system32\drivers\smb.sys
2009-07-13 20:00 - 2009-07-13 20:00 - 000020992 _____ (Microsoft Corporation) C:\Windows\system32\drivers\smclib.sys
2009-07-13 16:27 - 2009-07-13 21:45 - 000019008 _____ (Microsoft Corporation) C:\Windows\system32\drivers\spldr.sys
2009-06-10 16:48 - 2009-06-10 16:48 - 000426496 _____ (Microsoft Corporation) C:\Windows\system32\drivers\spsys.sys
2012-09-06 03:13 - 2011-04-28 23:06 - 000467456 _____ (Microsoft Corporation) C:\Windows\system32\drivers\srv.sys
2012-09-06 03:13 - 2011-04-28 23:05 - 000410112 _____ (Microsoft Corporation) C:\Windows\system32\drivers\srv2.sys
2012-09-06 03:13 - 2011-04-28 23:05 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\drivers\srvnet.sys
2009-07-13 17:59 - 2009-07-13 21:45 - 000024656 _____ (Promise Technology) C:\Windows\system32\drivers\stexstor.sys
2013-03-12 17:29 - 2011-03-11 02:41 - 000189824 _____ (Microsoft Corporation) C:\Windows\system32\drivers\storport.sys
2012-09-05 10:28 - 2010-11-20 09:34 - 000034688 _____ (Microsoft Corporation) C:\Windows\system32\drivers\storvsc.sys
2009-07-13 20:06 - 2009-07-13 20:06 - 000068864 _____ (Microsoft Corporation) C:\Windows\system32\drivers\stream.sys
2009-07-13 20:00 - 2009-07-13 21:45 - 000012496 _____ (Microsoft Corporation) C:\Windows\system32\drivers\swenum.sys
2009-07-13 20:01 - 2009-07-13 20:01 - 000029184 _____ (Microsoft Corporation) C:\Windows\system32\drivers\tape.sys
2014-06-11 07:52 - 2014-04-04 22:47 - 001903552 _____ (Microsoft Corporation) C:\Windows\system32\drivers\tcpip.sys
2013-03-12 17:29 - 2012-10-03 12:07 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\drivers\tcpipreg.sys
2012-09-05 10:28 - 2010-11-20 05:22 - 000026624 _____ (Microsoft Corporation) C:\Windows\system32\drivers\tdi.sys
2009-07-13 20:16 - 2009-07-13 20:16 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\drivers\tdpipe.sys
2012-09-06 00:00 - 2012-02-17 00:57 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\drivers\tdtcp.sys
2012-09-05 10:28 - 2010-11-20 05:21 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\drivers\tdx.sys
2012-09-05 10:28 - 2010-11-20 09:33 - 000063360 _____ (Microsoft Corporation) C:\Windows\system32\drivers\termdd.sys
2017-08-21 17:24 - 2016-08-22 15:20 - 000332512 _____ (Trend Micro Inc.) C:\Windows\system32\drivers\tmcomm.sys
2014-10-15 20:30 - 2014-07-16 21:21 - 000039936 _____ (Microsoft Corporation) C:\Windows\system32\drivers\tssecsrv.sys
2013-03-12 17:35 - 2012-08-23 10:07 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\drivers\TsUsbFlt.sys
2012-09-05 10:28 - 2010-11-20 06:51 - 000125440 _____ (Microsoft Corporation) C:\Windows\system32\drivers\tunnel.sys
2009-07-13 19:38 - 2009-07-13 21:45 - 000064080 _____ (Microsoft Corporation) C:\Windows\system32\drivers\UAGP35.SYS
2012-09-05 10:28 - 2010-11-20 05:26 - 000328192 _____ (Microsoft Corporation) C:\Windows\system32\drivers\udfs.sys
2009-07-13 19:38 - 2009-07-13 21:45 - 000064592 _____ (Microsoft Corporation) C:\Windows\system32\drivers\ULIAGPKX.SYS
2012-09-05 10:28 - 2010-11-20 06:44 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\drivers\umbus.sys
2009-07-13 20:06 - 2009-07-13 20:06 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\drivers\umpass.sys
2012-01-26 13:38 - 2012-01-26 13:38 - 000041984 ____R (Intel Corporation) C:\Windows\system32\drivers\USB3Ver.dll
2013-03-23 12:21 - 2013-02-12 00:12 - 000019968 _____ (Microsoft Corporation) C:\Windows\system32\drivers\usb8023.sys
2016-03-28 13:41 - 2016-03-28 13:41 - 000054784 _____ (Apple, Inc.) C:\Windows\system32\drivers\usbaapl64.sys
2012-09-05 10:28 - 2010-11-20 06:44 - 000032896 _____ (Microsoft Corporation) C:\Windows\system32\drivers\USBCAMD2.sys
2014-01-15 09:35 - 2013-11-26 21:41 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\drivers\usbccgp.sys
2013-10-09 15:38 - 2013-07-12 06:41 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\drivers\usbcir.sys
2014-01-15 09:35 - 2013-11-26 21:41 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\drivers\usbd.sys
2014-01-15 09:35 - 2013-11-26 21:41 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\drivers\usbehci.sys
2014-01-15 09:35 - 2013-11-26 21:41 - 000343040 _____ (Microsoft Corporation) C:\Windows\system32\drivers\usbhub.sys
2014-01-15 09:35 - 2013-11-26 21:41 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\drivers\usbohci.sys
2014-01-15 09:35 - 2013-11-26 21:41 - 000325120 _____ (Microsoft Corporation) C:\Windows\system32\drivers\usbport.sys
2009-07-13 20:38 - 2009-07-13 20:38 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\drivers\usbprint.sys
2012-09-05 10:28 - 2010-11-20 07:37 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\drivers\usbrpm.sys
2013-10-09 15:38 - 2013-07-03 00:40 - 000042496 _____ (Microsoft Corporation) C:\Windows\system32\drivers\usbscan.sys
2013-03-12 17:29 - 2011-03-11 00:37 - 000091648 _____ (Microsoft Corporation) C:\Windows\system32\drivers\USBSTOR.SYS
2014-01-15 09:35 - 2013-11-26 21:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\drivers\usbuhci.sys
2009-07-13 20:01 - 2009-07-13 21:45 - 000036432 _____ (Microsoft Corporation) C:\Windows\system32\drivers\vdrvroot.sys
2009-07-13 19:38 - 2009-07-13 19:38 - 000029184 _____ (Microsoft Corporation) C:\Windows\system32\drivers\vga.sys
2009-07-13 19:38 - 2009-07-13 19:38 - 000029184 _____ (Microsoft Corporation) C:\Windows\system32\drivers\vgapnp.sys
2012-09-05 10:28 - 2010-11-20 09:34 - 000215936 _____ (Microsoft Corporation) C:\Windows\system32\drivers\vhdmp.sys
2009-07-13 19:19 - 2009-07-13 21:45 - 000017488 _____ (VIA Technologies, Inc.) C:\Windows\system32\drivers\viaide.sys
2009-07-13 19:38 - 2009-07-13 19:38 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\drivers\videoprt.sys
2012-09-05 10:28 - 2010-11-20 09:34 - 000199552 _____ (Microsoft Corporation) C:\Windows\system32\drivers\vmbus.sys
2012-09-05 10:28 - 2010-11-20 05:57 - 000021760 _____ (Microsoft Corporation) C:\Windows\system32\drivers\VMBusHID.sys
2012-09-05 10:28 - 2010-11-20 05:57 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\drivers\vms3cap.sys
2012-09-05 10:28 - 2010-11-20 09:34 - 000046464 _____ (Microsoft Corporation) C:\Windows\system32\drivers\vmstorfl.sys
2012-09-05 10:28 - 2010-11-20 09:34 - 000071552 _____ (Microsoft Corporation) C:\Windows\system32\drivers\volmgr.sys
2012-09-05 10:28 - 2010-11-20 09:34 - 000363392 _____ (Microsoft Corporation) C:\Windows\system32\drivers\volmgrx.sys
2012-09-05 10:28 - 2010-11-20 09:34 - 000295808 _____ (Microsoft Corporation) C:\Windows\system32\drivers\volsnap.sys
2009-06-10 16:37 - 2009-07-13 21:45 - 000161872 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\drivers\vsmraid.sys
2009-07-13 20:07 - 2009-07-13 20:07 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\drivers\vwifibus.sys
2009-07-13 20:07 - 2009-07-13 20:07 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\drivers\vwififlt.sys
2009-07-13 20:07 - 2009-07-13 20:07 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\drivers\vwifimp.sys
2009-07-13 20:02 - 2009-07-13 20:02 - 000027776 _____ (Microsoft Corporation) C:\Windows\system32\drivers\wacompen.sys
2012-09-05 10:28 - 2010-11-20 06:52 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\drivers\wanarp.sys
2009-07-13 19:37 - 2009-07-13 19:37 - 000042496 _____ (Microsoft Corporation) C:\Windows\system32\drivers\watchdog.sys
2009-07-13 19:19 - 2009-07-13 21:45 - 000021056 _____ (Microsoft Corporation) C:\Windows\system32\drivers\wd.sys
2013-10-09 15:38 - 2013-06-25 18:55 - 000785624 _____ (Microsoft Corporation) C:\Windows\system32\drivers\Wdf01000.sys
2013-10-09 15:38 - 2012-11-28 18:56 - 000054376 _____ (Microsoft Corporation) C:\Windows\system32\drivers\WdfLdr.sys
2009-07-13 20:09 - 2009-07-13 20:09 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\drivers\wfplwf.sys
2009-07-13 19:29 - 2009-07-13 21:45 - 000022096 _____ (Microsoft Corporation) C:\Windows\system32\drivers\wimmount.sys
2012-09-05 10:28 - 2010-11-20 09:33 - 000052096 _____ (Microsoft Corporation) C:\Windows\system32\drivers\winhv.sys
2012-09-05 10:28 - 2010-11-20 06:43 - 000041984 _____ (Microsoft Corporation) C:\Windows\system32\drivers\winusb.sys
2009-07-13 19:31 - 2009-07-13 19:31 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\drivers\wmiacpi.sys
2009-07-13 19:19 - 2009-07-13 21:45 - 000016464 _____ (Microsoft Corporation) C:\Windows\system32\drivers\wmilib.sys
2012-09-05 23:50 - 2017-08-27 11:32 - 000034752 _____ () C:\Windows\system32\drivers\WPRO_41_2001.sys
2009-07-13 20:10 - 2009-07-13 20:10 - 000021504 _____ (Microsoft Corporation) C:\Windows\system32\drivers\ws2ifsl.sys
2013-03-12 17:33 - 2012-07-25 22:26 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\drivers\WUDFPf.sys
2013-03-12 17:33 - 2012-07-25 22:26 - 000198656 _____ (Microsoft Corporation) C:\Windows\system32\drivers\WUDFRd.sys
2009-08-13 23:10 - 2009-08-13 23:10 - 000073984 _____ (Microsoft Corporation) C:\Windows\system32\drivers\xusb21.sys
2009-07-14 01:37 - 2013-03-12 17:39 - 000000000 ____D () C:\Windows\system32\drivers\en-US
2009-07-14 01:35 - 2009-07-13 22:29 - 000011776 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\1394ohci.sys.mui
2009-07-14 01:35 - 2009-07-13 22:23 - 000009216 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\acpi.sys.mui
2009-07-14 01:35 - 2009-07-13 22:30 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\afd.sys.mui
2009-07-14 01:35 - 2009-07-13 22:25 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\AGP440.sys.mui
2009-07-14 01:35 - 2009-07-13 22:25 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\amdide.sys.mui
2009-07-14 01:35 - 2009-07-13 22:28 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\amdk8.sys.mui
2009-07-14 01:35 - 2009-07-13 22:28 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\amdppm.sys.mui
2009-07-14 01:35 - 2009-07-13 22:29 - 000003072 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\ataport.sys.mui
2009-07-14 01:35 - 2009-07-13 22:29 - 000003072 _____ (ATI Technologies Inc.) C:\Windows\system32\drivers\en-US\atikmdag.sys.mui
2009-07-14 01:35 - 2009-07-13 22:27 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\battc.sys.mui
2009-07-14 01:35 - 2009-07-13 22:30 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\bfe.dll.mui
2009-07-14 01:35 - 2009-07-13 22:28 - 000002560 _____ (Brother Industries Ltd.) C:\Windows\system32\drivers\en-US\BrParwdm.sys.mui
2009-07-14 01:35 - 2009-07-13 22:25 - 000010240 _____ (Brother Industries Ltd.) C:\Windows\system32\drivers\en-US\BrSerIb.sys.mui
2009-07-14 01:35 - 2009-07-13 22:30 - 000010240 _____ (Brother Industries Ltd.) C:\Windows\system32\drivers\en-US\BrSerId.sys.mui
2009-07-14 01:35 - 2009-07-13 22:30 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\bthenum.sys.mui
2009-07-14 01:35 - 2009-07-13 22:27 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\bthpan.sys.mui
2009-07-14 01:35 - 2009-07-13 22:27 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\bthport.sys.mui
2009-07-14 01:35 - 2009-07-13 22:30 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\BTHUSB.SYS.mui
2009-07-14 01:35 - 2009-07-13 22:29 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\cdrom.sys.mui
2009-07-14 01:35 - 2009-07-13 22:29 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\disk.sys.mui
2009-07-14 01:35 - 2009-07-13 22:28 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\Dot4usb.sys.mui
2009-07-14 01:35 - 2009-07-13 22:23 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\fltmgr.sys.mui
2009-07-14 01:35 - 2009-07-13 22:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\fvevol.sys.mui
2009-07-14 01:35 - 2009-07-13 22:29 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\GAGP30KX.SYS.mui
2009-07-14 01:35 - 2009-07-13 22:28 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\hdaudbus.sys.mui
2009-07-14 01:35 - 2009-07-13 22:30 - 000003072 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\HdAudio.sys.mui
2009-07-14 01:35 - 2009-07-13 22:24 - 000003072 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\hidbth.sys.mui
2009-07-14 01:35 - 2009-07-13 22:30 - 000032256 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\http.sys.mui
2009-07-14 01:35 - 2009-07-13 22:29 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\i8042prt.sys.mui
2009-07-14 01:35 - 2009-07-13 22:28 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\intelppm.sys.mui
2012-09-05 10:28 - 2010-11-20 09:11 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\IPMIDrv.sys.mui
2009-07-14 01:35 - 2009-07-13 22:23 - 000003584 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\ipnat.sys.mui
2009-07-14 01:35 - 2009-07-13 22:30 - 000003584 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\isapnp.sys.mui
2012-09-05 10:28 - 2010-11-20 09:10 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\kbdclass.sys.mui
2009-07-14 01:35 - 2009-07-13 22:24 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\kbdhid.sys.mui
2009-07-14 01:35 - 2009-07-13 22:29 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\luafv.sys.mui
2009-07-14 01:35 - 2009-07-13 22:28 - 000003584 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\modem.sys.mui
2009-07-14 01:35 - 2009-07-13 22:26 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\mouclass.sys.mui
2009-07-14 01:35 - 2009-07-13 22:24 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\mouhid.sys.mui
2009-07-14 01:35 - 2009-07-13 22:29 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\mountmgr.sys.mui
2009-07-14 01:35 - 2009-07-13 22:27 - 000026624 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\mpio.sys.mui
2009-07-14 01:35 - 2009-07-13 22:29 - 000005632 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\msdsm.sys.mui
2009-07-14 01:35 - 2009-07-13 22:24 - 000003072 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\mssmbios.sys.mui
2009-07-14 01:35 - 2009-07-13 22:27 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\MTConfig.sys.mui
2009-07-14 01:35 - 2009-07-13 22:29 - 000035328 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\ndis.sys.mui
2009-07-14 01:35 - 2009-07-13 22:29 - 000005632 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\ndiscap.sys.mui
2009-07-14 01:35 - 2009-07-13 22:23 - 000003072 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\ndisuio.sys.mui
2009-07-14 01:35 - 2009-07-13 22:26 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\ntfs.sys.mui
2009-07-14 01:35 - 2009-07-13 22:24 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\NV_AGP.SYS.mui
2009-07-14 01:35 - 2009-07-13 22:23 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\nwifi.sys.mui
2009-07-14 01:35 - 2009-07-13 22:29 - 000011776 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\ohci1394.sys.mui
2009-07-14 01:35 - 2009-07-13 22:25 - 000015360 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\pacer.sys.mui
2009-07-14 01:35 - 2009-07-13 22:29 - 000003584 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\parport.sys.mui
2009-07-14 01:35 - 2009-07-13 22:29 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\partmgr.sys.mui
2009-07-14 01:35 - 2009-07-13 22:29 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\pci.sys.mui
2009-07-14 01:35 - 2009-07-13 22:28 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\pcmcia.sys.mui
2009-07-14 01:35 - 2009-07-13 22:26 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\pnpmem.sys.mui
2009-07-14 01:35 - 2009-07-13 22:23 - 000003584 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\portcls.sys.mui
2009-07-14 01:35 - 2009-07-13 22:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\processr.sys.mui
2009-07-14 01:35 - 2009-07-13 22:30 - 000003584 _____ (SCM Microsystems, Inc.) C:\Windows\system32\drivers\en-US\pscr.sys.mui
2009-07-14 01:35 - 2009-07-13 22:24 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\qwavedrv.sys.mui
2009-07-14 01:35 - 2009-07-13 22:25 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\rdbss.sys.mui
2012-09-05 10:28 - 2010-11-20 09:01 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\rdpwd.sys.mui
2012-09-05 10:28 - 2010-11-20 09:13 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\rdvgkmd.sys.mui
2009-07-14 01:35 - 2009-07-13 22:28 - 000003072 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\RNDISMP.sys.mui
2009-07-14 01:35 - 2009-07-13 22:25 - 000003072 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\rndismp6.sys.mui
2009-07-14 01:35 - 2009-07-13 22:28 - 000003072 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\rndismpx.sys.mui
2009-07-14 01:35 - 2009-07-13 22:30 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\scfilter.sys.mui
2009-07-14 01:35 - 2009-07-13 22:24 - 000003072 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\scsiport.sys.mui
2009-07-14 01:35 - 2009-07-13 22:30 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\serial.sys.mui
2009-07-14 01:35 - 2009-07-13 22:29 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\sermouse.sys.mui
2009-07-14 01:35 - 2009-07-13 22:26 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\serscan.sys.mui
2009-07-14 01:35 - 2009-07-13 22:25 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\srv.sys.mui
2009-07-14 01:35 - 2009-07-13 22:28 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\tcpip.sys.mui
2009-07-14 01:35 - 2009-07-13 22:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\tpm.sys.mui
2013-03-12 17:35 - 2012-08-23 11:09 - 000003072 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\tsusbflt.sys.mui
2012-09-05 10:28 - 2010-11-20 09:11 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\tsusbhub.sys.mui
2009-07-14 01:35 - 2009-07-13 22:24 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\tunnel.sys.mui
2009-07-14 01:35 - 2009-07-13 22:24 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\UAGP35.SYS.mui
2009-07-14 01:35 - 2009-07-13 22:23 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\ULIAGPKX.SYS.mui
2009-07-14 01:35 - 2009-07-13 22:29 - 000003072 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\umbus.sys.mui
2009-07-14 01:35 - 2009-07-13 22:24 - 000011776 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\usbhub.sys.mui
2009-07-14 01:35 - 2009-07-13 22:26 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\usbport.sys.mui
2009-07-14 01:35 - 2009-07-13 22:24 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\usbrpm.sys.mui
2009-07-14 01:35 - 2009-07-13 22:26 - 000003584 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\vdrvroot.sys.mui
2009-07-14 01:35 - 2009-07-13 22:29 - 000003584 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\vhdmp.sys.mui
2009-07-14 01:35 - 2009-07-13 22:23 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\volmgrx.sys.mui
2009-07-14 01:35 - 2009-07-13 22:28 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\volsnap.sys.mui
2009-07-14 01:35 - 2009-07-13 22:29 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\vwifibus.sys.mui
2009-07-14 01:35 - 2009-07-13 22:27 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\wacompen.sys.mui
2009-07-14 01:35 - 2009-07-13 22:26 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\wd.sys.mui
2009-07-14 01:35 - 2009-07-13 22:27 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\wdf01000.sys.mui
2009-07-14 01:35 - 2009-07-13 22:29 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\drivers\en-US\ws2ifsl.sys.mui
2009-07-13 23:20 - 2017-08-24 17:29 - 000000000 ____D () C:\Windows\system32\drivers\etc
2009-07-13 22:34 - 2017-08-24 17:29 - 000000035 _____ () C:\Windows\system32\drivers\etc\hosts
2009-07-13 22:35 - 2009-06-10 17:00 - 000003683 _____ () C:\Windows\system32\drivers\etc\lmhosts.sam
2009-07-13 22:34 - 2009-06-10 17:00 - 000000407 _____ () C:\Windows\system32\drivers\etc\networks
2009-07-13 22:34 - 2009-06-10 17:00 - 000001358 _____ () C:\Windows\system32\drivers\etc\protocol
2009-07-13 22:34 - 2009-06-10 17:00 - 000017463 _____ () C:\Windows\system32\drivers\etc\services
2009-07-13 23:20 - 2012-12-08 18:02 - 000000000 ____D () C:\Windows\system32\drivers\UMDF
2012-09-05 10:28 - 2010-11-20 09:27 - 000109056 _____ (Microsoft Corporation) C:\Windows\system32\drivers\UMDF\usbdr.dll
2009-07-13 20:21 - 2009-07-13 21:41 - 000299520 _____ (Microsoft Corporation) C:\Windows\system32\drivers\UMDF\WpdFs.dll
2009-07-13 20:22 - 2009-07-13 21:41 - 001195008 _____ (Microsoft Corporation) C:\Windows\system32\drivers\UMDF\WpdMtpDr.dll
2009-07-14 01:37 - 2009-07-14 01:37 - 000000000 ____D () C:\Windows\system32\drivers\UMDF\en-US
2009-07-14 01:35 - 2009-07-13 22:24 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\drivers\UMDF\en-US\WpdMtpDr.dll.mui
2009-07-14 01:35 - 2009-07-13 22:26 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\drivers\UMDF\en-US\WUDFUsbccidDriver.dll.mui

====== End of Folder: ======


==== End of Fixlog 11:35:13 ====



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:49 AM

Posted 27 August 2017 - 10:45 AM

  • Highlight the entire content of the quote box below.

Start::
C:\Windows\system32\drivers\moughroz.sys
C:\Windows\system32\vmahfwn
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 kolz2788

kolz2788
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 27 August 2017 - 10:56 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by karol (27-08-2017 11:53:19) Run:6
Running from C:\Users\karol\Desktop
Loaded Profiles: karol (Available Profiles: karol)
Boot Mode: Normal
==============================================

fixlist content:
*****************

C:\Windows\system32\drivers\moughroz.sys
C:\Windows\system32\vmahfwn

*****************

Could not move "C:\Windows\system32\drivers\moughroz.sys" => Scheduled to move on reboot.

"C:\Windows\system32\vmahfwn" folder move:

Could not move "C:\Windows\system32\vmahfwn" => Scheduled to move on reboot.


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 27-08-2017 11:54:41)

"C:\Windows\system32\drivers\moughroz.sys" => Could not move
"C:\Windows\system32\vmahfwn" => Could not move

==== End of Fixlog 11:54:43 ====



#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:49 AM

Posted 27 August 2017 - 11:03 AM

We will need to run the fix in the Recovery Environment.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Please also download the attached file and save it in the same location the FRST64 is saved in the flash drive.

Insert the USB drive in the infected computer.

Boot to the Recovery Console's Command prompt.

Entry points into the Windows Recovery Environment (WinRE).

You can access WinRE features through the Boot Options menu, which can be launched from Windows in a few different ways:

  • Option 1: From the login screen, click Shutdown, then hold down the Shift key while selecting Restart.
  • Option 2: In Windows 10, select Start > Settings > Update & security > Recovery > under Advanced Startup, click Restart now.
  • Option 3: Boot to recovery media.
  • Option 4: Use a hardware recovery button (or button combination) configured by the OEM (Computer Manufacturer).

After any of these actions is performed, all user sessions are signed off and the Boot Options menu is displayed. The PC will restart into the WinRE and the selected feature is launched.

On the boot options, select Troubleshooting > Advanced Options > Command prompt.

Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button.
  • It will make a log (Fixlog.txt) in the flash drive. Please copy and paste it to your reply.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users