Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I want you guys to check out a rougekiller log my computer is dying


  • Please log in to reply
12 replies to this topic

#1 grungegrunge

grungegrunge

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 24 August 2017 - 08:13 AM

RogueKiller V12.11.11.0 (x64) [Aug 21 2017] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dennis [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 08/24/2017 05:13:05 (Duration : 01:13:16)
Switches : -refid
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 27 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\YahooAUService ("C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe") -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.aol.com/?mtmhp=hyplogusaolc00000004  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.aol.com/?mtmhp=hyplogusaolc00000004  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.aol.com/?mtmhp=hyplogusaolc00000004  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.aol.com/?mtmhp=hyplogusaolc00000004  -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {31684B47-1C8C-4087-A9A4-725A68517CB6} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Dennis\AppData\Local\Apps\2.0\9WT3ZJXP.74T\PB155754.LBQ\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe|Name=Curse Client 4.0| [-] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8EA7169D-498D-4F61-92CF-90EA5DE2123C} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Dennis\AppData\Local\Apps\2.0\9WT3ZJXP.74T\PB155754.LBQ\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe|Name=Curse Client 4.0| [-] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5BC8138D-8A8C-44C0-85B8-17DBABFB605B} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Dennis\AppData\Local\Temp\nsdC86F.tmp\Installer-10067444.exe|Name=proinstaller104373581| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D79A2139-CB63-4386-9306-DBC51C537CC3} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Dennis\AppData\Local\Temp\nsdC86F.tmp\Installer-10067444.exe|Name=proinstaller104373581| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{09975EBE-556A-4AEB-B17B-EA1ECE294C10}C:\users\dennis\appdata\roaming\kodi\userdata\addon_data\plugin.video.pulsar\bin\windows_x86\pulsar.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\dennis\appdata\roaming\kodi\userdata\addon_data\plugin.video.pulsar\bin\windows_x86\pulsar.exe|Name=pulsar.exe|Desc=pulsar.exe|Edge=TRUE|Defer=App| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{3A470DCE-59C5-4647-8004-EC977AAB7B1C}C:\users\dennis\appdata\roaming\kodi\userdata\addon_data\plugin.video.pulsar\bin\windows_x86\pulsar.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\dennis\appdata\roaming\kodi\userdata\addon_data\plugin.video.pulsar\bin\windows_x86\pulsar.exe|Name=pulsar.exe|Desc=pulsar.exe|Edge=TRUE|Defer=App| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{3672A0F3-6A11-484E-9E4F-F657F037B335}C:\users\dennis\appdata\local\temp\rar$exa0.607\yooka-laylee toybox+\toybox64.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\dennis\appdata\local\temp\rar$exa0.607\yooka-laylee toybox+\toybox64.exe|Name=toybox64.exe|Desc=toybox64.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{F4E542B7-2BD2-455F-A8DF-D6DC6E890BCA}C:\users\dennis\appdata\local\temp\rar$exa0.607\yooka-laylee toybox+\toybox64.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\dennis\appdata\local\temp\rar$exa0.607\yooka-laylee toybox+\toybox64.exe|Name=toybox64.exe|Desc=toybox64.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{5C6758F2-E9DC-4204-9388-8FBFE26D1355}C:\users\dennis\appdata\local\smashladderdolphinlauncher\app-1.2.1\smashladderlauncher.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\dennis\appdata\local\smashladderdolphinlauncher\app-1.2.1\smashladderlauncher.exe|Name=smashladderlauncher.exe|Desc=smashladderlauncher.exe|Defer=User| [-] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{4FCA6496-2394-43FE-BDE6-9B4ABAE1DEAF}C:\users\dennis\appdata\local\smashladderdolphinlauncher\app-1.2.1\smashladderlauncher.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\dennis\appdata\local\smashladderdolphinlauncher\app-1.2.1\smashladderlauncher.exe|Name=smashladderlauncher.exe|Desc=smashladderlauncher.exe|Defer=User| [-] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {31684B47-1C8C-4087-A9A4-725A68517CB6} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Dennis\AppData\Local\Apps\2.0\9WT3ZJXP.74T\PB155754.LBQ\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe|Name=Curse Client 4.0| [-] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8EA7169D-498D-4F61-92CF-90EA5DE2123C} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Dennis\AppData\Local\Apps\2.0\9WT3ZJXP.74T\PB155754.LBQ\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe|Name=Curse Client 4.0| [-] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5BC8138D-8A8C-44C0-85B8-17DBABFB605B} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Dennis\AppData\Local\Temp\nsdC86F.tmp\Installer-10067444.exe|Name=proinstaller104373581| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D79A2139-CB63-4386-9306-DBC51C537CC3} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Dennis\AppData\Local\Temp\nsdC86F.tmp\Installer-10067444.exe|Name=proinstaller104373581| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{09975EBE-556A-4AEB-B17B-EA1ECE294C10}C:\users\dennis\appdata\roaming\kodi\userdata\addon_data\plugin.video.pulsar\bin\windows_x86\pulsar.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\dennis\appdata\roaming\kodi\userdata\addon_data\plugin.video.pulsar\bin\windows_x86\pulsar.exe|Name=pulsar.exe|Desc=pulsar.exe|Edge=TRUE|Defer=App| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{3A470DCE-59C5-4647-8004-EC977AAB7B1C}C:\users\dennis\appdata\roaming\kodi\userdata\addon_data\plugin.video.pulsar\bin\windows_x86\pulsar.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\dennis\appdata\roaming\kodi\userdata\addon_data\plugin.video.pulsar\bin\windows_x86\pulsar.exe|Name=pulsar.exe|Desc=pulsar.exe|Edge=TRUE|Defer=App| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{3672A0F3-6A11-484E-9E4F-F657F037B335}C:\users\dennis\appdata\local\temp\rar$exa0.607\yooka-laylee toybox+\toybox64.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\dennis\appdata\local\temp\rar$exa0.607\yooka-laylee toybox+\toybox64.exe|Name=toybox64.exe|Desc=toybox64.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{F4E542B7-2BD2-455F-A8DF-D6DC6E890BCA}C:\users\dennis\appdata\local\temp\rar$exa0.607\yooka-laylee toybox+\toybox64.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\dennis\appdata\local\temp\rar$exa0.607\yooka-laylee toybox+\toybox64.exe|Name=toybox64.exe|Desc=toybox64.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{5C6758F2-E9DC-4204-9388-8FBFE26D1355}C:\users\dennis\appdata\local\smashladderdolphinlauncher\app-1.2.1\smashladderlauncher.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\dennis\appdata\local\smashladderdolphinlauncher\app-1.2.1\smashladderlauncher.exe|Name=smashladderlauncher.exe|Desc=smashladderlauncher.exe|Defer=User| [-] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{4FCA6496-2394-43FE-BDE6-9B4ABAE1DEAF}C:\users\dennis\appdata\local\smashladderdolphinlauncher\app-1.2.1\smashladderlauncher.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\dennis\appdata\local\smashladderdolphinlauncher\app-1.2.1\smashladderlauncher.exe|Name=smashladderlauncher.exe|Desc=smashladderlauncher.exe|Defer=User| [-] -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
 
¤¤¤ Tasks : 3 ¤¤¤
[Hj.Shortcut] \{2364701A-6593-47F5-9803-1B8EF3F1F03C} -- "c:\program files (x86)\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/6.18.0.106/en/abandoninstall?source=lightinstaller&page=tsProgressBar) -> Found
[Hj.Shortcut] \{2FA1DDDC-6C6A-4F48-8BDC-E62C51915EA7} -- "c:\program files (x86)\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/6.18.0.106/en/abandoninstall?source=lightinstaller&page=tsInstall) -> Found
[Hj.Shortcut] \{5EB76DFE-2CD4-49E2-AC02-F0B6108F8387} -- "c:\program files (x86)\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/6.21.60.104/en/abandoninstall?page=tsProgressBar) -> Found
 
¤¤¤ Files : 1 ¤¤¤
[PShell.Gen][File] C:\Users\Dennis\Downloads\chrome_cleanup_tool.exe -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 2 ¤¤¤
[PUM.SearchEngine][Firefox:Config] bsfz3rn2.default : user_pref("browser.search.selectedEngine", "Yahoo! (Avast)"); -> Found
[PUM.SearchEngine][Firefox:Config] bsfz3rn2.default : user_pref("browser.search.defaultenginename", "Yahoo! (Avast)"); -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST2000DL ST2000DL003-9VT1 SCSI Disk Device +++++
--- User ---
[MBR] 88a8b3fce93893de59933769108c7988
[BSP] 2ee09330141fe95e96c246e63a2f7511 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 1907527 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([18] The program issued a command but the command length is incorrect. )

Edited by hamluis, 24 August 2017 - 08:35 AM.
Moved from Windows 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 grungegrunge

grungegrunge
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 24 August 2017 - 08:32 AM

Thank you I will do this a little bit later on I did scan with mbar and mba but not the others I will work on all of them today!

 

Mod Edit:  Please ignore the suggestions previously provided, this topic belongs in a different forum.  Moved from Win 7 to MRL.  Please follow any instructions provided in the MRL forum - Hamluis.


Edited by hamluis, 24 August 2017 - 08:38 AM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:47 AM

Posted 25 August 2017 - 08:13 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

:step3: Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===


Please post the FRST.TXT, Addition.txt and the AdwCleaner logs for my review.

Let me know what problems persists.
==============================

#4 grungegrunge

grungegrunge
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 28 August 2017 - 12:26 PM

# AdwCleaner 7.0.1.0 - Logfile created on Thu Aug 24 07:49:24 2017
# Updated on 2017/05/08 by Malwarebytes 
# Database: 08-22-2017.4
# Running on Windows 7 Ultimate (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.Legacy, C:\ProgramData\IObit\ASCDownloader
PUP.Optional.Legacy, C:\ProgramData\Application Data\IObit\ASCDownloader
PUP.Optional.Legacy, C:\Users\All Users\IObit\ASCDownloader
 
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\MozillaPlugins\@pandonetworks.com\PandoWebPlugin
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [11526 B] - [2016/12/14 22:15:37]
C:/AdwCleaner/AdwCleaner[C2].txt - [3019 B] - [2017/1/29 19:40:22]
C:/AdwCleaner/AdwCleaner[C3].txt - [3809 B] - [2017/2/23 13:23:46]
C:/AdwCleaner/AdwCleaner[S0].txt - [320 B] - [2014/1/16 15:23:9]
C:/AdwCleaner/AdwCleaner[S10].txt - [10066 B] - [2016/12/14 22:13:21]
C:/AdwCleaner/AdwCleaner[S11].txt - [3129 B] - [2017/1/29 19:40:2]
C:/AdwCleaner/AdwCleaner[S12].txt - [3800 B] - [2017/2/23 13:21:54]
C:/AdwCleaner/AdwCleaner[S1].txt - [5123 B] - [2014/3/24 3:33:53]
C:/AdwCleaner/AdwCleaner[S2].txt - [2995 B] - [2014/9/22 8:4:11]
C:/AdwCleaner/AdwCleaner[S3].txt - [1867 B] - [2014/11/4 3:53:9]
C:/AdwCleaner/AdwCleaner[S4].txt - [3185 B] - [2015/3/13 20:56:48]
C:/AdwCleaner/AdwCleaner[S5].txt - [13094 B] - [2015/4/17 7:53:12]
C:/AdwCleaner/AdwCleaner[S6].txt - [1749 B] - [2015/4/18 5:21:0]
C:/AdwCleaner/AdwCleaner[S7].txt - [1982 B] - [2015/4/20 9:47:2]
C:/AdwCleaner/AdwCleaner[S8].txt - [2136 B] - [2015/4/19 13:37:18]
C:/AdwCleaner/AdwCleaner[S9].txt - [2279 B] - [2015/5/14 22:39:42]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S13].txt ##########
 
 
 
AND A NEW ONE
 
# AdwCleaner 7.0.1.0 - Logfile created on Mon Aug 28 16:33:48 2017
# Updated on 2017/05/08 by Malwarebytes 
# Database: 08-25-2017.1
# Running on Windows 7 Ultimate (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.InfoG, [Key] - HKLM\SOFTWARE\Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [11526 B] - [2016/12/14 22:15:37]
C:/AdwCleaner/AdwCleaner[C2].txt - [3019 B] - [2017/1/29 19:40:22]
C:/AdwCleaner/AdwCleaner[C3].txt - [3003 B] - [2017/2/23 13:23:46]
C:/AdwCleaner/AdwCleaner[S0].txt - [320 B] - [2014/1/16 15:23:9]
C:/AdwCleaner/AdwCleaner[S10].txt - [10066 B] - [2016/12/14 22:13:21]
C:/AdwCleaner/AdwCleaner[S11].txt - [3129 B] - [2017/1/29 19:40:2]
C:/AdwCleaner/AdwCleaner[S12].txt - [3800 B] - [2017/2/23 13:21:54]
C:/AdwCleaner/AdwCleaner[S13].txt - [2953 B] - [2017/8/24 7:49:25]
C:/AdwCleaner/AdwCleaner[S1].txt - [5123 B] - [2014/3/24 3:33:53]
C:/AdwCleaner/AdwCleaner[S2].txt - [2995 B] - [2014/9/22 8:4:11]
C:/AdwCleaner/AdwCleaner[S3].txt - [1867 B] - [2014/11/4 3:53:9]
C:/AdwCleaner/AdwCleaner[S4].txt - [3185 B] - [2015/3/13 20:56:48]
C:/AdwCleaner/AdwCleaner[S5].txt - [13094 B] - [2015/4/17 7:53:12]
C:/AdwCleaner/AdwCleaner[S6].txt - [1749 B] - [2015/4/18 5:21:0]
C:/AdwCleaner/AdwCleaner[S7].txt - [1982 B] - [2015/4/20 9:47:2]
C:/AdwCleaner/AdwCleaner[S8].txt - [2136 B] - [2015/4/19 13:37:18]
C:/AdwCleaner/AdwCleaner[S9].txt - [2279 B] - [2015/5/14 22:39:42]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S14].txt ##########


#5 grungegrunge

grungegrunge
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 28 August 2017 - 12:27 PM

scanning with the other device i will post it after i take a nap!



#6 grungegrunge

grungegrunge
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 28 August 2017 - 12:42 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Dennis (administrator) on DENNIS-PC (28-08-2017 12:27:37)
Running from C:\Users\Dennis\Downloads
Loaded Profiles: Dennis (Available Profiles: Dennis)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\Runservice.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
() C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidProUpdateHelper.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Wondershare) C:\Program Files (x86)\Wondershare\Wondershare dr.fone toolkit for Android\Library\DriverInstaller\DriverInstall.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe
(Alexander Roshal) C:\Program Files (x86)\WinRAR\WinRAR.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(CPUID) C:\Program Files\CPUID\HWMonitor\HWMonitor.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Discord Inc.) C:\Users\Dennis\AppData\Local\Discord\app-0.0.298\Discord.exe
(Discord Inc.) C:\Users\Dennis\AppData\Local\Discord\app-0.0.298\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Users\Dennis\Downloads\adwcleaner_7.0.1.0.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-27] (AVAST Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-08-22] (Dropbox, Inc.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (AimerSoft)
HKLM-x32\...\Run: [KeepVidProUpdateHelper.exe] => C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidProUpdateHelper.exe [33480 2017-02-27] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3073701067-1518990160-3154203008-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-3073701067-1518990160-3154203008-1000\...\Run: [Boxcryptor.exe] => C:\Program Files (x86)\Boxcryptor\Boxcryptor.exe [2373440 2017-05-12] (Secomba GmbH)
HKU\S-1-5-18\...\Run: [] => [X]
SSODL: EldosMountNotificator-cbfs6 - {77906EA2-0788-448B-88AA-A93DA962ABA3} - C:\Windows\system32\cbfsMntNtf6.dll (/n software, Inc.)
SSODL-x32: EldosMountNotificator-cbfs6 - {77906EA2-0788-448B-88AA-A93DA962ABA3} - C:\Windows\SysWOW64\cbfsMntNtf6.dll (/n software, Inc.)
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 75.75.76.76
Tcpip\..\Interfaces\{0E793A53-B9D0-48E8-B4BC-8A41DA9B2840}: [DhcpNameServer] 75.75.75.75 75.75.76.76 75.75.76.76
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.com/?mtmhp=hyplogusaolc00000004
HKU\S-1-5-21-3073701067-1518990160-3154203008-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-07-10] (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-07-27] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-07-10] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-27] (Oracle Corporation)
BHO-x32: KeepVid Pro 4.10.0 -> {F9B65201-3D7F-48DA-AAB3-57A6FAD648FD} -> C:\Program Files (x86)\Keepvid\KeepVid Pro\BrowserPlugin\KVBrowserAppMgr.dll [2017-01-16] ()
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 -  No File
 
FireFox:
========
FF ProfilePath: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\bsfz3rn2.default [2017-08-28]
FF NewTab: Mozilla\Firefox\Profiles\bsfz3rn2.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\bsfz3rn2.default -> Yahoo! (Avast)
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\bsfz3rn2.default -> Yahoo!
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\bsfz3rn2.default -> Yahoo! (Avast)
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\bsfz3rn2.default -> Yahoo! (Avast)
FF Homepage: Mozilla\Firefox\Profiles\bsfz3rn2.default -> hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
FF Extension: (Ghostery) - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\bsfz3rn2.default\Extensions\firefox@ghostery.com.xpi [2017-08-21]
FF Extension: (AdBlocker for YouTube™) - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\bsfz3rn2.default\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2017-08-21]
FF Extension: (Avast SafePrice) - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\bsfz3rn2.default\Extensions\sp@avast.com.xpi [2017-08-25]
FF Extension: (Avast Online Security) - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\bsfz3rn2.default\Extensions\wrc@avast.com.xpi [2017-08-25]
FF Extension: (NoScript) - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\bsfz3rn2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-08-21]
FF Extension: (Greasemonkey) - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\bsfz3rn2.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-04-27]
FF Extension: (Adblock Edge) - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\bsfz3rn2.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2016-09-06]
FF Extension: (Firefox Screenshots) - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\bsfz3rn2.default\features\{3e9c1c51-9f98-4eb9-a3d2-992b58b51701}\screenshots@mozilla.org.xpi [2017-08-26]
FF SearchPlugin: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\bsfz3rn2.default\searchplugins\google-avast.xml [2015-04-21]
FF SearchPlugin: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\bsfz3rn2.default\searchplugins\yahoo-avast.xml [2016-12-13]
FF HKU\S-1-5-21-3073701067-1518990160-3154203008-1000\...\Firefox\Extensions: [KVAllmytube@KeepVid.com] - C:\Program Files (x86)\Keepvid\KeepVid Pro\BrowserPlugin\kvallmytube@keepvid.com_xpi => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\xfinity.xml [2014-07-22]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-09-02] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [1999-12-31] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [1999-12-31] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3073701067-1518990160-3154203008-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dennis\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3073701067-1518990160-3154203008-1000: torrents-time.com/TTPlugin -> C:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll [2017-01-17] (Torrents Time)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch","hxxps://www.google.com/?trackid=sp-006"
CHR Profile: C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default [2017-08-28]
CHR Extension: (Google Translate) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-07-05]
CHR Extension: (Google Docs) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (uBlock Origin) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-07-21]
CHR Extension: (Google Search) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Tampermonkey) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-05-28]
CHR Extension: (Biticker) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fblekdojabihjdhndhmloalbcnnejddl [2017-08-20]
CHR Extension: (Authy Chrome Extension) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhgenkpocbhhddlgkjnfghpjanffonno [2017-06-24]
CHR Extension: (Authy) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaedmjdfmmahhbjefcbgaolhhanlaolb [2017-06-24]
CHR Extension: (Heroes & Generals) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-03-14]
CHR Extension: (Google Play Movies & TV) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdijeikdkaembjbdobgfkoidjkpbmlkd [2016-02-16]
CHR Extension: (Google Docs Offline) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (AdBlock) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-02]
CHR Extension: (Youtube Playback Speed Control) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdannnflhlmdablckfkjpleikpphncik [2016-11-27]
CHR Extension: (Last.fm Scrobbler) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm [2017-08-07]
CHR Extension: (Save to Facebook) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2017-02-07]
CHR Extension: (Google Hangouts) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-05-04]
CHR Extension: (Steemit ToolBar) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkmlplakmoeoagdhddihcnhcleoagne [2017-07-25]
CHR Extension: (Ghostery) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-08-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Enhanced Steam) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2017-06-20]
CHR Extension: (Gmail) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
CHR HKU\S-1-5-21-3073701067-1518990160-3154203008-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
StartMenuInternet: Google Chrome.WPYV7NUJRUITZ34HJEGPLYOTVQ - C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-27] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-27] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [441216 2015-05-08] ()
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [486936 2016-12-01] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [470552 2016-12-01] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [511512 2016-12-01] (BlueStack Systems, Inc.)
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Origins\bin_ship\DAUpdaterSvc.Service.exe [25832 2017-07-22] (BioWare)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-20] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-20] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [49992 2017-08-22] (Dropbox, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-05-08] (EasyAntiCheat Ltd)
S4 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2015-04-18] (Echobit LLC)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [488000 2017-07-06] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8077376 2017-07-06] (GOG.com)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 1999-12-31] (Intel Corporation)
R2 LicCtrlService; C:\Windows\runservice.exe [2560 2016-07-13] () [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [File not signed]
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-04-19] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-05-03] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2120712 2016-05-18] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-12] ()
S4 S3DSvc32; C:\Program Files (x86)\iZ3D Driver\Win32\S3DCService.exe [357888 2011-06-16] (iZ3D Inc.) [File not signed]
S4 S3DSvc64; C:\Program Files (x86)\iZ3D Driver\Win64\S3DCService.exe [477696 2011-06-16] (iZ3D Inc.) [File not signed]
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [302872 2017-08-24] (RaMMicHaeL)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [492768 2017-06-21] (Wondershare)
R2 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare dr.fone toolkit for Android\Library\DriverInstaller\DriverInstall.exe [118048 2017-06-22] (Wondershare)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14011120 2016-12-09] (Zemana Ltd.)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]
S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [62152 2014-10-27] (Advanced Micro Devices, Inc.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [320008 2017-07-27] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-07-27] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-07-27] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57728 2017-07-27] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-07-10] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-07-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146704 2017-08-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-07-10] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-07-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015880 2017-08-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-07-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-07-10] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-07-10] (AVAST Software)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2016-12-01] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2016-11-08] (Bluestack System Inc. )
R1 cbfs6; C:\Windows\system32\drivers\cbfs6.sys [460992 2016-09-21] (/n software, Inc.)
R3 cpuz140; C:\Users\Dennis\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [45888 2017-08-25] (CPUID) <==== ATTENTION
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-02] (Disc Soft Ltd)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2015-04-11] (Echobit, LLC)
S3 GPWADrv; C:\Windows\System32\Drivers\GPWADrv64.sys [894336 2010-03-09] (Line 6)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-07-11] (REALiX™)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R1 iZ3DInjectionDriver; C:\Program Files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys [43704 2011-06-16] ()
R0 iZ3DShutterService; C:\Windows\System32\Drivers\iZ3DShutterService.sys [17464 2011-06-16] (iZ3D Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [43456 2014-11-23] (hxxp://libusb-win32.sourceforge.net)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2015-07-11] (Intel Corporation)
S1 MpKsl5757cfdd; C:\Windows\system32\MpEngineStore\MpKsl5757cfdd.sys [44928 2016-08-10] (Microsoft Corporation)
S1 MpKsl63aa04b7; C:\Windows\system32\MpEngineStore\MpKsl63aa04b7.sys [44928 2016-10-12] (Microsoft Corporation)
S1 MpKslDrv; C:\Windows\system32\MpEngineStore\MpKslDrv.sys [44928 2016-12-15] (Microsoft Corporation)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [59448 2017-04-19] (NVIDIA Corporation)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 vjoy; C:\Windows\System32\DRIVERS\vjoy.sys [44784 2015-05-05] (Shaul Eizikovich)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2016-09-21] (/n software, Inc.)
R3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [33584 2016-01-25] (Windows ® Win 7 DDK provider)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-10-07] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-10-07] (Zemana Ltd.)
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 0DC2A9882540DEA4A55B08785E09D8FC
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 50A7419C8A1E98CDED066B91364DD050
C:\Windows\System32\DRIVERS\atikmpag.sys 1292F74BE10CDB03750CC186A2D69600
C:\Windows\System32\DRIVERS\amdkmpfd.sys 3F11DB5FF2B4E52CA4B5979A37B97A6F
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys F5206C19AAD6BA60360888E9A20396C7
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswbidsdrivera.sys 3EFCCA98FA2D26A6C923B637006AA182
C:\Windows\system32\drivers\aswbidsha.sys 25CE9D7CAFCCE355859DF61F6FC09329
C:\Windows\system32\drivers\aswbloga.sys FAA26A88467702888BD20DAD973CA4CC
C:\Windows\system32\drivers\aswbuniva.sys CE8C5A3420DF5AF5B5E54FA06EAA3638
C:\Windows\system32\drivers\aswHwid.sys A332C57F39A94F888A5BAA991ABBB395
C:\Windows\system32\drivers\aswKbd.sys 07E8B72CEA29F31AB1975C15AA72A2B0
C:\Windows\system32\drivers\aswMonFlt.sys C18D139EBE865097D1B6874E8F42F045
C:\Windows\system32\drivers\aswRdr2.sys 92576512177C98D1F48F11322DA717B9
C:\Windows\system32\drivers\aswRvrt.sys 663ABA1DDF8182D1416F5BF066EAED35
C:\Windows\system32\drivers\aswSnx.sys A7C78522B32FFB02FFE9DAEC373770E7
C:\Windows\system32\drivers\aswSP.sys FB13D6EB42896ADDA1A8395E1298AC25
C:\Windows\system32\drivers\aswStm.sys 774696CAAAAD5F63E80472370295DC83
C:\Windows\system32\drivers\aswVmm.sys 318CD52B4066304CD5D82B46504CA62F
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys ED38B8924DE8C806A2A1C12C4F61E9CF
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ABA3984C822E4D3F889699912D85D6C5
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys E72F15FF3DEA9DF2F7D941079DA06FF5
C:\Program Files (x86)\BlueStacks\BstkDrv.sys 2C6666644FD22060F6B887C70C3F1D6C
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\cbfs6.sys 740F3CAACB3F4A0D51C87A96B962DD64
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 3963FEC1892368DD500E6ED1F5C286CE
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys A98CED39AD91B445E2E442A9BD67E8B4
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Users\Dennis\AppData\Local\Temp\cpuz140\cpuz140_x64.sys 43BFC857406191963F4F3D9F1B76A7BF
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys 9B38580063D281A99E68EF5813022A5F
C:\Windows\System32\DRIVERS\ssudbus.sys 5F78930AAB3900102EA8ACDD38F97324
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\DRIVERS\dtsoftbus01.sys 33F90B202E9DD9B7D489EB59310FDC34
C:\Windows\System32\drivers\dxgkrnl.sys 5CEF80AE869336376F550ECAE91E424A
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\evolve.sys A0539478593A00AA64E600CF7E19F195
C:\Windows\System32\Drivers\exfat.sys 7E45F8B117419ABA3BB26579F6E70324
C:\Windows\System32\Drivers\fastfat.sys 6EDFA237D25433C03F42FBFDB16BDD24
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\Drivers\GPWADrv64.sys 42E25441C303519E753014893A13A04E
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys CF5C9BD985120781200D35FD445D0BD5
C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS E5805896A55D4166C20F216249F40FA3
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys C224331A54571C8C9162F7714400BBBD
C:\Windows\System32\DRIVERS\iaStorA.sys 57CD95DEB3529181BCC931DD2DFB2341
C:\Windows\System32\DRIVERS\iaStorF.sys CE5CD8CBE940965867D507AB8EA2795A
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys E0AB51937979C57300AB38E2F202E1D6
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\iusb3hcs.sys EB56D7AC688BCB1171812EF6CBB32193
C:\Windows\System32\DRIVERS\iusb3hub.sys 3DD76F45DA45CEDCDFC7BF7AB93E6216
C:\Windows\System32\DRIVERS\iusb3xhc.sys B0342584DAB73797F584CADD41EEC6BD
C:\Program Files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys AE72046AD733D2764D5DE373DE0CC180
C:\Windows\System32\Drivers\iZ3DShutterService.sys 18FA9C49EF909B18C75F4EEB1D07DC78
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys B6839909DDC1DDA53A5470DA3DE638A4
C:\Windows\System32\Drivers\ksecpkg.sys EF5F0751E656C74E550E46B047FBEA57
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\libusb0.sys 285954C6C6EF43B78AB84034750FAC6A
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MBfilt64.sys 8FF2D95CBA49B405C5DE27039FF0BF35
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TeeDriverx64.sys 1BC9159CF58BABD89419072EA180A8F6
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 072D8646E23ECF8A3F5F0157017B4DB6
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\system32\MpEngineStore\MpKsl5757cfdd.sys AA12FAF01013F63348B722D3588550FF
C:\Windows\system32\MpEngineStore\MpKsl63aa04b7.sys AA12FAF01013F63348B722D3588550FF
C:\Windows\system32\MpEngineStore\MpKslDrv.sys AA12FAF01013F63348B722D3588550FF
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 98DB1790F0A584E0A2528B92B052417F
C:\Windows\System32\DRIVERS\mrxsmb.sys 0CAFC684CABD24D089A53467CAF5C7BB
C:\Windows\System32\DRIVERS\mrxsmb10.sys B9361F539BAAC1D362808157EAE0BA3B
C:\Windows\System32\DRIVERS\mrxsmb20.sys A77260AE4B9E7B6C11675FB907D27AE8
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys E47D571FEC2C76E867935109AB2A770C
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 7FD5A7FB8F55254E9AF5666C653AF3CA
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda64v.sys C27427C9D79DE00A01B9987B68485F60
C:\Windows\System32\DRIVERS\nvlddmkm.sys 05774BBE7728E451C02A08E0D2E90B3A
C:\Windows\System32\DRIVERS\nvoclk64.sys 8C1D181480796D7D3366A9381FD7782D
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys 4942EC595A4A10F94BB060CB2DFE83BD
C:\Windows\System32\drivers\nvvad64v.sys F489CE4A8456F9EB0F0C5532E2FD7549
C:\Windows\System32\DRIVERS\nvvhci.sys AECE653E7B9583938B1CF74B5B831CE3
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys EA4D67448BE493D543F1730D6CD04694
C:\Windows\System32\DRIVERS\point64.sys E4799B87675C59AA1F620DE5C6F113BB
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 065F79543D7999EC28B687F87E96B803
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 4EAC4109FF3DD488C0F8D1D57588210E
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\SysWOW64\speedfan.sys 0FFE35F0B0CD5A324BBE22F02569AE3B
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 546C81F238F084A393EC54114741A0A8
C:\Windows\System32\DRIVERS\srv2.sys 431D2B06E8F93EAEC53E8FA37FCFF2F1
C:\Windows\System32\DRIVERS\srvnet.sys 42EDAB3E3E8E25C7093674936C2DB4BD
C:\Windows\System32\DRIVERS\ssudmdm.sys F0B59ADCD06BCEB9D47311B7041CA2C9
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 7FB36A0A036ADDACE0A868E4A43C1C27
C:\Windows\System32\DRIVERS\tcpip.sys 7FB36A0A036ADDACE0A868E4A43C1C27
C:\Windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 4DD986720F7CB7A8A5D1226793097B9A
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys F957092C63CD71D85903CA0D8370F473
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys 28B81917A195B67617AF7DCF4DFE5736
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys B626F048318DAE65A3317F0592BE592C
C:\Windows\system32\drivers\usbhub.sys 390109E8E05BA00375DCB1ED64DC60AF
C:\Windows\system32\drivers\usbohci.sys B4DF0F4C1D9D25DFE1DAD1D8670F1D4F
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\system32\drivers\usbuhci.sys CFEAAF96E666E3DCBD8F6DFF516784AE
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vjoy.sys A0DBA1EA2C59D0DC533315AD3FA455B7
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys 85C5468BC395819AE2A0C747334BA14C
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vpnpbus.sys 11DAC3C5F902CCD99F7AD1CD70EB1F30
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUSB.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\System32\drivers\womic.sys 41BE9B8FEC63BADC3F6DF262CD350965
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xusb21.sys 2EE48CFCE7CA8E0DB4C44C7476C0943B
C:\Windows\System32\drivers\zam64.sys 21E13F2CB269DEFEAE5E1D09887D47BB
C:\Windows\System32\drivers\zamguard64.sys 21E13F2CB269DEFEAE5E1D09887D47BB
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-28 12:27 - 2017-08-28 12:30 - 000050441 _____ C:\Users\Dennis\Downloads\FRST.txt
2017-08-28 12:26 - 2017-08-28 12:26 - 002395648 _____ (Farbar) C:\Users\Dennis\Downloads\FRST64.exe
2017-08-28 11:31 - 2017-08-28 11:31 - 008185288 _____ (Malwarebytes) C:\Users\Dennis\Downloads\adwcleaner_7.0.1.0.exe
2017-08-26 09:03 - 2017-08-26 09:04 - 000005112 _____ C:\Users\Dennis\Downloads\fullMarketOrders.csv
2017-08-26 00:56 - 2017-08-26 03:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-25 03:54 - 2017-08-25 03:54 - 001214288 _____ ( ) C:\Users\Dennis\Downloads\hwmonitor_1.32.exe
2017-08-25 03:30 - 2017-08-25 03:30 - 016785991 _____ C:\Users\Dennis\Downloads\ccminer-x64-2.2.7z
2017-08-25 03:07 - 2017-08-25 03:07 - 006754944 _____ (ESET spol. s r.o.) C:\Users\Dennis\Downloads\esetonlinescanner_enu (12).exe
2017-08-25 03:06 - 2017-08-28 02:51 - 000000000 ____D C:\Program Files\Magacoin
2017-08-25 03:06 - 2017-08-25 03:06 - 000000000 ____D C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Magacoin Core
2017-08-25 03:00 - 2017-08-25 03:01 - 000000000 ____D C:\Users\Dennis\Downloads\maga
2017-08-25 02:59 - 2017-08-25 02:59 - 006754944 _____ (ESET spol. s r.o.) C:\Users\Dennis\Downloads\esetonlinescanner_enu (11).exe
2017-08-24 05:12 - 2017-08-24 05:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-08-24 05:12 - 2017-08-24 05:12 - 000000000 ____D C:\Program Files\RogueKiller
2017-08-24 05:11 - 2017-08-24 05:11 - 035772800 _____ (Adlice Software ) C:\Users\Dennis\Downloads\RogueKiller_setup_ref3.exe
2017-08-24 03:09 - 2017-08-24 03:09 - 000852798 _____ C:\Users\Dennis\Downloads\SecurityCheck.exe
2017-08-24 03:09 - 2017-08-24 03:09 - 000852798 _____ C:\Users\Dennis\Downloads\SecurityCheck (1).exe
2017-08-24 03:08 - 2017-08-24 03:08 - 000001023 _____ C:\Users\Public\Desktop\Unchecky.lnk
2017-08-24 03:08 - 2017-08-24 03:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2017-08-24 03:07 - 2017-08-24 03:08 - 000000000 ____D C:\ProgramData\Unchecky
2017-08-24 03:07 - 2017-08-24 03:08 - 000000000 ____D C:\Program Files (x86)\Unchecky
2017-08-24 03:07 - 2017-08-24 03:07 - 001359520 _____ (RaMMicHaeL) C:\Users\Dennis\Downloads\unchecky_setup.exe
2017-08-24 03:02 - 2017-08-24 03:02 - 000892416 _____ (Farbar) C:\Users\Dennis\Downloads\MiniToolBox (3).exe
2017-08-24 02:57 - 2017-08-24 02:59 - 000004476 _____ C:\TDSSKiller.3.1.0.15_24.08.2017_02.57.58_log.txt
2017-08-24 02:52 - 2017-08-24 02:52 - 000892416 _____ (Farbar) C:\Users\Dennis\Downloads\MiniToolBox (1).exe
2017-08-24 02:48 - 2017-08-24 02:48 - 008185288 _____ (Malwarebytes) C:\Users\Dennis\Downloads\AdwCleaner (1).exe
2017-08-24 01:40 - 2017-08-24 01:40 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Dennis\Downloads\mbar-1.09.3.1001.exe
2017-08-24 01:31 - 2017-08-24 01:36 - 000233304 _____ C:\TDSSKiller.3.1.0.15_24.08.2017_01.31.42_log.txt
2017-08-24 01:31 - 2017-08-24 01:31 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Dennis\Downloads\ieexplorer.exe.exe
2017-08-24 01:28 - 2017-08-24 01:28 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Dennis\Downloads\ieexplorer.exe (2).exe
2017-08-24 01:28 - 2017-08-24 01:28 - 000983168 _____ (Bleeping Computer, LLC) C:\Users\Dennis\Downloads\rkill (1)64.exe
2017-08-23 22:18 - 2017-08-24 02:50 - 000374920 _____ C:\Windows\ntbtlog.txt
2017-08-23 21:53 - 2017-08-23 21:53 - 000308768 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-23 21:36 - 2017-08-23 21:36 - 000068496 _____ C:\Users\Dennis\AppData\Local\GDIPFONTCACHEV1.DAT
2017-08-23 13:44 - 2017-08-23 13:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-08-22 11:55 - 2017-08-22 11:55 - 000049992 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-08-22 11:55 - 2017-08-22 11:55 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-08-22 11:55 - 2017-08-22 11:55 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-08-22 11:55 - 2017-08-22 11:55 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-08-15 02:37 - 2017-08-15 02:37 - 000009327 _____ C:\Users\Dennis\Downloads\Rick.and.Morty.S03E03.HDTV.x264-BATV[rartv]-[rarbg.to].torrent
2017-08-15 01:24 - 2017-08-15 01:24 - 000044742 _____ C:\Users\Dennis\Downloads\Rick.and.Morty.S03E04.Vindicators.3.The.Return.of.Worldender.1080p.AMZN.WEBRip.DDP5.1.x264-QOQ[rartv]-[rarbg.to].torrent
2017-08-14 22:53 - 2017-08-14 22:53 - 000597020 _____ C:\Users\Dennis\Downloads\NeverSink-Filter-5.1.1.zip
2017-08-14 22:52 - 2017-08-14 22:52 - 000597131 _____ C:\Users\Dennis\Downloads\NeverSink-Filter-master.zip
2017-08-14 22:52 - 2017-08-14 22:52 - 000597131 _____ C:\Users\Dennis\Downloads\NeverSink-Filter-master (1).zip
2017-08-10 00:13 - 2017-08-10 00:18 - 947093327 _____ C:\Users\Dennis\Downloads\20XXHP 4.07++ Creator.zip
2017-08-10 00:12 - 2017-08-10 00:12 - 011439704 _____ C:\Users\Dennis\Downloads\20XX 4.06 to 4.07++ Replacement Files.zip
2017-08-09 23:39 - 2017-08-09 23:46 - 1035157115 _____ C:\Users\Dennis\Downloads\20XX 4.07++ Root Files.zip
2017-08-09 20:33 - 2017-08-09 20:33 - 000002133 _____ C:\Users\Public\Desktop\Path of Exile.lnk
2017-08-09 20:33 - 2017-08-09 20:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
2017-08-09 20:29 - 2017-08-09 20:29 - 013017672 _____ (Grinding Gear Games) C:\Users\Dennis\Downloads\PathOfExileInstaller (1).exe
2017-08-09 20:22 - 2017-08-09 20:22 - 013018968 _____ (Grinding Gear Games) C:\Users\Dennis\Downloads\PathOfExileInstaller.exe
2017-08-09 03:37 - 2017-07-29 09:56 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-08-09 03:37 - 2017-07-21 09:26 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll
2017-08-09 03:37 - 2017-07-21 09:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
2017-08-09 03:37 - 2017-07-15 13:35 - 000394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-08-09 03:37 - 2017-07-15 12:52 - 000346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-08-09 03:37 - 2017-07-14 10:29 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-08-09 03:37 - 2017-07-14 10:29 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-08-09 03:37 - 2017-07-14 10:29 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-08-09 03:37 - 2017-07-14 10:29 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2017-08-09 03:37 - 2017-07-14 10:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-08-09 03:37 - 2017-07-14 10:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-08-09 03:37 - 2017-07-14 10:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-08-09 03:37 - 2017-07-14 09:57 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-08-09 03:37 - 2017-07-14 09:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2017-08-09 03:37 - 2017-07-14 09:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2017-08-09 03:37 - 2017-07-14 01:49 - 025733632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-08-09 03:37 - 2017-07-14 01:08 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-08-09 03:37 - 2017-07-14 00:35 - 005981184 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-08-09 03:37 - 2017-07-14 00:09 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-08-09 03:37 - 2017-07-13 23:40 - 015254016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-08-09 03:37 - 2017-07-13 23:23 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-08-09 03:37 - 2017-07-13 21:54 - 020270080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-08-09 03:37 - 2017-07-13 21:17 - 004546048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-08-09 03:37 - 2017-07-08 10:34 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-08-09 03:37 - 2017-07-08 10:00 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-08-09 03:37 - 2017-07-07 10:37 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-08-09 03:37 - 2017-07-07 10:33 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-08-09 03:37 - 2017-07-07 10:33 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-08-09 03:37 - 2017-07-07 10:33 - 000363752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2017-08-09 03:37 - 2017-07-07 10:33 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-08-09 03:37 - 2017-07-07 10:33 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-08-09 03:37 - 2017-07-07 10:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-08-09 03:37 - 2017-07-07 10:29 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-08-09 03:37 - 2017-07-07 10:29 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-08-09 03:37 - 2017-07-07 10:15 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-08-09 03:37 - 2017-07-07 10:15 - 003945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-08-09 03:37 - 2017-07-07 10:13 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-08-09 03:37 - 2017-07-07 10:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-08-09 03:37 - 2017-07-07 10:10 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-08-09 03:37 - 2017-07-01 08:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2017-08-09 03:37 - 2017-07-01 08:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll
2017-08-09 03:37 - 2017-07-01 08:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-08-09 03:37 - 2017-07-01 08:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll
2017-08-09 03:37 - 2017-07-01 08:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2017-08-09 03:37 - 2017-07-01 08:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2017-08-09 03:37 - 2017-07-01 08:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2017-08-09 03:37 - 2017-07-01 08:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-08-09 03:37 - 2017-07-01 08:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2017-08-09 03:37 - 2017-07-01 08:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2017-08-09 03:37 - 2017-07-01 08:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-08-09 03:37 - 2017-07-01 08:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll
2017-08-09 03:36 - 2017-07-21 09:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch40.dll
2017-08-09 03:36 - 2017-07-21 09:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
2017-08-09 03:36 - 2017-07-14 10:29 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-08-09 03:36 - 2017-07-14 10:29 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-08-09 03:36 - 2017-07-14 10:29 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-08-09 03:36 - 2017-07-14 10:29 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-08-09 03:36 - 2017-07-14 10:29 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-08-09 03:36 - 2017-07-14 10:29 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-08-09 03:36 - 2017-07-14 10:29 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-08-09 03:36 - 2017-07-14 10:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-08-09 03:36 - 2017-07-14 10:12 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-08-09 03:36 - 2017-07-14 10:12 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-08-09 03:36 - 2017-07-14 10:11 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-08-09 03:36 - 2017-07-14 10:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-08-09 03:36 - 2017-07-14 10:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-08-09 03:36 - 2017-07-14 10:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-08-09 03:36 - 2017-07-14 10:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-08-09 03:36 - 2017-07-14 10:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-08-09 03:36 - 2017-07-14 10:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-08-09 03:36 - 2017-07-14 10:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-08-09 03:36 - 2017-07-14 10:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-08-09 03:36 - 2017-07-14 10:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-08-09 03:36 - 2017-07-14 09:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-08-09 03:36 - 2017-07-14 09:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-08-09 03:36 - 2017-07-14 02:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-08-09 03:36 - 2017-07-14 02:15 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-08-09 03:36 - 2017-07-14 01:47 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-08-09 03:36 - 2017-07-14 01:45 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-08-09 03:36 - 2017-07-14 01:45 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-08-09 03:36 - 2017-07-14 01:44 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-08-09 03:36 - 2017-07-14 01:44 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-08-09 03:36 - 2017-07-14 01:38 - 002899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-08-09 03:36 - 2017-07-14 01:29 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-08-09 03:36 - 2017-07-14 01:28 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-08-09 03:36 - 2017-07-14 01:22 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-08-09 03:36 - 2017-07-14 01:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-08-09 03:36 - 2017-07-14 01:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-08-09 03:36 - 2017-07-14 01:19 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-08-09 03:36 - 2017-07-14 01:19 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-08-09 03:36 - 2017-07-14 01:02 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-08-09 03:36 - 2017-07-14 00:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-08-09 03:36 - 2017-07-14 00:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-08-09 03:36 - 2017-07-14 00:47 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-08-09 03:36 - 2017-07-14 00:42 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-08-09 03:36 - 2017-07-14 00:40 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-08-09 03:36 - 2017-07-14 00:35 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-08-09 03:36 - 2017-07-14 00:33 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-08-09 03:36 - 2017-07-14 00:16 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-08-09 03:36 - 2017-07-14 00:11 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-08-09 03:36 - 2017-07-14 00:10 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-08-09 03:36 - 2017-07-14 00:09 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-08-09 03:36 - 2017-07-13 23:07 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-08-09 03:36 - 2017-07-13 22:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-08-09 03:36 - 2017-07-13 22:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-08-09 03:36 - 2017-07-13 21:48 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-08-09 03:36 - 2017-07-13 21:48 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-08-09 03:36 - 2017-07-13 21:48 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-08-09 03:36 - 2017-07-13 21:48 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-08-09 03:36 - 2017-07-13 21:47 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-08-09 03:36 - 2017-07-13 21:44 - 002290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-08-09 03:36 - 2017-07-13 21:42 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-08-09 03:36 - 2017-07-13 21:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-08-09 03:36 - 2017-07-13 21:39 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-08-09 03:36 - 2017-07-13 21:38 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-08-09 03:36 - 2017-07-13 21:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-08-09 03:36 - 2017-07-13 21:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-08-09 03:36 - 2017-07-13 21:30 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-08-09 03:36 - 2017-07-13 21:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-08-09 03:36 - 2017-07-13 21:25 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-08-09 03:36 - 2017-07-13 21:25 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-08-09 03:36 - 2017-07-13 21:23 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-08-09 03:36 - 2017-07-13 21:22 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-08-09 03:36 - 2017-07-13 21:21 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-08-09 03:36 - 2017-07-13 21:20 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-08-09 03:36 - 2017-07-13 21:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-08-09 03:36 - 2017-07-13 21:12 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-08-09 03:36 - 2017-07-13 21:11 - 002057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-08-09 03:36 - 2017-07-13 21:11 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-08-09 03:36 - 2017-07-13 21:09 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-08-09 03:36 - 2017-07-13 20:53 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-08-09 03:36 - 2017-07-13 20:50 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-08-09 03:36 - 2017-07-13 20:48 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:11 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-08-09 03:36 - 2017-07-07 10:11 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-08-09 03:36 - 2017-07-07 10:11 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-08-09 03:36 - 2017-07-07 10:11 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-08-09 03:36 - 2017-07-07 10:11 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-08-09 03:36 - 2017-07-07 10:11 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-08-09 03:36 - 2017-07-07 10:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-08-09 03:36 - 2017-07-07 10:11 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-08-09 03:36 - 2017-07-07 10:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-08-09 03:36 - 2017-07-07 10:11 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-08-09 03:36 - 2017-07-07 10:11 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-08-09 03:36 - 2017-07-07 10:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-08-09 03:36 - 2017-07-07 10:11 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-08-09 03:36 - 2017-07-07 10:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 10:02 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-08-09 03:36 - 2017-07-07 10:01 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-08-09 03:36 - 2017-07-07 10:01 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-08-09 03:36 - 2017-07-07 10:01 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-08-09 03:36 - 2017-07-07 09:58 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-08-09 03:36 - 2017-07-07 09:57 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-08-09 03:36 - 2017-07-07 09:54 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-08-09 03:36 - 2017-07-07 09:54 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-08-09 03:36 - 2017-07-07 09:54 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-08-09 03:36 - 2017-07-07 09:53 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-08-09 03:36 - 2017-07-07 09:53 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-08-09 03:36 - 2017-07-07 09:51 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-08-09 03:36 - 2017-07-07 09:48 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-08-09 03:36 - 2017-07-07 09:48 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-08-09 03:36 - 2017-07-07 09:48 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-08-09 03:36 - 2017-07-07 09:48 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-08-09 03:36 - 2017-07-07 09:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-08-09 03:36 - 2017-07-07 09:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 09:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 09:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-08-09 03:36 - 2017-07-07 09:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-08-08 19:28 - 2017-08-08 19:28 - 000000000 ____D C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-08-08 10:59 - 2017-08-08 11:14 - 376066457 _____ C:\Users\Dennis\Downloads\Elements-Of-Style-Version-1.5.rar
2017-08-08 10:43 - 2017-08-08 10:43 - 006754944 _____ (ESET spol. s r.o.) C:\Users\Dennis\Downloads\esetonlinescanner_enu (10).exe
2017-08-02 14:24 - 2017-08-02 14:24 - 000001638 _____ C:\Users\Public\Desktop\Grim Dawn.lnk
2017-08-02 14:13 - 2017-08-02 14:14 - 006754944 _____ (ESET spol. s r.o.) C:\Users\Dennis\Downloads\esetonlinescanner_enu (9).exe
2017-08-01 12:05 - 2017-08-01 12:05 - 021753353 _____ C:\Users\Dennis\Downloads\Project64kVE.zip
2017-08-01 12:04 - 2017-08-01 12:04 - 002391732 _____ ( ) C:\Users\Dennis\Downloads\Setup Project64 v2.3.2-202-g57a221e.exe
2017-07-30 15:21 - 2017-07-30 17:37 - 1130402081 _____ C:\Users\Dennis\Documents\Mumble-2017-07-30-15-15-15-149.210.187.155-Mixdown.wav
2017-07-29 19:27 - 2017-07-29 19:27 - 006144523 _____ C:\Users\Dennis\Downloads\FM-v5.7-BETA.7z
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-28 12:28 - 2016-05-11 21:19 - 001042115 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-08-28 12:28 - 2016-05-11 21:19 - 001038645 _____ C:\Windows\ZAM.krnl.trace
2017-08-28 12:27 - 2014-03-22 02:38 - 000000000 ____D C:\FRST
2017-08-28 12:25 - 2016-07-11 16:44 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-28 11:43 - 2016-03-20 23:21 - 000000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-08-28 11:39 - 2012-10-03 11:06 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-08-28 11:33 - 2014-01-16 10:22 - 000000000 ____D C:\AdwCleaner
2017-08-28 10:13 - 2015-05-15 12:44 - 000000000 ___HD C:\Users\Dennis\AppData\Local\CrashDumps
2017-08-28 08:25 - 2012-08-07 21:39 - 000000000 ____D C:\Program Files (x86)\Steam
2017-08-28 04:48 - 2009-07-13 23:45 - 000014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-28 04:48 - 2009-07-13 23:45 - 000014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-28 00:43 - 2016-03-20 23:21 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-08-26 08:03 - 2016-11-16 16:33 - 000000000 ____D C:\Users\Dennis\AppData\LocalLow\Mozilla
2017-08-26 03:54 - 2014-03-10 10:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-24 08:12 - 2016-04-24 19:50 - 000000000 ____D C:\Users\Dennis\AppData\Roaming\discord
2017-08-24 05:13 - 2015-05-14 17:06 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-08-24 03:04 - 2017-01-31 18:15 - 000103070 _____ C:\Users\Dennis\Downloads\MTB.txt
2017-08-24 02:58 - 2016-07-13 21:54 - 000000865 ___SH C:\Windows\SysWOW64\mmf.sys
2017-08-24 02:58 - 2012-08-05 23:31 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-24 02:57 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-24 02:49 - 2015-07-11 19:17 - 000000000 ____D C:\ProgramData\IObit
2017-08-24 02:46 - 2015-07-14 21:02 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-08-24 01:51 - 2016-12-13 18:42 - 000003744 _____ C:\Users\Dennis\Desktop\Rkill.txt
2017-08-24 01:41 - 2014-09-21 22:16 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-24 01:41 - 2014-09-21 22:16 - 000109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-08-24 01:41 - 2014-06-11 19:39 - 000000000 ____D C:\Users\Dennis\Desktop\Classic games
2017-08-24 01:36 - 2015-04-17 01:54 - 000000000 ____D C:\TDSSKiller_Quarantine
2017-08-24 01:24 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\ModemLogs
2017-08-23 21:57 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2017-08-23 21:48 - 2017-02-07 20:54 - 000000000 ____D C:\Users\Dennis\AppData\Roaming\vlc
2017-08-23 21:39 - 2012-12-02 00:05 - 000000000 ___RD C:\Users\Dennis\Dropbox
2017-08-23 21:32 - 2014-02-21 23:17 - 000000000 ____D C:\Users\Dennis\AppData\Roaming\DAEMON Tools Lite
2017-08-23 21:16 - 2012-08-06 17:19 - 000000000 ____D C:\Users\Dennis\Documents\Vuze Downloads
2017-08-23 13:44 - 2016-03-20 23:21 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-08-21 00:30 - 2015-03-27 16:46 - 000000000 ____D C:\Users\Dennis\Desktop\MARIO 64 HD
2017-08-17 16:01 - 2014-03-04 09:56 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-17 16:00 - 2015-08-31 00:09 - 000003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1440997779
2017-08-17 16:00 - 2015-08-31 00:09 - 000000000 ____D C:\Program Files (x86)\Opera
2017-08-17 02:08 - 2015-04-20 22:52 - 000000000 ____D C:\Users\Dennis\AppData\Roaming\tixati
2017-08-15 18:46 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2017-08-15 18:03 - 2009-07-14 00:13 - 000784326 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-13 03:00 - 2017-03-13 09:35 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-12 17:12 - 2016-05-11 21:22 - 000003894 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458766719
2017-08-10 00:05 - 2016-06-21 23:10 - 000000000 ____D C:\Users\Dennis\Desktop\dolphin 11
2017-08-09 20:32 - 2012-11-26 13:48 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-09 17:10 - 2012-08-05 23:31 - 001015880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2017-08-09 17:10 - 2012-08-05 23:31 - 000146704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-08-09 03:44 - 2016-11-20 16:16 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-08-09 03:07 - 2016-08-10 03:06 - 000000000 ____D C:\Windows\system32\MpEngineStore
2017-08-09 03:02 - 2013-07-20 03:00 - 000000000 ____D C:\Windows\system32\MRT
2017-08-09 03:02 - 2012-08-26 13:14 - 140394280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-08-08 23:32 - 2013-01-26 19:48 - 000000000 ____D C:\Program Files (x86)\Grinding Gear Games
2017-08-08 19:28 - 2016-04-24 19:50 - 000002194 _____ C:\Users\Dennis\Desktop\Discord.lnk
2017-08-08 19:28 - 2016-04-24 19:50 - 000000000 ___HD C:\Users\Dennis\AppData\Local\Discord
2017-08-02 14:35 - 2012-08-07 00:39 - 000000000 ____D C:\Users\Dennis\Documents\My Games
2017-08-02 14:29 - 2009-07-14 00:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-08-02 14:24 - 2015-03-26 14:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-08-02 14:18 - 2015-03-26 14:38 - 000000000 ____D C:\GOG Games
2017-08-01 17:13 - 2017-07-16 14:11 - 000000000 ____D C:\Users\Dennis\AppData\Roaming\Mumble
2017-08-01 12:05 - 2017-02-03 21:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project64 2.3
 
==================== Files in the root of some directories =======
 
2015-10-20 22:04 - 2015-10-24 19:49 - 000004608 ____H () C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-06-18 12:52 - 2017-06-18 12:52 - 000000063 _____ () C:\Users\Dennis\AppData\Local\emaildefaults
2017-06-19 02:05 - 2017-06-19 02:05 - 000000039 _____ () C:\Users\Dennis\AppData\Local\kritadisplayrc
2017-06-18 12:40 - 2017-06-19 02:05 - 000015883 _____ () C:\Users\Dennis\AppData\Local\kritarc
2016-12-02 15:43 - 2016-12-02 16:07 - 000000600 ____H () C:\Users\Dennis\AppData\Local\PUTTY.RND
2015-07-11 11:57 - 2015-07-11 11:57 - 000000017 ____H () C:\Users\Dennis\AppData\Local\resmon.resmoncfg
2016-12-05 21:45 - 2016-11-23 08:37 - 000000570 ____H () C:\Users\Dennis\AppData\Local\TroubleshooterConfig.json
2016-01-02 17:26 - 2016-01-02 17:26 - 000000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2017-02-07 20:45 - 2017-02-07 20:45 - 000000016 _____ () C:\ProgramData\mntemp
2017-02-07 20:45 - 2017-02-07 20:45 - 000005054 _____ () C:\ProgramData\mudtcpaz.vzs
2016-12-15 03:48 - 2017-01-11 16:17 - 000012202 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-15 03:48 - 2016-12-15 03:48 - 000002938 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
2012-08-17 13:34 - 2012-08-17 13:34 - 000001534 _____ () C:\ProgramData\ss.ini
 
Some files in TEMP:
====================
2017-08-24 05:12 - 2017-07-07 10:31 - 001732864 _____ (Microsoft Corporation) C:\Users\Dennis\AppData\Local\Temp\dllnt_dump.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {3a9fd8dc-df22-11e1-b9ac-d3b615bae63e}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {3a9fd8d6-df22-11e1-b9ac-d3b615bae63e}
device                  ramdisk=[C:]\Recovery\3a9fd8d6-df22-11e1-b9ac-d3b615bae63e\Winre.wim,{3a9fd8d7-df22-11e1-b9ac-d3b615bae63e}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\3a9fd8d6-df22-11e1-b9ac-d3b615bae63e\Winre.wim,{3a9fd8d7-df22-11e1-b9ac-d3b615bae63e}
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {3a9fd8de-df22-11e1-b9ac-d3b615bae63e}
recoveryenabled         Yes
testsigning             No
osdevice                partition=C:
systemroot              \Windows
resumeobject            {3a9fd8dc-df22-11e1-b9ac-d3b615bae63e}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {3a9fd8de-df22-11e1-b9ac-d3b615bae63e}
device                  ramdisk=[C:]\Recovery\3a9fd8de-df22-11e1-b9ac-d3b615bae63e\Winre.wim,{3a9fd8df-df22-11e1-b9ac-d3b615bae63e}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\3a9fd8de-df22-11e1-b9ac-d3b615bae63e\Winre.wim,{3a9fd8df-df22-11e1-b9ac-d3b615bae63e}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {3a9fd8dc-df22-11e1-b9ac-d3b615bae63e}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {3a9fd8d7-df22-11e1-b9ac-d3b615bae63e}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\3a9fd8d6-df22-11e1-b9ac-d3b615bae63e\boot.sdi
 
Device options
--------------
identifier              {3a9fd8df-df22-11e1-b9ac-d3b615bae63e}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\3a9fd8de-df22-11e1-b9ac-d3b615bae63e\boot.sdi
 
 
LastRegBack: 2017-08-21 05:19
 
==================== End of FRST.txt ============================


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:47 AM

Posted 29 August 2017 - 07:49 AM

Hi,

===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-18\...\Run: [] => [X]
GroupPolicy: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 -  No File
FF SearchPlugin: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\bsfz3rn2.default\searchplugins\google-avast.xml [2015-04-21]
FF SearchPlugin: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\bsfz3rn2.default\searchplugins\yahoo-avast.xml [2016-12-13]
FF HKU\S-1-5-21-3073701067-1518990160-3154203008-1000\...\Firefox\Extensions: [KVAllmytube@KeepVid.com] - C:\Program Files (x86)\Keepvid\KeepVid Pro\BrowserPlugin\kvallmytube@keepvid.com_xpi => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch","hxxps://www.google.com/?trackid=sp-006"
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
CHR HKU\S-1-5-21-3073701067-1518990160-3154203008-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]
S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and include the Addition.txt log created by the Farbar program.

Let me know what problem persists.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:47 AM

Posted 04 September 2017 - 08:14 AM

Are you still with me?

#9 grungegrunge

grungegrunge
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 04 September 2017 - 09:56 AM

SORRY i keep getting busy I am going to do this today



#10 grungegrunge

grungegrunge
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 19 September 2017 - 02:27 AM

More viruses Just appeared I am going to do roguekiller again



#11 grungegrunge

grungegrunge
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 19 September 2017 - 02:45 AM

THEY ARE BACK THE SAME ONES

 

I NEED HELP

 

AHHHHHHHHHHHHHHHH SHOULD I DO THE SAME THING OVER AGAIN?

 

 

ILL SEND YOU THE NEW LOG THERE IS MORE



#12 grungegrunge

grungegrunge
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 19 September 2017 - 02:53 AM

Scanning right now

 

I will give log when I get up

 

Computer was perfect when I used the tool

But something keeps on giving me more bleep

Something sinister



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:47 AM

Posted 19 September 2017 - 06:51 AM


This is not being removed by the AdwCleaner program.

PUP.Optional.InfoG, [Key] - HKLM\SOFTWARE\Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}


Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
CloseProcesses:

DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

But something keeps on giving me more bleep

What exactly are these bleeps?

Post a fresh RogueKiller log for my review.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users