Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"The requested resource is in use"


  • This topic is locked This topic is locked
10 replies to this topic

#1 dt08

dt08

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 27 August 2017 - 04:10 AM

I've been through almost all articles and forums for this but I can't seem to get rid of this thing. I can't run any sort of malware program including rootkit. I even burned a disk with Kaspersky's Rescue Disk and it found only one trojan which I quarantined, but the problem persists. I can't open Windows Defender and the problem is still present in Safe Mode and I'm really at a loss what to do now.

 

Edit: I found the top post solution for this but I've tried 3 different USBs in every USB port I have and they're not showing up under computer so now I'm even more lost


Edited by dt08, 27 August 2017 - 04:39 AM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:35 AM

Posted 27 August 2017 - 09:04 AM

Welcome :)

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 dt08

dt08
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 27 August 2017 - 01:58 PM

As requested, the two .txt files! 

Attached Files



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:35 AM

Posted 27 August 2017 - 03:09 PM

Please remove the following programs:

ShutdownTime version 1.0
SwytShop version 1.0

 

 

  • Highlight the entire content of the quote box below.

Start::  
S2 3ad54cfaedaf5ce654ce12160be6eeb2; "C:\Program Files\3ad54cfaedaf5ce654ce12160be6eeb2\27e7a4519cfbdb4892d9d0ab8eb7b457.exe" [X]
C:\Program Files\3ad54cfaedaf5ce654ce12160be6eeb2
FirewallRules: [{D1C23E9B-F6DE-42BE-A73F-A441FC2C0E74}] => (Allow) LPort=2869
FirewallRules: [{67566505-010A-4751-BCAB-A037B0738083}] => (Allow) LPort=1900
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2199958151-3503539799-115655472-1000\...\Run: [YeaDesktop] => C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe /autostart <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
Task: {1F77D3C7-79FF-4C7F-89BB-020D1F688525} - System32\Tasks\3ad54cfaedaf5ce654ce12160be6eeb2 => sc start 3ad54cfaedaf5ce654ce12160be6eeb2 <==== ATTENTION
Task: {4477D551-21EF-4A05-A865-B93722B21946} - System32\Tasks\WebDiscover Browser Launch Task => C:\Program Files\WebDiscoverBrowser\3.15.2\browser.exe <==== ATTENTION
Task: {48172713-67D2-47CE-955E-275C734B251F} - System32\Tasks\WebDiscover Browser Update Task => C:\Program Files\WebDiscoverBrowser\3.15.2\browser.exe <==== ATTENTION
Task: {7BBFC0EA-2674-411B-9B62-106018C3F65B} - System32\Tasks\{080D0B47-0504-0478-7811-040A78791108} => C:\Windows\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAA7ADsAIAA7ACAAIAAgACAAIAA7ACAAIAAgACAAIAAgACAAIAA7ACAAIAAgACAAIAA7ADsAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBzAHQAbwBwACIAOwAkAHMAYwA9ACIAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAiADsA (the data entry has 10044 more characters). <==== ATTENTION
Task: {9CA2C971-9036-46C3-85F3-7E3A486BC7B5} - System32\Tasks\SystemHealer Run Delay => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
Task: {D7EF7B7E-E416-4EA0-914B-BA07FC438F5A} - System32\Tasks\SystemHealer Task => C:\PROGRA~2\SYSTEM~1\RESCUE~1.EXE <==== ATTENTION
Task: {E596DE58-2FBE-43B4-867D-32122BD6B89F} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe <==== ATTENTION
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?v?st S?f?Z?n? ?r?ws?r.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.bat (No File)
C:\Users\Mike's DT\AppData\Local\ntuserlitelist
C:\Users\Mike's DT\AppData\Local\Temp\D87E.tmp.node
FirewallRules: [{6561EE4A-FD04-4E97-B255-728AC3962A7E}] => (Allow) C:\Users\Mike's DT\AppData\Local\Temp\7zS1AF5\HPDiagnosticCoreUI.exe
FirewallRules: [{078A9C6B-730A-475E-95E3-B906DA8CFC41}] => (Allow) C:\Users\Mike's DT\AppData\Local\Temp\7zS1AF5\HPDiagnosticCoreUI.exe
FirewallRules: [{FCBB8CFE-4E51-49C8-823B-923843E3CBEB}] => (Allow) C:\Users\Mike's DT\AppData\Local\Temp\7zS1E49\HPDiagnosticCoreUI.exe
FirewallRules: [{C3E91A58-0B83-4698-8D63-A81DB8D3EE5F}] => (Allow) C:\Users\Mike's DT\AppData\Local\Temp\7zS1E49\HPDiagnosticCoreUI.exe
FirewallRules: [{0849C863-611E-49D4-8636-826BA6B7C815}] => (Allow) C:\Users\Mike's DT\AppData\Local\Temp\7zS2E62\HPDiagnosticCoreUI.exe
FirewallRules: [{8EDDB90A-B72B-4458-A14A-7C0E72E27862}] => (Allow) C:\Users\Mike's DT\AppData\Local\Temp\7zS2E62\HPDiagnosticCoreUI.exe
2017-08-27 10:46 - 2017-08-27 10:46 - 000148992 _____ () \\?\C:\Users\Mike's DT\AppData\Local\Temp\D87E.tmp.node
2017-08-05 10:53 - 2017-08-05 10:53 - 002768896 ____N C:\Windows\system32\mstbvje.exe
2017-07-31 22:13 - 2017-07-31 22:13 - 000429568 ____N C:\Windows\system32\ravcpdkz.exe
2017-07-01 07:37 - 2017-07-03 09:21 - 000004551 _____ () C:\Users\Mike's DT\AppData\Roaming\VoiceMeeterDefault.xml
2017-08-13 14:35 - 2017-08-13 14:35 - 000013079 ____H () C:\Users\Mike's DT\AppData\Local\recently-used.xbel
2012-09-10 04:49 - 2012-09-10 04:49 - 000001050 ____H () C:\Users\Mike's DT\AppData\Local\{793FD447-37EB-4083-B222-2E447297AF07}
C:\Users\Mike's DT\AppData\Local\llssoft
C:\Windows\svchost.exe
C:\Users\Mike's DT\ccsetup522.exe
C:\Users\Mike's DT\gimp-2.8.22-setup.exe
C:\Users\Mike's DT\HPPSdr.exe
C:\Users\Mike's DT\SteamSetup.exe
C:\Users\Mike's DT\vlc-2.2.4-win32.exe
C:\Users\Mike's DT\wlsetup-web.exe
2017-08-27 00:29 - 2017-08-27 00:29 - 000374181 _____ (WeMonetize                                                  ) C:\Users\Mike's DT\AppData\Local\Temp\BLCLDL7.exe
2017-08-26 23:54 - 2017-08-26 23:54 - 000079904 _____ () C:\Users\Mike's DT\AppData\Local\Temp\i4jdel0.exe
2017-08-11 23:46 - 2017-08-03 16:00 - 005025400 _____ (NVIDIA Corporation) C:\Users\Mike's DT\AppData\Local\Temp\NVI2_29.DLL
2017-08-27 00:28 - 2017-08-27 00:28 - 002461008 _____ () C:\Users\Mike's DT\AppData\Local\Temp\ok_vk_1_ad_block.exe
2017-08-27 00:28 - 2017-08-27 00:28 - 002476000 _____ (OneSystemCare                                               ) C:\Users\Mike's DT\AppData\Local\Temp\OneSystemCare.exe
2017-08-05 10:55 - 2017-08-05 10:55 - 000053248 _____ (http://www.beyondlogic.org) C:\Users\Mike's DT\AppData\Local\Temp\Process.exe
2017-08-27 00:28 - 2017-08-27 00:28 - 000097280 _____ () C:\Users\Mike's DT\AppData\Local\Temp\setup (1).exe
2017-08-27 00:28 - 2017-08-27 00:28 - 002175488 _____ () C:\Users\Mike's DT\AppData\Local\Temp\setup.exe
2017-08-27 00:28 - 2017-08-27 00:28 - 000491965 _____ (                                                            ) C:\Users\Mike's DT\AppData\Local\Temp\shutdowntime.exe
2017-08-27 00:28 - 2017-08-27 00:28 - 000235501 _____ () C:\Users\Mike's DT\AppData\Local\Temp\speedboostsetup.exe
2017-08-05 10:52 - 2017-08-05 10:52 - 000701952 _____ (SQLite Development Team) C:\Users\Mike's DT\AppData\Local\Temp\sqlite3.exe
2017-08-27 00:28 - 2017-08-27 00:28 - 000851682 _____ (                                                            ) C:\Users\Mike's DT\AppData\Local\Temp\weatherinspect.exe
2017-08-27 00:28 - 2017-08-27 00:28 - 003727959 _____ (                                                            ) C:\Users\Mike's DT\AppData\Local\Temp\Yeadesktop.exe
Folder: C:\Windows\System32\drivers
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 dt08

dt08
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 27 August 2017 - 03:50 PM

Unfortunately, I am unable to remove those programs. I know they've been there, however I cannot locate ShutdownTime version 1.0 and when I try to uninstall SwytShop version 1.0, it tells me I did not finish the Captcha challenge, but it doesn't show up. I ran the Fixer however and this is the Fixlog.txt content:
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Mike's DT (27-08-2017 13:25:52) Run:1
Running from C:\Users\Mike's DT\stuskfsdl
Loaded Profiles: Mike's DT (Available Profiles: Mike's DT)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
  
S2 3ad54cfaedaf5ce654ce12160be6eeb2; "C:\Program Files\3ad54cfaedaf5ce654ce12160be6eeb2\27e7a4519cfbdb4892d9d0ab8eb7b457.exe" [X]
C:\Program Files\3ad54cfaedaf5ce654ce12160be6eeb2
FirewallRules: [{D1C23E9B-F6DE-42BE-A73F-A441FC2C0E74}] => (Allow) LPort=2869
FirewallRules: [{67566505-010A-4751-BCAB-A037B0738083}] => (Allow) LPort=1900
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2199958151-3503539799-115655472-1000\...\Run: [YeaDesktop] => C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe /autostart <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
Task: {1F77D3C7-79FF-4C7F-89BB-020D1F688525} - System32\Tasks\3ad54cfaedaf5ce654ce12160be6eeb2 => sc start 3ad54cfaedaf5ce654ce12160be6eeb2 <==== ATTENTION
Task: {4477D551-21EF-4A05-A865-B93722B21946} - System32\Tasks\WebDiscover Browser Launch Task => C:\Program Files\WebDiscoverBrowser\3.15.2\browser.exe <==== ATTENTION
Task: {48172713-67D2-47CE-955E-275C734B251F} - System32\Tasks\WebDiscover Browser Update Task => C:\Program Files\WebDiscoverBrowser\3.15.2\browser.exe <==== ATTENTION
Task: {7BBFC0EA-2674-411B-9B62-106018C3F65B} - System32\Tasks\{080D0B47-0504-0478-7811-040A78791108} => C:\Windows\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAA7ADsAIAA7ACAAIAAgACAAIAA7ACAAIAAgACAAIAAgACAAIAA7ACAAIAAgACAAIAA7ADsAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBzAHQAbwBwACIAOwAkAHMAYwA9ACIAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAiADsA (the data entry has 10044 more characters). <==== ATTENTION
Task: {9CA2C971-9036-46C3-85F3-7E3A486BC7B5} - System32\Tasks\SystemHealer Run Delay => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
Task: {D7EF7B7E-E416-4EA0-914B-BA07FC438F5A} - System32\Tasks\SystemHealer Task => C:\PROGRA~2\SYSTEM~1\RESCUE~1.EXE <==== ATTENTION
Task: {E596DE58-2FBE-43B4-867D-32122BD6B89F} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe <==== ATTENTION
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?v?st S?f?Z?n? ?r?ws?r.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.bat (No File)
C:\Users\Mike's DT\AppData\Local\ntuserlitelist
C:\Users\Mike's DT\AppData\Local\Temp\D87E.tmp.node
FirewallRules: [{6561EE4A-FD04-4E97-B255-728AC3962A7E}] => (Allow) C:\Users\Mike's DT\AppData\Local\Temp\7zS1AF5\HPDiagnosticCoreUI.exe
FirewallRules: [{078A9C6B-730A-475E-95E3-B906DA8CFC41}] => (Allow) C:\Users\Mike's DT\AppData\Local\Temp\7zS1AF5\HPDiagnosticCoreUI.exe
FirewallRules: [{FCBB8CFE-4E51-49C8-823B-923843E3CBEB}] => (Allow) C:\Users\Mike's DT\AppData\Local\Temp\7zS1E49\HPDiagnosticCoreUI.exe
FirewallRules: [{C3E91A58-0B83-4698-8D63-A81DB8D3EE5F}] => (Allow) C:\Users\Mike's DT\AppData\Local\Temp\7zS1E49\HPDiagnosticCoreUI.exe
FirewallRules: [{0849C863-611E-49D4-8636-826BA6B7C815}] => (Allow) C:\Users\Mike's DT\AppData\Local\Temp\7zS2E62\HPDiagnosticCoreUI.exe
FirewallRules: [{8EDDB90A-B72B-4458-A14A-7C0E72E27862}] => (Allow) C:\Users\Mike's DT\AppData\Local\Temp\7zS2E62\HPDiagnosticCoreUI.exe
2017-08-27 10:46 - 2017-08-27 10:46 - 000148992 _____ () \\?\C:\Users\Mike's DT\AppData\Local\Temp\D87E.tmp.node
2017-08-05 10:53 - 2017-08-05 10:53 - 002768896 ____N C:\Windows\system32\mstbvje.exe
2017-07-31 22:13 - 2017-07-31 22:13 - 000429568 ____N C:\Windows\system32\ravcpdkz.exe
2017-07-01 07:37 - 2017-07-03 09:21 - 000004551 _____ () C:\Users\Mike's DT\AppData\Roaming\VoiceMeeterDefault.xml
2017-08-13 14:35 - 2017-08-13 14:35 - 000013079 ____H () C:\Users\Mike's DT\AppData\Local\recently-used.xbel
2012-09-10 04:49 - 2012-09-10 04:49 - 000001050 ____H () C:\Users\Mike's DT\AppData\Local\{793FD447-37EB-4083-B222-2E447297AF07}
C:\Users\Mike's DT\AppData\Local\llssoft
C:\Windows\svchost.exe
C:\Users\Mike's DT\ccsetup522.exe
C:\Users\Mike's DT\gimp-2.8.22-setup.exe
C:\Users\Mike's DT\HPPSdr.exe
C:\Users\Mike's DT\SteamSetup.exe
C:\Users\Mike's DT\vlc-2.2.4-win32.exe
C:\Users\Mike's DT\wlsetup-web.exe
2017-08-27 00:29 - 2017-08-27 00:29 - 000374181 _____ (WeMonetize                                                  ) C:\Users\Mike's DT\AppData\Local\Temp\BLCLDL7.exe
2017-08-26 23:54 - 2017-08-26 23:54 - 000079904 _____ () C:\Users\Mike's DT\AppData\Local\Temp\i4jdel0.exe
2017-08-11 23:46 - 2017-08-03 16:00 - 005025400 _____ (NVIDIA Corporation) C:\Users\Mike's DT\AppData\Local\Temp\NVI2_29.DLL
2017-08-27 00:28 - 2017-08-27 00:28 - 002461008 _____ () C:\Users\Mike's DT\AppData\Local\Temp\ok_vk_1_ad_block.exe
2017-08-27 00:28 - 2017-08-27 00:28 - 002476000 _____ (OneSystemCare                                               ) C:\Users\Mike's DT\AppData\Local\Temp\OneSystemCare.exe
2017-08-05 10:55 - 2017-08-05 10:55 - 000053248 _____ (http://www.beyondlogic.org) C:\Users\Mike's DT\AppData\Local\Temp\Process.exe
2017-08-27 00:28 - 2017-08-27 00:28 - 000097280 _____ () C:\Users\Mike's DT\AppData\Local\Temp\setup (1).exe
2017-08-27 00:28 - 2017-08-27 00:28 - 002175488 _____ () C:\Users\Mike's DT\AppData\Local\Temp\setup.exe
2017-08-27 00:28 - 2017-08-27 00:28 - 000491965 _____ (                                                            ) C:\Users\Mike's DT\AppData\Local\Temp\shutdowntime.exe
2017-08-27 00:28 - 2017-08-27 00:28 - 000235501 _____ () C:\Users\Mike's DT\AppData\Local\Temp\speedboostsetup.exe
2017-08-05 10:52 - 2017-08-05 10:52 - 000701952 _____ (SQLite Development Team) C:\Users\Mike's DT\AppData\Local\Temp\sqlite3.exe
2017-08-27 00:28 - 2017-08-27 00:28 - 000851682 _____ (                                                            ) C:\Users\Mike's DT\AppData\Local\Temp\weatherinspect.exe
2017-08-27 00:28 - 2017-08-27 00:28 - 003727959 _____ (                                                            ) C:\Users\Mike's DT\AppData\Local\Temp\Yeadesktop.exe
Folder: C:\Windows\System32\drivers
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
 
*****************
 
HKLM\System\CurrentControlSet\Services\3ad54cfaedaf5ce654ce12160be6eeb2 => key removed successfully
3ad54cfaedaf5ce654ce12160be6eeb2 => service removed successfully
"C:\Program Files\3ad54cfaedaf5ce654ce12160be6eeb2" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D1C23E9B-F6DE-42BE-A73F-A441FC2C0E74} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{67566505-010A-4751-BCAB-A037B0738083} => value removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKU\S-1-5-21-2199958151-3503539799-115655472-1000\Software\Microsoft\Windows\CurrentVersion\Run\\YeaDesktop => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{1F77D3C7-79FF-4C7F-89BB-020D1F688525} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F77D3C7-79FF-4C7F-89BB-020D1F688525} => key removed successfully
C:\Windows\System32\Tasks\3ad54cfaedaf5ce654ce12160be6eeb2 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\3ad54cfaedaf5ce654ce12160be6eeb2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4477D551-21EF-4A05-A865-B93722B21946} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4477D551-21EF-4A05-A865-B93722B21946} => key removed successfully
C:\Windows\System32\Tasks\WebDiscover Browser Launch Task => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebDiscover Browser Launch Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{48172713-67D2-47CE-955E-275C734B251F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48172713-67D2-47CE-955E-275C734B251F} => key removed successfully
C:\Windows\System32\Tasks\WebDiscover Browser Update Task => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebDiscover Browser Update Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BBFC0EA-2674-411B-9B62-106018C3F65B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BBFC0EA-2674-411B-9B62-106018C3F65B} => key removed successfully
C:\Windows\System32\Tasks\{080D0B47-0504-0478-7811-040A78791108} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{080D0B47-0504-0478-7811-040A78791108} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CA2C971-9036-46C3-85F3-7E3A486BC7B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CA2C971-9036-46C3-85F3-7E3A486BC7B5} => key removed successfully
C:\Windows\System32\Tasks\SystemHealer Run Delay => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Run Delay => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7EF7B7E-E416-4EA0-914B-BA07FC438F5A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7EF7B7E-E416-4EA0-914B-BA07FC438F5A} => key removed successfully
C:\Windows\System32\Tasks\SystemHealer Task => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E596DE58-2FBE-43B4-867D-32122BD6B89F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E596DE58-2FBE-43B4-867D-32122BD6B89F} => key removed successfully
C:\Windows\System32\Tasks\SystemHealer Monitor => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Monitor => key removed successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?v?st S?f?Z?n? ?r?ws?r.lnk" => Could not move.
 
"C:\Users\Mike's DT\AppData\Local\ntuserlitelist" folder move:
 
Could not move "C:\Users\Mike's DT\AppData\Local\ntuserlitelist" => Scheduled to move on reboot.
 
C:\Users\Mike's DT\AppData\Local\Temp\D87E.tmp.node => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6561EE4A-FD04-4E97-B255-728AC3962A7E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{078A9C6B-730A-475E-95E3-B906DA8CFC41} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FCBB8CFE-4E51-49C8-823B-923843E3CBEB} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C3E91A58-0B83-4698-8D63-A81DB8D3EE5F} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0849C863-611E-49D4-8636-826BA6B7C815} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8EDDB90A-B72B-4458-A14A-7C0E72E27862} => value removed successfully
"C:\Users\Mike's DT\AppData\Local\Temp\D87E.tmp.node" => not found.
Could not move "C:\Windows\system32\mstbvje.exe" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\ravcpdkz.exe" => Scheduled to move on reboot.
C:\Users\Mike's DT\AppData\Roaming\VoiceMeeterDefault.xml => moved successfully
C:\Users\Mike's DT\AppData\Local\recently-used.xbel => moved successfully
C:\Users\Mike's DT\AppData\Local\{793FD447-37EB-4083-B222-2E447297AF07} => moved successfully
 
"C:\Users\Mike's DT\AppData\Local\llssoft" folder move:
 
Could not move "C:\Users\Mike's DT\AppData\Local\llssoft" => Scheduled to move on reboot.
 
C:\Windows\svchost.exe => moved successfully
C:\Users\Mike's DT\ccsetup522.exe => moved successfully
C:\Users\Mike's DT\gimp-2.8.22-setup.exe => moved successfully
C:\Users\Mike's DT\HPPSdr.exe => moved successfully
C:\Users\Mike's DT\SteamSetup.exe => moved successfully
C:\Users\Mike's DT\vlc-2.2.4-win32.exe => moved successfully
C:\Users\Mike's DT\wlsetup-web.exe => moved successfully
C:\Users\Mike's DT\AppData\Local\Temp\BLCLDL7.exe => moved successfully
C:\Users\Mike's DT\AppData\Local\Temp\i4jdel0.exe => moved successfully
C:\Users\Mike's DT\AppData\Local\Temp\NVI2_29.DLL => moved successfully
C:\Users\Mike's DT\AppData\Local\Temp\ok_vk_1_ad_block.exe => moved successfully
C:\Users\Mike's DT\AppData\Local\Temp\OneSystemCare.exe => moved successfully
C:\Users\Mike's DT\AppData\Local\Temp\Process.exe => moved successfully
C:\Users\Mike's DT\AppData\Local\Temp\setup (1).exe => moved successfully
C:\Users\Mike's DT\AppData\Local\Temp\setup.exe => moved successfully
C:\Users\Mike's DT\AppData\Local\Temp\shutdowntime.exe => moved successfully
C:\Users\Mike's DT\AppData\Local\Temp\speedboostsetup.exe => moved successfully
C:\Users\Mike's DT\AppData\Local\Temp\sqlite3.exe => moved successfully
C:\Users\Mike's DT\AppData\Local\Temp\weatherinspect.exe => moved successfully
C:\Users\Mike's DT\AppData\Local\Temp\Yeadesktop.exe => moved successfully
 
========================= Folder: C:\Windows\System32\drivers ========================
 
2009-07-13 17:06 - 2009-07-13 17:06 - 000068096 _____ (Microsoft Corporation) C:\Windows\System32\drivers\1394bus.sys
2016-09-05 12:01 - 2010-11-20 03:44 - 000229888 _____ (Microsoft Corporation) C:\Windows\System32\drivers\1394ohci.sys
2016-09-05 12:01 - 2010-11-20 06:32 - 000334208 _____ (Microsoft Corporation) C:\Windows\System32\drivers\acpi.sys
2016-09-05 12:01 - 2010-11-20 02:30 - 000012800 _____ (Microsoft Corporation) C:\Windows\System32\drivers\acpipmi.sys
2009-06-10 13:36 - 2009-07-13 18:52 - 000491088 _____ (Adaptec, Inc.) C:\Windows\System32\drivers\adp94xx.sys
2009-07-13 14:59 - 2009-07-13 18:52 - 000339536 _____ (Adaptec, Inc.) C:\Windows\System32\drivers\adpahci.sys
2009-07-13 14:59 - 2009-07-13 18:52 - 000182864 _____ (Adaptec, Inc.) C:\Windows\System32\drivers\adpu320.sys
2017-06-26 08:10 - 2017-04-04 07:53 - 000496128 _____ (Microsoft Corporation) C:\Windows\System32\drivers\afd.sys
2009-07-13 17:10 - 2009-07-13 17:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\System32\drivers\agilevpn.sys
2009-07-13 16:38 - 2009-07-13 18:52 - 000061008 _____ (Microsoft Corporation) C:\Windows\System32\drivers\AGP440.sys
2009-07-13 16:19 - 2009-07-13 18:52 - 000015440 _____ (Acer Laboratories Inc.) C:\Windows\System32\drivers\aliide.sys
2009-07-13 16:19 - 2009-07-13 18:52 - 000015440 _____ (Microsoft Corporation) C:\Windows\System32\drivers\amdide.sys
2009-07-13 16:19 - 2009-07-13 16:19 - 000064512 _____ (Microsoft Corporation) C:\Windows\System32\drivers\amdk8.sys
2009-07-13 16:19 - 2009-07-13 16:19 - 000060928 _____ (Microsoft Corporation) C:\Windows\System32\drivers\amdppm.sys
2016-09-11 11:24 - 2011-03-10 23:41 - 000107904 _____ (Advanced Micro Devices) C:\Windows\System32\drivers\amdsata.sys
2009-06-10 13:37 - 2009-07-13 18:52 - 000194128 _____ (AMD Technologies Inc.) C:\Windows\System32\drivers\amdsbs.sys
2016-09-11 11:24 - 2011-03-10 23:41 - 000027008 _____ (Advanced Micro Devices) C:\Windows\System32\drivers\amdxata.sys
2017-08-08 12:08 - 2017-07-07 08:01 - 000062464 _____ (Microsoft Corporation) C:\Windows\System32\drivers\appid.sys
2009-07-13 14:59 - 2009-07-13 18:52 - 000087632 _____ (Adaptec, Inc.) C:\Windows\System32\drivers\arc.sys
2009-07-13 14:59 - 2009-07-13 18:52 - 000097856 _____ (Adaptec, Inc.) C:\Windows\System32\drivers\arcsas.sys
2017-07-11 19:28 - 2017-07-30 12:00 - 000320008 _____ (AVAST Software s.r.o.) C:\Windows\System32\drivers\aswbidsdrivera.sys
2017-07-11 19:28 - 2017-07-30 12:00 - 000198976 _____ (AVAST Software s.r.o.) C:\Windows\System32\drivers\aswbidsha.sys
2017-07-11 19:28 - 2017-07-30 12:00 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\System32\drivers\aswbloga.sys
2017-07-11 19:28 - 2017-07-30 12:00 - 000057728 _____ (AVAST Software s.r.o.) C:\Windows\System32\drivers\aswbuniva.sys
2016-09-05 12:33 - 2017-07-11 19:28 - 000046984 _____ (AVAST Software) C:\Windows\System32\drivers\aswHwid.sys
2016-09-05 12:33 - 2017-07-11 19:28 - 000041800 _____ (AVAST Software) C:\Windows\System32\drivers\aswKbd.sys
2016-09-05 12:33 - 2017-08-09 14:54 - 000146704 _____ (AVAST Software) C:\Windows\System32\drivers\aswmonflt.sys
2016-09-05 12:33 - 2017-07-30 12:00 - 000146664 _____ (AVAST Software) C:\Windows\System32\drivers\aswmonflt.sys.150144122798403
2016-09-05 12:33 - 2017-07-11 19:28 - 000110352 _____ (AVAST Software) C:\Windows\System32\drivers\aswRdr2.sys
2016-09-05 12:33 - 2017-07-11 19:28 - 000084392 _____ (AVAST Software) C:\Windows\System32\drivers\aswRvrt.sys
2016-09-05 12:33 - 2017-08-09 14:54 - 001015880 _____ (AVAST Software) C:\Windows\System32\drivers\aswsnx.sys
2016-09-05 12:33 - 2017-07-11 19:28 - 000585608 _____ (AVAST Software) C:\Windows\System32\drivers\aswSP.sys
2016-09-05 12:33 - 2017-07-11 19:28 - 000198768 _____ (AVAST Software) C:\Windows\System32\drivers\aswStm.sys
2016-09-05 12:33 - 2017-07-11 19:28 - 000361336 _____ (AVAST Software) C:\Windows\System32\drivers\aswVmm.sys
2016-09-05 12:33 - 2017-07-11 19:28 - 000360792 _____ (AVAST Software) C:\Windows\System32\drivers\aswvmm.sys.149982652000006
2009-07-13 17:10 - 2009-07-13 17:10 - 000023040 _____ (Microsoft Corporation) C:\Windows\System32\drivers\asyncmac.sys
2009-07-13 16:19 - 2009-07-13 18:52 - 000024128 _____ (Microsoft Corporation) C:\Windows\System32\drivers\atapi.sys
2016-09-10 05:33 - 2013-08-04 19:25 - 000155584 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ataport.sys
2009-06-10 13:34 - 2009-06-10 13:34 - 000270848 _____ (Broadcom Corporation) C:\Windows\System32\drivers\b57nd60a.sys
2009-07-13 16:31 - 2009-07-13 18:52 - 000028240 _____ (Microsoft Corporation) C:\Windows\System32\drivers\battc.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000006656 _____ (Microsoft Corporation) C:\Windows\System32\drivers\beep.sys
2009-07-13 16:35 - 2009-07-13 16:35 - 000045056 _____ (Microsoft Corporation) C:\Windows\System32\drivers\blbdrive.sys
2016-11-08 21:52 - 2016-10-05 07:54 - 000090112 _____ (Microsoft Corporation) C:\Windows\System32\drivers\bowser.sys
2009-07-13 18:19 - 2009-06-10 13:41 - 000018432 _____ (Brother Industries, Ltd.) C:\Windows\System32\drivers\BrFiltLo.sys
2009-07-13 18:20 - 2009-06-10 13:41 - 000008704 _____ (Brother Industries, Ltd.) C:\Windows\System32\drivers\BrFiltUp.sys
2009-07-13 18:05 - 2009-07-13 18:01 - 000095232 _____ (Microsoft Corporation) C:\Windows\System32\drivers\bridge.sys
2009-07-13 18:19 - 2009-07-13 18:19 - 000286720 _____ (Brother Industries Ltd.) C:\Windows\System32\drivers\BrSerId.sys
2009-07-13 18:20 - 2009-06-10 13:41 - 000047104 _____ (Brother Industries Ltd.) C:\Windows\System32\drivers\BrSerWdm.sys
2009-07-13 18:20 - 2009-06-10 13:41 - 000014976 _____ (Brother Industries Ltd.) C:\Windows\System32\drivers\BrUsbMdm.sys
2009-07-13 18:20 - 2009-06-10 13:41 - 000014720 _____ (Brother Industries Ltd.) C:\Windows\System32\drivers\BrUsbSer.sys
2009-07-13 17:06 - 2009-07-13 17:06 - 000072192 _____ (Microsoft Corporation) C:\Windows\System32\drivers\bthmodem.sys
2009-06-10 13:34 - 2009-06-10 13:34 - 000468480 _____ (Broadcom Corporation) C:\Windows\System32\drivers\bxvbda.sys
2009-07-13 16:19 - 2009-07-13 16:19 - 000092160 _____ (Microsoft Corporation) C:\Windows\System32\drivers\cdfs.sys
2016-09-29 15:43 - 2012-04-24 03:01 - 000010864 ____N (Corel Corporation) C:\Windows\System32\drivers\cdr4_xp.sys
2016-09-29 15:43 - 2012-04-24 03:01 - 000011376 ____N (Corel Corporation) C:\Windows\System32\drivers\cdralw2k.sys
2016-09-05 12:01 - 2010-11-20 02:19 - 000147456 _____ (Microsoft Corporation) C:\Windows\System32\drivers\cdrom.sys
2009-07-13 17:06 - 2009-07-13 17:06 - 000045568 _____ (Microsoft Corporation) C:\Windows\System32\drivers\circlass.sys
2016-09-05 12:01 - 2010-11-20 06:32 - 000179072 _____ (Microsoft Corporation) C:\Windows\System32\drivers\Classpnp.sys
2009-07-13 16:31 - 2009-07-13 16:31 - 000017664 _____ (Microsoft Corporation) C:\Windows\System32\drivers\CmBatt.sys
2009-07-13 16:19 - 2009-07-13 18:52 - 000017488 _____ (CMD Technology, Inc.) C:\Windows\System32\drivers\cmdide.sys
2017-06-26 08:10 - 2016-11-20 07:07 - 000467392 _____ (Microsoft Corporation) C:\Windows\System32\drivers\cng.sys
2009-07-13 16:31 - 2009-07-13 18:52 - 000021584 _____ (Microsoft Corporation) C:\Windows\System32\drivers\compbatt.sys
2016-09-05 12:01 - 2010-11-20 03:33 - 000038912 _____ (Microsoft Corporation) C:\Windows\System32\drivers\CompositeBus.sys
2009-07-13 17:01 - 2009-07-13 18:47 - 000039504 _____ (Microsoft Corporation) C:\Windows\System32\drivers\crashdmp.sys
2009-07-13 17:01 - 2009-07-13 18:47 - 000024144 _____ (Microsoft Corporation) C:\Windows\System32\drivers\crcdisk.sys
2016-09-05 12:01 - 2010-11-20 02:27 - 000514560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\csc.sys
2016-10-12 02:49 - 2016-09-08 07:55 - 000106496 _____ (Microsoft Corporation) C:\Windows\System32\drivers\dfsc.sys
2009-07-13 16:37 - 2009-07-13 16:37 - 000040448 _____ (Microsoft Corporation) C:\Windows\System32\drivers\discache.sys
2016-09-10 05:35 - 2016-01-20 17:51 - 000073664 _____ (Microsoft Corporation) C:\Windows\System32\drivers\disk.sys
2016-09-10 05:31 - 2014-02-03 19:35 - 000027584 _____ (Microsoft Corporation) C:\Windows\System32\drivers\Diskdump.sys
2016-09-10 05:32 - 2015-12-08 11:54 - 000116736 _____ (Microsoft Corporation) C:\Windows\System32\drivers\drmk.sys
2016-09-10 05:32 - 2015-12-08 11:11 - 000005632 _____ (Microsoft Corporation) C:\Windows\System32\drivers\drmkaud.sys
2009-07-13 16:19 - 2009-07-13 18:47 - 000028736 _____ (Microsoft Corporation) C:\Windows\System32\drivers\Dumpata.sys
2009-07-13 16:21 - 2009-07-13 18:43 - 000055128 _____ (Microsoft Corporation) C:\Windows\System32\drivers\dumpfve.sys
2009-07-13 16:38 - 2009-07-13 16:38 - 000016896 _____ (Microsoft Corporation) C:\Windows\System32\drivers\dxapi.sys
2009-07-13 16:38 - 2009-07-13 16:38 - 000098816 _____ (Microsoft Corporation) C:\Windows\System32\drivers\dxg.sys
2017-07-12 08:32 - 2017-05-16 08:35 - 000986856 _____ (Microsoft Corporation) C:\Windows\System32\drivers\dxgkrnl.sys
2017-07-12 08:32 - 2017-05-16 08:35 - 000265448 _____ (Microsoft Corporation) C:\Windows\System32\drivers\dxgmms1.sys
2009-06-10 13:36 - 2009-07-13 18:47 - 000530496 _____ (Emulex) C:\Windows\System32\drivers\elxstor.sys
2009-07-13 16:31 - 2009-07-13 16:31 - 000009728 _____ (Microsoft Corporation) C:\Windows\System32\drivers\errdev.sys
2009-06-10 13:34 - 2009-06-10 13:34 - 003286016 _____ (Broadcom Corporation) C:\Windows\System32\drivers\evbda.sys
2017-06-26 08:10 - 2017-03-10 08:55 - 000195584 _____ (Microsoft Corporation) C:\Windows\System32\drivers\exfat.sys
2017-06-26 08:10 - 2017-03-10 08:55 - 000205312 _____ (Microsoft Corporation) C:\Windows\System32\drivers\fastfat.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000029696 _____ (Microsoft Corporation) C:\Windows\System32\drivers\fdc.sys
2009-07-13 16:34 - 2009-07-13 18:47 - 000070224 _____ (Microsoft Corporation) C:\Windows\System32\drivers\fileinfo.sys
2009-07-13 16:25 - 2009-07-13 16:25 - 000034304 _____ (Microsoft Corporation) C:\Windows\System32\drivers\filetrace.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000024576 _____ (Microsoft Corporation) C:\Windows\System32\drivers\flpydisk.sys
2016-09-05 12:01 - 2010-11-20 06:33 - 000289664 _____ (Microsoft Corporation) C:\Windows\System32\drivers\fltMgr.sys
2016-09-10 05:34 - 2012-02-29 23:46 - 000023408 _____ (Microsoft Corporation) C:\Windows\System32\drivers\fs_rec.sys
2009-07-13 16:26 - 2009-07-13 18:47 - 000055376 _____ (Microsoft Corporation) C:\Windows\System32\drivers\fsdepends.sys
2016-09-10 05:31 - 2013-01-23 23:01 - 000223752 _____ (Microsoft Corporation) C:\Windows\System32\drivers\fvevol.sys
2017-07-12 08:32 - 2017-05-29 21:56 - 000287976 _____ (Microsoft Corporation) C:\Windows\System32\drivers\FWPKCLNT.SYS
2009-07-13 16:38 - 2009-07-13 18:47 - 000065088 _____ (Microsoft Corporation) C:\Windows\System32\drivers\GAGP30KX.SYS
2009-06-10 13:30 - 2009-06-10 13:30 - 003440660 _____ () C:\Windows\System32\drivers\gm.dls
2009-07-13 15:13 - 2009-06-10 13:30 - 000000646 _____ () C:\Windows\System32\drivers\gmreadme.txt
2009-07-13 15:53 - 2009-06-10 13:31 - 000031232 _____ (Hauppauge Computer Works, Inc.) C:\Windows\System32\drivers\hcw85cir.sys
2016-09-05 12:01 - 2010-11-20 03:43 - 000122368 _____ (Microsoft Corporation) C:\Windows\System32\drivers\hdaudbus.sys
2016-09-05 12:01 - 2010-11-20 03:44 - 000350208 _____ (Microsoft Corporation) C:\Windows\System32\drivers\HdAudio.sys
2009-07-13 16:31 - 2009-07-13 16:31 - 000026624 _____ (Microsoft Corporation) C:\Windows\System32\drivers\hidbatt.sys
2009-07-13 17:06 - 2009-07-13 17:06 - 000100864 _____ (Microsoft Corporation) C:\Windows\System32\drivers\hidbth.sys
2016-09-10 05:33 - 2013-07-02 21:05 - 000076800 _____ (Microsoft Corporation) C:\Windows\System32\drivers\hidclass.sys
2009-07-13 17:06 - 2009-07-13 17:06 - 000046592 _____ (Microsoft Corporation) C:\Windows\System32\drivers\hidir.sys
2016-09-05 19:17 - 2014-08-06 11:15 - 000014136 _____ (Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\hidkmdf.sys
2016-09-10 05:33 - 2013-07-02 21:05 - 000032896 _____ (Microsoft Corporation) C:\Windows\System32\drivers\hidparse.sys
2016-09-05 12:01 - 2010-11-20 03:43 - 000030208 _____ (Microsoft Corporation) C:\Windows\System32\drivers\hidusb.sys
2016-09-05 12:01 - 2010-11-20 06:33 - 000078720 _____ (Hewlett-Packard Company) C:\Windows\System32\drivers\HpSAMD.sys
2017-07-12 08:32 - 2017-06-15 13:23 - 000753664 _____ (Microsoft Corporation) C:\Windows\System32\drivers\http.sys
2016-09-05 12:01 - 2010-11-20 06:33 - 000014720 _____ (Microsoft Corporation) C:\Windows\System32\drivers\hwpolicy.sys
2009-07-13 16:19 - 2009-07-13 16:19 - 000105472 _____ (Microsoft Corporation) C:\Windows\System32\drivers\i8042prt.sys
2016-09-11 11:24 - 2011-03-10 23:41 - 000410496 _____ (Intel Corporation) C:\Windows\System32\drivers\iaStorV.sys
2009-07-13 14:59 - 2009-07-13 18:48 - 000044112 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\System32\drivers\iirsp.sys
2009-07-13 16:19 - 2009-07-13 18:48 - 000016960 _____ (Microsoft Corporation) C:\Windows\System32\drivers\intelide.sys
2009-07-13 16:19 - 2009-07-13 16:19 - 000062464 _____ (Microsoft Corporation) C:\Windows\System32\drivers\intelppm.sys
2016-09-05 12:01 - 2010-11-20 03:52 - 000082944 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ipfltdrv.sys
2016-09-05 12:01 - 2010-11-20 03:04 - 000078848 _____ (Microsoft Corporation) C:\Windows\System32\drivers\IPMIDrv.sys
2009-07-13 17:10 - 2009-07-13 17:10 - 000116224 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ipnat.sys
2009-07-13 17:09 - 2009-07-13 17:09 - 000120320 _____ (Microsoft Corporation) C:\Windows\System32\drivers\irda.sys
2009-07-13 17:08 - 2009-07-13 17:08 - 000017920 _____ (Microsoft Corporation) C:\Windows\System32\drivers\irenum.sys
2009-07-13 16:31 - 2009-07-13 18:48 - 000020544 _____ (Microsoft Corporation) C:\Windows\System32\drivers\isapnp.sys
2009-07-13 16:19 - 2009-07-13 18:48 - 000050768 _____ (Microsoft Corporation) C:\Windows\System32\drivers\kbdclass.sys
2016-09-05 12:01 - 2010-11-20 03:33 - 000033280 _____ (Microsoft Corporation) C:\Windows\System32\drivers\kbdhid.sys
2016-09-05 12:01 - 2010-11-20 03:33 - 000243712 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ks.sys
2017-08-08 12:08 - 2017-07-07 08:33 - 000095464 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ksecdd.sys
2017-08-08 12:08 - 2017-07-07 08:33 - 000154856 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ksecpkg.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000020992 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ksthunk.sys
2009-07-13 17:08 - 2009-07-13 17:08 - 000060928 _____ (Microsoft Corporation) C:\Windows\System32\drivers\lltdio.sys
2009-07-13 14:59 - 2009-07-13 18:48 - 000114752 _____ (LSI Corporation) C:\Windows\System32\drivers\lsi_fc.sys
2009-07-13 14:59 - 2009-07-13 18:48 - 000106560 _____ (LSI Corporation) C:\Windows\System32\drivers\lsi_sas.sys
2009-07-13 14:59 - 2009-07-13 18:48 - 000065600 _____ (LSI Corporation) C:\Windows\System32\drivers\lsi_sas2.sys
2009-07-13 14:59 - 2009-07-13 18:48 - 000115776 _____ (LSI Corporation) C:\Windows\System32\drivers\lsi_scsi.sys
2009-07-13 16:26 - 2009-07-13 16:26 - 000113152 _____ (Microsoft Corporation) C:\Windows\System32\drivers\luafv.sys
2009-07-13 17:01 - 2009-07-13 17:01 - 000022016 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mcd.sys
2009-06-10 13:37 - 2009-07-13 18:48 - 000035392 _____ (LSI Corporation) C:\Windows\System32\drivers\megasas.sys
2009-07-13 14:59 - 2009-07-13 18:48 - 000284736 _____ (LSI Corporation, Inc.) C:\Windows\System32\drivers\MegaSR.sys
2009-07-13 17:10 - 2009-07-13 17:10 - 000040448 _____ (Microsoft Corporation) C:\Windows\System32\drivers\modem.sys
2009-07-13 16:38 - 2009-07-13 16:38 - 000030208 _____ (Microsoft Corporation) C:\Windows\System32\drivers\monitor.sys
2009-07-13 16:19 - 2009-07-13 18:48 - 000049216 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mouclass.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000031232 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mouhid.sys
2017-06-26 08:10 - 2017-05-07 08:33 - 000094440 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mountmgr.sys
2016-09-05 12:01 - 2010-11-20 06:33 - 000155008 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mpio.sys
2009-07-13 17:08 - 2009-07-13 17:08 - 000077312 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mpsdrv.sys
2016-10-12 02:49 - 2016-09-08 07:55 - 000142336 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mrxdav.sys
2017-08-08 12:08 - 2017-07-07 07:54 - 000159744 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mrxsmb.sys
2017-08-08 12:08 - 2017-07-07 07:54 - 000291328 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mrxsmb10.sys
2017-08-08 12:08 - 2017-07-07 07:54 - 000129536 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mrxsmb20.sys
2016-09-05 12:01 - 2010-11-20 06:33 - 000031104 _____ (Microsoft Corporation) C:\Windows\System32\drivers\msahci.sys
2016-09-05 12:01 - 2010-11-20 06:33 - 000140672 _____ (Microsoft Corporation) C:\Windows\System32\drivers\msdsm.sys
2009-07-13 16:19 - 2009-07-13 16:19 - 000026112 _____ (Microsoft Corporation) C:\Windows\System32\drivers\msfs.sys
2016-09-05 19:20 - 2016-09-05 19:20 - 000000000 ____H () C:\Windows\System32\drivers\Msft_Kernel_wachidrouter_01009.Wdf
2016-09-05 19:20 - 2016-09-05 19:20 - 000000000 ____H () C:\Windows\System32\drivers\Msft_Kernel_wacomrouterfilter_01009.Wdf
2016-09-05 10:10 - 2016-09-05 10:10 - 000000000 ____H () C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-09-07 20:39 - 2016-09-07 20:39 - 000000000 ____H () C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2016-09-10 05:33 - 2012-11-28 15:56 - 000000003 _____ () C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2016-09-11 03:22 - 2012-06-02 07:57 - 000000003 _____ () C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2009-07-13 17:06 - 2009-07-13 17:06 - 000008192 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mshidkmdf.sys
2013-07-06 13:26 - 2013-07-06 13:26 - 000065824 ____N () C:\Windows\System32\drivers\msidntfs.sys
2009-07-13 16:19 - 2009-07-13 18:48 - 000015424 _____ (Microsoft Corporation) C:\Windows\System32\drivers\msisadrv.sys
2016-09-10 05:31 - 2014-02-03 19:35 - 000274880 _____ (Microsoft Corporation) C:\Windows\System32\drivers\msiscsi.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000011136 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mskssrv.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000007168 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mspclock.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000006784 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mspqm.sys
2016-09-05 12:01 - 2010-11-20 06:33 - 000366976 _____ (Microsoft Corporation) C:\Windows\System32\drivers\msrpc.sys
2009-07-13 16:31 - 2009-07-13 18:48 - 000032320 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mssmbios.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000008064 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mstee.sys
2009-07-13 17:02 - 2009-07-13 17:02 - 000015360 _____ (Microsoft Corporation) C:\Windows\System32\drivers\MTConfig.sys
2009-07-13 16:23 - 2009-07-13 18:48 - 000060496 _____ (Microsoft Corporation) C:\Windows\System32\drivers\mup.sys
2013-07-28 13:24 - 2013-07-28 13:24 - 000104736 ____N () C:\Windows\System32\drivers\ndirapbm.sys
2016-09-10 05:31 - 2015-10-12 21:57 - 000950720 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ndis.sys
2009-07-13 17:08 - 2009-07-13 17:08 - 000035328 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ndiscap.sys
2009-07-13 17:10 - 2009-07-13 17:10 - 000024064 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ndistapi.sys
2016-09-05 12:01 - 2010-11-20 03:50 - 000056832 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ndisuio.sys
2016-09-05 12:01 - 2010-11-20 03:52 - 000164352 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ndiswan.sys
2016-09-05 12:01 - 2010-11-20 03:52 - 000057856 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ndproxy.sys
2009-07-13 17:09 - 2009-07-13 17:09 - 000044544 _____ (Microsoft Corporation) C:\Windows\System32\drivers\netbios.sys
2016-09-10 05:31 - 2016-05-11 07:58 - 000262144 _____ (Microsoft Corporation) C:\Windows\System32\drivers\netbt.sys
2017-07-12 08:32 - 2017-05-29 21:56 - 000377576 _____ (Microsoft Corporation) C:\Windows\System32\drivers\netio.sys
2010-04-07 12:14 - 2010-04-07 12:14 - 000446304 _____ (Ralink Technology, Corp.) C:\Windows\System32\drivers\netr6164.sys
2009-07-13 14:59 - 2009-07-13 18:48 - 000051264 _____ (IBM Corporation) C:\Windows\System32\drivers\nfrd960.sys
2009-07-13 16:19 - 2009-07-13 16:19 - 000044032 _____ (Microsoft Corporation) C:\Windows\System32\drivers\npfs.sys
2009-07-13 16:21 - 2009-07-13 16:21 - 000024576 _____ (Microsoft Corporation) C:\Windows\System32\drivers\nsiproxy.sys
2017-07-12 08:32 - 2017-06-09 08:33 - 001680616 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ntfs.sys
2009-07-13 16:19 - 2009-07-13 16:19 - 000006144 _____ (Microsoft Corporation) C:\Windows\System32\drivers\null.sys
2009-07-13 16:38 - 2009-07-13 18:48 - 000122960 _____ (Microsoft Corporation) C:\Windows\System32\drivers\NV_AGP.SYS
2017-08-03 16:00 - 2017-08-03 16:00 - 000227416 _____ (NVIDIA Corporation) C:\Windows\System32\drivers\nvhda64v.sys
2017-08-03 16:00 - 2017-08-03 16:00 - 015491192 _____ (NVIDIA Corporation) C:\Windows\System32\drivers\nvlddmkm.sys
2016-09-11 11:24 - 2011-03-10 23:41 - 000148352 _____ (NVIDIA Corporation) C:\Windows\System32\drivers\nvraid.sys
2016-09-11 11:24 - 2011-03-10 23:41 - 000166272 _____ (NVIDIA Corporation) C:\Windows\System32\drivers\nvstor.sys
2016-09-05 11:49 - 2016-08-25 16:28 - 000056376 _____ (NVIDIA Corporation) C:\Windows\System32\drivers\nvvad64v.sys
2009-07-13 17:07 - 2009-07-13 17:07 - 000318976 _____ (Microsoft Corporation) C:\Windows\System32\drivers\nwifi.sys
2009-07-13 17:06 - 2009-07-13 17:06 - 000072832 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ohci1394.sys
2016-09-05 12:01 - 2010-11-20 03:52 - 000131584 _____ (Microsoft Corporation) C:\Windows\System32\drivers\pacer.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000097280 _____ (Microsoft Corporation) C:\Windows\System32\drivers\parport.sys
2016-09-10 05:32 - 2012-03-17 00:58 - 000075120 _____ (Microsoft Corporation) C:\Windows\System32\drivers\partmgr.sys
2016-09-05 12:01 - 2010-11-20 06:33 - 000184704 _____ (Microsoft Corporation) C:\Windows\System32\drivers\pci.sys
2009-07-13 16:19 - 2009-07-13 18:45 - 000012352 _____ (Microsoft Corporation) C:\Windows\System32\drivers\pciide.sys
2009-07-13 16:19 - 2009-07-13 18:45 - 000048720 _____ (Microsoft Corporation) C:\Windows\System32\drivers\pciidex.sys
2009-07-13 16:31 - 2009-07-13 18:45 - 000220752 _____ (Microsoft Corporation) C:\Windows\System32\drivers\pcmcia.sys
2009-07-13 16:19 - 2009-07-13 18:45 - 000050768 _____ (Microsoft Corporation) C:\Windows\System32\drivers\pcw.sys
2016-10-12 02:49 - 2016-06-14 10:11 - 000663552 _____ (Microsoft Corporation) C:\Windows\System32\drivers\PEAuth.sys
2016-09-10 05:32 - 2015-12-08 11:12 - 000230400 _____ (Microsoft Corporation) C:\Windows\System32\drivers\portcls.sys
2009-07-13 16:19 - 2009-07-13 16:19 - 000060416 _____ (Microsoft Corporation) C:\Windows\System32\drivers\processr.sys
2016-09-29 15:43 - 2012-06-22 03:01 - 000056336 ____N (Corel Corporation) C:\Windows\System32\drivers\PxHlpa64.sys
2009-06-10 13:37 - 2009-07-13 18:45 - 001524816 _____ (QLogic Corporation) C:\Windows\System32\drivers\ql2300.sys
2009-07-13 14:59 - 2009-07-13 18:45 - 000128592 _____ (QLogic Corporation) C:\Windows\System32\drivers\ql40xx.sys
2009-07-13 17:09 - 2009-07-13 17:09 - 000046592 _____ (Microsoft Corporation) C:\Windows\System32\drivers\qwavedrv.sys
2009-07-13 17:10 - 2009-07-13 17:10 - 000014848 _____ (Microsoft Corporation) C:\Windows\System32\drivers\rasacd.sys
2016-09-05 12:01 - 2010-11-20 03:52 - 000129536 _____ (Microsoft Corporation) C:\Windows\System32\drivers\rasl2tp.sys
2009-07-13 17:10 - 2009-07-13 17:10 - 000092672 _____ (Microsoft Corporation) C:\Windows\System32\drivers\raspppoe.sys
2016-09-05 12:01 - 2010-11-20 03:52 - 000111104 _____ (Microsoft Corporation) C:\Windows\System32\drivers\raspptp.sys
2009-07-13 17:10 - 2009-07-13 17:10 - 000083968 _____ (Microsoft Corporation) C:\Windows\System32\drivers\rassstp.sys
2016-09-05 12:01 - 2010-11-20 02:27 - 000309248 _____ (Microsoft Corporation) C:\Windows\System32\drivers\rdbss.sys
2009-07-13 17:17 - 2009-07-13 17:17 - 000024064 _____ (Microsoft Corporation) C:\Windows\System32\drivers\rdpbus.sys
2009-07-13 17:16 - 2009-07-13 17:16 - 000007680 _____ (Microsoft Corporation) C:\Windows\System32\drivers\RDPCDD.sys
2016-09-05 12:01 - 2010-11-20 04:06 - 000165888 _____ (Microsoft Corporation) C:\Windows\System32\drivers\rdpdr.sys
2009-07-13 17:16 - 2009-07-13 17:16 - 000007680 _____ (Microsoft Corporation) C:\Windows\System32\drivers\RDPENCDD.sys
2009-07-13 17:16 - 2009-07-13 17:16 - 000008192 _____ (Microsoft Corporation) C:\Windows\System32\drivers\RDPREFMP.sys
2017-08-11 23:47 - 2012-08-23 07:10 - 000019456 _____ (Microsoft Corporation) C:\Windows\System32\drivers\rdpvideominiport.sys
2016-09-10 05:31 - 2014-07-16 18:21 - 000212480 _____ (Microsoft Corporation) C:\Windows\System32\drivers\rdpwd.sys
2016-09-05 12:01 - 2010-11-20 06:33 - 000213888 _____ (Microsoft Corporation) C:\Windows\System32\drivers\rdyboost.sys
2016-09-10 05:33 - 2015-11-05 02:53 - 000146944 _____ (Microsoft Corporation) C:\Windows\System32\drivers\rmcast.sys
2016-09-10 05:33 - 2012-07-04 13:26 - 000041472 _____ (Microsoft Corporation) C:\Windows\System32\drivers\RNDISMP.sys
2009-07-13 17:10 - 2009-07-13 17:10 - 000011264 _____ (Microsoft Corporation) C:\Windows\System32\drivers\rootmdm.sys
2009-07-13 17:08 - 2009-07-13 17:08 - 000076800 _____ (Microsoft Corporation) C:\Windows\System32\drivers\rspndr.sys
2009-03-01 23:05 - 2009-03-01 23:05 - 000187392 _____ (Realtek Corporation ) C:\Windows\System32\drivers\Rt64win7.sys
2016-09-05 12:01 - 2010-11-20 06:33 - 000103808 _____ (Microsoft Corporation) C:\Windows\System32\drivers\sbp2port.sys
2016-09-05 12:01 - 2010-11-20 03:09 - 000029696 _____ (Microsoft Corporation) C:\Windows\System32\drivers\scfilter.sys
2016-09-05 12:01 - 2010-11-20 06:33 - 000171392 _____ (Microsoft Corporation) C:\Windows\System32\drivers\scsiport.sys
2009-07-13 19:36 - 2009-06-10 13:37 - 000023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\System32\drivers\secdrv.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000023552 _____ (Microsoft Corporation) C:\Windows\System32\drivers\serenum.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000094208 _____ (Microsoft Corporation) C:\Windows\System32\drivers\serial.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000026624 _____ (Microsoft Corporation) C:\Windows\System32\drivers\sermouse.sys
2009-07-13 17:01 - 2009-07-13 17:01 - 000014336 _____ (Microsoft Corporation) C:\Windows\System32\drivers\sffdisk.sys
2009-07-13 17:01 - 2009-07-13 17:01 - 000013824 _____ (Microsoft Corporation) C:\Windows\System32\drivers\sffp_mmc.sys
2016-09-05 12:01 - 2010-11-20 03:34 - 000014336 _____ (Microsoft Corporation) C:\Windows\System32\drivers\sffp_sd.sys
2009-07-13 17:01 - 2009-07-13 17:01 - 000016896 _____ (Microsoft Corporation) C:\Windows\System32\drivers\sfloppy.sys
2009-06-10 13:37 - 2009-07-13 18:45 - 000043584 _____ (Silicon Integrated Systems Corp.) C:\Windows\System32\drivers\sisraid2.sys
2009-07-13 14:59 - 2009-07-13 18:45 - 000080464 _____ (Silicon Integrated Systems) C:\Windows\System32\drivers\sisraid4.sys
2009-07-13 17:09 - 2009-07-13 17:09 - 000093184 _____ (Microsoft Corporation) C:\Windows\System32\drivers\smb.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000020992 _____ (Microsoft Corporation) C:\Windows\System32\drivers\smclib.sys
2009-07-13 13:27 - 2009-07-13 18:45 - 000019008 _____ (Microsoft Corporation) C:\Windows\System32\drivers\spldr.sys
2009-06-10 13:48 - 2009-06-10 13:48 - 000426496 _____ (Microsoft Corporation) C:\Windows\System32\drivers\spsys.sys
2017-06-26 08:10 - 2017-04-05 07:55 - 000460800 _____ (Microsoft Corporation) C:\Windows\System32\drivers\srv.sys
2017-06-26 08:10 - 2017-04-05 07:55 - 000405504 _____ (Microsoft Corporation) C:\Windows\System32\drivers\srv2.sys
2017-06-26 08:10 - 2017-04-05 07:55 - 000168960 _____ (Microsoft Corporation) C:\Windows\System32\drivers\srvnet.sys
2009-07-13 14:59 - 2009-07-13 18:45 - 000024656 _____ (Promise Technology) C:\Windows\System32\drivers\stexstor.sys
2016-09-10 05:31 - 2014-02-03 19:35 - 000190912 _____ (Microsoft Corporation) C:\Windows\System32\drivers\storport.sys
2016-09-05 12:01 - 2010-11-20 06:34 - 000034688 _____ (Microsoft Corporation) C:\Windows\System32\drivers\storvsc.sys
2016-09-10 05:31 - 2015-04-10 20:19 - 000069888 _____ (Microsoft Corporation) C:\Windows\System32\drivers\stream.sys
2009-07-13 17:00 - 2009-07-13 18:45 - 000012496 _____ (Microsoft Corporation) C:\Windows\System32\drivers\swenum.sys
2009-07-13 17:01 - 2009-07-13 17:01 - 000029184 _____ (Microsoft Corporation) C:\Windows\System32\drivers\tape.sys
2017-07-12 08:32 - 2017-05-29 21:56 - 001895656 _____ (Microsoft Corporation) C:\Windows\System32\drivers\tcpip.sys
2016-09-15 18:50 - 2016-07-07 08:08 - 000046080 _____ (Microsoft Corporation) C:\Windows\System32\drivers\tcpipreg.sys
2016-09-05 12:01 - 2010-11-20 02:22 - 000026624 _____ (Microsoft Corporation) C:\Windows\System32\drivers\tdi.sys
2009-07-13 17:16 - 2009-07-13 17:16 - 000015872 _____ (Microsoft Corporation) C:\Windows\System32\drivers\tdpipe.sys
2016-09-10 05:14 - 2012-02-16 21:57 - 000023552 _____ (Microsoft Corporation) C:\Windows\System32\drivers\tdtcp.sys
2017-08-08 12:08 - 2017-07-29 07:56 - 000117248 _____ (Microsoft Corporation) C:\Windows\System32\drivers\tdx.sys
2016-09-05 12:01 - 2010-11-20 06:33 - 000063360 _____ (Microsoft Corporation) C:\Windows\System32\drivers\termdd.sys
2017-08-11 23:44 - 2015-08-05 10:06 - 000039936 _____ (Microsoft Corporation) C:\Windows\System32\drivers\tssecsrv.sys
2017-08-11 23:51 - 2013-10-01 19:22 - 000056832 _____ (Microsoft Corporation) C:\Windows\System32\drivers\TsUsbFlt.sys
2016-09-05 12:01 - 2010-11-20 03:51 - 000125440 _____ (Microsoft Corporation) C:\Windows\System32\drivers\tunnel.sys
2009-07-13 16:38 - 2009-07-13 18:45 - 000064080 _____ (Microsoft Corporation) C:\Windows\System32\drivers\UAGP35.SYS
2016-09-05 12:01 - 2010-11-20 02:26 - 000328192 _____ (Microsoft Corporation) C:\Windows\System32\drivers\udfs.sys
2009-07-13 16:38 - 2009-07-13 18:45 - 000064592 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ULIAGPKX.SYS
2016-09-05 12:01 - 2010-11-20 03:44 - 000048640 _____ (Microsoft Corporation) C:\Windows\System32\drivers\umbus.sys
2009-07-13 17:06 - 2009-07-13 17:06 - 000009728 _____ (Microsoft Corporation) C:\Windows\System32\drivers\umpass.sys
2016-09-10 05:33 - 2013-02-11 21:12 - 000019968 _____ (Microsoft Corporation) C:\Windows\System32\drivers\usb8023.sys
2015-06-10 23:08 - 2015-06-10 23:08 - 000054784 _____ (Apple, Inc.) C:\Windows\System32\drivers\usbaapl64.sys
2016-09-10 05:33 - 2013-07-12 03:40 - 000109824 _____ (Microsoft Corporation) C:\Windows\System32\drivers\USBAUDIO.sys
2016-09-05 12:01 - 2010-11-20 03:44 - 000032896 _____ (Microsoft Corporation) C:\Windows\System32\drivers\USBCAMD2.sys
2016-10-12 02:49 - 2016-08-16 13:40 - 000099840 _____ (Microsoft Corporation) C:\Windows\System32\drivers\usbccgp.sys
2016-09-10 05:33 - 2013-07-12 03:41 - 000100864 _____ (Microsoft Corporation) C:\Windows\System32\drivers\usbcir.sys
2016-10-12 02:49 - 2016-08-16 13:40 - 000007808 _____ (Microsoft Corporation) C:\Windows\System32\drivers\usbd.sys
2016-10-12 02:49 - 2016-08-16 13:40 - 000056320 _____ (Microsoft Corporation) C:\Windows\System32\drivers\usbehci.sys
2016-10-12 02:49 - 2016-08-16 13:40 - 000343552 _____ (Microsoft Corporation) C:\Windows\System32\drivers\usbhub.sys
2016-10-12 02:49 - 2016-08-16 13:40 - 000025600 _____ (Microsoft Corporation) C:\Windows\System32\drivers\usbohci.sys
2016-10-12 02:49 - 2016-08-16 13:40 - 000327168 _____ (Microsoft Corporation) C:\Windows\System32\drivers\usbport.sys
2009-07-13 17:38 - 2009-07-13 17:38 - 000025088 _____ (Microsoft Corporation) C:\Windows\System32\drivers\usbprint.sys
2016-09-05 12:01 - 2010-11-20 04:37 - 000031744 _____ (Microsoft Corporation) C:\Windows\System32\drivers\usbrpm.sys
2016-09-10 05:33 - 2016-02-03 11:07 - 000091648 _____ (Microsoft Corporation) C:\Windows\System32\drivers\USBSTOR.SYS
2016-10-12 02:49 - 2016-08-16 13:40 - 000030720 _____ (Microsoft Corporation) C:\Windows\System32\drivers\usbuhci.sys
2017-06-30 23:02 - 2014-09-02 18:01 - 000041192 _____ (Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\vbaudio_cable64_win7.sys
2017-06-30 23:04 - 2017-06-30 23:04 - 000041192 _____ (Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\vbaudio_vmvaio64_win7.sys
2009-07-13 17:01 - 2009-07-13 18:45 - 000036432 _____ (Microsoft Corporation) C:\Windows\System32\drivers\vdrvroot.sys
2009-07-13 16:38 - 2009-07-13 16:38 - 000029184 _____ (Microsoft Corporation) C:\Windows\System32\drivers\vga.sys
2009-07-13 16:38 - 2009-07-13 16:38 - 000029184 _____ (Microsoft Corporation) C:\Windows\System32\drivers\vgapnp.sys
2016-09-05 12:01 - 2010-11-20 06:34 - 000215936 _____ (Microsoft Corporation) C:\Windows\System32\drivers\vhdmp.sys
2009-07-13 16:19 - 2009-07-13 18:45 - 000017488 _____ (VIA Technologies, Inc.) C:\Windows\System32\drivers\viaide.sys
2009-07-13 16:38 - 2009-07-13 16:38 - 000129024 _____ (Microsoft Corporation) C:\Windows\System32\drivers\videoprt.sys
2016-09-05 12:01 - 2010-11-20 06:34 - 000199552 _____ (Microsoft Corporation) C:\Windows\System32\drivers\vmbus.sys
2016-09-05 12:01 - 2010-11-20 02:57 - 000021760 _____ (Microsoft Corporation) C:\Windows\System32\drivers\VMBusHID.sys
2016-09-05 12:01 - 2010-11-20 02:57 - 000006656 _____ (Microsoft Corporation) C:\Windows\System32\drivers\vms3cap.sys
2016-09-05 12:01 - 2010-11-20 06:34 - 000046464 _____ (Microsoft Corporation) C:\Windows\System32\drivers\vmstorfl.sys
2016-09-05 12:01 - 2010-11-20 06:34 - 000071552 _____ (Microsoft Corporation) C:\Windows\System32\drivers\volmgr.sys
2017-08-08 12:08 - 2017-07-07 08:33 - 000363752 _____ (Microsoft Corporation) C:\Windows\System32\drivers\volmgrx.sys
2016-09-05 12:01 - 2010-11-20 06:34 - 000295808 _____ (Microsoft Corporation) C:\Windows\System32\drivers\volsnap.sys
2009-06-10 13:37 - 2009-07-13 18:45 - 000161872 _____ (VIA Technologies Inc.,Ltd) C:\Windows\System32\drivers\vsmraid.sys
2009-07-13 17:07 - 2009-07-13 17:07 - 000024576 _____ (Microsoft Corporation) C:\Windows\System32\drivers\vwifibus.sys
2009-07-13 17:07 - 2009-07-13 17:07 - 000059904 _____ (Microsoft Corporation) C:\Windows\System32\drivers\vwififlt.sys
2009-07-13 17:07 - 2009-07-13 17:07 - 000017920 _____ (Microsoft Corporation) C:\Windows\System32\drivers\vwifimp.sys
2016-09-05 19:17 - 2014-08-06 11:15 - 000102200 _____ (Wacom Technology) C:\Windows\System32\drivers\wachidrouter.sys
2009-07-13 17:02 - 2009-07-13 17:02 - 000027776 _____ (Microsoft Corporation) C:\Windows\System32\drivers\wacompen.sys
2016-09-05 19:17 - 2014-08-06 11:15 - 000015160 _____ (Wacom Technology) C:\Windows\System32\drivers\wacomrouterfilter.sys
2016-09-05 12:01 - 2010-11-20 03:52 - 000088576 _____ (Microsoft Corporation) C:\Windows\System32\drivers\wanarp.sys
2009-07-13 16:37 - 2009-07-13 16:37 - 000042496 _____ (Microsoft Corporation) C:\Windows\System32\drivers\watchdog.sys
2009-07-13 16:19 - 2009-07-13 18:45 - 000021056 _____ (Microsoft Corporation) C:\Windows\System32\drivers\wd.sys
2016-09-10 05:33 - 2013-06-25 15:55 - 000785624 _____ (Microsoft Corporation) C:\Windows\System32\drivers\Wdf01000.sys
2016-09-05 19:17 - 2012-04-11 15:34 - 001721576 _____ (Microsoft Corporation) C:\Windows\System32\drivers\wdfcoinstaller01009.dll
2016-09-10 05:33 - 2012-11-28 15:56 - 000054376 _____ (Microsoft Corporation) C:\Windows\System32\drivers\WdfLdr.sys
2009-07-13 17:09 - 2009-07-13 17:09 - 000012800 _____ (Microsoft Corporation) C:\Windows\System32\drivers\wfplwf.sys
2009-07-13 16:29 - 2009-07-13 18:45 - 000022096 _____ (Microsoft Corporation) C:\Windows\System32\drivers\wimmount.sys
2016-09-05 12:01 - 2010-11-20 06:33 - 000052096 _____ (Microsoft Corporation) C:\Windows\System32\drivers\winhv.sys
2016-09-05 12:01 - 2010-11-20 03:43 - 000041984 _____ (Microsoft Corporation) C:\Windows\System32\drivers\winusb.sys
2009-07-13 16:31 - 2009-07-13 16:31 - 000014336 _____ (Microsoft Corporation) C:\Windows\System32\drivers\wmiacpi.sys
2009-07-13 16:19 - 2009-07-13 18:45 - 000016464 _____ (Microsoft Corporation) C:\Windows\System32\drivers\wmilib.sys
2009-07-13 17:10 - 2009-07-13 17:10 - 000021504 _____ (Microsoft Corporation) C:\Windows\System32\drivers\ws2ifsl.sys
2016-09-11 03:22 - 2012-07-25 19:26 - 000087040 _____ (Microsoft Corporation) C:\Windows\System32\drivers\WUDFPf.sys
2016-09-11 03:22 - 2012-07-25 19:26 - 000198656 _____ (Microsoft Corporation) C:\Windows\System32\drivers\WUDFRd.sys
2009-07-13 22:37 - 2017-08-11 23:52 - 000000000 ____D () C:\Windows\System32\drivers\en-US
2009-07-13 22:35 - 2009-07-13 19:29 - 000011776 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\1394ohci.sys.mui
2009-07-13 22:35 - 2009-07-13 19:23 - 000009216 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\acpi.sys.mui
2009-07-13 22:35 - 2009-07-13 19:30 - 000014848 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\afd.sys.mui
2009-07-13 22:35 - 2009-07-13 19:25 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\AGP440.sys.mui
2009-07-13 22:35 - 2009-07-13 19:25 - 000002048 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\amdide.sys.mui
2009-07-13 22:35 - 2009-07-13 19:28 - 000014336 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\amdk8.sys.mui
2009-07-13 22:35 - 2009-07-13 19:28 - 000014336 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\amdppm.sys.mui
2009-07-13 22:35 - 2009-07-13 19:29 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\ataport.sys.mui
2009-07-13 22:35 - 2009-07-13 19:29 - 000003072 _____ (ATI Technologies Inc.) C:\Windows\System32\drivers\en-US\atikmdag.sys.mui
2009-07-13 22:35 - 2009-07-13 19:27 - 000007168 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\battc.sys.mui
2009-07-13 22:35 - 2009-07-13 19:30 - 000025600 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\bfe.dll.mui
2009-07-13 22:35 - 2009-07-13 19:28 - 000002560 _____ (Brother Industries Ltd.) C:\Windows\System32\drivers\en-US\BrParwdm.sys.mui
2009-07-13 22:35 - 2009-07-13 19:25 - 000010240 _____ (Brother Industries Ltd.) C:\Windows\System32\drivers\en-US\BrSerIb.sys.mui
2009-07-13 22:35 - 2009-07-13 19:30 - 000010240 _____ (Brother Industries Ltd.) C:\Windows\System32\drivers\en-US\BrSerId.sys.mui
2009-07-13 22:35 - 2009-07-13 19:30 - 000002048 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\bthenum.sys.mui
2009-07-13 22:35 - 2009-07-13 19:27 - 000004608 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\bthpan.sys.mui
2009-07-13 22:35 - 2009-07-13 19:27 - 000007680 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\bthport.sys.mui
2009-07-13 22:35 - 2009-07-13 19:30 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\BTHUSB.SYS.mui
2009-07-13 22:35 - 2009-07-13 19:29 - 000002048 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\cdrom.sys.mui
2009-07-13 22:35 - 2009-07-13 19:29 - 000002048 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\disk.sys.mui
2009-07-13 22:35 - 2009-07-13 19:28 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\Dot4usb.sys.mui
2009-07-13 22:35 - 2009-07-13 19:23 - 000005120 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\fltmgr.sys.mui
2009-07-13 22:35 - 2009-07-13 19:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\fvevol.sys.mui
2009-07-13 22:35 - 2009-07-13 19:29 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\GAGP30KX.SYS.mui
2009-07-13 22:35 - 2009-07-13 19:28 - 000004096 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\hdaudbus.sys.mui
2009-07-13 22:35 - 2009-07-13 19:30 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\HdAudio.sys.mui
2009-07-13 22:35 - 2009-07-13 19:24 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\hidbth.sys.mui
2009-07-13 22:35 - 2009-07-13 19:30 - 000032256 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\http.sys.mui
2009-07-13 22:35 - 2009-07-13 19:29 - 000010240 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\i8042prt.sys.mui
2009-07-13 22:35 - 2009-07-13 19:28 - 000014336 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\intelppm.sys.mui
2016-09-05 12:01 - 2010-11-20 06:11 - 000006144 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2009-07-13 22:35 - 2009-07-13 19:23 - 000003584 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\ipnat.sys.mui
2009-07-13 22:35 - 2009-07-13 19:30 - 000003584 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\isapnp.sys.mui
2016-09-05 12:01 - 2010-11-20 06:10 - 000004608 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2009-07-13 22:35 - 2009-07-13 19:24 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\kbdhid.sys.mui
2009-07-13 22:35 - 2009-07-13 19:29 - 000006144 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\luafv.sys.mui
2009-07-13 22:35 - 2009-07-13 19:28 - 000003584 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\modem.sys.mui
2009-07-13 22:35 - 2009-07-13 19:26 - 000004096 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\mouclass.sys.mui
2009-07-13 22:35 - 2009-07-13 19:24 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\mouhid.sys.mui
2016-09-10 05:35 - 2015-07-15 11:02 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\mountmgr.sys.mui
2009-07-13 22:35 - 2009-07-13 19:27 - 000026624 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\mpio.sys.mui
2009-07-13 22:35 - 2009-07-13 19:29 - 000005632 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\msdsm.sys.mui
2009-07-13 22:35 - 2009-07-13 19:24 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\mssmbios.sys.mui
2009-07-13 22:35 - 2009-07-13 19:27 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\MTConfig.sys.mui
2009-07-13 22:35 - 2009-07-13 19:29 - 000035328 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\ndis.sys.mui
2009-07-13 22:35 - 2009-07-13 19:29 - 000005632 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\ndiscap.sys.mui
2009-07-13 22:35 - 2009-07-13 19:23 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\ndisuio.sys.mui
2009-07-13 22:35 - 2009-07-13 19:26 - 000059904 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\ntfs.sys.mui
2009-07-13 22:35 - 2009-07-13 19:24 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\NV_AGP.SYS.mui
2009-07-13 22:35 - 2009-07-13 19:23 - 000013824 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\nwifi.sys.mui
2009-07-13 22:35 - 2009-07-13 19:29 - 000011776 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\ohci1394.sys.mui
2009-07-13 22:35 - 2009-07-13 19:25 - 000015360 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\pacer.sys.mui
2009-07-13 22:35 - 2009-07-13 19:29 - 000003584 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\parport.sys.mui
2009-07-13 22:35 - 2009-07-13 19:29 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\partmgr.sys.mui
2009-07-13 22:35 - 2009-07-13 19:29 - 000008192 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\pci.sys.mui
2009-07-13 22:35 - 2009-07-13 19:28 - 000004096 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\pcmcia.sys.mui
2009-07-13 22:35 - 2009-07-13 19:26 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\pnpmem.sys.mui
2009-07-13 22:35 - 2009-07-13 19:23 - 000003584 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\portcls.sys.mui
2009-07-13 22:35 - 2009-07-13 19:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\processr.sys.mui
2009-07-13 22:35 - 2009-07-13 19:30 - 000003584 _____ (SCM Microsystems, Inc.) C:\Windows\System32\drivers\en-US\pscr.sys.mui
2009-07-13 22:35 - 2009-07-13 19:24 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\qwavedrv.sys.mui
2009-07-13 22:35 - 2009-07-13 19:25 - 000004608 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\rdbss.sys.mui
2016-09-05 12:01 - 2010-11-20 06:01 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\rdpwd.sys.mui
2016-09-05 12:01 - 2010-11-20 06:13 - 000006144 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\rdvgkmd.sys.mui
2009-07-13 22:35 - 2009-07-13 19:28 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\RNDISMP.sys.mui
2009-07-13 22:35 - 2009-07-13 19:25 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\rndismp6.sys.mui
2009-07-13 22:35 - 2009-07-13 19:28 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\rndismpx.sys.mui
2009-07-13 22:35 - 2009-07-13 19:30 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\scfilter.sys.mui
2009-07-13 22:35 - 2009-07-13 19:24 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\scsiport.sys.mui
2009-07-13 22:35 - 2009-07-13 19:30 - 000010240 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\serial.sys.mui
2009-07-13 22:35 - 2009-07-13 19:29 - 000005120 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\sermouse.sys.mui
2009-07-13 22:35 - 2009-07-13 19:26 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\serscan.sys.mui
2009-07-13 22:35 - 2009-07-13 19:25 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\srv.sys.mui
2009-07-13 22:35 - 2009-07-13 19:28 - 000044032 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\tcpip.sys.mui
2016-09-10 05:33 - 2016-02-05 11:53 - 000008192 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\tpm.sys.mui
2017-08-11 23:51 - 2013-10-01 21:38 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2016-09-05 12:01 - 2010-11-20 06:11 - 000004096 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\tsusbhub.sys.mui
2009-07-13 22:35 - 2009-07-13 19:24 - 000007680 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\tunnel.sys.mui
2009-07-13 22:35 - 2009-07-13 19:24 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\UAGP35.SYS.mui
2009-07-13 22:35 - 2009-07-13 19:23 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\ULIAGPKX.SYS.mui
2009-07-13 22:35 - 2009-07-13 19:29 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\umbus.sys.mui
2016-10-12 02:49 - 2016-08-16 14:03 - 000003072 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\usbehci.sys.mui
2016-10-12 02:49 - 2016-08-16 14:03 - 000011776 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\usbhub.sys.mui
2016-10-12 02:49 - 2016-08-16 14:03 - 000024576 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\usbport.sys.mui
2009-07-13 22:35 - 2009-07-13 19:24 - 000002048 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\usbrpm.sys.mui
2009-07-13 22:35 - 2009-07-13 19:26 - 000003584 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\vdrvroot.sys.mui
2009-07-13 22:35 - 2009-07-13 19:29 - 000003584 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\vhdmp.sys.mui
2009-07-13 22:35 - 2009-07-13 19:23 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\volmgrx.sys.mui
2009-07-13 22:35 - 2009-07-13 19:28 - 000023552 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\volsnap.sys.mui
2009-07-13 22:35 - 2009-07-13 19:29 - 000002048 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\vwifibus.sys.mui
2009-07-13 22:35 - 2009-07-13 19:27 - 000004096 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\wacompen.sys.mui
2009-07-13 22:35 - 2009-07-13 19:26 - 000002048 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\wd.sys.mui
2016-09-11 20:52 - 2012-07-25 21:47 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2009-07-13 22:35 - 2009-07-13 19:29 - 000002048 _____ (Microsoft Corporation) C:\Windows\System32\drivers\en-US\ws2ifsl.sys.mui
2009-07-13 20:20 - 2009-07-13 20:20 - 000000000 ____D () C:\Windows\System32\drivers\etc
2009-07-13 19:34 - 2017-08-27 00:29 - 000001258 _____ () C:\Windows\System32\drivers\etc\hosts
2009-07-13 19:35 - 2009-06-10 14:00 - 000003683 _____ () C:\Windows\System32\drivers\etc\lmhosts.sam
2009-07-13 19:34 - 2009-06-10 14:00 - 000000407 _____ () C:\Windows\System32\drivers\etc\networks
2009-07-13 19:34 - 2009-06-10 14:00 - 000001358 _____ () C:\Windows\System32\drivers\etc\protocol
2009-07-13 19:34 - 2009-06-10 14:00 - 000017463 _____ () C:\Windows\System32\drivers\etc\services
2009-07-13 20:20 - 2016-09-11 05:21 - 000000000 ____D () C:\Windows\System32\drivers\UMDF
2016-09-05 12:01 - 2010-11-20 06:27 - 000109056 _____ (Microsoft Corporation) C:\Windows\System32\drivers\UMDF\usbdr.dll
2009-07-13 17:21 - 2009-07-13 18:41 - 000299520 _____ (Microsoft Corporation) C:\Windows\System32\drivers\UMDF\WpdFs.dll
2016-09-10 05:33 - 2015-01-28 20:19 - 001195008 _____ (Microsoft Corporation) C:\Windows\System32\drivers\UMDF\WpdMtpDr.dll
2009-07-13 22:37 - 2009-07-13 22:37 - 000000000 ____D () C:\Windows\System32\drivers\UMDF\en-US
2009-07-13 22:35 - 2009-07-13 19:24 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\drivers\UMDF\en-US\WpdMtpDr.dll.mui
2009-07-13 22:35 - 2009-07-13 19:26 - 000006144 _____ (Microsoft Corporation) C:\Windows\System32\drivers\UMDF\en-US\WUDFUsbccidDriver.dll.mui
 
====== End of Folder: ======
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2199958151-3503539799-115655472-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2199958151-3503539799-115655472-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{3FC613AD-C520-49CE-B95A-72EE6EB43780} canceled.
{1D315AA5-626F-4DCB-A15C-0CCF4FE35626} canceled.
2 out of 2 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 58905600 B
Java, Flash, Steam htmlcache => 22732536 B
Windows/system/drivers => 204295038 B
Edge => 0 B
Chrome => 117959754 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58558607 B
systemprofile32 => 66356 B
LocalService => 66228 B
NetworkService => 9648 B
Mike's DT => 434811412 B
 
RecycleBin => 0 B
EmptyTemp: => 863.9 MB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 27-08-2017 13:30:22)
 
C:\Users\Mike's DT\AppData\Local\ntuserlitelist => Is moved successfully
"C:\Windows\system32\mstbvje.exe" => Could not move
"C:\Windows\system32\ravcpdkz.exe" => Could not move
C:\Users\Mike's DT\AppData\Local\llssoft => Is moved successfully
 
==== End of Fixlog 13:30:22 ====


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:35 AM

Posted 27 August 2017 - 08:21 PM

We will need to run the fix in the Recovery Console.

Please download Farbar Recovery Scan Tool and save it to a flash drive, FRST64.

Please also download the attached file and save it in the same location the FRST64 is saved in the flash drive.

Insert the USB drive in the infected computer.

Boot to the Recovery Console's Command prompt.

Entry points into the Windows Recovery Environment (WinRE).

You can access WinRE features through the Boot Options menu, which can be launched from Windows in a few different ways:

  • Option 1: From the login screen, click Shutdown, then hold down the Shift key while selecting Restart.
  • Option 2: In Windows 10, select Start > Settings > Update & security > Recovery > under Advanced Startup, click Restart now.
  • Option 3: Boot to recovery media.
  • Option 4: Use a hardware recovery button (or button combination) configured by the OEM (Computer Manufacturer).
  • Option 5: Press F8 at startup and select Repair my Computer.

After any of these actions is performed, all user sessions are signed off and the Boot Options menu is displayed. The PC will restart into the WinRE and the selected feature is launched.

On the boot options, select Troubleshooting > Advanced Options > Command prompt.

Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button.
  • It will make a log (Fixlog.txt) in the flash drive. Please copy and paste it to your reply.

 

 

If the files are successfully deleted, follow these steps:

 

Restart the computer.

  • Please download this verion of  Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the installer.
  • Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
  • Click Next, followed by Update. Upon update completion, click Next.
  • Ensure Drivers, Sectors & System are checked and click Scan.
  • Note: Do not use your computer during the scan.
  • Upon completion:
    • If no infection is found, close the MBAR window.
    • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.
  • Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 dt08

dt08
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 29 August 2017 - 08:08 PM

I was able to figure out my USB issue after a bit of tampering since it seems to be the only way to do this lol. 

 

Here are the files!

Attached Files



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:35 AM

Posted 29 August 2017 - 09:05 PM

Outstanding.

 

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

65MBhLLb.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:35 AM

Posted 31 August 2017 - 03:15 PM

How is it going?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:35 AM

Posted 03 September 2017 - 02:50 PM

Are you still with us?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:35 AM

Posted 12 September 2017 - 03:43 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users