Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit virus malewarebytes cant remove


  • This topic is locked This topic is locked
23 replies to this topic

#1 wmb1961

wmb1961

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 12 December 2017 - 04:19 PM

These are the two files Malwarebytes keeps finding even after quarentineing them...
 
Registry Key: 1
Rootkit.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UDISKMGR, No Action By User, [1228], [466343],1.0.3473
 
Registry Value: 1
Rootkit.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UDISKMGR|IMAGEPATH, No Action By User, [1228], [466343],1.0.3473
 
 
Followed recommendations and ran the following 
 
Security Check
Farbar
MiniToolBox
malwarebytes
Malwarebytes Anti-rootkit (crashes when i run this)
RKill
Temp File Remover
ADW Remover
Sofos free Virus Remover
 
and here are the two farbar 64 bt Log reports
 
have to post  em separate cause the forum wont allow both at the same time
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-12-2017
Ran by admin24 (administrator) on ADMIN2 (12-12-2017 15:46:48)
Running from C:\Users\admin24\Downloads
Loaded Profiles: admin24 (Available Profiles: admin24)
Platform: Windows 10 Home Version 1607 14393.1770 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\System32\nviamxesvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Users\admin24\AppData\Local\wmcaxro\wmcaxro.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe
(Aviata Inc) C:\Program Files (x86)\Dell Product Registration\prodreg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5540 series\Bin\ScanToPCActivationApp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\avgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5540 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
Failed to access process -> explorer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Ipswitch) C:\Program Files (x86)\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-03] (Realtek Semiconductor)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [302744 2017-11-09] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-10-15] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2017-11-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\Run: [HP ENVY 5540 series (NET)] => C:\Program Files\HP\HP ENVY 5540 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2017-11-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\MountPoints2: {1bfa7de2-83e1-11e5-825f-4cbb58875084} - "D:\SISetup.exe" 
HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\MountPoints2: {d7695744-9c07-11e7-828a-4cbb58875084} - "G:\WD SmartWare.exe" autoplay=true
Startup: C:\Users\admin24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MassPlanner.lnk [2016-02-12]
ShortcutTarget: MassPlanner.lnk -> C:\Users\admin24\AppData\Roaming\MassPlanner2\MassPlannerNew.exe (No File)
Startup: C:\Users\admin24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MassPlanner2.lnk [2016-02-05]
ShortcutTarget: MassPlanner2.lnk -> C:\Users\admin24\AppData\Roaming\MassPlanner2\MassPlannerNew.exe (No File)
Startup: C:\Users\admin24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-07-10]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Check Writer Backup.lnk [2015-11-11]
ShortcutTarget: Check Writer Backup.lnk -> C:\Program Files\CheckWriter6\b\CWbackup.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-09-24]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{32eb1e66-d1f1-403d-a96d-90e933eb5fe0}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{32eb1e66-d1f1-403d-a96d-90e933eb5fe0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f4b05ada-eeb1-417d-8ab6-9d0411bfc803}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{f4b05ada-eeb1-417d-8ab6-9d0411bfc803}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001 -> DefaultScope {4B880F7A-D02C-4DBF-BAC4-5608C1AD9BB5} URL = 
SearchScopes: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001 -> {C49A6ABE-C1FC-486C-B0B3-6BBE21205947} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-11-16] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-11-04] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-11-04] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-19] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-11-04] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-19] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-11-04] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-11-04] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-11-04] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-29] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: mcw9ssjn.default
FF ProfilePath: C:\Users\admin24\AppData\Roaming\Mozilla\Firefox\Profiles\mcw9ssjn.default [2017-12-11]
FF Homepage: Mozilla\Firefox\Profiles\mcw9ssjn.default -> hxxps://www.google.com
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-27]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-12] ()
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-19] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-20] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-28] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3609396728-1424491989-2649479348-1001: @citrixonline.com/appdetectorplugin -> C:\Users\admin24\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-03-15] (Citrix Online)
 
Chrome: 
=======
CHR Profile: C:\Users\admin24\AppData\Local\Google\Chrome\User Data\Default [2017-12-12]
CHR Extension: (Slides) - C:\Users\admin24\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\admin24\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\admin24\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-04]
CHR Extension: (YouTube) - C:\Users\admin24\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-28]
CHR Extension: (Sheets) - C:\Users\admin24\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Google Docs Offline) - C:\Users\admin24\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-04]
CHR Extension: (Google Play) - C:\Users\admin24\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2017-02-03]
CHR Extension: (Skype) - C:\Users\admin24\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-04]
CHR Extension: (Google Hangouts) - C:\Users\admin24\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-11-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin24\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\admin24\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\admin24\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-29]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063664 2017-11-22] (Microsoft Corporation)
S2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208760 2017-07-27] (Dell Inc.)
S2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294584 2017-07-27] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-07-27] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
U2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [230248 2017-05-01] (Dell Inc.)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP) [File not signed]
R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [361888 2012-07-25] (HP)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
S2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-03] (Realtek Semiconductor)
S2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [53208 2017-09-22] (Dell Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-08-08] (Microsoft Corporation)
S2 NAUpdate; "C:\Program Files (x86)\Nero\Update\NASvc.exe" [X]
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 avgVmm; C:\Windows\System32\Drivers\avgVmm.sys [355856 2017-11-09] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-04-11] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-04-11] (Dell Computer Corporation)
S4 geemllc; C:\WINDOWS\System32\drivers\djpk.sys [79064 2017-11-08] (Malwarebytes)
S3 HP1210FAX; C:\WINDOWS\System32\Drivers\HPM1210FAX.sys [16384 2011-04-15] ()
S4 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [119000 2017-12-12] (Malwarebytes Corporation)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-04] (Malwarebytes)
R1 MpKsl85890b89; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A0243FA2-9F3C-4A05-B12D-9E1823677389}\MpKsl85890b89.sys [58120 2017-12-08] (Microsoft Corporation)
R3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Marvell Semiconductor, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-11-08] (Zemana Ltd.)
U0 Partizan; system32\drivers\Partizan.sys [X]
R3 udiskMgr; system32\drivers\osvybf.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-12 15:46 - 2017-12-12 15:49 - 000022854 _____ C:\Users\admin24\Downloads\FRST.txt
2017-12-12 15:46 - 2017-12-12 15:46 - 000000000 ____D C:\FRST
2017-12-12 15:39 - 2017-12-12 15:39 - 000099404 _____ C:\Users\admin24\Downloads\d68ab740-a321-4d07-bff6-739beb106dd0.tmp
2017-12-12 15:39 - 2017-12-12 15:39 - 000064035 _____ C:\Users\admin24\Downloads\eb38ba37-4d47-400e-b98d-aa67631a234b.tmp
2017-12-12 15:39 - 2017-12-12 15:39 - 000063906 _____ C:\Users\admin24\Downloads\ad252900-61de-439f-bdb4-a4006e8e54c2.tmp
2017-12-12 15:39 - 2017-12-12 15:39 - 000062842 _____ C:\Users\admin24\Downloads\e0b6137f-2206-4f05-b520-9ef0cdc3d012.tmp
2017-12-12 15:39 - 2017-12-12 15:39 - 000040311 _____ C:\Users\admin24\Downloads\b3c65a16-6f54-4612-9cad-ee187495660f.tmp
2017-12-12 15:39 - 2017-12-12 15:39 - 000036022 _____ C:\Users\admin24\Downloads\8940172d-f1cc-4d79-9cae-15a924b8e8d8.tmp
2017-12-12 15:35 - 2017-12-12 15:39 - 002392064 _____ (Farbar) C:\Users\admin24\Downloads\FRST64.exe
2017-12-12 15:25 - 2017-12-12 15:29 - 014178840 _____ (Malwarebytes Corp.) C:\Users\admin24\Downloads\mbar-1.10.3.1001 (2).exe
2017-12-12 15:22 - 2017-12-12 15:22 - 000001378 _____ C:\Users\admin24\Desktop\Rkill.txt
2017-12-12 14:57 - 2017-12-12 14:57 - 000003136 _____ C:\WINDOWS\SysWOW64\System
2017-12-12 13:12 - 2017-12-12 13:12 - 000063087 _____ C:\Users\admin24\Downloads\Lorenzo.manderson-Auth_sig1.jpeg
2017-12-12 11:11 - 2017-12-12 11:11 - 000001335 _____ C:\Users\admin24\Desktop\mb 12-12-17.txt
2017-12-12 11:10 - 2017-12-12 11:10 - 000001378 _____ C:\Users\admin24\Desktop\MB Rootkit 12-12-17.txt
2017-12-09 19:37 - 2017-12-09 19:37 - 000316032 _____ C:\Users\admin24\Downloads\authorizationform100.pdf
2017-12-08 18:02 - 2017-12-08 18:02 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\42334722.sys
2017-12-08 18:01 - 2017-12-08 18:01 - 000000000 ____D C:\Users\admin24\Desktop\mbar
2017-12-08 18:00 - 2017-12-08 18:01 - 014178840 _____ (Malwarebytes Corp.) C:\Users\admin24\Downloads\mbar-1.10.3.1001 (1).exe
2017-12-08 17:43 - 2017-12-08 17:43 - 000140624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\snhnruxa.sys
2017-12-08 11:34 - 2017-12-08 11:35 - 001790024 _____ (Malwarebytes) C:\Users\admin24\Downloads\JRT.exe
2017-12-07 16:33 - 2017-12-07 16:33 - 000003642 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-12-07 16:30 - 2017-12-07 16:33 - 000001028 _____ C:\DelFix.txt
2017-12-07 16:30 - 2017-12-07 16:30 - 000000000 ____D C:\WINDOWS\ERUNT
2017-12-07 16:18 - 2017-12-07 16:18 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\5D2632D3.sys
2017-12-07 16:18 - 2017-12-07 16:18 - 000000114 _____ C:\local.conf
2017-12-07 13:46 - 2017-12-07 13:46 - 000167034 _____ C:\Users\admin24\Downloads\fileassassin-setup-1.06.exe
2017-12-07 13:46 - 2017-12-07 13:46 - 000001130 _____ C:\Users\Public\Desktop\FileASSASSIN.lnk
2017-12-07 13:46 - 2017-12-07 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2017-12-07 13:46 - 2017-12-07 13:46 - 000000000 ____D C:\Program Files (x86)\FileASSASSIN
2017-12-06 12:53 - 2017-12-06 19:25 - 000015741 _____ C:\Users\admin24\Desktop\250-leads (version 1).xlsb.xlsx
2017-12-06 11:53 - 2017-12-06 11:53 - 000000000 ____D C:\ProgramData\Sophos
2017-12-06 11:52 - 2017-12-06 11:52 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-12-06 11:52 - 2017-12-06 11:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-12-06 11:52 - 2017-12-06 11:52 - 000000000 ____D C:\Program Files (x86)\Sophos
2017-12-06 11:41 - 2017-12-06 11:49 - 183163664 _____ (Sophos Limited) C:\Users\admin24\Desktop\Sophos Virus Removal Tool.exe
2017-12-04 19:56 - 2017-12-05 17:42 - 000012169 _____ C:\Users\admin24\Desktop\250-leads.xlsx
2017-12-04 12:42 - 2017-12-04 12:42 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\363C8656.sys
2017-12-04 12:35 - 2017-12-04 12:35 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7327838C.sys
2017-12-04 12:31 - 2017-12-04 12:33 - 014178840 _____ (Malwarebytes Corp.) C:\Users\admin24\Downloads\mbar-1.10.3.1001.exe
2017-12-04 12:11 - 2017-12-12 15:18 - 000091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-12-04 12:10 - 2017-12-12 15:19 - 000119000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-12-04 12:10 - 2017-12-08 17:29 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-12-04 12:10 - 2017-12-04 12:10 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-04 12:10 - 2017-12-04 12:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-04 12:10 - 2017-12-04 12:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-04 12:09 - 2017-12-04 12:10 - 078346672 _____ (Malwarebytes ) C:\Users\admin24\Downloads\mb3-setup-1878.1878-3.3.1.2183.exe
2017-12-04 12:08 - 2017-12-04 12:08 - 000036144 _____ C:\Users\admin24\Downloads\MTB.txt
2017-11-30 15:53 - 2017-12-09 14:38 - 000000000 ____D C:\Users\admin24\Downloads\img
2017-11-30 12:07 - 2017-11-30 12:07 - 000001711 _____ C:\Users\admin24\Desktop\Power2Go8..lnk
2017-11-29 20:19 - 2017-11-29 20:19 - 000003622 _____ C:\WINDOWS\System32\Tasks\{D58A33A3-0771-4EBE-808A-C4975833EB16}
2017-11-29 19:01 - 2017-11-29 19:01 - 000551543 _____ C:\Users\admin24\Downloads\noname (7)
2017-11-29 19:00 - 2017-11-29 19:01 - 000551543 _____ C:\Users\admin24\Downloads\noname (6)
2017-11-28 16:19 - 2017-11-28 16:19 - 000002350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-28 16:19 - 2017-11-28 16:19 - 000002338 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-28 16:18 - 2017-11-28 16:18 - 001129816 _____ (Google Inc.) C:\Users\admin24\Downloads\ChromeSetup.exe
2017-11-27 17:10 - 2017-11-27 17:10 - 000095872 _____ C:\Users\admin24\Downloads\noname (5)
2017-11-27 13:03 - 2017-12-05 15:54 - 000001753 _____ C:\Users\admin24\Desktop\SETH L.COMICS LIST.txt
2017-11-22 18:48 - 2017-11-22 18:48 - 013683839 _____ C:\Users\admin24\Downloads\Quality___Love_Secrets_045__1955_.cbr
2017-11-21 22:53 - 2017-11-21 22:53 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-11-20 18:08 - 2017-11-20 18:08 - 000000000 _____ C:\WINDOWS\system32\last.dump
2017-11-20 18:00 - 2017-11-20 18:00 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-11-20 17:59 - 2017-11-20 18:00 - 000455376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw11b4205c46f6bf35.tmp
2017-11-20 17:59 - 2017-11-20 17:58 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw61f26826b88e8b7d.tmp
2017-11-20 17:59 - 2017-11-20 17:58 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw6f40a24e50bf5ba4.tmp
2017-11-20 17:59 - 2017-11-20 17:58 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw320e2fc1b68b2693.tmp
2017-11-20 17:59 - 2017-11-20 17:58 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswcecd404381c84626.tmp
2017-11-20 17:59 - 2017-11-20 17:58 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswd7287b4b607bb835.tmp
2017-11-20 17:59 - 2017-11-20 17:58 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw66872847bd54c7c1.tmp
2017-11-20 17:59 - 2017-11-20 17:58 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswe38c9274d2b33b64.tmp
2017-11-20 17:59 - 2017-11-20 17:57 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswf09f785ac37744a7.tmp
2017-11-20 17:59 - 2017-11-20 17:57 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\asw95337822174eed40.tmp
2017-11-20 17:59 - 2017-11-20 17:57 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswdb098ccc3f104527.tmp
2017-11-20 17:59 - 2017-11-20 17:57 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\asw9d8ff2b122d58d41.tmp
2017-11-20 17:59 - 2017-11-20 17:57 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\asw5a495692cadc2d81.tmp
2017-11-20 17:55 - 2017-11-22 15:08 - 000000000 ____D C:\ProgramData\AVAST Software
2017-11-20 17:55 - 2017-11-20 17:55 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2017-11-20 17:55 - 2017-11-20 17:55 - 000002856 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-11-20 17:55 - 2017-11-20 17:55 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-11-20 17:55 - 2017-11-20 17:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-11-20 17:55 - 2017-11-20 17:55 - 000000000 ____D C:\Program Files\CCleaner
2017-11-20 17:54 - 2017-11-20 17:54 - 010849904 _____ (Piriform Ltd) C:\Users\admin24\Downloads\ccsetup537.exe
2017-11-20 16:52 - 2017-11-20 16:52 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\66B97E46.sys
2017-11-20 16:42 - 2017-12-04 18:48 - 000000000 ____D C:\Users\admin24\Desktop\NEW BIG TICKET
2017-11-20 16:32 - 2017-11-20 16:32 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\05306F50.sys
2017-11-20 16:32 - 2017-11-20 16:32 - 000109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\656A6F1B.sys
2017-11-20 16:29 - 2017-12-08 18:02 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-11-20 16:24 - 2017-11-20 16:28 - 016563352 _____ (Malwarebytes Corp.) C:\Users\admin24\Downloads\mbar-1.09.3.1001.exe
2017-11-20 12:32 - 2017-11-20 12:32 - 000014202 _____ C:\Users\admin24\Downloads\W.C.Lunde-Auth.sig-9510812979047312109101.pdf
2017-11-18 18:57 - 2017-11-18 18:57 - 000000000 ____D C:\Program Files (x86)\Lame For Audacity
2017-11-18 18:40 - 2017-11-18 19:18 - 000000000 ____D C:\Users\admin24\Downloads\TyLong Audio
2017-11-18 18:38 - 2017-11-18 18:38 - 000000000 ____D C:\Users\admin24\Documents\Audacity
2017-11-18 18:26 - 2017-11-18 19:19 - 000000000 ____D C:\Users\admin24\AppData\Roaming\audacity
2017-11-18 18:26 - 2017-11-18 18:26 - 000001094 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-11-18 18:26 - 2017-11-18 18:26 - 000001082 _____ C:\Users\Public\Desktop\Audacity.lnk
2017-11-18 18:26 - 2017-11-18 18:26 - 000000000 ____D C:\Users\admin24\AppData\Local\Audacity
2017-11-18 18:26 - 2017-11-18 18:26 - 000000000 ____D C:\Program Files (x86)\Audacity
2017-11-18 18:24 - 2017-11-18 18:25 - 020275088 _____ (Audacity Team ) C:\Users\admin24\Downloads\audacity-win-2.2.0.exe
2017-11-17 17:40 - 2017-11-17 17:40 - 000000000 ____D C:\Users\admin24\Desktop\PAYMENT BUTTONS
2017-11-16 11:44 - 2017-12-12 14:44 - 009497600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2017-11-15 16:26 - 2017-11-15 16:26 - 000001663 _____ C:\Users\admin24\Desktop\Bulk Rename Utility.exe - Shortcut.lnk
2017-11-15 14:49 - 2017-11-15 14:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Rename Utility
2017-11-15 14:49 - 2017-11-15 14:49 - 000000000 ____D C:\Program Files\Bulk Rename Utility
2017-11-15 14:44 - 2017-11-15 14:46 - 009699408 _____ (TGRMN Software ) C:\Users\admin24\Downloads\BRU_setup_3.0.0.1.exe
2017-11-15 11:44 - 2017-12-12 15:46 - 000000000 ___RD C:\Users\admin24\Creative Cloud Files
2017-11-15 11:40 - 2017-12-04 11:44 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-11-15 11:40 - 2017-11-22 15:27 - 000002116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2017-11-15 11:40 - 2017-11-22 15:27 - 000002093 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2017-11-14 17:40 - 2017-11-14 17:40 - 001995464 _____ (Adobe Systems Incorporated) C:\Users\admin24\Downloads\Acrobat_Pro_DC_Set-Up (2).exe
2017-11-14 17:40 - 2017-11-14 17:40 - 000001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-11-14 17:40 - 2017-11-14 17:40 - 000001292 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2017-11-14 17:37 - 2017-11-14 17:40 - 001995464 _____ (Adobe Systems Incorporated) C:\Users\admin24\Downloads\Acrobat_Pro_DC_Set-Up (1).exe
2017-11-14 17:27 - 2017-11-14 17:27 - 001995528 _____ (Adobe Systems Incorporated) C:\Users\admin24\Downloads\Acrobat_Pro_DC_Set-Up.exe
2017-11-14 17:15 - 2017-11-14 17:15 - 000537167 _____ C:\Users\admin24\Downloads\Sneaky_Ways_From_Craigslist.pdf
2017-11-13 11:02 - 2017-12-12 15:46 - 000000000 ____D C:\Users\admin24\AppData\Local\wmcaxro
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-12 15:49 - 2017-11-08 13:07 - 000030310 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-12-12 15:46 - 2015-10-31 12:09 - 000000000 ____D C:\Users\admin24\AppData\Local\Adobe
2017-12-12 15:42 - 2016-05-27 11:48 - 000000000 __SHD C:\Users\admin24\IntelGraphicsProfiles
2017-12-12 15:41 - 2017-11-08 12:03 - 002883072 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\nviamxesvc.exe
2017-12-12 15:41 - 2017-10-10 11:14 - 000000354 _____ C:\WINDOWS\Tasks\HPCeeScheduleForadmin24.job
2017-12-12 15:41 - 2016-10-03 05:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-12 15:41 - 2016-10-03 04:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-12 15:22 - 2017-11-10 15:07 - 000000000 ____D C:\Users\admin24\Desktop\SPYWARE REMOVERS
2017-12-12 14:44 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-12 14:44 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-12 12:24 - 2015-11-11 11:53 - 000000000 ____D C:\Program Files\CheckWriter6
2017-12-12 12:14 - 2017-10-10 11:14 - 000003254 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForadmin24
2017-12-12 10:56 - 2016-10-03 04:44 - 000000000 ____D C:\Users\admin24
2017-12-12 10:55 - 2016-07-16 01:04 - 018350080 _____ C:\WINDOWS\system32\config\HARDWARE
2017-12-11 21:50 - 2016-07-16 06:45 - 000000000 ____D C:\WINDOWS\INF
2017-12-11 15:38 - 2017-04-26 10:15 - 000000000 ____D C:\Users\admin24\AppData\LocalLow\Mozilla
2017-12-11 11:04 - 2017-11-09 18:59 - 000004282 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2017-12-10 19:17 - 2017-11-08 12:07 - 000000000 ____D C:\WINDOWS\Minidump
2017-12-10 19:17 - 2015-03-25 18:17 - 000314002 ____N C:\WINDOWS\Minidump\121017-25640-01.dmp
2017-12-09 16:58 - 2017-04-25 14:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-09 16:58 - 2015-09-09 10:55 - 000001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-08 19:13 - 2016-07-16 06:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-08 18:04 - 2015-03-25 18:17 - 000298058 ____N C:\WINDOWS\Minidump\120817-80859-01.dmp
2017-12-08 17:43 - 2016-07-16 01:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-12-07 18:28 - 2017-09-29 10:49 - 000000000 ____D C:\Program Files\rempl
2017-12-07 16:20 - 2015-03-25 18:17 - 000296138 ____N C:\WINDOWS\Minidump\120717-77515-01.dmp
2017-12-06 05:25 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-12-04 20:34 - 2015-03-25 18:17 - 000313098 ____N C:\WINDOWS\Minidump\120417-28937-01.dmp
2017-12-04 18:09 - 2015-03-25 18:11 - 000000000 ____D C:\ProgramData\CyberLink
2017-12-04 12:45 - 2015-03-25 18:17 - 000299266 ____N C:\WINDOWS\Minidump\120417-40562-01.dmp
2017-12-04 12:38 - 2015-03-25 18:17 - 000299266 ____N C:\WINDOWS\Minidump\120417-37343-01.dmp
2017-12-04 12:11 - 2017-11-09 11:55 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-12-01 11:29 - 2017-07-31 13:42 - 000000000 ____D C:\Users\admin24\Downloads\cc auth form
2017-11-30 17:05 - 2017-07-28 12:52 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-29 20:32 - 2017-09-27 14:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
2017-11-29 20:32 - 2017-09-27 14:52 - 000000000 ____D C:\Program Files (x86)\Macromedia
2017-11-29 20:32 - 2015-03-25 18:11 - 000000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2017-11-29 20:20 - 2015-03-25 18:23 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-11-29 20:19 - 2017-02-02 12:35 - 000000000 ____D C:\Users\admin24\AppData\Local\Deployment
2017-11-29 20:18 - 2016-03-15 13:30 - 000000000 ____D C:\Users\admin24\AppData\Local\Citrix
2017-11-29 17:42 - 2016-07-16 06:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-29 17:38 - 2015-03-25 18:23 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-11-28 16:18 - 2016-10-03 05:07 - 000003444 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d1af9b83d6515
2017-11-28 16:18 - 2016-10-03 05:07 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-28 16:18 - 2016-03-28 17:42 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-24 16:34 - 2017-07-26 12:31 - 000000000 ____D C:\Users\admin24\Documents\Gradients
2017-11-22 16:29 - 2015-09-12 11:23 - 000000000 ____D C:\Users\admin24\AppData\Roaming\DropboxOEM
2017-11-22 16:25 - 2017-09-19 12:28 - 000000000 ____D C:\Program Files (x86)\Nero
2017-11-22 15:31 - 2017-07-28 12:53 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-11-22 15:21 - 2017-11-02 10:34 - 000000000 ____D C:\Users\admin24\AppData\Roaming\AtomPark
2017-11-22 15:20 - 2017-07-28 12:51 - 000000000 ____D C:\ProgramData\Adobe
2017-11-22 15:20 - 2016-05-18 10:53 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-22 15:19 - 2017-11-10 16:53 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-11-22 15:17 - 2016-01-28 10:36 - 000000000 ____D C:\ProgramData\Skype
2017-11-22 15:14 - 2015-03-25 18:29 - 000000000 ____D C:\Program Files\Dell
2017-11-21 12:24 - 2015-11-11 16:48 - 000000000 ____D C:\ProgramData\HP
2017-11-21 12:24 - 2015-11-11 16:47 - 000000000 ____D C:\Program Files\HP
2017-11-20 18:11 - 2017-09-27 14:32 - 000000000 ____D C:\Users\admin24\AppData\Roaming\FileZilla
2017-11-20 18:08 - 2016-10-03 08:36 - 000000000 ___DC C:\WINDOWS\Panther
2017-11-20 18:08 - 2015-11-20 09:02 - 000000000 ____D C:\Users\admin24\AppData\Local\CrashDumps
2017-11-20 17:47 - 2017-10-05 14:10 - 000000000 ____D C:\Users\admin24\Downloads\GPS Scripts
2017-11-20 15:47 - 2016-05-26 23:20 - 001621156 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-20 14:09 - 2017-11-08 12:11 - 000000000 ____D C:\Users\admin24\AppData\Local\rtbdpoe
2017-11-17 19:05 - 2017-11-10 15:41 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-11-17 19:05 - 2017-11-10 15:41 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-11-17 17:31 - 2017-07-06 10:59 - 000000000 ____D C:\Users\admin24\Desktop\SCRIPTS
2017-11-16 11:44 - 2016-10-03 05:07 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-15 16:27 - 2015-09-09 10:56 - 000000000 ____D C:\Users\admin24\AppData\Roaming\Mozilla
2017-11-15 16:27 - 2015-09-09 10:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-15 15:34 - 2015-09-09 10:44 - 000000000 ____D C:\Users\admin24\AppData\Roaming\Adobe
2017-11-15 15:30 - 2016-10-03 04:37 - 000362200 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-15 11:42 - 2017-07-28 12:51 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-11-14 17:39 - 2016-11-23 14:30 - 000000000 ____D C:\ProgramData\Package Cache
2017-11-14 17:31 - 2016-07-16 06:47 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-11-13 15:05 - 2016-11-23 14:32 - 000000000 _____ C:\Users\admin24\Documents\HP ePrint
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-12-04 22:34
 
==================== End of FRST.txt ============================
 


BC AdBot (Login to Remove)

 


#2 wmb1961

wmb1961
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 12 December 2017 - 04:21 PM

here is the addition.txt for farbar

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-12-2017
Ran by admin24 (12-12-2017 15:51:16)
Running from C:\Users\admin24\Downloads
Windows 10 Home Version 1607 14393.1770 (X64) (2016-10-03 10:10:46)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
admin24 (S-1-5-21-3609396728-1424491989-2649479348-1001 - Administrator - Enabled) => C:\Users\admin24
Administrator (S-1-5-21-3609396728-1424491989-2649479348-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3609396728-1424491989-2649479348-503 - Limited - Disabled)
Guest (S-1-5-21-3609396728-1424491989-2649479348-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Audacity 2.2.0 (HKLM-x32\...\Audacity_is1) (Version: 2.2.0 - Audacity Team)
AVG (HKLM\...\{E61E6143-4937-43FC-8C12-06B8A987484D}) (Version: 1.211.3 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.7.3032 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bulk Rename Utility 3.0.0.1 (64-bit) (HKLM\...\Bulk Rename Utility Installation_is1) (Version:  - TGRMN Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
CDisplayEx 1.8 (HKLM-x32\...\CDisplayEx_is1) (Version:  - Henri Gourvest.)
CheckWriter (HKLM-x32\...\{B9C062DC-0673-4DDB-84A6-D6B48E6FC054}) (Version: 6.0 - YourFavorite.com)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
Dell SupportAssistAgent (HKLM\...\{18EF001B-B005-46CB-917B-112BA69ED85E}) (Version: 2.0.3.10 - Dell)
Dell Update (HKLM-x32\...\{F91263FA-BE4D-439D-9C0A-2E7204E0E9E3}) (Version: 1.9.20.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
FB Groups Poster version 1.0 (HKLM-x32\...\{D72FE355-6036-48DA-B9EB-1C101C2D9A75}_is1) (Version: 1.0 - Your Online Business Hub)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FileZilla Client 3.27.1 (HKLM-x32\...\FileZilla Client) (Version: 3.27.1 - Tim Kosse)
FMW 1 (HKLM\...\{36133E9F-B129-4206-9FB4-13F707787542}) (Version: 1.226.3 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoToMeeting 8.10.0.7495 (HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\GoToMeeting) (Version: 8.10.0.7495 - LogMeIn, Inc.)
HP Dropbox Plugin (HKLM-x32\...\{23617173-F935-4C17-A323-EB1207F3ED49}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP ENVY 5540 series Basic Device Software (HKLM\...\{44CE34C3-7B6A-44CA-BD7F-73E053BBAEC8}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
HP ENVY 5540 series Help (HKLM-x32\...\{3B1BE080-D477-4B94-AAE4-8B0BEC5D0CE3}) (Version: 35.0.0 - Hewlett Packard)
HP ePrint SW (HKLM-x32\...\{5b1a1d22-bd59-44e0-a954-e2f18ec43a23}) (Version: 5.2.20454 - HP Inc.)
HP Google Drive Plugin (HKLM-x32\...\{AFF80405-E56A-48E7-98FC-8E46E261949F}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version:  - )
HP LaserJet Professional M1210 MFP Series Fax Installer (HKLM\...\{E65099C4-9110-4C31-BD03-5C17EFB5FE92}) (Version: 1.1.0 - HP)
HP LaserJet Professional M1210 MFP Series Fax Installer (HKLM\...\{E94AE378-725A-41FF-BA24-397469D27FC8}) (Version: 1.3.0 - HP)
HP LaserJet Professional M1210 MFP Series Toolbox (HKLM\...\{F958F851-8DBE-420C-9D37-5ECBB6C61148}) (Version: 1.0.17 - Hewlett-Packard)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP LaserJet Toolbox (HKLM\...\{2E8A793D-E275-46A2-BAB3-35FB95ACED57}) (Version: 3.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.5.37.19 - HP)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.8.47.1 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1435 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hppLaserJetService (HKLM-x32\...\{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}) (Version: 001.003.000145 - Hewlett-Packard) Hidden
hppM1130M1210SeriesLaserJetService (HKLM-x32\...\{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}) (Version: 001.003.00073 - Hewlett-Packard) Hidden
hppusgM1130M1210Series (HKLM-x32\...\{DA6CC3A5-1F5B-4068-8BFF-C597BB6B8158}) (Version: 1.0.0.2 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Ipswitch WS_FTP 12 (HKLM-x32\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 12.3 - Ipswitch)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8625.2139 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movie Studio 13.0 (64-bit) (HKLM\...\{EF1924A1-2C01-11E5-87EE-F04DA23A5C58}) (Version: 13.0.192 - Sony)
Mozilla Firefox 57.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.2 (x64 en-US)) (Version: 57.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.2.6549 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Paint Shop Pro 7 (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.2.0000 - Jasc Software Inc)
Product Improvement Study for HP ENVY 5540 series (HKLM\...\{4F9AAF2D-42E6-4BD0-A295-842BC068CC4B}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.308 - Qualcomm Atheros Communications)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.30174 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-5F4AD5594405}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\admin24\AppData\Local\Citrix\GoToMeeting\4800\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-11-09] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (Bulk Rename Utility)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-07] (Cyberlink)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers1-x32: [WS_FTP] -> {797F3885-5429-11D4-8823-0050DA59922B} => C:\Program Files\ipswitch\WS_FTP 12\wsftpsi.dll [2010-09-28] (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
ContextMenuHandlers2: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (Bulk Rename Utility)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-07] (Cyberlink)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (Bulk Rename Utility)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-11-09] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers6-x32: [WS_FTP] -> {797F3885-5429-11D4-8823-0050DA59922B} => C:\Program Files\ipswitch\WS_FTP 12\wsftpsi.dll [2010-09-28] (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0633E43D-C49F-4700-AA10-A73C422F659E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {080C41F4-2046-42E9-B260-BB513FBBC2ED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-08] (Microsoft Corporation)
Task: {1280B63E-0376-47C4-A22F-06FE667CA6B7} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
Task: {136A9B36-AEF3-4317-A5EF-5002BB40DD37} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {141DE299-511F-4984-89B6-A7E02EE19B1E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {177FB2B6-EEA4-4FE1-8428-4E459242769C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-29] ()
Task: {1AEE96FE-9876-4E35-A8CA-01C51F1AB036} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {2152FD6E-891B-427B-93F0-60B455325503} - System32\Tasks\{7648FF93-EE1B-48D3-88B3-E7FC3198B3D7} => C:\Windows\system32\pcalua.exe -a E:\CWautorun.exe -d E:\ -c /AUTORUN=1
Task: {2A87E8BD-B2E1-49EB-A820-3313E14FDB16} - System32\Tasks\{D58A33A3-0771-4EBE-808A-C4975833EB16} => C:\WINDOWS\system32\pcalua.exe -a "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe" -c /Uninstall hxxp://advertising.microsoft.com/small-business/wwdocs/user/smb/en-us/supportcenter/mai-add-in-8/Microsoft%20Advertising%20Intelligence8.vsto
Task: {31581B85-8898-4A93-B933-7397BBB2C4BF} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {36B2A11C-BE5D-45A1-9610-CC4A7C9C1824} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-11-09] (AVG Technologies CZ, s.r.o.)
Task: {38F47EB5-6B56-4542-A378-E049BD38BD6F} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {39A5A288-CC84-499A-94D9-8510A5D0A4B0} - System32\Tasks\GoogleUpdateTaskMachineUA1d1af9b83d6515 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-28] (Google Inc.)
Task: {3B1D49E0-203D-49EA-B74D-CE7B886892AB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {3DF2BBF6-FE35-4F7E-909A-94EC01CFDC9A} - System32\Tasks\HPCeeScheduleForadmin24 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {3F3AF68B-13EF-4251-8D08-987DCFCCBFF6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-12] (Adobe Systems Incorporated)
Task: {43B67BB1-99D5-4EBE-A9CB-C6A53CE91CB4} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {495824EC-211E-4BAD-AAFD-ED75EC1089A6} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {4E3EF620-805E-44FE-90BF-F385E7FD1F15} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {505C81EA-9896-4338-A2EB-6E1FC9522533} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-11-29] (Microsoft Corporation)
Task: {518CEFE7-00E1-4E57-AA64-7D714FA71D5E} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {55F40272-D815-4E16-B16B-89811D22A80F} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {568427DF-738A-47EE-B0A7-5E191F5B89CF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {57C86841-4014-45C2-91D2-7287E91491EA} - \WPD\SqmUpload_S-1-5-21-3609396728-1424491989-2649479348-1001 -> No File <==== ATTENTION
Task: {58028C11-1585-4DB0-89E3-9D4BE5EBA608} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-28] (Google Inc.)
Task: {6815E339-1BDC-4A5B-891C-95C4D2E2EC1A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6B1B0EC9-835F-4610-9C3A-8C65EEEE5DE9} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe <==== ATTENTION
Task: {6B816DD0-6287-44E4-A68C-15C48EE85C84} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)
Task: {6D44199F-904B-41EF-9289-3E16B8DA680F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-21] ()
Task: {74A963EC-647B-4E94-A86F-8A9E8B435B8B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH6BB2Q1C5 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {75F77EF9-E26E-4C0C-AF20-FAD648CC1414} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {76774FD6-C58C-4259-8A6F-9CACDC25F281} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {7A586B77-3695-43B9-89CA-805CDC0C78FD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)
Task: {8268A83C-9827-4154-86CB-F8E699DF0FDC} - System32\Tasks\Pjiukd1EKvWY => pjiukd1ekvwy.exe
Task: {840E3748-FCB4-43A9-90BF-4837F9AC12B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {8981AD59-5CAF-4E77-96E0-8A324612DBDA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-08] (Microsoft Corporation)
Task: {8AAA3091-1CDC-438C-AA0F-FBF5CCBC178E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)
Task: {8F5FE185-4D95-45B4-AA16-0B74AD53A8D6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {904408AB-B4B5-4196-8710-836B9764E3CA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-08] (Microsoft Corporation)
Task: {90AC2630-46B1-4431-8C65-8E80327ECA82} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-29] ()
Task: {91FA48FC-5809-4159-8E9E-FF7A9824981C} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {99EB0159-8C2A-421D-8752-A8B14834984C} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {9B307D6C-F7D6-4BFD-B11F-947301749334} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\admin24\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {A176A9AF-E15C-464B-9F02-C72CC81771D6} - System32\Tasks\G2MUpdateTask-S-1-5-21-3609396728-1424491989-2649479348-1001 => C:\Users\admin24\AppData\Local\Citrix\GoToMeeting\5573\g2mupdate.exe [2016-09-29] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {A7289F5C-43B4-4162-B0E0-A57AEC498929} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {A743E01F-7F64-4BCB-AD34-CBABB13FA5CB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B3443AC2-E7B5-4A1B-A46A-2B96FE40DB61} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BEF86654-D33A-4E30-A988-7C9D996A712C} - System32\Tasks\G2MUploadTask-S-1-5-21-3609396728-1424491989-2649479348-1001 => C:\Users\admin24\AppData\Local\Citrix\GoToMeeting\5573\g2mupload.exe [2016-09-29] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {C39A3C46-75F6-41EC-B0AE-55C4A387A27A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-08] (Microsoft Corporation)
Task: {C4DCBF84-13DD-4CC2-B6C9-74DF931B88C9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {CC0ACAC0-A5A4-4335-B50F-07FF1DBE50CE} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {D4E9704D-9097-4D60-A28B-ADC54B3209E4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {DAFB0117-74A3-492A-8D6C-38DA6EDF46BE} - System32\Tasks\HPCustParticipation HP ENVY 5540 series => C:\Program Files\HP\HP ENVY 5540 series\Bin\HPCustPartic.exe [2015-03-09] (Hewlett-Packard Development Company, LP)
Task: {DD2BE092-DBEB-4BFE-9ACF-D5B7F69E8865} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E910F45A-B917-4C1D-BC21-004BC5380D42} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {F06CA691-F8B8-4C13-B2C1-051E7B350BFD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-28] (Google Inc.)
Task: {F300D21E-6A3E-44BB-BC5C-71AA5B7B5160} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F41D9918-25B4-4879-8C61-B9B796D8EC15} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-01] (McAfee, Inc.)
Task: {F4B972C4-5FC3-4C07-99FB-B8075727C365} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-09-22] (Dell Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3609396728-1424491989-2649479348-1001.job => C:\Users\admin24\AppData\Local\GoToMeeting\7495\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3609396728-1424491989-2649479348-1001.job => C:\Users\admin24\AppData\Local\GoToMeeting\7495\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForadmin24.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-09-12 16:22 - 2017-09-07 01:01 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-24 16:59 - 2012-08-31 14:03 - 000288768 _____ () C:\WINDOWS\System32\HP1100LM.DLL
2016-11-22 17:29 - 2012-09-29 13:25 - 000409088 _____ () C:\WINDOWS\System32\HPM1210LM.DLL
2017-08-24 17:00 - 2012-08-31 14:02 - 000074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2016-11-22 17:29 - 2012-09-29 13:25 - 000074240 ____N () C:\WINDOWS\system32\spool\PRTPROCS\x64\HPM1210PP.dll
2017-08-24 16:59 - 2012-08-31 14:03 - 003034112 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\hp1100su.dll
2017-08-24 16:59 - 2012-08-31 14:02 - 001038336 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\HP1100GC.dll
2017-12-04 12:10 - 2017-12-08 17:29 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-11-28 16:19 - 2017-11-10 04:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-28 16:19 - 2017-11-10 04:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2017-09-26 02:52 - 2017-09-26 02:52 - 000491600 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2017-09-26 02:52 - 2017-09-26 02:52 - 034879568 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe
2016-10-03 08:25 - 2016-10-03 08:25 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 16:22 - 2017-03-04 01:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 16:20 - 2017-03-04 01:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 16:20 - 2017-03-04 01:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 16:20 - 2017-03-04 01:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-10-11 08:31 - 2017-09-17 21:13 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-10-11 08:31 - 2017-09-17 21:14 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-10-11 08:31 - 2017-09-17 21:16 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2009-10-15 11:13 - 2009-10-15 11:13 - 000061440 _____ () C:\Program Files (x86)\HP\HPLaserJetService\HPTools.dll
2009-10-15 11:13 - 2009-10-15 11:13 - 000964096 _____ () C:\Program Files (x86)\HP\HPLaserJetService\LEDMXMLObjects.dll
2015-03-25 18:12 - 2013-03-04 22:40 - 000626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2017-11-09 18:54 - 2017-11-09 18:50 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2017-11-09 18:58 - 2017-11-09 18:58 - 000168216 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-11-09 18:58 - 2017-11-09 18:58 - 000060160 _____ () C:\Program Files (x86)\AVG\Antivirus\module_lifetime.dll
2017-11-09 18:58 - 2017-11-09 18:58 - 067109376 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2017-11-09 18:58 - 2017-11-09 18:58 - 000218208 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-11-09 18:58 - 2017-11-09 18:58 - 000245704 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
2017-11-09 18:58 - 2017-11-09 18:59 - 000704456 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2009-10-15 18:44 - 2009-10-15 18:44 - 000067128 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\HPTools.dll
2009-10-15 18:44 - 2009-10-15 18:44 - 000075320 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\HPToolkit.dll
2009-10-15 18:43 - 2009-10-15 18:43 - 000140856 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\DMBaseObjects.dll
2009-10-15 18:43 - 2009-10-15 18:43 - 000240128 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\LEDMMapperObjects.dll
2009-10-15 18:44 - 2009-10-15 18:44 - 000969784 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\LEDMXMLObjects.dll
2017-09-20 02:42 - 2017-09-20 02:42 - 067115616 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2017-08-14 11:05 - 2017-08-14 11:05 - 000073384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2017-09-06 18:11 - 2017-09-06 18:11 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-09-06 18:11 - 2017-09-06 18:11 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-09-06 18:11 - 2017-09-06 18:11 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2017-09-06 18:11 - 2017-09-06 18:11 - 000125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-09-20 03:04 - 2017-09-20 03:04 - 000099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-09-06 18:11 - 2017-09-06 18:11 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-09-25 14:39 - 2010-09-28 14:53 - 000948496 _____ () C:\Program Files (x86)\Ipswitch\WS_FTP 12\LIBEAY32.dll
2017-09-25 14:39 - 2010-09-28 14:53 - 000153360 _____ () C:\Program Files (x86)\Ipswitch\WS_FTP 12\SSLEAY32.dll
2017-09-12 20:11 - 2017-09-12 20:11 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-09-12 20:10 - 2017-09-12 20:10 - 000117760 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2017-09-12 20:11 - 2017-09-12 20:11 - 000125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-09-12 20:11 - 2017-09-12 20:11 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-09-20 02:59 - 2017-09-20 02:59 - 000099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-09-12 20:11 - 2017-09-12 20:11 - 000098816 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node
2017-09-12 20:11 - 2017-09-12 20:11 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
2015-03-16 10:28 - 2015-03-16 10:28 - 000155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2017-05-01 14:27 - 2017-05-01 14:27 - 000133992 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2017-07-06 10:38 - 2017-07-06 10:38 - 017818112 _____ () C:\Program Files\WindowsApps\9E2F88E3.Twitter_5.8.1.0_x86__wgeqdkkx372wm\Twitter.Windows.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7865 more sites.
 
IE restricted site: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\123simsen.com -> www.123simsen.com
 
There are 7865 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2017-11-20 18:00 - 000450637 ____R C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 15460 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "Check Writer Backup.lnk"
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "DropboxOEM"
HKLM\...\StartupApproved\Run32: => "NBAgent"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\StartupApproved\StartupFolder: => "MassPlanner2.lnk"
HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\StartupApproved\StartupFolder: => "MassPlanner.lnk"
HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\StartupApproved\Run: => "Jing"
HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\...\StartupApproved\Run: => "Skype"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{95AB5FD6-1EDB-4ED7-A822-E27EF2F26601}C:\program files\hp\hp envy 5540 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp envy 5540 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [UDP Query User{D0ABCE02-5DA1-4E2A-9500-B07F04AEB5CF}C:\program files\hp\hp envy 5540 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp envy 5540 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [TCP Query User{18A1E689-3AD0-4DD1-8C55-C2CBFD27B479}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{F4B6C1C7-7353-46B0-BAFD-43CCF4D6080F}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{E848D035-EC53-4254-88DA-D8D8815A22C5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CD6894E9-0589-4D2A-B03A-53FE0E58A45F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/12/2017 03:46:29 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
 
Error: (12/12/2017 03:42:32 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected
 
Error: (12/12/2017 03:16:10 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected
 
Error: (12/12/2017 03:11:13 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected
 
Error: (12/12/2017 03:05:51 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected
 
Error: (12/12/2017 03:00:17 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected
 
Error: (12/12/2017 02:50:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: admin2)
Description: Package Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.
 
Error: (12/12/2017 02:49:55 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected
 
Error: (12/12/2017 02:28:58 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected
 
Error: (12/12/2017 12:22:18 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
 
 
System errors:
=============
Error: (12/12/2017 03:49:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Touchpoint Analytics service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (12/12/2017 03:49:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HPTouchpointAnalyticsService service to connect.
 
Error: (12/12/2017 03:46:47 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/12/2017 03:46:47 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/12/2017 03:46:47 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/12/2017 03:46:47 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/12/2017 03:46:47 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (12/12/2017 03:45:18 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (12/12/2017 03:44:29 PM) (Source: DCOM) (EventID: 10010) (User: admin2)
Description: The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.
 
Error: (12/12/2017 03:42:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
CodeIntegrity:
===================================
  Date: 2017-12-04 12:11:18.528
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-08-21 12:57:13.944
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-21 12:57:13.938
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-15 14:54:48.585
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-15 14:54:48.581
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU J2900 @ 2.41GHz
Percentage of memory in use: 85%
Total physical RAM: 3987.11 MB
Available physical RAM: 561.52 MB
Total Virtual: 7443.11 MB
Available Virtual: 3483.19 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:456.29 GB) (Free:375.84 GB) NTFS
Drive h: (easystore) (Fixed) (Total:7452.03 GB) (Free:1448 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 277F9937)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 7452 GB) (Disk ID: 16F2A91F)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,201 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:05 PM

Posted 12 December 2017 - 06:14 PM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)

Let's begin... :)
 

 

 

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds. Upon completion of the scan or after the reboot, two files named  mbar-log.txt and system-log.txt will be created. Both files can be found in the extracted MBAR folder on your Desktop.
Please attach both files in your next reply.
 


Edited by JSntgRvr, 12 December 2017 - 06:15 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 wmb1961

wmb1961
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 13 December 2017 - 11:10 AM

Followed the instructions. Unfortunately was unable to run the program as it crashed my computer when I hit scan. 

 

I get a blue screen that says "PC RAN INTO A PROBLEM AND NEEDS TO RESTART"

 

At the bottom there is an error code PAGE.FUALT.IN_NONPAGE AREA

 

What should I do?



#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,201 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:05 PM

Posted 13 December 2017 - 02:05 PM

  • Highlight the entire content of the quote box below.

Start::  
R3 udiskMgr; system32\drivers\osvybf.sys [X]
Task: {0633E43D-C49F-4700-AA10-A73C422F659E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {136A9B36-AEF3-4317-A5EF-5002BB40DD37} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {141DE299-511F-4984-89B6-A7E02EE19B1E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {518CEFE7-00E1-4E57-AA64-7D714FA71D5E} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {57C86841-4014-45C2-91D2-7287E91491EA} - \WPD\SqmUpload_S-1-5-21-3609396728-1424491989-2649479348-1001 -> No File <==== ATTENTION
Task: {6815E339-1BDC-4A5B-891C-95C4D2E2EC1A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6B1B0EC9-835F-4610-9C3A-8C65EEEE5DE9} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe <==== ATTENTION
Task: {75F77EF9-E26E-4C0C-AF20-FAD648CC1414} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {91FA48FC-5809-4159-8E9E-FF7A9824981C} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {99EB0159-8C2A-421D-8752-A8B14834984C} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {A743E01F-7F64-4BCB-AD34-CBABB13FA5CB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B3443AC2-E7B5-4A1B-A46A-2B96FE40DB61} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C4DCBF84-13DD-4CC2-B6C9-74DF931B88C9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D4E9704D-9097-4D60-A28B-ADC54B3209E4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {DD2BE092-DBEB-4BFE-9ACF-D5B7F69E8865} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E910F45A-B917-4C1D-BC21-004BC5380D42} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {F300D21E-6A3E-44BB-BC5C-71AA5B7B5160} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-5F4AD5594405}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {0633E43D-C49F-4700-AA10-A73C422F659E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {136A9B36-AEF3-4317-A5EF-5002BB40DD37} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {141DE299-511F-4984-89B6-A7E02EE19B1E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {518CEFE7-00E1-4E57-AA64-7D714FA71D5E} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {57C86841-4014-45C2-91D2-7287E91491EA} - \WPD\SqmUpload_S-1-5-21-3609396728-1424491989-2649479348-1001 -> No File <==== ATTENTION
Task: {6815E339-1BDC-4A5B-891C-95C4D2E2EC1A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {75F77EF9-E26E-4C0C-AF20-FAD648CC1414} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {91FA48FC-5809-4159-8E9E-FF7A9824981C} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {99EB0159-8C2A-421D-8752-A8B14834984C} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {A743E01F-7F64-4BCB-AD34-CBABB13FA5CB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B3443AC2-E7B5-4A1B-A46A-2B96FE40DB61} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C4DCBF84-13DD-4CC2-B6C9-74DF931B88C9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D4E9704D-9097-4D60-A28B-ADC54B3209E4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {DD2BE092-DBEB-4BFE-9ACF-D5B7F69E8865} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E910F45A-B917-4C1D-BC21-004BC5380D42} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {F300D21E-6A3E-44BB-BC5C-71AA5B7B5160} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
ShortcutTarget: MassPlanner.lnk -> C:\Users\admin24\AppData\Roaming\MassPlanner2\MassPlannerNew.exe (No File)
ShortcutTarget: MassPlanner2.lnk -> C:\Users\admin24\AppData\Roaming\MassPlanner2\MassPlannerNew.exe (No File)
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
2017-12-12 15:39 - 2017-12-12 15:39 - 000099404 _____ C:\Users\admin24\Downloads\d68ab740-a321-4d07-bff6-739beb106dd0.tmp
2017-12-12 15:39 - 2017-12-12 15:39 - 000064035 _____ C:\Users\admin24\Downloads\eb38ba37-4d47-400e-b98d-aa67631a234b.tmp
2017-12-12 15:39 - 2017-12-12 15:39 - 000063906 _____ C:\Users\admin24\Downloads\ad252900-61de-439f-bdb4-a4006e8e54c2.tmp
2017-12-12 15:39 - 2017-12-12 15:39 - 000062842 _____ C:\Users\admin24\Downloads\e0b6137f-2206-4f05-b520-9ef0cdc3d012.tmp
2017-12-12 15:39 - 2017-12-12 15:39 - 000040311 _____ C:\Users\admin24\Downloads\b3c65a16-6f54-4612-9cad-ee187495660f.tmp
2017-12-12 15:39 - 2017-12-12 15:39 - 000036022 _____ C:\Users\admin24\Downloads\8940172d-f1cc-4d79-9cae-15a924b8e8d8.tmp
2017-11-20 17:59 - 2017-11-20 18:00 - 000455376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw11b4205c46f6bf35.tmp
2017-11-20 17:59 - 2017-11-20 17:58 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw61f26826b88e8b7d.tmp
2017-11-20 17:59 - 2017-11-20 17:58 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw6f40a24e50bf5ba4.tmp
2017-11-20 17:59 - 2017-11-20 17:58 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw320e2fc1b68b2693.tmp
2017-11-20 17:59 - 2017-11-20 17:58 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswcecd404381c84626.tmp
2017-11-20 17:59 - 2017-11-20 17:58 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswd7287b4b607bb835.tmp
2017-11-20 17:59 - 2017-11-20 17:58 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw66872847bd54c7c1.tmp
2017-11-20 17:59 - 2017-11-20 17:58 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswe38c9274d2b33b64.tmp
2017-11-20 17:59 - 2017-11-20 17:57 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswf09f785ac37744a7.tmp
2017-11-20 17:59 - 2017-11-20 17:57 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\asw95337822174eed40.tmp
2017-11-20 17:59 - 2017-11-20 17:57 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswdb098ccc3f104527.tmp
2017-11-20 17:59 - 2017-11-20 17:57 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\asw9d8ff2b122d58d41.tmp
2017-11-20 17:59 - 2017-11-20 17:57 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\asw5a495692cadc2d81.tmp
C:\Users\admin24\AppData\Local\wmcaxro
C:\Windows\System32\nviamxesvc.exe
C:\Windows\system32\drivers\osv*.sys
CMD: fltmc instances
Folder: C:\Windows\System32\Drivers
Reg: Reg query "HKLM\SYSTEM\Select"
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 


Edited by JSntgRvr, 13 December 2017 - 02:11 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 wmb1961

wmb1961
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 14 December 2017 - 11:47 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-12-2017
Ran by admin24 (14-12-2017 11:29:19) Run:1
Running from C:\Users\admin24\Downloads
Loaded Profiles: admin24 (Available Profiles: admin24)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
  
R3 udiskMgr; system32\drivers\osvybf.sys [X]
Task: {0633E43D-C49F-4700-AA10-A73C422F659E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {136A9B36-AEF3-4317-A5EF-5002BB40DD37} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {141DE299-511F-4984-89B6-A7E02EE19B1E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {518CEFE7-00E1-4E57-AA64-7D714FA71D5E} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {57C86841-4014-45C2-91D2-7287E91491EA} - \WPD\SqmUpload_S-1-5-21-3609396728-1424491989-2649479348-1001 -> No File <==== ATTENTION
Task: {6815E339-1BDC-4A5B-891C-95C4D2E2EC1A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6B1B0EC9-835F-4610-9C3A-8C65EEEE5DE9} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe <==== ATTENTION
Task: {75F77EF9-E26E-4C0C-AF20-FAD648CC1414} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {91FA48FC-5809-4159-8E9E-FF7A9824981C} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {99EB0159-8C2A-421D-8752-A8B14834984C} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {A743E01F-7F64-4BCB-AD34-CBABB13FA5CB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B3443AC2-E7B5-4A1B-A46A-2B96FE40DB61} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C4DCBF84-13DD-4CC2-B6C9-74DF931B88C9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D4E9704D-9097-4D60-A28B-ADC54B3209E4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {DD2BE092-DBEB-4BFE-9ACF-D5B7F69E8865} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E910F45A-B917-4C1D-BC21-004BC5380D42} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {F300D21E-6A3E-44BB-BC5C-71AA5B7B5160} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-3609396728-1424491989-2649479348-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-5F4AD5594405}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {0633E43D-C49F-4700-AA10-A73C422F659E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {136A9B36-AEF3-4317-A5EF-5002BB40DD37} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {141DE299-511F-4984-89B6-A7E02EE19B1E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {518CEFE7-00E1-4E57-AA64-7D714FA71D5E} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {57C86841-4014-45C2-91D2-7287E91491EA} - \WPD\SqmUpload_S-1-5-21-3609396728-1424491989-2649479348-1001 -> No File <==== ATTENTION
Task: {6815E339-1BDC-4A5B-891C-95C4D2E2EC1A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {75F77EF9-E26E-4C0C-AF20-FAD648CC1414} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {91FA48FC-5809-4159-8E9E-FF7A9824981C} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {99EB0159-8C2A-421D-8752-A8B14834984C} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {A743E01F-7F64-4BCB-AD34-CBABB13FA5CB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B3443AC2-E7B5-4A1B-A46A-2B96FE40DB61} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C4DCBF84-13DD-4CC2-B6C9-74DF931B88C9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D4E9704D-9097-4D60-A28B-ADC54B3209E4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {DD2BE092-DBEB-4BFE-9ACF-D5B7F69E8865} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E910F45A-B917-4C1D-BC21-004BC5380D42} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {F300D21E-6A3E-44BB-BC5C-71AA5B7B5160} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
ShortcutTarget: MassPlanner.lnk -> C:\Users\admin24\AppData\Roaming\MassPlanner2\MassPlannerNew.exe (No File)
ShortcutTarget: MassPlanner2.lnk -> C:\Users\admin24\AppData\Roaming\MassPlanner2\MassPlannerNew.exe (No File)
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
2017-12-12 15:39 - 2017-12-12 15:39 - 000099404 _____ C:\Users\admin24\Downloads\d68ab740-a321-4d07-bff6-739beb106dd0.tmp
2017-12-12 15:39 - 2017-12-12 15:39 - 000064035 _____ C:\Users\admin24\Downloads\eb38ba37-4d47-400e-b98d-aa67631a234b.tmp
2017-12-12 15:39 - 2017-12-12 15:39 - 000063906 _____ C:\Users\admin24\Downloads\ad252900-61de-439f-bdb4-a4006e8e54c2.tmp
2017-12-12 15:39 - 2017-12-12 15:39 - 000062842 _____ C:\Users\admin24\Downloads\e0b6137f-2206-4f05-b520-9ef0cdc3d012.tmp
2017-12-12 15:39 - 2017-12-12 15:39 - 000040311 _____ C:\Users\admin24\Downloads\b3c65a16-6f54-4612-9cad-ee187495660f.tmp
2017-12-12 15:39 - 2017-12-12 15:39 - 000036022 _____ C:\Users\admin24\Downloads\8940172d-f1cc-4d79-9cae-15a924b8e8d8.tmp
2017-11-20 17:59 - 2017-11-20 18:00 - 000455376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw11b4205c46f6bf35.tmp
2017-11-20 17:59 - 2017-11-20 17:58 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw61f26826b88e8b7d.tmp
2017-11-20 17:59 - 2017-11-20 17:58 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw6f40a24e50bf5ba4.tmp
2017-11-20 17:59 - 2017-11-20 17:58 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw320e2fc1b68b2693.tmp
2017-11-20 17:59 - 2017-11-20 17:58 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswcecd404381c84626.tmp
2017-11-20 17:59 - 2017-11-20 17:58 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswd7287b4b607bb835.tmp
2017-11-20 17:59 - 2017-11-20 17:58 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw66872847bd54c7c1.tmp
2017-11-20 17:59 - 2017-11-20 17:58 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswe38c9274d2b33b64.tmp
2017-11-20 17:59 - 2017-11-20 17:57 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswf09f785ac37744a7.tmp
2017-11-20 17:59 - 2017-11-20 17:57 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\asw95337822174eed40.tmp
2017-11-20 17:59 - 2017-11-20 17:57 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswdb098ccc3f104527.tmp
2017-11-20 17:59 - 2017-11-20 17:57 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\asw9d8ff2b122d58d41.tmp
2017-11-20 17:59 - 2017-11-20 17:57 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\asw5a495692cadc2d81.tmp
C:\Users\admin24\AppData\Local\wmcaxro
C:\Windows\System32\nviamxesvc.exe
C:\Windows\system32\drivers\osv*.sys
CMD: fltmc instances
Folder: C:\Windows\System32\Drivers
Reg: Reg query "HKLM\SYSTEM\Select"
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
 
*****************
 
udiskMgr => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\udiskMgr" => removed successfully
udiskMgr => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0633E43D-C49F-4700-AA10-A73C422F659E} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0633E43D-C49F-4700-AA10-A73C422F659E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{136A9B36-AEF3-4317-A5EF-5002BB40DD37}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{136A9B36-AEF3-4317-A5EF-5002BB40DD37}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{141DE299-511F-4984-89B6-A7E02EE19B1E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{141DE299-511F-4984-89B6-A7E02EE19B1E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{518CEFE7-00E1-4E57-AA64-7D714FA71D5E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{518CEFE7-00E1-4E57-AA64-7D714FA71D5E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57C86841-4014-45C2-91D2-7287E91491EA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57C86841-4014-45C2-91D2-7287E91491EA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-3609396728-1424491989-2649479348-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6815E339-1BDC-4A5B-891C-95C4D2E2EC1A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6815E339-1BDC-4A5B-891C-95C4D2E2EC1A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B1B0EC9-835F-4610-9C3A-8C65EEEE5DE9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B1B0EC9-835F-4610-9C3A-8C65EEEE5DE9}" => removed successfully
C:\WINDOWS\System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75F77EF9-E26E-4C0C-AF20-FAD648CC1414}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75F77EF9-E26E-4C0C-AF20-FAD648CC1414}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{91FA48FC-5809-4159-8E9E-FF7A9824981C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91FA48FC-5809-4159-8E9E-FF7A9824981C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99EB0159-8C2A-421D-8752-A8B14834984C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99EB0159-8C2A-421D-8752-A8B14834984C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A743E01F-7F64-4BCB-AD34-CBABB13FA5CB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A743E01F-7F64-4BCB-AD34-CBABB13FA5CB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3443AC2-E7B5-4A1B-A46A-2B96FE40DB61}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3443AC2-E7B5-4A1B-A46A-2B96FE40DB61}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4DCBF84-13DD-4CC2-B6C9-74DF931B88C9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4DCBF84-13DD-4CC2-B6C9-74DF931B88C9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4E9704D-9097-4D60-A28B-ADC54B3209E4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4E9704D-9097-4D60-A28B-ADC54B3209E4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD2BE092-DBEB-4BFE-9ACF-D5B7F69E8865}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD2BE092-DBEB-4BFE-9ACF-D5B7F69E8865}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E910F45A-B917-4C1D-BC21-004BC5380D42}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E910F45A-B917-4C1D-BC21-004BC5380D42}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F300D21E-6A3E-44BB-BC5C-71AA5B7B5160}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F300D21E-6A3E-44BB-BC5C-71AA5B7B5160}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
"HKU\S-1-5-21-3609396728-1424491989-2649479348-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-5F4AD5594405}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0633E43D-C49F-4700-AA10-A73C422F659E}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0633E43D-C49F-4700-AA10-A73C422F659E} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{136A9B36-AEF3-4317-A5EF-5002BB40DD37} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{141DE299-511F-4984-89B6-A7E02EE19B1E} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{518CEFE7-00E1-4E57-AA64-7D714FA71D5E} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57C86841-4014-45C2-91D2-7287E91491EA} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-3609396728-1424491989-2649479348-1001 => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6815E339-1BDC-4A5B-891C-95C4D2E2EC1A} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75F77EF9-E26E-4C0C-AF20-FAD648CC1414} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91FA48FC-5809-4159-8E9E-FF7A9824981C} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99EB0159-8C2A-421D-8752-A8B14834984C} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A743E01F-7F64-4BCB-AD34-CBABB13FA5CB} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3443AC2-E7B5-4A1B-A46A-2B96FE40DB61} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4DCBF84-13DD-4CC2-B6C9-74DF931B88C9} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4E9704D-9097-4D60-A28B-ADC54B3209E4} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD2BE092-DBEB-4BFE-9ACF-D5B7F69E8865} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E910F45A-B917-4C1D-BC21-004BC5380D42} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F300D21E-6A3E-44BB-BC5C-71AA5B7B5160} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found
C:\Users\admin24\AppData\Roaming\MassPlanner2\MassPlannerNew.exe => not found.
C:\Users\admin24\AppData\Roaming\MassPlanner2\MassPlannerNew.exe => not found.
"HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10" => removed successfully
C:\Users\admin24\Downloads\d68ab740-a321-4d07-bff6-739beb106dd0.tmp => moved successfully
C:\Users\admin24\Downloads\eb38ba37-4d47-400e-b98d-aa67631a234b.tmp => moved successfully
C:\Users\admin24\Downloads\ad252900-61de-439f-bdb4-a4006e8e54c2.tmp => moved successfully
C:\Users\admin24\Downloads\e0b6137f-2206-4f05-b520-9ef0cdc3d012.tmp => moved successfully
C:\Users\admin24\Downloads\b3c65a16-6f54-4612-9cad-ee187495660f.tmp => moved successfully
C:\Users\admin24\Downloads\8940172d-f1cc-4d79-9cae-15a924b8e8d8.tmp => moved successfully
C:\WINDOWS\system32\Drivers\asw11b4205c46f6bf35.tmp => moved successfully
C:\WINDOWS\system32\Drivers\asw61f26826b88e8b7d.tmp => moved successfully
C:\WINDOWS\system32\Drivers\asw6f40a24e50bf5ba4.tmp => moved successfully
C:\WINDOWS\system32\Drivers\asw320e2fc1b68b2693.tmp => moved successfully
C:\WINDOWS\system32\Drivers\aswcecd404381c84626.tmp => moved successfully
C:\WINDOWS\system32\Drivers\aswd7287b4b607bb835.tmp => moved successfully
C:\WINDOWS\system32\Drivers\asw66872847bd54c7c1.tmp => moved successfully
C:\WINDOWS\system32\Drivers\aswe38c9274d2b33b64.tmp => moved successfully
C:\WINDOWS\system32\Drivers\aswf09f785ac37744a7.tmp => moved successfully
C:\WINDOWS\system32\Drivers\asw95337822174eed40.tmp => moved successfully
C:\WINDOWS\system32\Drivers\aswdb098ccc3f104527.tmp => moved successfully
C:\WINDOWS\system32\Drivers\asw9d8ff2b122d58d41.tmp => moved successfully
C:\WINDOWS\system32\Drivers\asw5a495692cadc2d81.tmp => moved successfully
 
"C:\Users\admin24\AppData\Local\wmcaxro" folder move:
 
Could not move "C:\Users\admin24\AppData\Local\wmcaxro" => Scheduled to move on reboot.
 
C:\Windows\System32\nviamxesvc.exe => moved successfully
 
=========== "C:\Windows\system32\drivers\osv*.sys" ==========
 
not found
 
========= End -> "C:\Windows\system32\drivers\osv*.sys" ========
 
 
========= fltmc instances =========
 
Filter                Volume Name                              Altitude        Instance Name       Frame   SprtFtrs  VlStatus
--------------------  -------------------------------------  ------------  ----------------------  -----   --------  --------
FileInfo              \Device\HarddiskVolume1                    45000     FileInfo                  0     00000003  
FileInfo              \Device\HarddiskVolume2                    45000     FileInfo                  0     00000003  
FileInfo                                                         45000     FileInfo                  0     00000003  
FileInfo              C:                                         45000     FileInfo                  0     00000003  
FileInfo                                                         45000     FileInfo                  0     00000003  
FileInfo                                                         45000     FileInfo                  0     00000003  
FileInfo              \Device\Mup                                45000     FileInfo                  0     00000003  
WdFilter              \Device\HarddiskVolume1                   328010     WdFilter Instance         0     00000003  
WdFilter              \Device\HarddiskVolume2                   328010     WdFilter Instance         0     00000003  
WdFilter                                                        328010     WdFilter Instance         0     00000003  
WdFilter              C:                                        328010     WdFilter Instance         0     00000003  
WdFilter                                                        328010     WdFilter Instance         0     00000003  
WdFilter                                                        328010     WdFilter Instance         0     00000003  
WdFilter              \Device\Mup                               328010     WdFilter Instance         0     00000003  
Wof                                                              40700     Wof Instance              0     00000003  
Wof                   C:                                         40700     Wof Instance              0     00000003  
Wof                                                              40700     Wof Instance              0     00000003  
Wof                                                              40700     Wof Instance              0     00000003  
luafv                 C:                                        135000     luafv                     0     00000003  
nkgsowl               C:                                         45666     nkgsowl Instance          0     00000000  
nkgsowl               \Device\Mup                                45666     nkgsowl Instance          0     00000000  
npsvctrig             \Device\NamedPipe                          46000     npsvctrig                 0     00000000  
udiskMgr              \Device\HarddiskVolume1                    45888     udiskMgr Instance         0     00000000  
udiskMgr              \Device\HarddiskVolume2                    45888     udiskMgr Instance         0     00000000  
udiskMgr                                                         45888     udiskMgr Instance         0     00000000  
udiskMgr              C:                                         45888     udiskMgr Instance         0     00000000  
udiskMgr                                                         45888     udiskMgr Instance         0     00000000  
udiskMgr                                                         45888     udiskMgr Instance         0     00000000  
udiskMgr              \Device\Mup                                45888     udiskMgr Instance         0     00000000  
wcifs                 C:                                        189900     wcifs Instance            0     00000000  
 
========= End of CMD: =========
 
 
========================= Folder: C:\Windows\System32\Drivers ========================
 
2017-11-20 16:32 - 2017-11-20 16:32 - 000192216 ____A [78488AF2AB2111D67B3C4044707A519B] (Malwarebytes) C:\Windows\System32\Drivers\05306F50.sys
2017-12-13 10:53 - 2017-12-13 10:53 - 000192952 ____A [149A2B36DF39701256B2A8443B0C75C9] () C:\Windows\System32\Drivers\058F70AB.sys
2015-03-25 18:29 - 2015-03-25 18:29 - 000003669 ____A [A272689EA70978CA6901A315DC895DC1] () C:\Windows\System32\Drivers\1028_Dell_INS_3646.mrk
2016-07-16 06:41 - 2016-07-16 06:41 - 000235520 ____A [A7901875F89D011C38CF52C98ACF5B29] (Microsoft Corporation) C:\Windows\System32\Drivers\1394ohci.sys
2017-12-13 10:43 - 2017-12-13 10:43 - 000255928 ____A [BDFA7A13CC73B180BBDF1ABA280E1CF7] (Malwarebytes) C:\Windows\System32\Drivers\2754215A.sys
2017-12-13 11:00 - 2017-12-13 11:00 - 000255928 ____A [BDFA7A13CC73B180BBDF1ABA280E1CF7] (Malwarebytes) C:\Windows\System32\Drivers\32B417E5.sys
2017-12-04 12:42 - 2017-12-04 12:42 - 000255928 ____A [BDFA7A13CC73B180BBDF1ABA280E1CF7] (Malwarebytes) C:\Windows\System32\Drivers\363C8656.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000107360 ____A [EE1CCC54F75C24727A218F98FC5349DA] (LSI) C:\Windows\System32\Drivers\3ware.sys
2017-12-08 18:02 - 2017-12-08 18:02 - 000255928 ____A [BDFA7A13CC73B180BBDF1ABA280E1CF7] (Malwarebytes) C:\Windows\System32\Drivers\42334722.sys
2017-12-13 10:53 - 2017-12-13 10:53 - 000255928 ____A [BDFA7A13CC73B180BBDF1ABA280E1CF7] (Malwarebytes) C:\Windows\System32\Drivers\5323E4FD.sys
2017-12-07 16:18 - 2017-12-07 16:18 - 000255928 ____A [BDFA7A13CC73B180BBDF1ABA280E1CF7] (Malwarebytes) C:\Windows\System32\Drivers\5D2632D3.sys
2017-11-20 16:32 - 2017-11-20 16:32 - 000109272 ____A [47701ECA633574E122687693B5C5D35C] (Malwarebytes) C:\Windows\System32\Drivers\656A6F1B.sys
2017-11-20 16:52 - 2017-11-20 16:52 - 000192216 ____A [78488AF2AB2111D67B3C4044707A519B] (Malwarebytes) C:\Windows\System32\Drivers\66B97E46.sys
2017-12-04 12:35 - 2017-12-04 12:35 - 000255928 ____A [BDFA7A13CC73B180BBDF1ABA280E1CF7] (Malwarebytes) C:\Windows\System32\Drivers\7327838C.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000705888 ____A [73C73E1AA0D4D727A04AAAB120B7F56A] (Microsoft Corporation) C:\Windows\System32\Drivers\acpi.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000018432 ____A [0935496EF9624B46B935CB35ECE1F205] (Microsoft Corporation) C:\Windows\System32\Drivers\AcpiDev.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000126816 ____A [D6794C31F4077B71433988787BAA926E] (Microsoft Corporation) C:\Windows\System32\Drivers\acpiex.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000012288 ____A [FE5F656D6B35089DA39112E74EC6A85A] (Microsoft Corporation) C:\Windows\System32\Drivers\acpipagr.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000014336 ____A [2F242941E4DFF69B883D77A16F039557] (Microsoft Corporation) C:\Windows\System32\Drivers\acpipmi.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000013312 ____A [C247E35A21682DA8D0DC3AF9F025FCC5] (Microsoft Corporation) C:\Windows\System32\Drivers\acpitime.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 001135456 ____A [49B9DB97AFC85DCCBDACDAB2E90085B7] (PMC-Sierra) C:\Windows\System32\Drivers\adp80xx.sys
2017-01-24 11:46 - 2016-10-14 23:21 - 000584032 ____A [323AA1953ED9C01E23F740FA891FE064] (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000107520 ____A [28C2EA278070EE12701D0EDF8CB0EC36] (Microsoft Corporation) C:\Windows\System32\Drivers\agilevpn.sys
2017-01-24 11:44 - 2016-10-14 22:31 - 000227328 ____A [23522E5D581F7722B1B5B86737CAE39C] (Microsoft Corporation) C:\Windows\System32\Drivers\ahcache.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000123392 ____A [DF21E05E41E5AC3F13F304D91457649A] (Microsoft Corporation) C:\Windows\System32\Drivers\amdk8.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000120832 ____A [45D0AA4BB90B821DF92E8F19ABED0C5E] (Microsoft Corporation) C:\Windows\System32\Drivers\amdppm.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000083296 ____A [74FFBC43B4B899C9A8CA06A892F2CE73] (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000259424 ____A [AAB0F1D8D7E54761ABAB13AF161F1680] (AMD Technologies Inc.) C:\Windows\System32\Drivers\amdsbs.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000026976 ____A [F91BAAC4237C40352A807000F3B716F9] (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000172896 ____A [BC121C099C6C659126AD2102AFDFF8CF] (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000015360 ____A [68190E2BADF23BD782344970E5B5DE9E] (Microsoft Corporation) C:\Windows\System32\Drivers\applockerfltr.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000131936 ____A [E6AB1F0B4C3D4E0D2A88332D76FECD03] (PMC-Sierra, Inc.) C:\Windows\System32\Drivers\arcsas.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000028160 ____A [61C5A480C43E7E8E49C42869F49D0D3E] (Microsoft Corporation) C:\Windows\System32\Drivers\asyncmac.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000028512 ____A [A10F989A812B57B9695F6C305907C9C6] (Microsoft Corporation) C:\Windows\System32\Drivers\atapi.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000191840 ____A [65DEB05FC234BFF207379F06F0754402] (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2016-05-19 08:33 - 2016-05-19 08:33 - 000246804 ____A [9EB599A4878E590016032ADDBB9C244F] () C:\Windows\System32\Drivers\AtherosBT.bin
2016-05-19 08:33 - 2016-05-19 08:33 - 000044028 ____A [95A1929ECED2AEDF9A8DCE16FAF8F7FD] () C:\Windows\System32\Drivers\AthrBT_0x01020200.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000045868 ____A [B78208975B834F613E65C1559CF4A287] () C:\Windows\System32\Drivers\AthrBT_0x01020201.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000046972 ____A [069117F68C00517139FBB958939AE2E5] () C:\Windows\System32\Drivers\AthrBT_0x11020000.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000046852 ____A [A6DBD8656A9BCC655985285CD5B7DA74] () C:\Windows\System32\Drivers\AthrBT_0x11020100.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000046908 ____A [D45459DCCBCD665B0FFBAE3C5475CFBE] () C:\Windows\System32\Drivers\AthrBT_0x31010000.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000040684 ____A [9F3DE04A41DAAF2072C37ED0BA873182] () C:\Windows\System32\Drivers\AthrBT_0x31010000_ss01.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000042908 ____A [1DC48616AF87438F7D5CE5EBBF612583] () C:\Windows\System32\Drivers\AthrBT_0x31010100.dfu
2016-07-16 06:41 - 2016-07-16 06:41 - 004233728 ____A [835E2C1A3D32492E2B90BD4FE5527CB6] (Qualcomm Atheros Communications, Inc.) C:\Windows\System32\Drivers\athw8x.sys
2017-11-09 18:59 - 2017-11-09 18:58 - 000166624 ____A [281F272D964F0540458C7461E679DDEC] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgbdiska.sys
2017-11-09 18:59 - 2017-11-09 18:58 - 000314640 ____A [CA9D9932A597ACC6EE931FAB854A88F9] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgbidsdrivera.sys
2017-11-09 18:59 - 2017-11-09 18:58 - 000192584 ____A [A1651522600E7F3CAC76D1E8ED19F062] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgbidsha.sys
2017-11-09 18:59 - 2017-11-09 18:58 - 000336896 ____A [A2E7E80A6FC50936C462433755CFCF4B] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgbloga.sys
2017-11-09 18:59 - 2017-11-09 18:58 - 000051336 ____A [347E82D80CCD856E70AD30F65E0005DF] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgbuniva.sys
2017-11-09 18:59 - 2017-11-09 18:58 - 000039424 ____A [FB38E4E23F4BAAED94DCECD385100F57] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgHwid.sys
2017-11-09 18:59 - 2017-11-09 18:58 - 000140192 ____A [66CD7BE57D936EC0E6FE5D6EFA3F27D0] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgMonFlt.sys
2017-11-09 18:59 - 2017-11-09 18:58 - 000102792 ____A [3439B9FE6E2665F94C36C7D375F9ECE8] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgRdr2.sys
2017-11-09 18:59 - 2017-11-09 18:58 - 000076832 ____A [4CA84A3A5FB1C89CA119609C3EC1CEEE] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgRvrt.sys
2017-11-09 18:59 - 2017-11-09 19:00 - 001022288 ____A [09882028D20A3FA880B9F2ACF2FE4EA1] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgsnx.sys
2017-11-09 18:59 - 2017-11-09 18:58 - 001012952 ____A [110F06618DD38446E6CE1AEF41AEA21D] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgsnx.sys.151027199979604
2017-11-09 18:59 - 2017-11-09 18:58 - 000579584 ____A [6575A751293B76631E5807191D8C9816] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgSP.sys
2017-11-09 18:59 - 2017-11-09 18:58 - 000193768 ____A [D4FD2D0EFE561E23648EBF2A4EA4C1FC] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgStm.sys
2017-11-09 18:59 - 2017-11-09 18:58 - 000355856 ____A [341BFF7498CD49FA2A686F4C1230E256] (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgVmm.sys
2017-04-11 16:48 - 2017-03-28 00:36 - 000056320 ____A [94D6B95485BFA35D81524B0EBA0F7569] (Microsoft Corporation) C:\Windows\System32\Drivers\BasicDisplay.sys
2017-10-11 08:32 - 2017-09-17 21:32 - 000041472 ____A [8CE702B1F8BB3C2A9702A4F3742D6216] (Microsoft Corporation) C:\Windows\System32\Drivers\BasicRender.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000036192 ____A [59370B2D44382A7BBC597FA6C93F535C] (Microsoft Corporation) C:\Windows\System32\Drivers\battc.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000009728 ____A [3F5523DCEFE42B385659C5CB46A6B810] (Windows ® Win 7 DDK provider) C:\Windows\System32\Drivers\bcmfn.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000009728 ____A [0B750A6A6D847E73CA48ADD7A0F5A393] (Windows ® Win 7 DDK provider) C:\Windows\System32\Drivers\bcmfn2.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000009728 ____A [0A508274355745EEF01C6BE3198D02C4] (Microsoft Corporation) C:\Windows\System32\Drivers\beep.sys
2017-01-24 11:48 - 2016-11-02 05:23 - 000101888 ____A [9CD2A4821DE379305CACB2E99AD8953A] (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2017-07-11 19:44 - 2017-07-07 01:49 - 000115200 ____A [85669C51BA3BBD4CF6457C280BFAEA0C] (Microsoft Corporation) C:\Windows\System32\Drivers\bridge.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000022016 ____A [A3B00F3A37AA5375A03294BC78D07C7A] (Microsoft Corporation) C:\Windows\System32\Drivers\BtaMPM.sys
2013-10-30 00:50 - 2013-10-30 00:50 - 000034384 ____A [C6978F7EBA6F37D626482AC6B9390630] (Qualcomm Atheros) C:\Windows\System32\Drivers\btath_bus.sys
2016-07-13 16:47 - 2016-07-13 16:47 - 000610336 ____A [C8BF11D79B29BB23A461B65B58BA8593] (Qualcomm Atheros) C:\Windows\System32\Drivers\btfilter.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000043008 ____A [722036C26D2C4E50EC2A2EC5FD678846] (Microsoft Corporation) C:\Windows\System32\Drivers\BthAvrcpTg.sys
2016-10-03 08:24 - 2016-10-03 08:24 - 000114176 ____A [77630A51FAF6A07922FEE835F4DED8F6] (Microsoft Corporation) C:\Windows\System32\Drivers\bthenum.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000065536 ____A [C2E31BE025D46D189E38DD1EDF07837A] (Microsoft Corporation) C:\Windows\System32\Drivers\bthhfenum.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000031232 ____A [F7CD605FC0B0B22F3F6F247595E3A655] (Microsoft Corporation) C:\Windows\System32\Drivers\BthhfHid.sys
2017-08-11 13:24 - 2017-07-12 00:21 - 000250880 ____A [B887F6536B6F6566E1B6794878E8FBA6] (Microsoft Corporation) C:\Windows\System32\Drivers\BthLEEnum.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000066048 ____A [535DC41A33630AE4C262406F9E981C03] (Microsoft Corporation) C:\Windows\System32\Drivers\bthmodem.sys
2017-07-11 19:46 - 2017-07-07 01:47 - 000128512 ____A [09A2E0DF0ED1D5D3F8C6779A0CC19529] (Microsoft Corporation) C:\Windows\System32\Drivers\bthpan.sys
2017-05-10 08:21 - 2017-04-27 18:54 - 000967680 ____A [34C35293F5A3DEFEC59DBCD7BD4C17D0] (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2016-10-03 08:24 - 2016-10-03 08:24 - 000084992 ____A [DC5955E589C55E2313D69B64E1A183F3] (Microsoft Corporation) C:\Windows\System32\Drivers\BTHUSB.SYS
2016-07-16 06:41 - 2016-07-16 06:41 - 000038912 ____A [23F9EF739F685E07482116425E7879AA] (Microsoft Corporation) C:\Windows\System32\Drivers\buttonconverter.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000533856 ____A [61BAC67048CA5C1D08C48FCC8012B613] (QLogic Corporation) C:\Windows\System32\Drivers\bxvbda.sys
2017-01-24 11:46 - 2016-09-10 08:21 - 000118272 ____A [60EB6A4CE3E21887D302350631C16F26] (Microsoft Corporation) C:\Windows\System32\Drivers\capimg.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000092160 ____A [F8FB51B9EF6372610E9B31A1D86B62FC] (Microsoft Corporation) C:\Windows\System32\Drivers\cdfs.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000173056 ____A [613D0137C269187FA298A157E3D14A18] (Microsoft Corporation) C:\Windows\System32\Drivers\cdrom.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000076640 ____A [D26EAC6F0FCF2F12596F44917C14DE28] (Microsoft Corporation) C:\Windows\System32\Drivers\CEA.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000102752 ____A [48BC8B59BF348BD8C8702B93171008F2] (Chelsio Communications) C:\Windows\System32\Drivers\cht4dx64.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000346976 ____A [0AED948DA8D5F08B3D6F12E4E2089736] (Chelsio Communications) C:\Windows\System32\Drivers\cht4sx64.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 002104160 ____A [0002A0FDE087C1657AB31CE73077539C] (Chelsio Communications) C:\Windows\System32\Drivers\cht4vx64.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000048640 ____A [6B4F90A287D75CCD78694F6790C911B2] (Microsoft Corporation) C:\Windows\System32\Drivers\circlass.sys
2017-03-14 16:20 - 2017-03-04 02:20 - 000379744 ____A [90B63895BDC9C29CBEAF0A510309D985] (Microsoft Corporation) C:\Windows\System32\Drivers\Classpnp.sys
2017-09-12 16:22 - 2017-08-08 01:01 - 000376672 ____A [D9B1D367ED0852AD2BEBB58848995CBC] (Microsoft Corporation) C:\Windows\System32\Drivers\clfs.sys
2016-10-03 08:24 - 2016-10-03 08:24 - 000681304 ____A [8833A059270A60CE347FEB9A7951B3F4] (Microsoft Corporation) C:\Windows\System32\Drivers\ClipSp.sys
2015-03-25 18:12 - 2013-03-05 14:01 - 000091712 ____A [3E76A1547F2448BCEE3D2F4AE3931AB5] (CyberLink) C:\Windows\System32\Drivers\CLVirtualDrive.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000029696 ____A [429623E266EF067A44E8CF148E9DFB9B] (Microsoft Corporation) C:\Windows\System32\Drivers\CmBatt.sys
2016-10-03 08:25 - 2016-10-03 08:25 - 000023392 ____A [964943933D448935595C450AC4E8A5B1] (Microsoft Corporation) C:\Windows\System32\Drivers\cmimcext.sys
2017-10-11 08:30 - 2017-09-17 22:01 - 000624048 ____A [572F57487C4CFC0EDE2682F41D0AD424] (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000038752 ____A [3DB10C59405931E2C72EFB82C1AF97D1] (Microsoft Corporation) C:\Windows\System32\Drivers\cnghwassist.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000053088 ____A [44EEEB2382F566999287E13F2067693C] (Microsoft Corporation) C:\Windows\System32\Drivers\condrv.sys
2017-01-24 11:47 - 2016-10-14 23:29 - 000079200 ____A [3DFBB8B3F8BC0A91297030D0E530BA37] (Microsoft Corporation) C:\Windows\System32\Drivers\crashdmp.sys
2017-03-14 16:20 - 2017-03-04 02:15 - 000063328 ____A [3BBD0073265DA6D3EFBA54B26E5D8236] (Microsoft Corporation) C:\Windows\System32\Drivers\dam.sys
2017-04-11 09:01 - 2017-04-11 09:01 - 000032960 ____A [A9DD971DDC793C549AFB97A6DDBD76B6] (Dell Inc.) C:\Windows\System32\Drivers\DDDriver64Dcsa.sys
2017-04-11 09:01 - 2017-04-11 09:01 - 000032568 ____A [8205B97AAF15AFDD2ED7D8E6C5088396] (Dell Computer Corporation) C:\Windows\System32\Drivers\DellProf.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000044032 ____A [2F76824E6692CDB308E5A832CB3E954D] (Microsoft Corporation) C:\Windows\System32\Drivers\devauthe.sys
2017-07-11 19:44 - 2017-06-21 01:58 - 000144896 ____A [385E6F76E684E7EEEECBBB156C45D191] (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys
2017-09-12 16:21 - 2017-08-08 01:03 - 000102240 ____A [630A3DA76BAC02E678AD0C3EF77CCDE3] (Microsoft Corporation) C:\Windows\System32\Drivers\disk.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000038240 ____A [7044E23927B89C9948837FBBC353012B] (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2017-11-08 16:03 - 2017-11-08 16:03 - 000079064 ____A [8C17F3795DAE9A0ECDE4B3A3B0740E5F] (Malwarebytes) C:\Windows\System32\Drivers\djpk.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000014336 ____A [9BDD29F5756F02B8F9ECDB66A6020EBA] (Microsoft Corporation) C:\Windows\System32\Drivers\Dmpusbstor.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000035840 ____A [815F45161A4571C2C44491564F3D5968] (Microsoft Corporation) C:\Windows\System32\Drivers\dmvsc.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000097280 ____A [ACC5518651190FA27C0FDC046A3AC22F] (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000016168 ____A [AE6BD4C879A8C849E53947C92DF3B3A0] (Microsoft Corporation) C:\Windows\System32\Drivers\drmkaud.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000035680 ____A [6630E7DF5714820E9C0E5BAC3D057453] (Microsoft Corporation) C:\Windows\System32\Drivers\Dumpata.sys
2016-07-16 06:44 - 2016-07-16 06:44 - 000089560 ____A [D41A6CE0E0A50ADDF5A86430796EDA75] (Microsoft Corporation) C:\Windows\System32\Drivers\dumpfve.sys
2017-06-14 08:35 - 2017-06-03 04:54 - 000187232 ____A [D515CD0012EBFF9EF255798F3A4BA1EE] (Microsoft Corporation) C:\Windows\System32\Drivers\dumpsd.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000031744 ____A [F2D6E07BCB7E5172529AC179DAD5E0FA] (Microsoft Corporation) C:\Windows\System32\Drivers\dumpsdport.sys
2017-09-12 16:23 - 2017-09-07 00:54 - 002188128 ____A [0B729AE130D2EC2953865A09497F9F43] (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2017-09-12 16:23 - 2017-09-07 00:54 - 000402784 ____A [1476A9CA77C1EA885C5053A6237738D4] (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2017-09-12 16:23 - 2017-09-07 00:54 - 000658784 ____A [1D77B49D7DCCACBE6C1E30C5A994523F] (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms2.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000088416 ____A [8D74B8B5D6F7C5BC4C525BAF2B083FF1] (Microsoft Corporation) C:\Windows\System32\Drivers\EhStorClass.sys
2016-10-03 08:24 - 2016-10-03 08:24 - 000118112 ____A [2A9817B5A9260D8F60D52E36BEF10443] (Microsoft Corporation) C:\Windows\System32\Drivers\EhStorTcgDrv.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000013312 ____A [77B60DEC7DCB4233E4A69D3F52E5DB24] (Microsoft Corporation) C:\Windows\System32\Drivers\errdev.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 003418976 ____A [7EC6FC0266D74BD47ABB130A328B70EC] (QLogic Corporation) C:\Windows\System32\Drivers\evbda.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000334848 ____A [FCD2C63754C2E739A8EEAD9BC63F9DDC] (Microsoft Corporation) C:\Windows\System32\Drivers\exfat.sys
2017-01-24 11:47 - 2016-11-11 05:13 - 000352096 ____A [FA918EC296EB410FF02867D008D02421] (Microsoft Corporation) C:\Windows\System32\Drivers\fastfat.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000032256 ____A [99598ECA5E41996E005D5B9D9FF1EFA2] (Microsoft Corporation) C:\Windows\System32\Drivers\fdc.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000088576 ____A [F44F666B0EACC3181544FFCF8CA0FFC7] (Microsoft Corporation) C:\Windows\System32\Drivers\filecrypt.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000085344 ____A [78A210DDFDF2C9EC884631D2DAA573F0] (Microsoft Corporation) C:\Windows\System32\Drivers\fileinfo.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000035840 ____A [1A97DB5E701A186989F3795223C3BE39] (Microsoft Corporation) C:\Windows\System32\Drivers\filetrace.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000026112 ____A [46626665F0E5906E45619B4EFD6186B8] (Microsoft Corporation) C:\Windows\System32\Drivers\flpydisk.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000377696 ____A [FDA72ACA14D516D18C33AFCD0FD9260F] (Microsoft Corporation) C:\Windows\System32\Drivers\fltMgr.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000031584 ____A [6D6BB5C7363CD35FA715E826F3D029EE] (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2017-05-10 08:18 - 2017-04-27 19:44 - 000062816 ____A [B07A40B5A7A58B8C75663A572A46084C] (Microsoft Corporation) C:\Windows\System32\Drivers\fsdepends.sys
2017-09-12 16:24 - 2017-08-08 00:52 - 000649568 ____A [3807CB07B3A446B87004240B1D7BD4F8] (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2017-03-14 16:22 - 2017-03-04 02:17 - 000409952 ____A [31E7C0A49B5D4499C66D3BD9CFB0E7B9] (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2016-07-16 06:41 - 2016-07-16 06:41 - 000020480 ____A [B55FEBC6A00DAA1FE074F020B6907516] (Microsoft Corporation) C:\Windows\System32\Drivers\genericusbfn.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 003440660 ____A [7F29903CB8F5590D52DB0C9F97049A25] () C:\Windows\System32\Drivers\gm.dls
2016-07-16 06:42 - 2016-07-16 06:42 - 000000646 ____A [7111BFA692A22E4B3C07F1E6C6FF6F72] () C:\Windows\System32\Drivers\gmreadme.txt
2016-07-16 06:42 - 2016-07-16 06:42 - 000008192 ____A [7ACD8F69B5D6EC97E6D2C006E19BED88] (Microsoft Corporation) C:\Windows\System32\Drivers\gpuenergydrv.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000083456 ____A [10E3515FE5DBA6656FA62C29342EC4A1] (Microsoft Corporation) C:\Windows\System32\Drivers\hdaudbus.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000036704 ____A [B90D284B97CD4CA9DE7430AAAD887A56] (Microsoft Corporation) C:\Windows\System32\Drivers\hidbatt.sys
2017-10-11 08:32 - 2017-09-14 17:34 - 000108544 ____A [6B6E527B24F0D76F17E7DBD6D4059B22] (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
2017-01-24 11:48 - 2016-10-14 22:55 - 000156672 ____A [5157325B17E455D9DF7AFBB4B608E78A] (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000051200 ____A [D24355488A2D4D2323518EC1AC7A6D9E] (Microsoft Corporation) C:\Windows\System32\Drivers\hidi2c.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000050016 ____A [0AF9ABBA4F3F55C6C803890D64BC3C29] (Microsoft Corporation) C:\Windows\System32\Drivers\hidinterrupt.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000046592 ____A [CDBCF8E9AB06D88A1E1191D32F320C5D] (Microsoft Corporation) C:\Windows\System32\Drivers\hidir.sys
2016-10-03 08:24 - 2016-10-03 08:24 - 000040960 ____A [B9A33B9298BAFCE11E9823B1056D5BB0] (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2016-10-03 08:24 - 2016-10-03 08:24 - 000038400 ____A [D8536CB438CC4CCDAE047B768EED22B2] (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2015-11-11 16:47 - 2011-04-15 11:14 - 000016384 ____A [0570A17A2E5001B97E20C15B4FC516AE] () C:\Windows\System32\Drivers\HPM1210FAX.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000064352 ____A [F5CA18197B4646E04DB9EB2D6642CC4D] (Hewlett-Packard Company) C:\Windows\System32\Drivers\HpSAMD.sys
2017-09-12 16:23 - 2017-08-08 00:45 - 001102176 ____A [AB91AF050B5FFFE25BEEEDE8AB6ED035] (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2016-10-03 08:25 - 2016-10-03 08:25 - 000073568 ____A [74FC79C52395B10FFD0B55CF22CF88FC] (Microsoft Corporation) C:\Windows\System32\Drivers\hvservice.sys
2017-03-14 16:19 - 2017-03-04 02:07 - 000110944 ____A [B0F6ED1B3AAFCA958F0B242863DD1F18] (Microsoft Corporation) C:\Windows\System32\Drivers\hvsocket.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000029536 ____A [771EDDA9830A3079F996F34D681FB6E5] (Microsoft Corporation) C:\Windows\System32\Drivers\hwpolicy.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000016384 ____A [3B9F315E7FA72CC25228EB097DD9C694] (Microsoft Corporation) C:\Windows\System32\Drivers\hyperkbd.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000114176 ____A [B54B30992620C97230013A74461C8517] (Microsoft Corporation) C:\Windows\System32\Drivers\i8042prt.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000033280 ____A [C6B8743B213F06AA60943D8366FE968F] (Intel® Corporation) C:\Windows\System32\Drivers\iagpio.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000081408 ____A [9A2A2F3C69B9A30B6E78536F6D258BAD] (Intel® Corporation) C:\Windows\System32\Drivers\iai2c.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000064512 ____A [5A0E850F8CD17791A3E6A3CF81D0CA28] (Intel Corporation) C:\Windows\System32\Drivers\iaLPSS2i_GPIO2.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000176384 ____A [7508F1096803385D6376BFD0BD473AC4] (Intel Corporation) C:\Windows\System32\Drivers\iaLPSS2i_I2C.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000038128 ____A [16A10CCEDCF5AC4CAAE43DC9FC40392F] (Intel Corporation) C:\Windows\System32\Drivers\iaLPSSi_GPIO.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000113152 ____A [EB82A11613326691508D9ED9A4FE29E7] (Intel Corporation) C:\Windows\System32\Drivers\iaLPSSi_I2C.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000673120 ____A [97E553D03219D3D51705C7235D9EAEBD] (Intel Corporation) C:\Windows\System32\Drivers\iaStorAV.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000412000 ____A [8350FE3BCDE3428BC040877BB7E9EAEB] (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000526176 ____A [3BA03F7C7700DDF4C383DDE9252F5817] (Mellanox) C:\Windows\System32\Drivers\ibbus.sys
2016-05-03 22:30 - 2016-05-03 22:30 - 003811288 ____A [9CE4D3A79D3180AC5A141E2F7E7137F4] (Intel Corporation) C:\Windows\System32\Drivers\igdkmd64.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000035840 ____A [2A01C96DF5802D3434634E55C91232D8] (Microsoft Corporation) C:\Windows\System32\Drivers\IndirectKmd.sys
2015-08-21 10:50 - 2015-08-21 10:50 - 000463112 ____A [87871AB7AC797F922A6F3D4C874CED96] (Intel® Corporation) C:\Windows\System32\Drivers\IntcDAud.sys
2013-12-26 18:38 - 2013-12-26 18:30 - 000038296 ____A [F0F581A2299CB2BAB1DF2597BCDDB80F] (Intel Corporation) C:\Windows\System32\Drivers\intelaud.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000019296 ____A [9F7E87F6595D065A8A200A291043045E] (Microsoft Corporation) C:\Windows\System32\Drivers\intelide.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000048152 ____A [A6BD2E20AE1BC5CB2776C87C28E4F4CA] (Microsoft Corporation) C:\Windows\System32\Drivers\intelpep.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000134144 ____A [2A48DA39542636DB0FA3BA915385D1B3] (Microsoft Corporation) C:\Windows\System32\Drivers\intelppm.sys
2017-01-24 11:45 - 2016-11-02 05:55 - 000048992 ____A [DB32758F3A7F6CCE81A5430080A2EA65] (Microsoft Corporation) C:\Windows\System32\Drivers\iorate.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000085504 ____A [FE85D0A86CA7A5A99CF8CD04DE7F80AE] (Microsoft Corporation) C:\Windows\System32\Drivers\ipfltdrv.sys
2017-03-14 16:19 - 2017-03-04 02:24 - 000090976 ____A [10D01A3657AC8E8004C83D613163DE1E] (Microsoft Corporation) C:\Windows\System32\Drivers\IPMIDrv.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000212480 ____A [F1DAECC3B3D6399875D4F10529D6A77C] (Microsoft Corporation) C:\Windows\System32\Drivers\ipnat.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000120320 ____A [7475A2903BB704B446AA6309E34D3362] (Microsoft Corporation) C:\Windows\System32\Drivers\irda.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000019456 ____A [9725E7F0C64CE9916A5CDABE8D6E13C3] (Microsoft Corporation) C:\Windows\System32\Drivers\irenum.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000022880 ____A [58040898883A96160D41739C80328BBF] (Microsoft Corporation) C:\Windows\System32\Drivers\isapnp.sys
2015-12-01 14:50 - 2015-12-01 14:46 - 000038896 ____A [48B904D31F2369D7B0122617038D3F5B] (Intel Corporation) C:\Windows\System32\Drivers\iwdbus.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000062304 ____A [210808437570BDDEE71A43535E3A2D30] (Microsoft Corporation) C:\Windows\System32\Drivers\kbdclass.sys
2016-10-03 08:24 - 2016-10-03 08:24 - 000039424 ____A [0B779E9FC426CA2268D28181FA6C222F] (Microsoft Corporation) C:\Windows\System32\Drivers\kbdhid.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000025088 ____A [813BA3EB2CE038F2A5382DDD75CAD60B] (Microsoft Corporation) C:\Windows\System32\Drivers\kdnic.sys
2017-03-14 16:21 - 2017-03-04 01:28 - 000394752 ____A [4B1EE87B479078CA9C366689A70C9137] (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
2017-10-11 08:31 - 2017-09-17 22:09 - 000133984 ____A [251F05F5F617C88DF7491441671720DA] (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2017-10-11 08:30 - 2017-09-17 22:05 - 000168800 ____A [B88617822DA473114DE754A2A312A8C5] (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000026112 ____A [4ED115CD1A1099705F56B5E0FFF97CC6] (Microsoft Corporation) C:\Windows\System32\Drivers\ksthunk.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000066048 ____A [5933A6673F00D8255C52957E40C2D601] (Microsoft Corporation) C:\Windows\System32\Drivers\lltdio.sys
2017-11-20 18:00 - 2017-11-20 18:00 - 000061304 ____A [FB9372BC10F162645F64884A47B5F79D] () C:\Windows\System32\Drivers\lpsport.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000108896 ____A [8E1B0946948CCC0BC1FA3CB70374A795] (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000105824 ____A [4F68163FC04C973500DC4DA0946917B0] (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas2i.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000101216 ____A [E5AC5F2815938651CDCC27F425474673] (Avago Technologies) C:\Windows\System32\Drivers\lsi_sas3i.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000082776 ____A [CCF6EC9FB9B8F18E05B4253E81013E48] (LSI Corporation) C:\Windows\System32\Drivers\lsi_sss.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000125952 ____A [C9579D32219E5B936AC3A48D470117EC] (Microsoft Corporation) C:\Windows\System32\Drivers\luafv.sys
2012-10-26 15:42 - 2012-10-26 15:42 - 000266828 ____A [835C775A6871D2A2EA6FC343B6B4C9A2] () C:\Windows\System32\Drivers\LVAFT.cfg
2012-10-26 15:42 - 2012-10-26 15:42 - 000026784 ____A [81F2B52C47B8AD32CC4FF967FC8D73DA] (Logitech Inc.) C:\Windows\System32\Drivers\lvbflt64.sys
2012-10-26 15:42 - 2012-10-26 15:42 - 000351520 ____A [A0A527569856B9814E8920F52EBB67F5] (Logitech Inc.) C:\Windows\System32\Drivers\lvrs64.sys
2012-10-26 15:42 - 2012-10-26 15:42 - 004758176 ____A [415E344294D1C0D04627B29146F68481] (Logitech Inc.) C:\Windows\System32\Drivers\lvuvc64.sys
2017-12-04 12:10 - 2017-12-08 17:29 - 000077432 ____A [680AF1647150CF9B061FF40E71C7396A] () C:\Windows\System32\Drivers\mbae64.sys
2017-12-04 12:11 - 2017-12-13 10:59 - 000192952 ____A [24C3F7C13C2490BFE9CD6AC40B9EAA5E] (Malwarebytes) C:\Windows\System32\Drivers\MbamChameleon.sys
2017-12-04 12:10 - 2017-12-12 15:19 - 000119000 ____A [F24BD06AE917F57408999F79E91FD6BC] (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000022528 ____A [4B3FFAC848A89681180A48D0EC13A4A3] (Microsoft Corporation) C:\Windows\System32\Drivers\mcd.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000059744 ____A [C3CDCCF07486BD2616A7B82946E07AC0] (Avago Technologies) C:\Windows\System32\Drivers\megasas.sys
2017-01-24 11:44 - 2016-10-05 05:09 - 000064352 ____A [2CF0CB2A0ED68C5455371E84C16F9627] (Avago Technologies) C:\Windows\System32\Drivers\MegaSas2i.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000575840 ____A [FADB2FE017E69EECE0E1BA78661C2E8C] (LSI Corporation, Inc.) C:\Windows\System32\Drivers\megasr.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000842584 ____A [FD60818B66B2E8A5415EA840E99A9D8F] (Mellanox) C:\Windows\System32\Drivers\mlx4_bus.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000048128 ____A [68F6977F1CFBAAC770D940A8C0326FA1] (Microsoft Corporation) C:\Windows\System32\Drivers\mmcss.sys
2017-01-24 11:44 - 2016-11-11 04:26 - 000042496 ____A [0D50B3F3AB32D416786B58D4553859CE] (Microsoft Corporation) C:\Windows\System32\Drivers\modem.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000038400 ____A [9CCCB7FC3EDADEBA461D78615A6011A6] (Microsoft Corporation) C:\Windows\System32\Drivers\monitor.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000059232 ____A [27A07B2FB2E3057DA8DAEA4F25D843C7] (Microsoft Corporation) C:\Windows\System32\Drivers\mouclass.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000032256 ____A [7BD6E7F7C9001AB21B8362CFFEE80B25] (Microsoft Corporation) C:\Windows\System32\Drivers\mouhid.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000104800 ____A [F5BDAEE4B7D369D4C74668DCFBA3FF10] (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000075776 ____A [30844BD376F9D01E62C820BEF446F1F8] (Microsoft Corporation) C:\Windows\System32\Drivers\mpsdrv.sys
2017-01-24 11:45 - 2016-10-05 04:20 - 000143872 ____A [25D32BE04FE0A23FDF57FD5382757672] (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2017-09-12 16:24 - 2017-08-08 00:52 - 000450400 ____A [F4A3EFC57F7A5406565E6519B25A4C31] (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2017-10-11 08:32 - 2017-09-17 21:26 - 000283136 ____A [E0AC54C9EEF2C8B14363B256CB0B281C] (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2017-10-11 08:31 - 2017-09-17 22:01 - 000223072 ____A [87B9D4998D9CA0DBB6CA01BB2C28857D] (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000031232 ____A [F01B849D9D4A8CEAF32D4FDBD0B83C92] (Microsoft Corporation) C:\Windows\System32\Drivers\msfs.sys
2015-12-03 10:58 - 2015-12-03 10:58 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2016-10-03 04:40 - 2016-10-03 04:40 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-11-23 12:57 - 2015-11-23 12:57 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-10-30 02:18 - 2015-10-30 02:18 - 000000003 ____N [933222B19FF3E7EA5F65517EA1F7D57E] () C:\Windows\System32\Drivers\MsftWdf_Kernel_01017_Inbox_Critical.Wdf
2016-07-16 06:42 - 2016-07-16 06:42 - 000000003 ____A [933222B19FF3E7EA5F65517EA1F7D57E] () C:\Windows\System32\Drivers\MsftWdf_Kernel_01019_Inbox_Critical.Wdf
2016-07-16 06:42 - 2016-07-16 06:42 - 000000003 ____A [933222B19FF3E7EA5F65517EA1F7D57E] () C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2016-07-16 06:42 - 2016-07-16 06:42 - 000168800 ____A [DDD8A8CDDC7F13EF57D1DAAE71865936] (Microsoft Corporation) C:\Windows\System32\Drivers\msgpioclx.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000050528 ____A [22ECD8F5D1DFADF2011BBB1700CB871D] (Microsoft Corporation) C:\Windows\System32\Drivers\msgpiowin32.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000008704 ____A [FD870F6968A145E4D2BA8A8842686B03] (Microsoft Corporation) C:\Windows\System32\Drivers\mshidkmdf.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000011776 ____A [30364757963A028CE5DF0FBAAC270173] (Microsoft Corporation) C:\Windows\System32\Drivers\mshidumdf.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000018784 ____A [6BB0FEDDAE7135FA37FFAFF4D9E0E876] (Microsoft Corporation) C:\Windows\System32\Drivers\msisadrv.sys
2017-08-11 13:24 - 2017-07-12 00:56 - 000277856 ____A [3C97BBD57E92F76A079338DE6F8317C6] (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2017-03-14 16:21 - 2017-03-04 01:36 - 000027136 ____A [4586CDA25B7866DD9505CEECF9DB3C74] (Microsoft Corporation) C:\Windows\System32\Drivers\mskssrv.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000078336 ____A [642CDE46351D5D2D90311E77072AB46D] (Microsoft Corporation) C:\Windows\System32\Drivers\mslldp.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000010752 ____A [F2302A5CE63CA7673200FAFCEEEDB6AF] (Microsoft Corporation) C:\Windows\System32\Drivers\mspclock.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000010752 ____A [6114512EA26E835BA522C63635429DB5] (Microsoft Corporation) C:\Windows\System32\Drivers\mspqm.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000361312 ____A [AA538E16E644D00E3BA5349BBA9598EC] (Microsoft Corporation) C:\Windows\System32\Drivers\msrpc.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000043360 ____A [0543BEFD41EC4D25C7F7CF36409CEC7D] (Microsoft Corporation) C:\Windows\System32\Drivers\mssmbios.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000012800 ____A [C1569E4DB8EFE3617847BF041A3C842F] (Microsoft Corporation) C:\Windows\System32\Drivers\mstee.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000015872 ____A [130B16970154BA9876B09E5C4BAC63BE] (Microsoft Corporation) C:\Windows\System32\Drivers\MTConfig.sys
2017-07-11 19:44 - 2017-06-21 02:50 - 000126304 ____A [A2A906C0D38BFE1D780251D044BDBD4D] (Microsoft Corporation) C:\Windows\System32\Drivers\mup.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000063840 ____A [3D2C5B4995CA0751D32DEA0DE9FDFE44] (Marvell Semiconductor, Inc.) C:\Windows\System32\Drivers\mvumis.sys
2016-11-22 17:12 - 2012-11-08 06:00 - 000019968 ____A [C983834933213967B1F903535F2EA4C9] (Marvell Semiconductor, Inc.) C:\Windows\System32\Drivers\mvusbews.sys
2017-11-09 11:55 - 2017-12-04 12:11 - 000094144 ____A [482F6D603BDCC825768D86D8228BD65F] (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000108896 ____A [629CB21AC49C8867E0F29DF1C16DB7B4] (Mellanox) C:\Windows\System32\Drivers\ndfltr.sys
2017-08-11 13:23 - 2017-07-12 01:09 - 001181024 ____A [42A3B76320D483D443A60661FE1FEF14] (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000050176 ____A [6DD605338FAAF6BA17662AA874E0D162] (Microsoft Corporation) C:\Windows\System32\Drivers\ndiscap.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000126464 ____A [E34196F285F8B8879E1FF36C31F7179E] (Microsoft Corporation) C:\Windows\System32\Drivers\NdisImPlatform.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000026112 ____A [1FAD2398673F30CEC616B89C46B7DCBA] (Microsoft Corporation) C:\Windows\System32\Drivers\ndistapi.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000063488 ____A [AEB8ECBE66CC46854066CB1F5623E179] (Microsoft Corporation) C:\Windows\System32\Drivers\ndisuio.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000020480 ____A [7340104C2BF2F126714F7CDE85E63610] (Microsoft Corporation) C:\Windows\System32\Drivers\NdisVirtualBus.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000189440 ____A [07ADC1F8DCBEB8104D75129B11584B8C] (Microsoft Corporation) C:\Windows\System32\Drivers\ndiswan.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000060928 ____A [78A12E3DF035B5D054986949B19BE43C] (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000125440 ____A [04C8859355C1DC9C0FA198D1894D71C2] (Microsoft Corporation) C:\Windows\System32\Drivers\Ndu.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000090624 ____A [6C76780A01FC2B885BD6E957B5C36B02] () C:\Windows\System32\Drivers\NetAdapterCx.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000057184 ____A [5D1513BD6430307C9DB86C6E351372ED] (Microsoft Corporation) C:\Windows\System32\Drivers\netbios.sys
2017-09-12 16:23 - 2017-09-07 00:18 - 000279040 ____A [C2B9D1E69B332210E87C22CD94665BA3] (Microsoft Corporation) C:\Windows\System32\Drivers\netbt.sys
2017-07-11 19:45 - 2017-07-07 02:37 - 000468320 ____A [C812334F81C4F9D381BFDEA99AEDCF4F] (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2017-10-11 08:31 - 2017-09-14 17:16 - 000068608 ____A [31D6A36A2C99FC5D4666C1716B750B61] (Microsoft Corporation) C:\Windows\System32\Drivers\npfs.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000026624 ____A [90F5DC9802AAA00CD0B6E2AD9E7FFADC] (Microsoft Corporation) C:\Windows\System32\Drivers\npsvctrig.sys
2017-09-12 16:24 - 2017-09-07 00:20 - 000077824 ____A [7C6C3B9E771A7BE2924FEF1A42942841] (Microsoft Corporation) C:\Windows\System32\Drivers\nsiproxy.sys
2017-10-11 08:30 - 2017-09-17 22:08 - 002253664 ____A [8CC4AA76C7BCF7266A4BAF1ED9878700] (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2016-07-16 06:43 - 2016-07-16 06:43 - 000019296 ____A [E31D26BFF5D52D1C405C3EC53BECB5FC] (Microsoft Corporation) C:\Windows\System32\Drivers\ntosext.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000007168 ____A [6E6DD6F9DD2A034CF85E94047DBDB992] (Microsoft Corporation) C:\Windows\System32\Drivers\null.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000150368 ____A [D261DF41F0840F734856A2B4F5E072C7] (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000166240 ____A [23B702B555EB0436B9DAA0BC63DA65CE] (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2017-10-11 08:31 - 2017-09-17 21:28 - 000536064 ____A [10200887FD2B3BDCEAA9453B939BB643] (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys
2017-08-11 13:23 - 2017-07-12 01:00 - 000160608 ____A [B621114B8D1E9256DC1BFD6BA2F4DE69] (Microsoft Corporation) C:\Windows\System32\Drivers\pacer.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000096768 ____A [6B81BF7853D161DB8AC62CD8B9C2DE6B] (Microsoft Corporation) C:\Windows\System32\Drivers\parport.sys
2017-03-14 16:21 - 2017-03-04 02:20 - 000128352 ____A [0553ECB742278C8F4CFA28B43FF20EAD] (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2017-01-24 11:45 - 2016-12-14 00:18 - 000335712 ____A [29AF16726F4DD84376ECA85AB6AFF2C6] (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000016224 ____A [214DCC87E3898F738075D1341252A552] (Microsoft Corporation) C:\Windows\System32\Drivers\pciide.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000052576 ____A [9DB6061AB33BCD62B3C52AB8631E1F8D] (Microsoft Corporation) C:\Windows\System32\Drivers\pciidex.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000118112 ____A [AED76A3333B3A31536E430020E0226FC] (Microsoft Corporation) C:\Windows\System32\Drivers\pcmcia.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000051552 ____A [E63FB38B6E75B39467492FBAD2CD512A] (Microsoft Corporation) C:\Windows\System32\Drivers\pcw.sys
2017-07-11 19:45 - 2017-07-07 02:44 - 000108896 ____A [382D493B91B816D12C6F775E7896ED29] (Microsoft Corporation) C:\Windows\System32\Drivers\pdc.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000723968 ____A [1509A77F840AA9E72CF8247D0CF2FBDE] (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000058720 ____A [540116170E2135FCD5DDE77702166B67] (Avago Technologies) C:\Windows\System32\Drivers\percsas2i.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000061792 ____A [8356F87553BF49C703CF382033815898] (Avago Technologies) C:\Windows\System32\Drivers\percsas3i.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000366592 ____A [90974673B711A6EDB92E8495096AFF4D] (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000119808 ____A [372913E12677A8CBBBABDD8311894F9D] (Microsoft Corporation) C:\Windows\System32\Drivers\processr.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000048640 ____A [819602BBBFDB0BD46DEA3715BF0DD452] (Microsoft Corporation) C:\Windows\System32\Drivers\qwavedrv.sys
2016-05-19 08:33 - 2016-05-19 08:33 - 000001198 ____A [DB3D1AB2CD2B79A0001067DD05F50D16] () C:\Windows\System32\Drivers\ramps_0x01020200_26.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000001192 ____A [CD6DF26779391249E47F44019774289D] () C:\Windows\System32\Drivers\ramps_0x01020200_26_0x01.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000001204 ____A [F23FF7745864FFB9E1E1DE3168FC3E6D] () C:\Windows\System32\Drivers\ramps_0x01020200_40.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000001242 ____A [01CC2DD3F99B8FACD60BABADF8B0FED3] () C:\Windows\System32\Drivers\ramps_0x01020200_40_0x01.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000001204 ____A [381325425A9C9DC0BC20F609DF48AC5D] () C:\Windows\System32\Drivers\ramps_0x01020200_40_0x02.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000001214 ____A [9AD783B49E99A2C99215EDFF778B8F03] () C:\Windows\System32\Drivers\ramps_0x01020200_40_0x03.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000001228 ____A [E6873A86337E2DEF9C40ADC4F407E9CA] () C:\Windows\System32\Drivers\ramps_0x01020200_40_0x04.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000000264 ____A [9F32800CCD549C95E804C4D57AEBE68F] () C:\Windows\System32\Drivers\ramps_0x01020201_26.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000000264 ____A [CE987989062793521AEB172E8063557A] () C:\Windows\System32\Drivers\ramps_0x01020201_26_0x01.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000000264 ____A [9F32800CCD549C95E804C4D57AEBE68F] () C:\Windows\System32\Drivers\ramps_0x01020201_40.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000000296 ____A [CE6BA9D4BE0C9203D8EFDF6E1EC566CA] () C:\Windows\System32\Drivers\ramps_0x01020201_40_0x01.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000000264 ____A [B2526DDA23D0377A62A524A8A4AC6EB8] () C:\Windows\System32\Drivers\ramps_0x01020201_40_0x02.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000000264 ____A [CE987989062793521AEB172E8063557A] () C:\Windows\System32\Drivers\ramps_0x01020201_40_0x03.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000000278 ____A [AD503BE1AA5BEFC8F162E36B4A69F503] () C:\Windows\System32\Drivers\ramps_0x01020201_40_0x04.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000001796 ____A [CF45DF3EFE6E9DA1D1CC446E1849E084] () C:\Windows\System32\Drivers\ramps_0x11020000_40.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000001802 ____A [74F808743FD0A213EF7BA178281E6B87] () C:\Windows\System32\Drivers\ramps_0x11020100_40.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000001802 ____A [8164BCEF2372D0DA05189228DE542157] () C:\Windows\System32\Drivers\ramps_0x11020100_40_nf01.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000001802 ____A [74F808743FD0A213EF7BA178281E6B87] () C:\Windows\System32\Drivers\ramps_0x11020100_40_SS01.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000001926 ____A [9AB15C458A31652A0C37844E949D8AAA] () C:\Windows\System32\Drivers\ramps_0x31010000_40.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000001516 ____A [4C49839CC4B2A7D56D430C2AE3E44075] () C:\Windows\System32\Drivers\ramps_0x31010000_40_0x01.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000001926 ____A [647734C833AEC03CA8384DB217A50E64] () C:\Windows\System32\Drivers\ramps_0x31010000_40_0x11.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000001516 ____A [BB91E21A9D348D0271E9783D39415B47] () C:\Windows\System32\Drivers\ramps_0x31010000_40_0x12.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000001926 ____A [9AB15C458A31652A0C37844E949D8AAA] () C:\Windows\System32\Drivers\ramps_0x31010000_40_0x21.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000001516 ____A [4C49839CC4B2A7D56D430C2AE3E44075] () C:\Windows\System32\Drivers\ramps_0x31010000_40_0x22.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000001926 ____A [DDBA089F9F78DBF4537C5D4A54784571] () C:\Windows\System32\Drivers\ramps_0x31010000_40_0xf0.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000001516 ____A [A20C6722CE003F62EFEB73D589B724C3] () C:\Windows\System32\Drivers\ramps_0x31010000_40_0xf1.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000001516 ____A [4C49839CC4B2A7D56D430C2AE3E44075] () C:\Windows\System32\Drivers\ramps_0x31010000_40_LV01.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000001516 ____A [BB91E21A9D348D0271E9783D39415B47] () C:\Windows\System32\Drivers\ramps_0x31010000_40_SS01.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000001922 ____A [2B4AA982382AA2BB19EF5477729A6A82] () C:\Windows\System32\Drivers\ramps_0x31010100_40.dfu
2016-05-19 08:33 - 2016-05-19 08:33 - 000001512 ____A [0C2265A2F0085B669251EC82365F7623] () C:\Windows\System32\Drivers\ramps_0x31010100_40_0x01.dfu
2016-07-16 06:42 - 2016-07-16 06:42 - 000017408 ____A [CDF47037A0939F56D11F699629C276AD] (Microsoft Corporation) C:\Windows\System32\Drivers\rasacd.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000104960 ____A [17E565710172ED71B8531D8822E1C5D1] (Microsoft Corporation) C:\Windows\System32\Drivers\rasl2tp.sys
2017-05-10 08:20 - 2017-04-27 19:03 - 000081408 ____A [726857E441D1D67F57694A1B613ABD34] (Microsoft Corporation) C:\Windows\System32\Drivers\raspppoe.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000096256 ____A [5645B9D9788CCA2C88B9534996ED2D6D] (Microsoft Corporation) C:\Windows\System32\Drivers\raspptp.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000077824 ____A [F0F4EEDEEBEE7A4244FAFB96A16B5712] (Microsoft Corporation) C:\Windows\System32\Drivers\rassstp.sys
2017-10-11 08:31 - 2017-09-17 22:01 - 000431456 ____A [3B80AAAEC3A3DD308DBE7B0775013E10] (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2016-07-16 06:41 - 2016-07-16 09:27 - 000026112 ____A [79A415E6FA915EFC00297DAB16EC2635] (Microsoft Corporation) C:\Windows\System32\Drivers\rdpbus.sys
2016-07-16 06:44 - 2016-07-16 09:27 - 000177152 ____A [7135785C21CA79D270D11037C43D3F19] (Microsoft Corporation) C:\Windows\System32\Drivers\rdpdr.sys
2016-07-16 06:43 - 2016-07-16 09:27 - 000029536 ____A [97A61A3CB2B5CB4FC32B3224EF333448] (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000267104 ____A [69BB204AE07EE84ECFAB1BF13C4BD04B] (Microsoft Corporation) C:\Windows\System32\Drivers\rdyboost.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000928608 ____A [940D6F5A2B0A61EE4170DF84F6C95C20] (Microsoft Corporation) C:\Windows\System32\Drivers\refsv1.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000070144 ____A [EEC3A4A98AE1A337E3CD1483AD6F2E15] (Microsoft Corporation) C:\Windows\System32\Drivers\registry.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000183808 ____A [E82F3B1918C6A5FE6EB761CDF1E772AF] (Microsoft Corporation) C:\Windows\System32\Drivers\rfcomm.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000039936 ____A [F1B39876ACD81A84583F5DC1B98F2CAF] (Microsoft Corporation) C:\Windows\System32\Drivers\RfxVmt.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000147968 ____A [E670C3BC3F743C0C553D6E20DDC28022] (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000034304 ____A [74B114E490D5C774D466EA0F6AF7A36D] (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2017-07-11 19:46 - 2017-06-21 02:03 - 000013312 ____A [41D44684319F075F52B18E5C2EB23F6E] (Microsoft Corporation) C:\Windows\System32\Drivers\rootmdm.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000081408 ____A [5FF28F097C9699097B473F8FC7C1AA7D] (Microsoft Corporation) C:\Windows\System32\Drivers\rspndr.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000589824 ____A [F9265C902BB9146C6BFF97BDF35C04DE] (Realtek ) C:\Windows\System32\Drivers\rt640x64.sys
2015-06-26 00:45 - 2015-06-26 00:45 - 002880873 ____A [2969708DAC7DB9A4FDC2DD706FDE1096] () C:\Windows\System32\Drivers\RTAIODAT.DAT
2015-08-03 23:21 - 2015-08-03 23:21 - 004518136 ____A [48AC5F706780BCC34811EA89A0727189] (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2015-03-25 18:16 - 2014-01-03 15:33 - 000271064 ____A [14182642967B8751F3717E94FC90DF48] (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RtsUStor.sys
2015-06-26 00:45 - 2015-06-26 00:45 - 005804772 ____A [7D7FBC9504575D97885A858EA93684F5] () C:\Windows\System32\Drivers\rtvienna.dat
2016-10-03 04:40 - 2016-10-03 04:40 - 000188557 ____A [7ACFCDA199BB242556933AB53572948C] () C:\Windows\System32\Drivers\rtwaves40.dat
2016-10-03 04:40 - 2016-10-03 04:40 - 000031095 ____A [DE8F1C08787A9C00BCCE541545372ABA] () C:\Windows\System32\Drivers\rtwavesEFX.dat
2016-10-03 04:40 - 2016-10-03 04:40 - 000010945 ____A [B999812ACF16518997420F1A821170B8] () C:\Windows\System32\Drivers\rtwavesMFX.dat
2016-10-03 04:40 - 2016-10-03 04:40 - 001019725 ____A [B9A596312DCFE615C48E8495D8B8C850] () C:\Windows\System32\Drivers\rtwavesskdy.dat
2016-10-03 04:40 - 2016-10-03 04:40 - 000017972 ____A [43AC934152B6DDA0ACA0D89F6B33FC44] () C:\Windows\System32\Drivers\rtwavesvpcap.dat
2016-07-16 06:41 - 2016-07-16 06:41 - 000110432 ____A [5E73FB63E2DBC75FE0C17DEB0010CE0E] (Microsoft Corporation) C:\Windows\System32\Drivers\sbp2port.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000043008 ____A [3D9A82B03C92D1FEC42CB171D6F57778] (Microsoft Corporation) C:\Windows\System32\Drivers\scfilter.sys
2017-07-11 19:46 - 2017-06-21 02:52 - 000088416 ____A [227A7AAD04CB11116F8B935CA31F0D04] (Microsoft Corporation) C:\Windows\System32\Drivers\scmbus.sys
2017-08-11 13:24 - 2017-07-12 00:24 - 000124928 ____A [50FCAD2051E6DD313393437DE6D7C049] (Microsoft Corporation) C:\Windows\System32\Drivers\scmdisk0101.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000173408 ____A [02DC53AF87371D3986FD8F8F6DB5C85F] (Microsoft Corporation) C:\Windows\System32\Drivers\scsiport.sys
2017-06-14 08:35 - 2017-06-03 05:16 - 000279904 ____A [08ED027CD8A43E3412BDD134A43B13E8] (Microsoft Corporation) C:\Windows\System32\Drivers\sdbus.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000095584 ____A [FDBA8E7F4D3481471D9AE557025C8673] (Microsoft Corporation) C:\Windows\System32\Drivers\sdport.sys
2017-08-11 13:24 - 2017-07-12 01:00 - 000095584 ____A [4DFEC463DD018EC4EC47F9E94128EFDC] (Microsoft Corporation) C:\Windows\System32\Drivers\sdstor.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000074592 ____A [401D706DDC0A7AF18C3DD228ADF74551] (Microsoft Corporation) C:\Windows\System32\Drivers\SerCx.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000151904 ____A [7084D11083F0CDCA8B5C76F9846ABF5D] (Microsoft Corporation) C:\Windows\System32\Drivers\SerCx2.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000025088 ____A [3FF478A8ED32A83C36581425F6282B6C] (Microsoft Corporation) C:\Windows\System32\Drivers\serenum.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000083968 ____A [92509187AA171A80521528B36F753E1D] (Microsoft Corporation) C:\Windows\System32\Drivers\serial.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000027648 ____A [433D38FF6D08B993847EA2A10EB8CB52] (Microsoft Corporation) C:\Windows\System32\Drivers\sermouse.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000012800 ____A [B11724BFE7DA1BA55903B4D849415F1A] (Microsoft Corporation) C:\Windows\System32\Drivers\serscan.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000018432 ____A [697D3EE0740AEAB62B66ABCA1C83D13B] (Microsoft Corporation) C:\Windows\System32\Drivers\sfloppy.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000044896 ____A [A34CE1830E45DA98932295FDE4B7908A] (Silicon Integrated Systems Corp.) C:\Windows\System32\Drivers\sisraid2.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000081760 ____A [A7B5C670770E908DA5FEF5BF1136E933] (Silicon Integrated Systems) C:\Windows\System32\Drivers\sisraid4.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000022016 ____A [BF9BF17EF150B8BF8FDB89BE79E72590] (Microsoft Corporation) C:\Windows\System32\Drivers\smclib.sys
2017-12-08 17:43 - 2017-12-08 17:43 - 000140624 ____A [F2302A5CE63CA7673200FAFCEEEDB6AF] (Microsoft Corporation) C:\Windows\System32\Drivers\snhnruxa.sys
2017-09-12 16:21 - 2017-08-08 00:53 - 000557408 ____A [1A5F733CD6705C805BA09244B3E0E442] (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000079200 ____A [E03264C4C25B568F92ED1656AD541E64] (Microsoft Corporation) C:\Windows\System32\Drivers\SpbCx.sys
2017-10-11 08:32 - 2017-09-17 21:24 - 000409600 ____A [7765EF139A8744ABE297EFA6A7390677] (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2017-10-11 08:32 - 2017-09-17 21:24 - 000713216 ____A [8B4A7F1BC1CF7FC83A305F4B0F979155] (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2017-09-12 16:24 - 2017-09-07 00:03 - 000248320 ____A [EF2D84A9E1ED7CA32FC15E33FD235B65] (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000031072 ____A [29D26E1347AE1BBD4201014E19880B2C] (Promise Technology, Inc.) C:\Windows\System32\Drivers\stexstor.sys
2017-03-14 16:22 - 2017-03-04 02:08 - 000130912 ____A [6BC6023E866489D22CE30E18846B80D9] (Microsoft Corporation) C:\Windows\System32\Drivers\storahci.sys
2017-08-11 13:24 - 2017-07-12 01:17 - 000081760 ____A [9886ECF5D6142DD2EE30D2C23F411E60] (Microsoft Corporation) C:\Windows\System32\Drivers\stornvme.sys
2017-06-14 08:34 - 2017-06-03 04:49 - 000509280 ____A [0C81E5D3E37D8D350088596D23FF21A4] (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000078336 ____A [BEBF85EB4D90E6996047DA027D0ED26E] (Microsoft Corporation) C:\Windows\System32\Drivers\storqosflt.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000032096 ____A [8E73037A6F8938475692FFCC26EBF385] (Microsoft Corporation) C:\Windows\System32\Drivers\storufs.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000036192 ____A [9D9DED47DA10E845EFF2DD57C94C809B] (Microsoft Corporation) C:\Windows\System32\Drivers\storvsc.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000074240 ____A [8EAF3B05F3E4784ACCB8C59067C3511C] (Microsoft Corporation) C:\Windows\System32\Drivers\stream.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000017760 ____A [505E0C40B5D0ADDCBB414640F59BD2E0] (Microsoft Corporation) C:\Windows\System32\Drivers\swenum.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000064000 ____A [32F46FB0F290D16DAA452B289C985795] (Microsoft Corporation) C:\Windows\System32\Drivers\Synth3dVsc.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000030720 ____A [819ABEFA399A29E9311C508B0C657E5F] (Microsoft Corporation) C:\Windows\System32\Drivers\tape.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000026976 ____A [1272083E0EC6345307D54C01194C7144] (Microsoft Corporation) C:\Windows\System32\Drivers\tbs.sys
2017-09-12 16:24 - 2017-09-07 00:45 - 002532704 ____A [03B9DF5A59B5A201D9B7409EF1C50F6B] (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2017-07-11 19:44 - 2017-07-07 01:46 - 000052224 ____A [14A6ED9AD702CE1F1CE34756EB41834F] (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000040288 ____A [23B5CD10B4DF20DB987568521917BB00] (Microsoft Corporation) C:\Windows\System32\Drivers\tdi.sys
2017-09-12 16:24 - 2017-08-08 00:59 - 000118112 ____A [3CE84BB06DB5FD6ABF2DE88294E56EDE] (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys
2016-07-16 06:41 - 2016-07-16 09:27 - 000038752 ____A [06130AFFECEB94525FC2352936576B70] (Microsoft Corporation) C:\Windows\System32\Drivers\terminpt.sys
2017-06-14 08:34 - 2017-06-03 05:11 - 000128864 ____A [1065D7283659DC301AF94A47847616C4] (Microsoft Corporation) C:\Windows\System32\Drivers\tm.sys
2017-01-24 11:48 - 2016-11-11 05:00 - 000219488 ____A [46171262D0E806779DEEDFCAB2F830CC] (Microsoft Corporation) C:\Windows\System32\Drivers\tpm.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000061440 ____A [A6F4025664C9D4BC2A9EDAB4092706D7] (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000034304 ____A [37A96AD493E110C0BF1EE0AC0F9E7DBD] (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000158208 ____A [79E264287F17D56D768440B0270466DE] (Microsoft Corporation) C:\Windows\System32\Drivers\tunnel.sys
2015-03-25 18:30 - 2014-01-16 02:21 - 000088592 ____A [E624283C1A2F9BB4688A002914CC00A7] (Intel Corporation) C:\Windows\System32\Drivers\TXEIx64.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000077152 ____A [AA65954F512BA097DD190790876DD991] (Microsoft Corporation) C:\Windows\System32\Drivers\uaspstor.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000095744 ____A [AB6268022C3A5B529075A39C33904DA6] (Microsoft Corporation) C:\Windows\System32\Drivers\UcmCx.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000108544 ____A [7ED2EDA43D21C7A5F589A7960E265C52] (Microsoft Corporation) C:\Windows\System32\Drivers\UcmTcpciCx.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000050688 ____A [169351463039B45F5CDED9768879F712] (Microsoft Corporation) C:\Windows\System32\Drivers\UcmUcsi.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000210272 ____A [08A9E3AD29B215484FBB68CDC175DF3A] (Microsoft Corporation) C:\Windows\System32\Drivers\Ucx01000.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000045568 ____A [DA70AEE267491AA56BC63AA0C0C96CA2] (Microsoft Corporation) C:\Windows\System32\Drivers\Udecx.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000320000 ____A [FBC5ECF6D5A868D0B116C2DBB02B8168] (Microsoft Corporation) C:\Windows\System32\Drivers\udfs.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000028512 ____A [B918E40FAA9CD118CCA4AD388B748C98] (Microsoft Corporation) C:\Windows\System32\Drivers\uefi.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000263008 ____A [0FD75222C1AD2687AB365BEBEA400DD4] (Microsoft Corporation) C:\Windows\System32\Drivers\ufx01000.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000096608 ____A [C1A78C53E01C641AE41BFA65797819F5] (Microsoft Corporation) C:\Windows\System32\Drivers\UfxChipidea.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000137056 ____A [767307212110EBEFB93EC9A5BE9E85B9] (Microsoft Corporation) C:\Windows\System32\Drivers\ufxsynopsys.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000056832 ____A [DC460AAA18CA2342FBBFB2DF9B044472] (Microsoft Corporation) C:\Windows\System32\Drivers\umbus.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000013824 ____A [C3CF0377917ECE6D65D7623E1E61568F] (Microsoft Corporation) C:\Windows\System32\Drivers\umpass.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000028512 ____A [6B46FC140C9AF68E6E7697D66D59CB4D] (Microsoft Corporation) C:\Windows\System32\Drivers\urschipidea.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000057696 ____A [B4402E7F0923F660270442CE76877ABE] (Microsoft Corporation) C:\Windows\System32\Drivers\urscx01000.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000027488 ____A [9DD431F1B94789CFB527E5D19261F124] (Microsoft Corporation) C:\Windows\System32\Drivers\urssynopsys.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000023040 ____A [67ECB9E9CFED8D1D4F02FD0697544057] (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000132096 ____A [93F169DE94DBAC5DAF4755AFF10193DD] (Microsoft Corporation) C:\Windows\System32\Drivers\USBAUDIO.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000036864 ____A [8C21BA88959D9651AC47E7B342D4C0E8] (Microsoft Corporation) C:\Windows\System32\Drivers\USBCAMD2.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000169312 ____A [C87E32B90F085970D9637FBAD45EF6FE] (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000102400 ____A [0B663856474AC41924D9E9112203858F] (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000032608 ____A [B5B9F9405F70A139762215EC329DAAB1] (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000096096 ____A [F83D2250256203AC5DA5E8601C1AFDD7] (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000501088 ____A [7FFD26742321919590ED77FCA556D65F] (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000535904 ____A [7A749B2863B5561BE34B39E8E249AD8F] (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS
2016-07-16 06:41 - 2016-07-16 06:41 - 000030208 ____A [D2109F1F4FEBF1DAC415CDC5DE876479] (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000455520 ____A [FD26F9662629B1AC4536EE681975F8D4] (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000027648 ____A [29C9572F2D061CFC3C0BD48A3163E343] (Microsoft Corporation) C:\Windows\System32\Drivers\usbprint.sys
2016-07-16 06:43 - 2016-07-16 06:43 - 000032256 ____A [788633759E39E786FE7BE28AE674FE03] (Microsoft Corporation) C:\Windows\System32\Drivers\usbrpm.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000046592 ____A [2EC7B2C8123236B1233A77281D378DF7] (Microsoft Corporation) C:\Windows\System32\Drivers\usbscan.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000069120 ____A [429477D6DEF3321FF7D3EF23CAAADA00] (Microsoft Corporation) C:\Windows\System32\Drivers\usbser.sys
2017-07-11 19:46 - 2017-06-21 02:36 - 000129888 ____A [529634743FB9D72BDC27F2AF02F3260C] (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2016-07-16 06:41 - 2016-07-16 06:41 - 000035328 ____A [C917D09064CDBD18F75ADC9B2C48F847] (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2017-06-14 08:35 - 2017-06-03 04:50 - 000381792 ____A [58827BEFC54D4396D3FD191F5DD31C1D] (Microsoft Corporation) C:\Windows\System32\Drivers\USBXHCI.SYS
2016-07-16 06:41 - 2016-07-16 06:41 - 000053088 ____A [0CBDE344FB48E42D78E29469F202ADBC] (Microsoft Corporation) C:\Windows\System32\Drivers\vdrvroot.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000201056 ____A [723195568C8755CAD57F7933C5F2C5C2] (Microsoft Corporation) C:\Windows\System32\Drivers\VerifierExt.sys
2017-09-12 16:21 - 2017-08-08 00:53 - 000715104 ____A [BB742D3DAA0A186618BF2B7C13446004] (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000032256 ____A [7929228F0E8B0C2FA0495A17A4FC27F6] (Microsoft Corporation) C:\Windows\System32\Drivers\vhf.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000050176 ____A [03C66CAD55931F754952CA1C1CC635B5] (Microsoft Corporation) C:\Windows\System32\Drivers\videoprt.sys
2017-09-12 16:22 - 2017-08-08 00:52 - 000079712 ____A [EA0CB3E7F005066E4DBDC712EE0243B8] (Microsoft Corporation) C:\Windows\System32\Drivers\vmbkmcl.sys
2017-09-12 16:22 - 2017-08-08 00:20 - 000080896 ____A [2364DC5D3A6E980B1CD4B53EF872CAE1] (Microsoft Corporation) C:\Windows\System32\Drivers\vmbkmclr.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000104288 ____A [AEE432ED868831B1F068E373598F6D93] (Microsoft Corporation) C:\Windows\System32\Drivers\vmbus.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000025088 ____A [9444B23FC694B5F90F21B0FC7F10D8DD] (Microsoft Corporation) C:\Windows\System32\Drivers\VMBusHID.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000013312 ____A [EF78034773CE506323655A868C949144] (Microsoft Corporation) C:\Windows\System32\Drivers\vmgencounter.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000010240 ____A [4D0287F566B36536DD812A54C015FC4A] (Microsoft Corporation) C:\Windows\System32\Drivers\vmgid.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000009216 ____A [B5DAEE69BACA64D2BB004568E22D8756] (Microsoft Corporation) C:\Windows\System32\Drivers\vms3cap.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000046944 ____A [C5E0ACE4771F5575D9D5B457ABF3AD03] (Microsoft Corporation) C:\Windows\System32\Drivers\vmstorfl.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000080224 ____A [29075915F9BDC3437F8BED71C067D399] (Microsoft Corporation) C:\Windows\System32\Drivers\volmgr.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000367456 ____A [6BDB6CE6D2D9E3D3F28F1C97E12B62E2] (Microsoft Corporation) C:\Windows\System32\Drivers\volmgrx.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000391520 ____A [BF2546583BB75F01DDA60A7921DFB230] (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000016224 ____A [AC2E20A74D09D24485BE8396CE04F07B] (Microsoft Corporation) C:\Windows\System32\Drivers\volume.sys
2016-10-03 08:24 - 2016-10-03 08:24 - 000074080 ____A [92F6E3E6D3F1795263EB34B37F74AEF7] (Microsoft Corporation) C:\Windows\System32\Drivers\vpci.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000166752 ____A [FD9BCB8920973CEAD4D49DC7A6D8A618] (VIA Technologies Inc.,Ltd) C:\Windows\System32\Drivers\vsmraid.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000305504 ____A [0C111F220798CCE80484026E06822379] (VIA Corporation) C:\Windows\System32\Drivers\VSTXRAID.SYS
2016-07-16 06:42 - 2016-07-16 06:42 - 000026624 ____A [607639716E9DB1CEF4E18B5B229293B4] (Microsoft Corporation) C:\Windows\System32\Drivers\vwifibus.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000073216 ____A [B1ED64E628763148BF84FBE23F2AD711] (Microsoft Corporation) C:\Windows\System32\Drivers\vwififlt.sys
2017-05-10 08:20 - 2017-04-27 19:02 - 000040448 ____A [B1133B813E4CBF258A392CA08255BA24] (Microsoft Corporation) C:\Windows\System32\Drivers\vwifimp.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000030208 ____A [55D00B785A7587F4263D125817871283] (Microsoft Corporation) C:\Windows\System32\Drivers\wacompen.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000079872 ____A [CEF3D306C09BEC1A800E9B4A06F859F6] (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000056320 ____A [33D894AEB764646F9BA3249DB87705DF] (Microsoft Corporation) C:\Windows\System32\Drivers\watchdog.sys
2016-10-03 08:25 - 2016-10-03 08:25 - 000119648 ____A [E330144B97D493AA886000DCAAA8DAF5] (Microsoft Corporation) C:\Windows\System32\Drivers\wcifs.sys
2017-08-11 13:22 - 2017-07-12 00:25 - 000066560 ____A [8FE13674424DE8438F1A81A02BA2D423] (Microsoft Corporation) C:\Windows\System32\Drivers\wcnfs.sys
2016-07-16 06:43 - 2016-07-16 06:43 - 000044056 ____A [D520B1B849B6D4D707AB31722B952C2D] (Microsoft Corporation) C:\Windows\System32\Drivers\WdBoot.sys
2015-11-12 21:50 - 2015-11-12 21:50 - 000026880 ____A [A556768CC1FA4F36022BEE2F0EDE2566] (Western Digital Technologies, Inc.) C:\Windows\System32\Drivers\wdcsam64.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000861296 ____A [5030C76047D756263093A47B82970868] (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2016-07-16 06:43 - 2016-07-16 06:43 - 000290144 ____A [29FF9199EDEB4F5470BB134D1A2563D2] (Microsoft Corporation) C:\Windows\System32\Drivers\WdFilter.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000061040 ____A [C94FBA8BAD3214F0722E205843AA647C] (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2017-10-11 08:32 - 2017-09-17 21:27 - 000719872 ____A [E02A8693904E87398663D01C0CCE3AD9] (Microsoft Corporation) C:\Windows\System32\Drivers\WdiWiFi.sys
2016-07-16 06:43 - 2016-07-16 06:43 - 000123232 ____A [17CF416CFF408190F5A4CBD79AB12E55] (Microsoft Corporation) C:\Windows\System32\Drivers\WdNisDrv.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000039776 ____A [D7A1F197CFFC03248B92446217C4ECD4] (Microsoft Corporation) C:\Windows\System32\Drivers\werkernel.sys
2017-08-11 13:23 - 2017-07-12 01:01 - 000156000 ____A [0A9985727EC057BBAE4C1615CD93938C] (Microsoft Corporation) C:\Windows\System32\Drivers\wfplwfs.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000035680 ____A [0CF79A0EACFFBB75A50A469A27696D02] (Microsoft Corporation) C:\Windows\System32\Drivers\wimmount.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000107032 ____A [0DE131733317EB4BE67028366B0CAAC6] (Microsoft Corporation) C:\Windows\System32\Drivers\WindowsTrustedRT.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000017944 ____A [92EB5D38BDF10C790450F3E46BF93A0E] (Microsoft Corporation) C:\Windows\System32\Drivers\WindowsTrustedRTProxy.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000031584 ____A [C8C0913CDFEB2915632D24D2D25F0E22] (Microsoft Corporation) C:\Windows\System32\Drivers\winhv.sys
2016-10-03 08:24 - 2016-10-03 08:24 - 000051712 ____A [88B66D75B0D26B449C83D54C87F30553] (Microsoft Corporation) C:\Windows\System32\Drivers\winhvr.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000032096 ____A [F95DE20312ACCA7761446DE152BD1F7C] (Mellanox) C:\Windows\System32\Drivers\winmad.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000089088 ____A [4EFB346BFDAEEB29316AA52BBB9852B1] (Microsoft Corporation) C:\Windows\System32\Drivers\winusb.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000064864 ____A [8B9AFF5F08E66A6F1F1063DEC9457FB6] (Mellanox) C:\Windows\System32\Drivers\winverbs.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000018432 ____A [6F4F4F5A007D1710BD76FB311DA97C07] (Microsoft Corporation) C:\Windows\System32\Drivers\wmiacpi.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000020320 ____A [7F3C3D636C096387803334737153ED11] (Microsoft Corporation) C:\Windows\System32\Drivers\wmilib.sys
2016-10-03 08:09 - 2016-10-03 08:09 - 000199008 ____A [43C8D087B31C592163B33A4BDA540E40] (Microsoft Corporation) C:\Windows\System32\Drivers\wof.sys
2016-07-16 06:44 - 2016-07-16 06:44 - 000030560 ____A [75A9284F01FE7CB1A7D5EAE5C1EB4F33] (Microsoft Corporation) C:\Windows\System32\Drivers\WpdUpFltr.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000031584 ____A [2E60DD86F21CAFB76ACA60F7EBCCA898] (Microsoft Corporation) C:\Windows\System32\Drivers\WppRecorder.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000022528 ____A [36D7B73ADC3E10607ED6EC874AFB5D1E] (Microsoft Corporation) C:\Windows\System32\Drivers\ws2ifsl.sys
2016-07-16 06:41 - 2016-07-16 06:41 - 000022528 ____A [696EC2EAA2A42A137CCBB9A84D6917C0] (Microsoft Corporation) C:\Windows\System32\Drivers\WSDPrint.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000099328 ____A [AED7FE551E8672B824A56324076183EB] (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2016-07-16 06:42 - 2016-07-16 06:42 - 000216064 ____A [CEFAB17FD7DFCFA515626C306262E89D] (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2017-03-14 16:19 - 2017-03-04 01:34 - 000258560 ____A [DB77764B46D02DCB9777D9E00A3F7D63] (Microsoft Corporation) C:\Windows\System32\Drivers\xboxgip.sys
2016-10-03 08:24 - 2016-10-03 08:24 - 000043520 ____A [63088A3361D9A308F328F11E9099DD87] (Microsoft Corporation) C:\Windows\System32\Drivers\xinputhid.sys
2017-11-08 13:07 - 2017-11-08 13:07 - 000203680 ____A [21E13F2CB269DEFEAE5E1D09887D47BB] (Zemana Ltd.) C:\Windows\System32\Drivers\zamguard64.sys
2016-07-16 09:14 - 2017-08-18 12:48 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\en-US
2016-07-16 09:12 - 2016-07-16 09:12 - 000012288 ____A [CD3CAAA766C9B1477DA10EA15C7C6653] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\1394ohci.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000010752 ____A [222F68500D0ACF16F2BB1DBC2913487E] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\acpi.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000022528 ____A [5E70BE790006A2711098843F9B56F789] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\afd.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000004096 ____A [8D47F53E012F7577CAD858926855E7C4] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\agilevpn.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000014848 ____A [FF2502F1EA903E4AABD8237E2CC545E2] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\amdk8.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000014848 ____A [498B2DFAA3D2332835964D42ED546D7C] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\amdppm.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000007680 ____A [9B35390AF2775DEA50AFF309C392F992] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ataport.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000008192 ____A [87A7240821F4DAD89FFEED2AB6D98B08] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\battc.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000003072 ____A [EE8045BF47655DA70D46E5BC7C1F56F3] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\BthAvrcpTg.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000003072 ____A [0F5C97D059A76AD1DDC6103DB408FB65] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bthenum.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000003584 ____A [CF4F017D57258F5DCC6C7F856BF1F1A6] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bthhfenum.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000002560 ____A [DFB5E770E1280C932AE7290B8B2EB273] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\BthhfHid.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000013824 ____A [18BD39AF470820C718F5140C7F779866] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\BthLEEnum.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000004096 ____A [5C70BE502529B71BA535DA0CFE76619F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\BthMini.SYS.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000005120 ____A [3A2DD313B261C61E4F6EA8D7CE85E8BF] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bthpan.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000015872 ____A [CAAEE3AF8DE52B268D6D39B3DE61EB21] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bthport.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000003584 ____A [E93099310F61190527C0898E173C9769] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\BTHUSB.SYS.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000003072 ____A [88D02158A45027C3E2851AB59A6074B9] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\cdrom.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000006144 ____A [D04BB46766DC61D9F5B896A615621D61] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\disk.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000004608 ____A [E855DEFB103D0D34FC3409C526B845B1] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\dmvsc.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000007168 ____A [F0E1C9DACC6052A9B7F6764E18DFF599] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\dumpsd.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000008704 ____A [E3849EFC1A275E992148113E43EAE4C8] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\EhStorTcgDrv.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000005632 ____A [99A71009445D07994CF7598EB3B5FDE4] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\fltmgr.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000022528 ____A [2A9AC92E16D95683B17D3B5F641C9178] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\fvevol.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000008192 ____A [2E8A075757F38FDA61D11617E544794F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\fwpkclnt.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000005120 ____A [BD030E0FBE14694DF07327F85ACADCB5] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\hidbth.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000006656 ____A [A844607FC809F513A0A3C9B1C0EF537A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\hidclass.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000004096 ____A [4926565B56CAF74BCC04D23A9D12634B] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\hidi2c.sys.mui
2017-08-11 13:22 - 2017-07-12 00:49 - 000039424 ____A [013681FA5970D9B5F17138A3ACD037EF] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\http.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000018432 ____A [88F33C31A7766765846760D1C62D48EA] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\hvservice.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000010752 ____A [D596AEE943EDDD6EB2B1E4490CD391EA] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\i8042prt.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000003072 ____A [1AAF915A0581AB9C70B60A813E111596] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\IndirectKmd.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000014848 ____A [C3F61F36BAB9FD0858942869FD1CDD43] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\intelppm.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000002560 ____A [76A566CCEAA599EA0FBBB38E2088504E] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\iorate.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000006144 ____A [4BA0FB885C0B3429A0DDBE5CF99AE59F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\IPMIDrv.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000004608 ____A [463F051F27681155D94572E1FD7414C6] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ipnat.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000004096 ____A [D0B4A622343784A2EAC9FB8AC4218B43] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\isapnp.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000004608 ____A [F32963D181011B3E4756181EDE63AB40] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\kbdclass.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000003072 ____A [162D7891FA38D0C91E2962D9FE251977] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\kbdhid.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000003072 ____A [569F09B3FF794C1B20B37C933A6D9FC5] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ks.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000007168 ____A [9E8871A67A7F70DDAA4ED3FDE14FC7D3] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\luafv.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000004096 ____A [DB889771AEEA5BBC7F4CDD5F825D5321] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\modem.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000004608 ____A [40425F51A0D67F829E879F2078B606FD] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mouclass.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000003072 ____A [B9AEA080DACDFD0732DF9EA4AB36D977] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mouhid.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000003072 ____A [694D517A04201AAA3278317DAD854BD0] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mountmgr.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000062464 ____A [BBF7CB24E0D18C4B49831A814B7019CC] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mrxsmb.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000002560 ____A [396E8F4A45E4F55815A2616364E83F51] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\msgpiowin32.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000003072 ____A [3E934F0A4DE39395D35DA886E93B5E9E] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mshidkmdf.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000003072 ____A [FEB851282196CC1AD7E60B94D7D8CB1D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mshidumdf.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000009216 ____A [6620C87900F49C6ED7DA1FEC87A1584D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mslldp.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000003584 ____A [07D4F24334B26C03B12CA915A8C7D057] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mssmbios.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000003072 ____A [458DE0970C0FA5F9E5ECDC27E1F867B7] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\MTConfig.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000013312 ____A [A01BB24549EA68F63B2B431454322E2A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mup.sys.mui
2017-03-14 16:21 - 2017-03-04 02:18 - 000066560 ____A [7DB8C8BAA92CA5D580B119DC90E5768A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ndis.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000006656 ____A [F5F5F5432603ECD6D135FBF9D9B6C6BD] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ndiscap.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000011776 ____A [3006061B5FBE6EDEEAC75D011C0DD780] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\NdisImPlatform.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000003584 ____A [7EA30067A099D9C6BC3785E81389F10F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ndisuio.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000002560 ____A [C30578D81684073461805ECBEF014B64] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\NdisVirtualBus.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000009216 ____A [EC96D787213F213267E3AF2C400ECFDC] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\netvsc.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000099328 ____A [C77BEDEEDBA6606F2AE9742DA5348D58] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ntfs.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000014848 ____A [004708434C048195DB9BDE51ECD02366] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\nwifi.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000017920 ____A [19E5D1BBDF2C70CDBA4924A7F6751A97] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pacer.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000004096 ____A [3613A87D1F6AD3FA7587170FBB6A493A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\parport.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000003072 ____A [041AE5892876070ED026EBCF1A92BB2B] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\partmgr.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000008704 ____A [77A140646BF3E1F36F4619305ED40F6F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pci.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000004608 ____A [3C58618998D427ACDE7D91613A8BFAC9] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pcmcia.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000002560 ____A [359EA1A316253348873E39CE167A2DB7] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pdc.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000003072 ____A [F08BC6FD4A2268727977A5E4B4FD2CDD] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pnpmem.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000014848 ____A [0E51BFD77FFD357F1671482CB005B86A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\processr.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000003072 ____A [1E9542D2B9120A9382F0D7A5074A1F9A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\qwavedrv.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000006144 ____A [FAD757D1AB5B7E04A11EEC1A8926203D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rdbss.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000003072 ____A [878EBB505A49654E34488299D7AD7790] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rdpdr.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000008704 ____A [90B83AF040C1F4557030EF2284619233] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\refsv1.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000003072 ____A [6F69B3E133A3449CEC37282E6ADFA12E] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rfcomm.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000003072 ____A [FB73605057E354332207490B5D8BF0A9] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rfxvmt.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000003584 ____A [8770911E410E0AE0FC3FB86B244BAB43] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\RNDISMP.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000003584 ____A [3B4AF66DCD88BE08EE9028533A930BB0] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rndismp6.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000003584 ____A [7EE27D49F83393EDE520F6521BB506B2] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rndismpx.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000003072 ____A [4842F5FDEB8AB836F4625D75D2D45354] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\scfilter.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000004096 ____A [66A60E6000D3FB73B1C2B18FCA6FFAB6] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\scmbus.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000019456 ____A [FD35B25DAC232FF0FA55C9856AA8DA8C] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\scmdisk0101.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000003584 ____A [125236ED373C72FCC94FCE8283D6135B] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\scsiport.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000007168 ____A [1C02E37E7897349160BFAA051EF0ED7C] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\sdbus.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000003584 ____A [1DE50A2BDCE4BE2D6940C00DC712F14A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\sdstor.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000004096 ____A [7FC9D62C2D7222123798254C786803A8] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\sercx.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000009216 ____A [37023B4AF494843DCB2BECEED7377C80] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\sercx2.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000010752 ____A [A198065C4EC1375CFDA84EE029E01920] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\serial.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000005632 ____A [B727A2C4A774D8ABC82BE64C0F5CC4B3] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\sermouse.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000003072 ____A [B279A0932825BF7225AB2B4BE03C867F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\serscan.sys.mui
2016-10-03 08:24 - 2016-10-03 08:24 - 000045568 ____A [012232A0F83BFB39AC28C03B040263B6] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\spaceport.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000004608 ____A [8382623302310BD5E125FB4ADA407C98] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\spbcx.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000003072 ____A [08716B6B454AE741A39AEE70031DF2EA] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\srv.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000078848 ____A [A313181FC2226056CD057425B5322CB4] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\srv2.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000009216 ____A [3558F719D7E25864BD658CEF4B9E7888] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\storqosflt.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000008704 ____A [501A194EB14FEC1FF7C9269A38621FE2] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\synth3dvsc.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000109568 ____A [7564FD0093D1F86F0967DD75D7ADDF30] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tcpip.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000008704 ____A [AD40E96E1C2D23F577C482B9AE7742AE] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tpm.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000003584 ____A [63A3F6DFBC169E4D1AB75FB4F47E17AC] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tsusbflt.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000008192 ____A [087B3EDAE471E5ACFDACAFA72E2102C2] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tunnel.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000012800 ____A [46356705E6262C77E803DE28E5537A99] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ucx01000.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000003584 ____A [84782ADEEBC5FFF83E5E7F9399B9F232] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\umbus.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000003584 ____A [2362F062F0E198E643750969FB35FBFD] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbehci.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000014848 ____A [B2ACE39B5434F3EEBFE4D4F5EE8FEB0F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbhub.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000022016 ____A [1FE6F1F0D68407545563123DF2448DC9] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\USBHUB3.SYS.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000026624 ____A [F9C8EAD0F89F05BFD5CF80F7933A65B5] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbport.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000002560 ____A [B3E7BA725DFF95A635F5024B06EE1910] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbrpm.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000003072 ____A [EDEF592C765E6AC30219A17E140E0FA1] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbstor.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000003072 ____A [72AD86677FDF8BFD5A302F99BAD56372] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbvideo.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000015360 ____A [BDFCEDA7A9966FB28CE34F4DD9156F66] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\USBXHCI.SYS.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000011264 ____A [16B56D1DDBA864EE63E7EA8687E1FE57] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\vdrvroot.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000011264 ____A [6DA7A2B38058427A729F2A51E7EBB510] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\vhdmp.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000003072 ____A [ED1A076B268B7B9084D3CB473A9414F4] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\vhf.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000003072 ____A [F936681C9053701411303AF8390EE0BD] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\vmbus.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000006144 ____A [4F9116078454132D691B89BD65789B3A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\vmstorfl.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000002560 ____A [D9E814CC3074F6ED9AE6A382F28199EA] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\volmgr.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000003072 ____A [E49A2D76D8786BA63D056F5FBBF50290] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\volmgrx.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000004608 ____A [DEDE18849D7B54372F55FA68EB066E3E] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wacompen.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000003584 ____A [E4E0C6D290D206DFF6AA5E478F90BBE8] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wdf01000.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000003584 ____A [CD53D6F1F9048846BBEEE9429F919DC4] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wfplwfs.sys.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000015872 ____A [4D37543D6E7E197368CFFB96C6F93A98] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wmbclass.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000005632 ____A [685AC20827B8B9221E74BBEABAB91017] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wof.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000002560 ____A [432B60195885B458C8956A07869093B6] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\WpdUpFltr.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000002560 ____A [38FF35D9728BDAF9CA2A11789BCBC439] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ws2ifsl.sys.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000003072 ____A [04B52CF6C886EF61565D4C70504CC95F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wudfpf.sys.mui
2016-07-16 06:47 - 2017-11-10 16:11 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\etc
2013-08-22 08:25 - 2017-11-20 18:00 - 000450637 ___RA [4D0D1F062196C495814DB57CDB2EC55A] () C:\Windows\System32\Drivers\etc\hosts
2017-11-10 16:11 - 2017-11-08 14:08 - 000000886 ____A [0CAFCB3988D86067BE5C5CC5E6EAF4AC] () C:\Windows\System32\Drivers\etc\hosts.20171110-161139.backup
2017-11-08 13:21 - 2017-09-24 12:09 - 000000883 ____A [B19027387B910EB3E21C60F406C033F2] () C:\Windows\System32\Drivers\etc\hosts.old
2016-07-16 06:47 - 2016-07-16 06:45 - 000003683 ____A [18413B90E1B291EC3E777A845C37CFEE] () C:\Windows\System32\Drivers\etc\lmhosts.sam
2013-08-22 08:25 - 2013-08-22 08:25 - 000000407 ____A [B65A1232FB4B35827CE7C5E2F8EC8947] () C:\Windows\System32\Drivers\etc\networks
2013-08-22 08:25 - 2013-08-22 08:25 - 000001358 ____A [7700D22FA108234E623D65FA72D9E29C] () C:\Windows\System32\Drivers\etc\protocol
2013-08-22 08:25 - 2013-08-22 08:25 - 000017463 ____A [D9E1A01B480D961B7CF0509D597A92D6] () C:\Windows\System32\Drivers\etc\services
2016-07-16 06:47 - 2017-03-17 10:33 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF
2016-07-16 06:41 - 2016-07-16 06:41 - 000086016 ____A [2E12B2154CBFDB05EDC2F5C2F3B341F2] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\EhStorPwdDrv.dll
2016-07-16 06:41 - 2016-07-16 06:41 - 000060928 ____A [B827151EFCE226CCFE83013028FA2A74] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\HidBthLE.dll
2016-07-16 06:42 - 2016-07-16 06:42 - 000158720 ____A [695764E641CE4FE20DCA469A1C492098] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\IddCx.dll
2016-07-16 06:42 - 2016-07-16 06:42 - 000701440 ____A [588400DDD26599FD6E4F70AE357F733D] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\NfcCx.dll
2016-07-16 06:42 - 2016-07-16 06:42 - 000027136 ____A [8660B50584829D60B2CD99FF0EEBC63E] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\PosCx.dll
2016-07-16 06:42 - 2016-07-16 06:42 - 000153088 ____A [787D7D42A54E1C37504D4C531F1851DA] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\SensorsCx.dll
2016-07-16 06:42 - 2016-07-16 06:42 - 000097280 ____A [8A2C49153B709013309FD8D68854738C] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\UcmCx.dll
2016-07-16 06:41 - 2016-07-16 06:41 - 000287232 ____A [B5F9D807CB3C304391051608B2E6FA9E] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\WpdFs.dll
2016-07-16 06:41 - 2016-07-16 06:41 - 000947200 ____A [C0702542C702113E2BE9C40CD72F1B2E] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\WpdMtpDr.dll
2016-07-16 09:14 - 2016-07-16 09:14 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF\en-US
2016-07-16 09:13 - 2016-07-16 09:13 - 000004608 ____A [1E7567C536F1CA08DCD51EF1CAA2F5AC] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\HidBthLE.dll.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000002560 ____A [3E7AA797348EF15872DC44C80F24D2C8] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\hidscanner.dll.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000007168 ____A [D85B31189C8BA21DA5EC44376B4B2AAC] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\IddCx.dll.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000010752 ____A [00FEECBABCE7ACCDDEFF0BF9C52C0BB8] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\idtsec.dll.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000010752 ____A [B8D0FC6459B5C605C0F62CAF3082243D] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\mgtdyn.dll.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000006656 ____A [769B5E00683BDB521D263FE6416530ED] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\NfcCx.dll.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000002560 ____A [131F81B844713CC330B0B160C7F92D9C] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\SensorsCx.dll.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000003584 ____A [A7013B1999D751D2F7F22058845B7817] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\SensorsHid.dll.mui
2016-07-16 09:13 - 2016-07-16 09:13 - 000003072 ____A [38DBDFBA7295BD43DC7188C1C381C342] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\WpdMtpDr.dll.mui
2016-07-16 09:12 - 2016-07-16 09:12 - 000007168 ____A [536F323B8C3EFD4B6ABFA1B7CDC4DC18] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\WUDFUsbccidDriver.dll.mui
 
====== End of Folder: ======
 
 
========= Reg query "HKLM\SYSTEM\Select" =========
 
 
HKEY_LOCAL_MACHINE\SYSTEM\Select
    Current    REG_DWORD    0x1
    Default    REG_DWORD    0x1
    Failed    REG_DWORD    0x0
    LastKnownGood    REG_DWORD    0x1
 
 
 
========= End of Reg: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3609396728-1424491989-2649479348-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {DD971389-6E5F-4958-8961-552DC7288711}.
0 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13041241 B
Java, Flash, Steam htmlcache => 524 B
Windows/system/drivers => 300438887 B
Edge => 19536 B
Chrome => 76729266 B
Firefox => 44609410 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 38910 B
admin24 => 142936222 B
 
RecycleBin => 102 B
EmptyTemp: => 551.1 MB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 14-12-2017 11:42:40)
 
"C:\Users\admin24\AppData\Local\wmcaxro" => Could not move
 
==== End of Fixlog 11:42:41 ====


#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,201 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:05 PM

Posted 14 December 2017 - 02:26 PM

We will need to run the fix in the Recovery console. It will be useful, if not necessary to use another computer to download FRST and the fix in a USB flash drive. The infection is targeting FRST.

 

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Please also download the attached file [attachment=200511:Fixlist.txt] and save it in the same location the FRST64 is saved in the flash drive.

Insert the USB drive in the infected computer.

Boot to the Recovery Console's Command prompt.

Entry points into the Windows Recovery Environment (WinRE).

You can access WinRE features through the Boot Options menu, which can be launched from Windows in a few different ways:

  • Option 1: From the login screen, click Shutdown, then hold down the Shift key while selecting Restart.
  • Option 2: In Windows 10, select Start > Settings > Update & security > Recovery > under Advanced Startup, click Restart now.
  • Option 3: Boot to recovery media.
  • Option 4: Use a hardware recovery button (or button combination) configured by the OEM (Computer Manufacturer).

After any of these actions is performed, all user sessions are signed off and the Boot Options menu is displayed. The PC will restart into the WinRE and the selected feature is launched.

On the boot options, select Troubleshooting > Advanced Options > Command prompt.

Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button.
  • It will make a log (Fixlog.txt) in the flash drive. Please copy and paste it to your reply.

 

 


Edited by JSntgRvr, 14 December 2017 - 02:34 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 wmb1961

wmb1961
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 15 December 2017 - 12:14 PM

Sorry for my ignorance but your instructions say after downloading the 2 files to my flash drive to plug the flash drive into the infected computer and then 

 

Boot to the Recovery Console's Command prompt.

 

But you don't say how to do that or even what a Recovery Console is or where to find it.

 

Please help



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,201 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:05 PM

Posted 15 December 2017 - 01:29 PM

You can access WinRE features through the Boot Options menu, which can be launched from Windows in a few different ways:

  • Option 1: From the login screen, click Shutdown, then hold down the Shift key while selecting Restart.
  • Option 2: In Windows 10, select Start > Settings > Update & security > Recovery > under Advanced Startup, click Restart now.
  • Option 3: Boot to recovery media.
  • Option 4: Use a hardware recovery button (or button combination) configured by the OEM (Computer Manufacturer).

 

Would anything of this do? WinRE is the Recovery Environment in Windows 10.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,201 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:05 PM

Posted 15 December 2017 - 01:49 PM

If still unable to boot in WinRE, boot the infected computer in Normal Mode.

  • Highlight the entire content of the quote box below.

Start::
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

 

Then attempt to boot to the Recovery Environment Here is a better information thanks to Aura:

 

Boot in the Recovery Environment

  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.

Once in the command prompt

  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Fix button and wait for the scan to complete
  • A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 wmb1961

wmb1961
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 19 December 2017 - 04:37 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by admin24 (19-12-2017 16:35:24) Run:2
Running from C:\Users\admin24\Downloads
Loaded Profiles: admin24 (Available Profiles: admin24)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
 
*****************
 
 
========= bcdedit.exe /set {bootmgr} displaybootmenu yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= bcdedit.exe /set {default} recoveryenabled yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
==== End of Fixlog 16:35:28 ====


#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,201 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:05 PM

Posted 19 December 2017 - 05:28 PM

Are you able to boot to the Recovery Environment?, if you do follow these steps:

 

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

Also download the enclosed file, [attachment=200650:Fixlist.txt]  and save it next to FRST64 in the flash drive.

Boot in the Recovery Environment

  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.

Once in the command prompt


  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Fix button and wait for it to complete
  • A log called frst.txt will be saved on your USB Flash Drive. Post it in your next reply

 

 


Edited by JSntgRvr, 19 December 2017 - 05:29 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 wmb1961

wmb1961
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 21 December 2017 - 11:32 AM

Hi. Can't download Fixlist.txt   176bytes keeps failing



#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,201 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:05 PM

Posted 21 December 2017 - 03:10 PM

That is due to the rootkit.

 

  • Copy the entire contents of the Quote Box below to Notepad.

     

     

  • Name the file as fixlist.txt
  • Change the Save as Type to All Files
  • and Save it in the USB flash drive
  • Then boot to the Recovery Environment and run the fix as instructed above.

 

 

C:\Users\admin24\AppData\Local\wmcaxro
C:\Windows\System32\nviamxesvc.exe
C:\Windows\system32\drivers\osv*.sys
Reg: Reg delete HKLM\SYSTEM\CONTROLSET001\SERVICES\UDISKMGR /f

 

 

If that fails, use another working computer to download both, frst64 and the fixlist.txt into the flash drive. Once done, insert the flash drive in the infected computer, boot to the Recovery Environment command prompt and run the fix.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 wmb1961

wmb1961
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 22 December 2017 - 11:13 AM

Thanks. With that i was finally able to log into WinRe and run frst64 from my flash drive.

 

here is the Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by admin24 (22-12-2017 11:07:11) Run:3
Running from i:\
Loaded Profiles: admin24 (Available Profiles: admin24)
Boot Mode: Safe Mode (minimal)
==============================================
 
fixlist content:
*****************
                                                                                                                                                                                   
*****************
 
 
 
 = = = =   E n d   o f   F i x l o g   1 1 : 0 7 : 1 1   = = = =





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users