Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need help with igfxmtc.exe removal


  • This topic is locked This topic is locked
16 replies to this topic

#1 zzyzxx_x

zzyzxx_x

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 20 February 2018 - 10:16 PM

This one has been a real problem, causing cpu usage to skyrocket at times. I have deleted this .exe by booting into Linux live, then deleting the file, but it keeps coming back!

 

Many thanks for your help.

 

Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.02.2018
Ran by Joe (administrator) on THINKPAD (20-02-2018 20:02:59)
Running from C:\Users\Joe\Downloads
Loaded Profiles: Joe (Available Profiles: Joe)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\lsrmwhosvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Green Parrots Software) C:\Program Files (x86)\1st Clock\1stClockAdjustTimeSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Locktime Software) C:\Program Files\NetLimiter 3\nlsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
() C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(XemiComputers ltd.) C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
() C:\Program Files (x86)\Ditto\Ditto.exe
(Locktime Software) C:\Program Files\NetLimiter 3\NLClientApp.exe
(Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_32ATI1NE.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 13\Snagit32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Green Parrots Software) C:\Program Files (x86)\1st Clock\1stClock.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Green Parrots Software) C:\Program Files (x86)\1st Clock\ClockApi64.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 13\SnagPriv.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 13\SnagitEditor.exe
() C:\Users\Joe\AppData\Local\lsnzvir\lsnzvir.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\Joe\AppData\Local\igfxmtc\igfxmtc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
() C:\Users\Joe\AppData\Local\lsnzvir\psmbdwv.exe
() C:\Users\Joe\AppData\Local\lsnzvir\psmbdwv.exe
() C:\Users\Joe\AppData\Local\lsnzvir\psmbdwv.exe
() C:\Users\Joe\AppData\Local\lsnzvir\psmbdwv.exe
() C:\Users\Joe\AppData\Local\lsnzvir\psmbdwv.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2728736 2015-02-25] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295664 2014-12-08] (Lenovo Group Limited)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-16] (Lenovo)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [141760 2017-02-22] (Panda Security, S.L.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Run: [Active Desktop Calendar] => C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe [9143296 2011-11-23] (XemiComputers ltd.)
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Run: [Ditto] => C:\Program Files (x86)\Ditto\Ditto.exe [1740800 2015-11-07] ()
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Run: [NetLimiter] => C:\Program Files\NetLimiter 3\NLClientApp.exe [2910208 2011-03-21] (Locktime Software)
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_32ATI1NE.EXE [303312 2016-04-13] (Seiko Epson Corporation)
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\Explorer: []
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\MountPoints2: {5e8b8186-8676-11e2-923f-f455cdf1f561} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\MountPoints2: {7b793aa9-5d1b-11e4-95fb-a4c7e1319a0c} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\MountPoints2: {a6543dc5-74db-11e4-a55c-7ce9d3ea9647} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2015-02-25] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2015-02-25] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2013-11-06]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TSC_SI_13.lnk [2017-03-12]
ShortcutTarget: TSC_SI_13.lnk -> C:\Program Files (x86)\TechSmith\Snagit 13\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1st Clock.lnk [2015-08-08]
ShortcutTarget: 1st Clock.lnk -> C:\Program Files (x86)\1st Clock\1stClock.exe (Green Parrots Software)
GroupPolicyScripts: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{08B6BC9D-788B-472D-9D57-15BCED4E0452}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{38C7ADD5-58EE-42F5-9151-778EA9A929E4}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{41408A2F-0C05-43F6-BF63-F3EA331D797C}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{91A8A152-F5A6-4D75-BFC7-E14BFD7D5BAC}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{C0C3E4E8-2B96-45AB-A21E-6E57B39CE380}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{DCD3397D-D717-4408-91BC-E6C3A65A5021}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://cnn.com/
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3290605264-3539594492-3422607212-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3290605264-3539594492-3422607212-1001 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-3290605264-3539594492-3422607212-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-25] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-25] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3290605264-3539594492-3422607212-1001 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Toolbar: HKU\S-1-5-21-3290605264-3539594492-3422607212-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {2D20E99C-1FD7-48EC-9FDF-CF3555B273D4} hxxp://10.0.0.128/VDControl.CAB?2,0,0,89
DPF: HKLM-x32 {7191F0AC-D686-46A8-BFCC-EA61778C74DD} hxxps://www.mydlink.com/8D/activeX//DCS-93x/aplugLiteDL.cab
DPF: HKLM-x32 {721700FE-7F0E-49C5-BDED-CA92B7CB1245} hxxps://www.mydlink.com/8D/activeX//camclictrl.cab
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-12-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-12-16] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-12-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-12-16] (Microsoft Corporation)
Handler-x32: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files (x86)\Microsoft\Outlook Web Access SMIME Client\mimectl.dll [2010-07-22] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: smq49ua9.default
FF ProfilePath: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\smq49ua9.default [2018-02-20]
FF user.js: detected! => C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\smq49ua9.default\user.js [2013-02-19]
FF Homepage: Mozilla\Firefox\Profiles\smq49ua9.default -> hxxps://my.yahoo.com/
FF Extension: (colorPicker) - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\smq49ua9.default\Extensions\colorPicker@colorPicker.xpi [2016-04-27] [Legacy]
FF Extension: (Disable HTML5 Autoplay) - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\smq49ua9.default\Extensions\disable-html5-autoplay@afnankhan.xpi [2018-01-17]
FF Extension: (Firebug) - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\smq49ua9.default\Extensions\firebug@software.joehewitt.com.xpi [2017-06-21] [Legacy]
FF Extension: (Self-Destructing Cookies) - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\smq49ua9.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2017-03-25] [Legacy]
FF Extension: (Advertising Cookie Opt-out) - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\smq49ua9.default\Extensions\optout@google.com.xpi [2014-08-26] [Legacy] [not signed]
FF Extension: (Show Password) - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\smq49ua9.default\Extensions\showpassword@pratikpoddar.xpi [2016-04-27] [Legacy]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\smq49ua9.default\Extensions\support@lastpass.com.xpi [2017-12-05]
FF Extension: (Google Translator for Firefox) - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\smq49ua9.default\Extensions\translator@zoli.bod.xpi [2017-02-03] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\smq49ua9.default\Extensions\uBlock0@raymondhill.net.xpi [2018-02-20]
FF Extension: (MeasureIt) - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\smq49ua9.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2016-06-05] [Legacy]
FF Extension: (Flash and Video Download) - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\smq49ua9.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}.xpi [2018-01-25]
FF SearchPlugin: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\smq49ua9.default\searchplugins\duckduckgo-http.xml [2013-04-21]
FF SearchPlugin: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\smq49ua9.default\searchplugins\duckduckgo.xml [2013-11-11]
FF SearchPlugin: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\smq49ua9.default\searchplugins\ixquick-https.xml [2014-09-02]
FF ProfilePath: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\j921etzz.dev-edition-default [2018-02-11]
FF Extension: (uBlock Origin) - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\j921etzz.dev-edition-default\Extensions\uBlock0@raymondhill.net.xpi [2017-08-03] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client => not found
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-02-19] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-06] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2013-11-06] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-04-07] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @IPC/npmedia3.0.0.2,version=3.0.0.2 -> C:\Program Files (x86)\webrec\Torch\3.0.0.2\npmedia3.0.0.2.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-25] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2013-11-06] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nosltd.com/getPlus+®,version=1.6.1.116 -> C:\Program Files (x86)\NOS\bin\nplucent.dll [2018-01-31] (NOS Microsystems Ltd.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @samsungsmartcam.com/npwViewer -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib.dll [2014-11-27] (Samsung Techwin)
FF Plugin-x32: @samsungsmartcam.com/npwViewer_turn -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib_turn.dll [2014-11-27] (Samsung Techwin)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-04-07] (Adobe Systems)
FF Plugin-x32: samsungtechwin.com/SmartCamFinder -> C:\Program Files (x86)\Samsung\SmartCam\npSmartCamFinder.dll [2014-08-17] (Samsung Techwin)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2014-07-11] ()
FF Plugin HKU\S-1-5-21-3290605264-3539594492-3422607212-1001: @samsungsmartcam.com/npwViewer -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib.dll [2014-11-27] (Samsung Techwin)
FF Plugin HKU\S-1-5-21-3290605264-3539594492-3422607212-1001: @samsungsmartcam.com/npwViewer_turn -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib_turn.dll [2014-11-27] (Samsung Techwin)
FF Plugin HKU\S-1-5-21-3290605264-3539594492-3422607212-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [No File]
FF Plugin HKU\S-1-5-21-3290605264-3539594492-3422607212-1001: samsungtechwin.com/SmartCamFinder -> C:\Program Files (x86)\Samsung\SmartCam\npSmartCamFinder.dll [2014-08-17] (Samsung Techwin)

Chrome:
=======
CHR Profile: C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default [2018-02-11]
CHR Extension: (Slides) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-06]
CHR Extension: (YouTube) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-06]
CHR Extension: (Sheets) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-14]
CHR Extension: (Gmail) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-06]
CHR Extension: (Chrome Media Router) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-14]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\ucpiamo <==== ATTENTION (Rootkit!)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [694464 2016-04-07] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S4 AtollCalcSvr; C:\Program Files\Forsk\Atoll\AtollSvr.exe [636928 2013-11-21] (Forsk) [File not signed]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2015-01-29] (Lenovo.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-16] (Lenovo)
R2 GPAdjustTimeService; C:\Program Files (x86)\1st Clock\1stClockAdjustTimeSvc.exe [448512 2007-11-11] (Green Parrots Software) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197360 2014-12-08] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-12-04] ()
S2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [110384 2017-02-14] (Panda Security, S.L.)
R2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1845248 2011-03-21] (Locktime Software) [File not signed]
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3006.dll [49152 2018-01-31] (NOS Microsystems Ltd.)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2855624 2015-02-25] ()
S2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
S2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [47096 2017-04-25] (Panda Security, S.L.)
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [123664 2012-12-16] (SANDBOXIE L.T.D)
R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [374048 2010-10-20] (SafeNet, Inc.)
R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1250592 2010-10-20] (SafeNet, Inc)
R2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [292128 2010-10-20] (SafeNet, Inc.)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation)
S4 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-12-04] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 2413E2F2; C:\Windows\system32\drivers\2413E2F2.sys [255928 2018-01-15] (Malwarebytes)
S4 3611E6F7; C:\Windows\System32\drivers\3611E6F7.sys [255928 2018-01-15] (Malwarebytes)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2009-06-02] (www.winchiphead.com)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-16] (Windows ® Win 7 DDK provider)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [118160 2016-10-04] (Future Technology Devices International Ltd.)
S3 FTSER2K; C:\Windows\System32\drivers\ftser2k.sys [88752 2016-10-04] ()
R2 multikey; C:\Windows\System32\DRIVERS\multikey.sys [67584 2014-10-16] (Chingachguk & Denger2k (Elite & SP edition))
R1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [88200 2011-03-21] (Locktime Software)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [105984 2017-02-08] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [209168 2016-06-29] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [119880 2017-02-08] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [123664 2016-06-29] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [75032 2016-06-30] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [114448 2016-06-29] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [83824 2017-02-08] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [132880 2016-06-29] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [333584 2016-06-29] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [196600 2017-02-08] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [121104 2016-06-29] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [278432 2016-07-01] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [123152 2016-06-29] (Panda Security, S.L.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299664 2015-02-25] (NVIDIA Corporation)
R1 pefndis; C:\Windows\System32\DRIVERS\pefndis.sys [61104 2013-09-23] (Microsoft Corporation)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [177424 2017-02-12] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [131856 2017-02-12] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [205584 2017-02-20] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [131344 2017-02-12] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [144656 2017-02-12] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [114960 2017-02-12] (Panda Security, S.L.)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202632 2012-12-16] (SANDBOXIE L.T.D)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-17] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [59048 2010-10-20] (SafeNet, Inc.)
S3 TISDCam; C:\Windows\System32\DRIVERS\tisdcam_4401.sys [111616 2011-07-01] (The Imaging Source Europe GmbH)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
R3 USBPcap; C:\Windows\System32\DRIVERS\USBPcap.sys [38456 2017-05-11] (USBPcap)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116296 2014-09-09] (Oracle Corporation)
S3 wfpcapture; C:\Windows\System32\Drivers\wfpcapture.sys [60080 2013-09-23] (Microsoft Corporation)
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 pmem; \??\C:\Users\Joe\AppData\Local\Temp\_MEI96602\drivers\winpmem64.sys [X] <==== ATTENTION
U0 SR; no ImagePath
U2 srservice; no ImagePath
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-20 20:02 - 2018-02-20 20:03 - 000043618 _____ C:\Users\Joe\Downloads\FRST.txt
2018-02-20 20:01 - 2018-02-20 20:02 - 000000000 ____D C:\FRST
2018-02-20 20:00 - 2018-02-20 20:00 - 002403328 _____ (Farbar) C:\Users\Joe\Downloads\FRST64.exe
2018-02-20 19:02 - 2018-02-20 19:02 - 000142160 ____N C:\Windows\system32\Drivers\raavycfi.sys
2018-02-20 18:54 - 2018-02-20 18:54 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\7462558F.sys
2018-02-17 18:23 - 2018-02-17 18:23 - 001959828 _____ C:\Users\Joe\Desktop\SDRuno-cookbook.pdf
2018-02-15 11:46 - 2018-02-15 11:46 - 007906720 _____ (Tim Kosse) C:\Users\Joe\Downloads\FileZilla_3.30.0_win64-setup.exe
2018-02-13 20:56 - 2018-02-13 20:56 - 007174381 _____ C:\Users\Joe\Desktop\Pop-1964-03.pdf
2018-02-11 19:41 - 2018-02-11 19:41 - 000000000 ____D C:\Users\Joe\Downloads\ptswxcel
2018-02-11 17:53 - 2018-02-11 17:53 - 011205832 _____ (Piriform Ltd) C:\Users\Joe\Downloads\ccsetup539.exe
2018-02-11 16:50 - 2018-02-11 16:53 - 000000000 ____D C:\Users\Joe\AppData\Local\igfxmtc
2018-02-11 09:27 - 2018-02-11 09:27 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-02-11 07:37 - 2018-02-11 07:37 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\7227D6D6.sys
2018-02-08 13:39 - 2018-02-08 13:39 - 000000246 _____ C:\Users\Joe\MctLauncher.url
2018-02-08 13:39 - 2018-02-08 13:39 - 000000246 _____ C:\Users\Joe\Desktop\MctLauncher.url
2018-02-08 13:08 - 2018-02-08 13:08 - 000000000 ____D C:\Users\Joe\9500MPR-E
2018-02-08 12:45 - 2018-02-08 13:39 - 000000233 _____ C:\Users\Joe\WT Performance Monitoring Suite - Offline Mode.url
2018-02-08 12:45 - 2018-02-08 13:39 - 000000233 _____ C:\Users\Joe\Desktop\WT Performance Monitoring Suite - Offline Mode.url
2018-02-08 12:45 - 2018-02-08 13:39 - 000000225 _____ C:\Users\Joe\WebEML.url
2018-02-08 12:45 - 2018-02-08 13:39 - 000000225 _____ C:\Users\Joe\Desktop\WebEML.url
2018-02-08 12:42 - 2018-02-08 13:14 - 000000000 ____D C:\Alcatel-Lucent
2018-02-08 12:40 - 2018-02-08 13:14 - 000000000 ____D C:\Users\Joe\jre7
2018-02-08 12:40 - 2018-02-08 12:40 - 000000000 ____D C:\Users\Joe\Downloads\Nokia
2018-02-05 08:27 - 2018-02-05 08:27 - 000000000 ____D C:\ProgramData\Samsung
2018-01-31 17:14 - 2018-01-31 17:28 - 507029504 _____ C:\Users\Joe\Downloads\3DB18971CKAAPMZZA01_9500MPR_R7.0_TCO_ANSI_Light.iso
2018-01-31 17:13 - 2018-01-31 17:13 - 000338744 _____ (NOS Microsystems Ltd.) C:\Users\Joe\Downloads\nplucent_installer.exe
2018-01-31 17:13 - 2018-01-31 17:13 - 000000000 ____D C:\ProgramData\NOS
2018-01-31 17:13 - 2018-01-31 17:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NOS
2018-01-31 17:13 - 2018-01-31 17:13 - 000000000 ____D C:\Program Files (x86)\NOS
2018-01-31 17:04 - 2018-02-19 10:48 - 000000000 ____D C:\Users\Joe\Desktop\NOKIA
2018-01-29 18:53 - 2018-01-29 18:53 - 001591410 _____ C:\Users\Joe\Downloads\vert.zip
2018-01-29 18:48 - 2018-01-29 18:48 - 000266240 _____ (home) C:\Users\Joe\Downloads\discone2002.exe
2018-01-27 05:30 - 2018-01-27 05:30 - 000003454 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-Thinkpad-Joe
2018-01-27 05:30 - 2018-01-27 05:30 - 000000040 ____H C:\E8BE00AD41C4
2018-01-23 19:27 - 2018-01-23 19:27 - 000000000 __SHD C:\Users\Joe\AppData\Local\icsxml
2018-01-21 17:13 - 2018-01-21 17:13 - 000018913 _____ C:\Users\Joe\Downloads\EmonLib-master.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-20 20:02 - 2018-01-11 11:41 - 000000000 ____D C:\Users\Joe\AppData\Local\lsnzvir
2018-02-20 20:02 - 2009-07-13 19:34 - 022806528 _____ C:\Windows\system32\config\HARDWARE
2018-02-20 20:01 - 2016-11-18 07:09 - 000000000 ____D C:\Users\Joe\AppData\LocalLow\Mozilla
2018-02-20 19:48 - 2014-09-18 20:17 - 000000000 ____D C:\Users\Joe\AppData\Roaming\Ditto
2018-02-20 19:46 - 2017-07-13 20:46 - 000000915 _____ C:\Windows\Tasks\EPSON SC-P400 Series Update {B09CB636-7177-434A-9F8B-20FB6BC73F7A}.job
2018-02-20 19:46 - 2017-07-13 20:46 - 000000915 _____ C:\Windows\Tasks\EPSON SC-P400 Series Update {784E3173-BCB7-459D-9538-D62FCCDEF4FB}.job
2018-02-20 19:11 - 2009-07-13 21:45 - 000034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-20 19:11 - 2009-07-13 21:45 - 000034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-20 19:03 - 2018-01-15 15:48 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-02-20 19:03 - 2018-01-11 11:40 - 002884096 _____ (TOSHIBA CORPORATION) C:\Windows\system32\lsrmwhosvc.exe
2018-02-20 19:03 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-20 19:02 - 2018-01-15 16:11 - 000000000 ____D C:\Users\Joe\Desktop\mbar
2018-02-20 18:53 - 2018-01-15 15:48 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-02-20 18:51 - 2013-02-19 09:42 - 000000000 ____D C:\ProgramData\TEMP
2018-02-20 18:29 - 2014-02-14 15:47 - 000000000 ____D C:\Users\Joe\Desktop\Jewelry
2018-02-20 07:41 - 2009-07-13 22:13 - 000880540 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-20 07:41 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2018-02-19 18:11 - 2015-06-17 16:11 - 000000000 ____D C:\Users\Joe\AppData\Local\CrashDumps
2018-02-19 09:03 - 2017-10-05 08:14 - 000000000 ____D C:\Users\Joe\AppData\Roaming\LockAP
2018-02-15 11:53 - 2017-07-07 19:11 - 000000000 ____D C:\Users\Joe\AppData\Local\FileZilla
2018-02-15 11:53 - 2014-09-30 20:30 - 000002141 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2018-02-15 11:53 - 2013-02-19 10:26 - 000000000 ____D C:\Users\Joe\AppData\Roaming\FileZilla
2018-02-15 11:53 - 2013-02-19 10:26 - 000000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2018-02-14 14:31 - 2017-11-17 09:46 - 000000000 ____D C:\Users\Joe\AppData\Roaming\pulse-sms
2018-02-11 17:58 - 2011-02-24 10:03 - 000000000 ____D C:\Windows\Panther
2018-02-11 09:27 - 2014-10-05 12:45 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-02-08 13:45 - 2013-09-02 17:59 - 000000600 _____ C:\Users\Joe\AppData\Local\PUTTY.RND
2018-02-08 13:39 - 2013-02-15 08:08 - 000000000 ____D C:\Users\Joe
2018-02-06 10:50 - 2016-05-17 19:10 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-02-06 10:50 - 2013-02-15 08:27 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-02-06 10:50 - 2013-02-15 08:27 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-06 10:50 - 2013-02-15 08:27 - 000000000 ____D C:\Windows\system32\Macromed
2018-02-06 10:50 - 2013-01-28 15:23 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-05 08:40 - 2015-06-05 16:07 - 000000000 ____D C:\Program Files (x86)\Samsung
2018-02-01 16:59 - 2013-02-15 08:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-01 07:22 - 2016-10-11 19:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-01-29 17:46 - 2018-01-03 10:17 - 000000000 ____D C:\Users\Joe\Downloads\RF-Stencils-Visio-v3a
2018-01-28 07:49 - 2015-03-07 10:28 - 000000000 ____D C:\Users\Joe\AppData\Roaming\qBittorrent
2018-01-28 07:02 - 2009-07-13 22:08 - 000032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-01-27 05:30 - 2013-02-15 08:18 - 000000000 ____D C:\Users\Joe\AppData\Roaming\Adobe
2018-01-25 05:27 - 2013-10-22 06:50 - 000000000 ____D C:\ProgramData\Oracle
2018-01-25 05:24 - 2014-10-24 13:38 - 000097344 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2018-01-25 05:24 - 2014-10-24 13:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-01-25 05:24 - 2013-06-22 10:10 - 000000000 ____D C:\Program Files (x86)\Java
2018-01-23 19:20 - 2017-07-21 17:24 - 000000000 ____D C:\Program Files\Wireshark
2018-01-23 19:20 - 2014-01-24 18:48 - 000000000 ____D C:\Users\Joe\AppData\Roaming\Wireshark
2018-01-23 09:35 - 2017-04-26 20:25 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== Files in the root of some directories =======

2013-03-23 18:13 - 2013-03-11 15:29 - 000860160 _____ () C:\Users\arduino-1.0.4\arduino.exe
2013-03-23 18:13 - 2013-03-11 15:28 - 000969728 _____ () C:\Users\arduino-1.0.4\cygiconv-2.dll
2013-03-23 18:13 - 2013-03-11 15:28 - 001872821 _____ (Red Hat) C:\Users\arduino-1.0.4\cygwin1.dll
2013-03-23 18:13 - 2013-03-11 15:28 - 000043520 _____ (http://libusb-win32.sourceforge.net) C:\Users\arduino-1.0.4\libusb0.dll
2013-03-23 18:13 - 2013-03-11 15:28 - 000077759 _____ () C:\Users\arduino-1.0.4\rxtxSerial.dll
2013-11-06 08:38 - 2013-11-06 08:38 - 012744192 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-02-16 19:34 - 2015-01-11 08:39 - 010395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2013-02-25 09:57 - 2015-06-02 10:17 - 000000132 _____ () C:\Users\Joe\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-02-21 10:46 - 2017-05-04 19:22 - 000001456 _____ () C:\Users\Joe\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-09-02 17:59 - 2018-02-08 13:45 - 000000600 _____ () C:\Users\Joe\AppData\Local\PUTTY.RND
2014-09-14 12:20 - 2014-09-14 12:20 - 000007602 _____ () C:\Users\Joe\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-02-14 16:06 - 2018-02-14 16:06 - 001353992 _____ () C:\Users\Joe\AppData\Local\Temp\AnritsuUpdater_V1.06_Installer.exe
2018-02-11 09:27 - 2018-02-11 09:27 - 040062624 _____ (Microsoft Corporation) C:\Users\Joe\AppData\Local\Temp\E8D8.tmp.exe
2016-04-12 22:52 - 2016-04-12 22:52 - 000034816 _____ (Anritsu Company) C:\Users\Joe\AppData\Local\Temp\LoadVisa.dll
2018-02-14 16:06 - 2018-02-14 16:06 - 009495368 _____ () C:\Users\Joe\AppData\Local\Temp\LST_V1.68_Installer.exe
2018-02-14 16:06 - 2018-02-14 16:06 - 000365712 _____ () C:\Users\Joe\AppData\Local\Temp\TB_V2.06_Installer.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\raavycfi.sys -> Access Denied <======= ATTENTION


testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <==== ATTENTION

LastRegBack: 2018-02-17 08:18

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.02.2018
Ran by Joe (20-02-2018 20:03:20)
Running from C:\Users\Joe\Downloads
Windows 7 Professional Service Pack 1 (X64) (2013-02-15 15:08:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3290605264-3539594492-3422607212-500 - Administrator - Disabled)
Guest (S-1-5-21-3290605264-3539594492-3422607212-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3290605264-3539594492-3422607212-1003 - Limited - Enabled)
Joe (S-1-5-21-3290605264-3539594492-3422607212-1001 - Administrator - Enabled) => C:\Users\Joe

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Protection (Disabled - Up to date) {46AEFD02-ACA3-E038-1FA5-4A15EFD361E0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Protection (Disabled - Up to date) {FDCF1CE6-8A99-EFB6-2515-716794542B5D}
FW: Panda Firewall (Disabled) {7E957C27-E6CC-E160-34FA-E3201100269B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1st Clock 4.0 (Full) (HKLM-x32\...\1st Clock_is1) (Version: 4.0 - Green Parrots Software)
7-Zip 17.01 beta (x64) (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov)
ACA & MEP 2018 Object Enabler (HKLM\...\{28B89EEF-1004-0000-5102-CF3F3A09B77D}) (Version: 8.0.40.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-1001-0000-3102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
Active Desktop Calendar 7.96 (HKLM\...\Active Desktop Calendar_is1) (Version:  - XemiComputers)
Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (HKLM-x32\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.2 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.6.0.248 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Altium Designer 17 (HKLM-x32\...\Altium Designer {2B9ABFC1-E4B1-41D7-805B-25E8F8899165}) (Version: 17.0.10.617 - Altium Limited)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.4.1 - Angry IP Scanner)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arduino (HKLM-x32\...\Arduino) (Version: 1.6.10 - Arduino LLC)
Atoll Planning Software (64-bit) (HKLM\...\Atoll_is1) (Version:  - Forsk)
AutoCAD 2018 - English (HKLM\...\{28B89EEF-1001-0409-2102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
AutoCAD 2018 (HKLM\...\{28B89EEF-1001-0000-0102-CF3F3A09B77D}) (Version: 22.0.72.0 - Autodesk) Hidden
AutoCAD 2018 Help - English (HKLM\...\{28B89EEF-1034-0409-0100-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
AutoCAD 2018 Language Pack - English (HKLM\...\{28B89EEF-1001-0409-1102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2018 (HKLM-x32\...\{177AD7F6-9C77-4E50-BA53-B7259C5F282D}) (Version: 16.11.1.0 - Autodesk)
Autodesk App Manager 2016-2018 (HKLM-x32\...\{20EC0CA2-346E-4660-9903-51B278DF15F6}) (Version: 2.4.0 - Autodesk)
Autodesk AutoCAD 2018 - English (HKLM\...\AutoCAD 2018 - English) (Version: 22.0.49.0 - Autodesk)
Autodesk AutoCAD 2018 Help - English (HKLM\...\AutoCAD 2018 Help - English) (Version: 22.0.49.0 - Autodesk)
Autodesk AutoCAD 2018.0.2 (HKLM-x32\...\{b501e2dd-1001-0000-0102-2d66c6a9c722}) (Version: 22.0.72.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.8 (HKLM-x32\...\{214D3370-746E-4886-8EAA-5769EB87D044}) (Version: 1.2.8.0 - Autodesk)
Autodesk Featured Apps 2016-2018 (HKLM-x32\...\{384C4B74-B749-4AB6-9367-4D51A6AA9CB8}) (Version: 2.4.0 - Autodesk)
Autodesk License Service (x64) - 5.1.4 (HKLM\...\{3609A8D9-FC0C-4C9B-9F58-0B1D1A4FE556}) (Version: 5.1.4.0 - Autodesk)
Autodesk Material Library 2018 (HKLM-x32\...\{7847611E-92E9-4917-B395-71C91D523104}) (Version: 16.11.1.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2018 (HKLM-x32\...\{FCDED119-A969-4E48-8A32-D21AD6B03253}) (Version: 16.11.1.0 - Autodesk)
AxCrypt 1.7.2976.0 (HKLM\...\{F28219BA-0FBA-4515-AA4D-DF55EA186C6A}) (Version: 1.7.2976.0 - Axantum Software AB)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Boson NetSim 10 (HKLM-x32\...\{BB7EFCAE-611C-49F7-88AF-D91E3BCBF0C5}) (Version: 10.00.0000 - Boson Software, LLC) Hidden
Boson NetSim 10 (HKLM-x32\...\InstallShield_{BB7EFCAE-611C-49F7-88AF-D91E3BCBF0C5}) (Version: 10.00.0000 - Boson Software, LLC)
Brother P-touch Editor 5.2 (HKLM-x32\...\{456127E4-D660-4680-8C96-609AD6C485E2}) (Version: 5.2.0010 - Brother Industries, Ltd.)
Brother P-touch Update Software (HKLM-x32\...\{50FC1E40-7146-4B08-A3D6-D7EAD0362B6F}) (Version: 1.0.0120 - Brother Industries, Ltd.)
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
Burn.Now 4.5 (HKLM-x32\...\{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation) Hidden
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (HKLM-x32\...\{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.385 - Corel Inc.)
Crystal Reports 2008 Runtime (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.0.0.683 - Business Objects)
Direct DiscRecorder (HKLM-x32\...\{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}) (Version: 1.00.0000 - Corel Corporation) Hidden
Direct DiscRecorder (HKLM-x32\...\InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}) (Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Ditto (HKLM\...\Ditto_is1) (Version:  - Scott Brogden)
Ditto (HKLM-x32\...\Ditto_is1) (Version:  - Scott Brogden)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
DSLR Remote Pro (HKLM-x32\...\{0143BC25-D431-44bf-85EA-082CA5EA851D}) (Version: v2.4.2 - Breeze Systems Ltd)
Dynamic-Photo HDR 5 (HKLM-x32\...\Dynamic-Photo HDR 5_is1) (Version:  - Mediachance)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON SC-P400 Series Printer Uninstall (HKLM\...\EPSON SC-P400 Series) (Version:  - SEIKO EPSON Corporation)
Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version:  - )
Export to Google Earth (64-bit) (HKLM\...\{5DD3ACCF-E88E-47C7-ACE6-3BB904D571AD}) (Version: 4.3.0 - Forsk)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FileZilla Client 3.30.0 (HKLM-x32\...\FileZilla Client) (Version: 3.30.0 - Tim Kosse)
foobar2000 v1.2.3 (HKLM-x32\...\foobar2000) (Version: 1.2.3 - Peter Pawlowski)
getPlus+® Download Manager for Alcatel-Lucent (HKLM-x32\...\{B017E7AE-9188-4c93-BE43-9CDF99E65046}) (Version: 1.6.1.116 - NOS Microsystems Ltd.)
Git version 2.10.1 (HKLM\...\Git_is1) (Version: 2.10.1 - The Git Development Community)
GlobalMapper 17 (64-bit) (HKLM\...\{37B1A75B-0AFC-430E-B77E-599F616670F0}) (Version: 17.02.1000 - Blue Marble Geographics)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
IC Capture 2.3 (HKLM-x32\...\ICCapture22_is1) (Version:  - The Imaging Source Europe GmbH)
ICND1 Network Simulator Lite (HKLM-x32\...\ICND1 Network Simulator Lite) (Version: 2.5.0.105 - Pearson IT Certification)
IIS 10.0 Express (HKLM\...\{0148E8AA-4A50-4673-B532-DB9F30F804BE}) (Version: 10.0.1737 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - ) Hidden
inSSIDer 4 (HKLM-x32\...\{068F709E-5BA2-4C2F-84E9-B2DFF374F366}) (Version: 4.2.0.12 - MetaGeek, LLC)
Integrated Camera Driver Installer Package Ver.1.2.1.18 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.18 - RICOH)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.9.254 - Intel Corporation)
Intel® WiDi (HKLM\...\{728985C5-A04B-457C-9D62-15360F3EAF85}) (Version: 3.1.29.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless Software (HKLM-x32\...\{a9888f41-68ae-43df-bd7d-d93405a44106}) (Version: 17.13.11 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.00 - )
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.17.0 - Lenovo)
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.09.03 - )
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Message Analyzer (HKLM\...\{89A87FF1-607C-4551-B363-DDFA2719067E}) (Version: 4.0.6396.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Outlook Web Access S/MIME (2007) (HKLM-x32\...\{CF1A6387-88F6-4BD9-B0BE-EA1AF7024C7C}) (Version: 8.3.105.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visio Viewer 2013 (HKLM\...\{95150000-0052-0409-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{5CB4DD27-6252-4C08-BFCF-22F6A110CBFA}) (Version: 10.0.1972 - Microsoft Corporation)
Mozilla Firefox 52.6.0 ESR (x64 en-US) (HKLM\...\Mozilla Firefox 52.6.0 ESR (x64 en-US)) (Version: 52.6.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0 - Mozilla)
Mozilla Thunderbird 52.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.6.0 (x86 en-US)) (Version: 52.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Nalpeiron License Management (HKLM-x32\...\{86148F87-2666-42F9-A712-1306176C525C}) (Version: 6.3.9.1 - Nalpeiron) Hidden
NetLimiter 3 (HKLM\...\{913923AB-3AAB-4870-8910-627C4CD82789}) (Version: 3.0.0.11 - Locktime Software s.r.o.)
Node.js (HKLM-x32\...\{69735668-F8BC-4E9A-839A-4006FDFDD5AC}) (Version: 0.12.2 - Joyent, Inc. and other Node contributors)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
NVIDIA 3D Vision Driver 345.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 345.20 - NVIDIA Corporation)
NVIDIA nView 141.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.33 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
NVIDIA WMI 2.19.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.19.0 - NVIDIA Corporation)
Office Tab (HKLM\...\{DE469D65-1DEB-4058-BF95-C642D733668D}_is1) (Version: 9.80 - Detong Technology Ltd.)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.51.01 - )
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Panda Devices Agent (HKLM-x32\...\{3F9548B2-0B34-4453-A92E-35056B053F19}) (Version: 1.08.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.08 - Panda Security) Hidden
Panda Protection (HKLM\...\{52F9D0C3-E6CF-4553-9013-8F2E834BD0B1}) (Version: 8.91.00 - Panda Security) Hidden
Panda Protection (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 18.1.0 - Panda Security)
Pathloss 5.1 (HKLM-x32\...\{EB7FFF3D-C2DF-4957-9E1D-38A57823A28E}) (Version: 5.10.0000 - Contract Telecommunication Engineering Ltd.)
Pearson IT Certification Practice Test (HKLM-x32\...\Pearson IT Certification Practice Test_is1) (Version: 1.0.0.25 - Pearson IT Certification)
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Photomatix Pro version 5.0.5a (HKLM\...\PhotomatixPro5x64_is1) (Version: 5.0.5a - HDRsoft Ltd)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.67.4 - Lenovo Group Limited)
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
Pulse SMS 1.0.1 (only current user) (HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\b48fe4d9-ee4c-5cce-b155-58a841ce5555) (Version: 1.0.1 - Luke Klinker)
PuTTY release 0.70 (64-bit) (HKLM\...\{45B3032F-22CC-40CD-9E97-4DA7095FA5A2}) (Version: 0.70.0.0 - Simon Tatham)
Python 2.7.3 (HKLM-x32\...\{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
qBittorrent 3.2.4 (HKLM-x32\...\qBittorrent) (Version: 3.2.4 - The qBittorrent project)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.00.0802 - Lenovo)
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Roslyn Language Services - x86 (HKLM-x32\...\{6970C7E1-F99D-388D-8903-DF8FCE677FED}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Sandboxie 3.76 (64-bit) (HKLM\...\Sandboxie) (Version: 3.76 - SANDBOXIE L.T.D)
Sentinel Protection Installer 7.6.3 (HKLM-x32\...\{954D9E32-BE47-43F4-9BFF-6DB46F17EAF2}) (Version: 7.6.3 - SafeNet, Inc.)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Setup Wizard SE (HKLM-x32\...\{405D8563-BDD7-487C-9498-942518B366BE}) (Version:  - )
Signal Level Export (64-bit) (HKLM\...\{26FECBB7-B2C2-4634-A6D7-F68742CE8FF3}) (Version: 5.4.0 - Forsk)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Snagit 13 (HKLM-x32\...\{99cd7d37-46bf-44d7-857e-7514a1bd3e83}) (Version: 13.1.1.7662 - TechSmith Corporation)
Snagit 13 (HKLM-x32\...\{B6369D04-6B02-4C63-85C5-46C09D0787EE}) (Version: 13.1.1 - TechSmith Corporation) Hidden
Sql Server Customer Experience Improvement Program (HKLM\...\{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}) (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32\...\{7A95671A-759E-3B83-B763-4289D1D24D73}) (Version: 14.102.25619 - Microsoft) Hidden
TeighaX 3.09 (HKLM-x32\...\{3D63579F-2398-418B-9227-A852FB201D2D}) (Version: 3.9.0 - Open Design Alliance)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
UltraEdit (HKLM-x32\...\{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}) (Version: 18.10.1016 - IDM Computer Solutions, Inc.) Hidden
UltraEdit (HKLM-x32\...\InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}) (Version: 18.10.1016 - IDM Computer Solutions, Inc.)
Update for Skype for Business 2016 (KB4011623) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{1C1EDA98-E4A1-4D14-BA2F-2C5D7366373A}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4011623) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{1C1EDA98-E4A1-4D14-BA2F-2C5D7366373A}) (Version:  - Microsoft)
USBPcap 1.2.0.1 (HKLM\...\USBPcap) (Version: 1.2.0.1 - Tomasz Mon)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Web Components (HKLM-x32\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version:  - )
WebViewer Plugin (HKLM-x32\...\{2DEF112F-847B-4DC4-9FC9-97EB52E2D7FC}) (Version: 2.1.0.03 - Samsung Techwin Co., Ltd.) Hidden
WebViewer Plugin (HKLM-x32\...\InstallShield_{2DEF112F-847B-4DC4-9FC9-97EB52E2D7FC}) (Version: 2.1.0.03 - Samsung Techwin Co., Ltd.)
Windows Driver Package - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel)
Windows Driver Package - Intel System  (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel USB  (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse  (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Xamarin (HKLM-x32\...\{71C2500C-BA4B-47D4-9B1A-44FF33D1AF3B}) (Version: 4.2.1.62 - Xamarin)
Yawcam 0.4.1 (HKLM-x32\...\{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3290605264-3539594492-3422607212-1001_Classes\CLSID\{9AAF0EB6-42D8-46C1-A2EF-679511B37A0D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2018\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3290605264-3539594492-3422607212-1001_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ue64ctmn.dll ()
CustomCLSID: HKU\S-1-5-21-3290605264-3539594492-3422607212-1001_Classes\CLSID\{B6EB585B-B467-4E46-A9C7-48D7D6FD26CB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2018\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3290605264-3539594492-3422607212-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2018\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3290605264-3539594492-3422607212-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SYSTEM32\AcSignIcon.dll [2017-02-02] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  -> No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  -> No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  -> No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2017-02-02] (Autodesk)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-11-27] ()
ContextMenuHandlers1: [axcrypt.File] -> {C3DFC144-30F8-4138-81F9-578DBEB9324A} => C:\Program Files\Axantum\AxCrypt\ShellExt.dll [2012-11-12] (Axantum Software AB)
ContextMenuHandlers1: [BriefcaseMenu] -> ?{85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2010-06-20] (Bulk Rename Utility)
ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 13\DLLx64\SnagitShellExt64.dll [2017-02-16] (TechSmith Corporation)
ContextMenuHandlers1: [SugarSync] -> ?{305BC11B-5175-492B-B569-866547FCDA40} =>  -> No File
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2017-02-22] (Panda Security, S.L.)
ContextMenuHandlers2: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2010-06-20] (Bulk Rename Utility)
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [2012-12-14] (Malwarebytes Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers4: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2010-06-20] (Bulk Rename Utility)
ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 13\DLLx64\SnagitShellExt64.dll [2017-02-16] (TechSmith Corporation)
ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2015-02-25] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-09-03] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-02-04] (NVIDIA Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2017-02-22] (Panda Security, S.L.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [axcrypt.File] -> {C3DFC144-30F8-4138-81F9-578DBEB9324A} => C:\Program Files\Axantum\AxCrypt\ShellExt.dll [2012-11-12] (Axantum Software AB)
ContextMenuHandlers6: [BriefcaseMenu] -> ?{85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [2012-12-14] (Malwarebytes Corporation)
ContextMenuHandlers6: [SugarSync] -> ?{305BC11B-5175-492B-B569-866547FCDA40} =>  -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2017-02-22] (Panda Security, S.L.)
ContextMenuHandlers1_S-1-5-21-3290605264-3539594492-3422607212-1001: [UltraEdit] -> {b5eedee0-c06e-11cf-8c56-444553540000} => C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ue64ctmn.dll [2012-06-28] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00637398-4C9F-42CB-BA1F-CD343BE36D72} - \Microsoft_Hardware_Launch_mousekeyboardcenter_exe -> No File <==== ATTENTION
Task: {236C052F-2165-4517-AEF4-B88FBC07F887} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2016-09-06] (TechSmith Corporation)
Task: {2F833845-196A-4A1B-ABF7-064A1A367F2A} - System32\Tasks\AdobeGCInvoker-1.0-Thinkpad-Joe => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {3603D13D-B275-46B5-A035-BFA32761FDEE} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {39B6E69F-A045-42D4-AED9-7B4308586F63} - \Microsoft_Hardware_Launch_itype_exe -> No File <==== ATTENTION
Task: {3E026D0F-5B03-467B-9D40-224715020C23} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {664C44C1-6D02-4F1F-AFB6-000875043B8D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-06] (Adobe Systems Incorporated)
Task: {737DE960-C004-4AB4-8BC0-760DA644E84B} - \RealDownloader Update Check -> No File <==== ATTENTION
Task: {785B7E0A-2322-4713-B5A3-7A9FC1C607B3} - \PMTask -> No File <==== ATTENTION
Task: {7CBE9303-0D71-44AB-AEA3-597526A906C7} - \Microsoft_Hardware_Launch_ipoint_exe -> No File <==== ATTENTION
Task: {7E9031D6-4ABD-475D-A241-51D0A5C3DAB2} - \Lenovo\Lenovo Customer Feedback Program -> No File <==== ATTENTION
Task: {9C341795-2B76-4324-9A4B-9B652DD3E374} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {AFD9DB42-BCFC-4B89-9B85-BAD459AF3908} - System32\Tasks\EPSON SC-P400 Series Update {B09CB636-7177-434A-9F8B-20FB6BC73F7A} => C:\Windows\system32\spool\DRIVERS\x64\3\E_32TS01NA.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {B0CB8BFF-2EF9-4C8A-BBC5-E3374F9DFD37} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe
Task: {B9938876-3605-4583-894D-13EAB91A2238} - \{41F2CA6B-4AA9-4EF3-8B73-32CED7A0E7C2} -> No File <==== ATTENTION
Task: {BCA36820-30F4-4601-915F-4F227C64FDC8} - \AutoKMS -> No File <==== ATTENTION
Task: {BFDCE46C-86E3-4F1C-BF48-FB2DB87B2478} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {C1C38B9E-F571-48D5-BE3C-B8C3F5F6B8EB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {C5E07001-D6E6-4785-B6C2-34FCC1F07972} - System32\Tasks\EPSON SC-P400 Series Update {784E3173-BCB7-459D-9538-D62FCCDEF4FB} => C:\Windows\system32\spool\DRIVERS\x64\3\E_32TS01NA.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {C8137F59-7997-4662-999E-E934260D8A44} - System32\Tasks\AdobeAAMUpdater-1.0-Thinkpad-Joe => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-03-22] (Adobe Systems Incorporated)
Task: {D399D72C-572F-4E7D-A477-866699F74C30} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 15.0.26403.3 => C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\Common7\IDE\VSIXAutoUpdate.exe
Task: {EC09FFCD-A2ED-4932-996A-B24284160C29} - \DivXUpdate -> No File <==== ATTENTION
Task: {ECF4BF4C-C412-40AF-9674-5F349E8F9AC6} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
Task: {FBF966B7-5587-4549-BF34-12D1D599C617} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\EPSON SC-P400 Series Update {784E3173-BCB7-459D-9538-D62FCCDEF4FB}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_32TS01NA.EXE:/EXE:{784E3173-BCB7-459D-9538-D62FCCDEF4FB} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON SC-P400 Series Update {B09CB636-7177-434A-9F8B-20FB6BC73F7A}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_32TS01NA.EXE:/EXE:{B09CB636-7177-434A-9F8B-20FB6BC73F7A} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js command prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\nodejs\nodevars.bat"

==================== Loaded Modules (Whitelisted) ==============

2015-03-07 15:36 - 2015-02-25 11:33 - 002855624 _____ () C:\Windows\system32\nvwmi64.exe
2011-06-22 07:42 - 2011-06-22 07:42 - 000034304 _____ () C:\Windows\System32\ssp4ml6.dll
2011-06-22 11:44 - 2011-06-22 11:44 - 000034304 _____ () C:\Windows\System32\sst2cl6.dll
2013-02-23 17:53 - 2015-02-25 11:32 - 002602784 _____ () C:\Program Files\NVIDIA Corporation\nview\nview64.dll
2013-02-20 10:18 - 2011-11-23 12:11 - 000040960 _____ () C:\Program Files\XemiComputers\Active Desktop Calendar\MouseHook.dll
2016-04-01 23:18 - 2016-04-01 23:18 - 000426160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2013-01-28 15:21 - 2015-01-29 06:07 - 000105472 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2018-01-08 06:00 - 2018-01-08 06:00 - 000076456 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-03-21 17:19 - 2011-03-21 17:19 - 000053248 _____ () C:\Program Files\NetLimiter 3\nlsvcPS.dll
2013-01-28 15:19 - 2015-02-04 13:29 - 000115912 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-01-28 15:18 - 2015-02-25 11:32 - 000012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-01-28 15:18 - 2012-04-08 16:54 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-12-22 18:41 - 2015-11-07 07:58 - 001740800 _____ () C:\Program Files (x86)\Ditto\Ditto.exe
2013-01-28 15:26 - 2012-01-16 23:29 - 000030512 ____N () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll
2013-01-28 15:21 - 2011-08-02 20:58 - 002201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2013-01-28 15:21 - 2011-08-02 20:58 - 002085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2013-12-04 17:46 - 2013-11-13 13:59 - 000276480 _____ () C:\Windows\SysWow64\IAT_YUV.ax
2013-02-23 17:53 - 2015-02-25 11:32 - 002156320 _____ () C:\Program Files\NVIDIA Corporation\nview\nview.dll
2015-02-25 11:32 - 2015-02-25 11:32 - 000010952 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2017-02-16 16:16 - 2017-02-16 16:16 - 000800768 _____ () C:\Program Files (x86)\TechSmith\Snagit 13\opencv_photo310.dll
2017-02-16 16:16 - 2017-02-16 16:16 - 020629504 _____ () C:\Program Files (x86)\TechSmith\Snagit 13\opencv_imgproc310.dll
2017-02-16 16:16 - 2017-02-16 16:16 - 008968192 _____ () C:\Program Files (x86)\TechSmith\Snagit 13\opencv_core310.dll
2017-02-16 16:15 - 2017-02-16 16:15 - 008968192 _____ () C:\Program Files (x86)\TechSmith\Snagit 13\opencv_core300.dll
2017-02-16 16:15 - 2017-02-16 16:15 - 020629504 _____ () C:\Program Files (x86)\TechSmith\Snagit 13\opencv_imgproc300.dll
2017-02-16 16:17 - 2017-02-16 16:17 - 001152512 _____ () C:\Program Files (x86)\TechSmith\Snagit 13\cairo.dll
2017-02-16 16:17 - 2017-02-16 16:17 - 000601088 _____ () C:\Program Files (x86)\TechSmith\Snagit 13\fontconfig.dll
2017-02-16 16:17 - 2017-02-16 16:17 - 001015296 _____ () C:\Program Files (x86)\TechSmith\Snagit 13\libxml2.dll
2017-02-16 16:17 - 2017-02-16 16:17 - 000023552 _____ () C:\Program Files (x86)\TechSmith\Snagit 13\iconv.dll
2017-02-16 16:17 - 2017-02-16 16:17 - 000588288 _____ () C:\Program Files (x86)\TechSmith\Snagit 13\pixman-1.dll
2017-02-16 16:17 - 2017-02-16 16:17 - 000165888 _____ () C:\Program Files (x86)\TechSmith\Snagit 13\libpng16.dll
2017-02-16 16:17 - 2017-02-16 16:17 - 000071680 _____ () C:\Program Files (x86)\TechSmith\Snagit 13\zlib1.dll
2017-02-16 16:17 - 2017-02-16 16:17 - 000778240 _____ () C:\Program Files (x86)\TechSmith\Snagit 13\harfbuzz.dll
2017-07-11 07:03 - 2017-07-11 07:03 - 008911560 _____ () C:\Program Files (x86)\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2013-01-28 15:16 - 2012-02-20 20:09 - 001198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:bod2d5mUXxd6W50voomOUcc [2084]
AlternateDataStreams: C:\Program Files\Common Files\System:siI39mETDBnl5KpX528X7MtojuWC [2418]
AlternateDataStreams: C:\ProgramData\Microsoft:hDOEORID3SsVZAjrh [2010]
AlternateDataStreams: C:\ProgramData\Microsoft:zDuZXVxkY9kCsgT2EH86B [2060]
AlternateDataStreams: C:\ProgramData\TEMP:054203E4 [130]
AlternateDataStreams: C:\ProgramData\TEMP:58A5270D [414]
AlternateDataStreams: C:\ProgramData\TEMP:5A775C3F [402]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\samsungsetup.com -> hxxp://www.samsungsetup.com
IE restricted site: HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\...\skype.com -> apps.skype.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2018-01-25 19:40 - 000306200 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 http://www.fnvfox.com
127.0.0.1 doubleclick.net
127.0.0.1 facebook.com
127.0.0.1 facebook.net
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 fvdconverter.com
127.0.0.1 licensing.ultraedit.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 192.150.14.69
127.0.0.1 192.150.18.101
127.0.0.1 192.150.18.108
127.0.0.1 192.150.22.40
127.0.0.1 192.150.8.100
127.0.0.1 192.150.8.118
127.0.0.1 209-34-83-73.ood.opsource.net
127.0.0.1 3dns-1.adobe.com

There are 10537 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Joe\AppData\Roaming\XEMICO~1\ACTIVE~1\Desktop\ACTIVE~1.BMP
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: ) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AtollCalcSvr => 2
MSCONFIG\Services: Autodesk Content Service => 2
MSCONFIG\Services: FlexNet Licensing Service 64 => 3
MSCONFIG\Services: IBMPMSVC => 2
MSCONFIG\Services: nlsX86cc => 2
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: UleadBurningHelper => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CineForm Status.lnk => C:\Windows\pss\CineForm Status.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install Webroot IE RunOnce.lnk => C:\Windows\pss\Install Webroot IE RunOnce.lnk.CommonStartup
MSCONFIG\startupreg: "C: =>
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AcWin7Hlpr => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Apricorn Scheduler Service => "C:\Program Files (x86)\Common Files\Apricorn\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Autodesk Desktop App => "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" -tray
MSCONFIG\startupreg: Autodesk Sync => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
MSCONFIG\startupreg: BitTorrent => "C:\Users\Joe\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: com.squirrel.MightyText.MightyText => C:\Users\Joe\AppData\Local\MightyText\app-3.88.16\MightyText.exe
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: EPSON WorkForce 30 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEEA.EXE /FU "C:\Windows\TEMP\E_SC49E.tmp" /EF "HKCU"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LENOVO.TPKNRRES => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RotateImage => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: The Imaging Source Processor Idle State Manager => "C:\Program Files (x86)\The Imaging Source Europe GmbH\Processor Idle State Manager\ProcessorIdleStateManager.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{42522559-19B4-45D0-9692-CB0CEE0C7CB0}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{1A9EFE3D-FE07-456E-AC16-074F3828B200}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FA6A14F0-9473-4683-84B3-04373C6E31CB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C432AA54-1FF9-4B0E-A215-1603A4F57E5F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ACF63163-4075-4C0C-915D-EEF0644EAAFB}] => (Allow) LPort=3306
FirewallRules: [{41631664-76D2-4EAE-99FC-5B3794850428}] => (Allow) LPort=3306
FirewallRules: [TCP Query User{B443E316-D34A-41E8-B22D-889B6AE328D8}C:\program files\ditto\ditto.exe] => (Allow) C:\program files\ditto\ditto.exe
FirewallRules: [UDP Query User{899E5696-369F-447C-9BCF-9E94FE17E7DA}C:\program files\ditto\ditto.exe] => (Allow) C:\program files\ditto\ditto.exe
FirewallRules: [{6F92CFEA-2A95-4039-8DB6-22BA511112C7}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
FirewallRules: [{41D9B1F0-E7EB-41DE-9EEF-CDF775E0F144}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
FirewallRules: [{E1111A11-CB95-4F37-9283-BCC935A151A3}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
FirewallRules: [{EF53D3A4-37DC-4E2C-98E0-AC69E8B0E3BE}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
FirewallRules: [{D3486E76-F076-4B24-9117-2A0993C787E6}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{704AF809-F457-4A9B-8E7C-7208757CA6BF}C:\program files\ditto\ditto.exe] => (Allow) C:\program files\ditto\ditto.exe
FirewallRules: [UDP Query User{9828E0DF-10E7-4DDD-815F-59466AECF37C}C:\program files\ditto\ditto.exe] => (Allow) C:\program files\ditto\ditto.exe
FirewallRules: [TCP Query User{56BAA692-5925-426E-8293-112CEB2E97D9}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{090412F7-FC2B-4F8A-BB04-22A5AC18425E}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [{76591276-7964-4548-89F0-1E73C9FF186A}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{BF7BB107-767F-4891-A358-0F4015898ADA}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{11855EA4-613C-47B4-8F26-7B3EDEC679F9}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{EF979BFF-40D6-452B-B00B-2D47E7D797E8}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{0D542D9C-3E0B-4493-AB91-2A5B39C1EF51}C:\program files (x86)\ditto\ditto.exe] => (Allow) C:\program files (x86)\ditto\ditto.exe
FirewallRules: [UDP Query User{6B99CB0E-7B4A-45D6-8D57-3CD14C602D24}C:\program files (x86)\ditto\ditto.exe] => (Allow) C:\program files (x86)\ditto\ditto.exe
FirewallRules: [TCP Query User{5881AB2C-F949-4DF6-8C3C-26085833B8B3}C:\program files (x86)\ditto\ditto.exe] => (Allow) C:\program files (x86)\ditto\ditto.exe
FirewallRules: [UDP Query User{CA71F8D5-6C7A-4660-9E02-42404F4A528F}C:\program files (x86)\ditto\ditto.exe] => (Allow) C:\program files (x86)\ditto\ditto.exe
FirewallRules: [{A2D23A5F-6356-44DA-81D3-D367E201375E}] => (Allow) LPort=8298
FirewallRules: [{F81C7170-A224-4C4C-B063-D7E725A0046B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A2487276-465E-40F1-8B11-6AB99F35B5B7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{085DC5C6-5E63-42BE-ACFA-F46722C08AB2}] => (Allow) C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
FirewallRules: [{1746118A-281B-4CD7-9A56-BB2DBAACD325}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{07C8273F-4637-42D3-BA67-5424ECB250EA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{BD576F61-7A32-4C95-8FAB-51DB38BAE59D}C:\program files (x86)\altium\ad17\dxp.exe] => (Allow) C:\program files (x86)\altium\ad17\dxp.exe
FirewallRules: [UDP Query User{0CC813A3-77A0-4C9B-8B91-BECC7AA4302F}C:\program files (x86)\altium\ad17\dxp.exe] => (Allow) C:\program files (x86)\altium\ad17\dxp.exe
FirewallRules: [TCP Query User{F665D142-31F3-4175-B2B5-FE453313B564}E:\nokia\nokia9500\webeml\jre7\bin\rmiregistry.exe] => (Allow) E:\nokia\nokia9500\webeml\jre7\bin\rmiregistry.exe
FirewallRules: [UDP Query User{C6F4397A-B8D2-4D5A-AE81-B068514296EE}E:\nokia\nokia9500\webeml\jre7\bin\rmiregistry.exe] => (Allow) E:\nokia\nokia9500\webeml\jre7\bin\rmiregistry.exe
FirewallRules: [TCP Query User{E0B08E5F-059D-4040-AEBF-3927E4E7D813}E:\nokia\nokia9500\webeml\jre7\bin\java.exe] => (Allow) E:\nokia\nokia9500\webeml\jre7\bin\java.exe
FirewallRules: [UDP Query User{A949BEB5-C8AB-417B-AC2D-C38DF63A9236}E:\nokia\nokia9500\webeml\jre7\bin\java.exe] => (Allow) E:\nokia\nokia9500\webeml\jre7\bin\java.exe
FirewallRules: [TCP Query User{B6D6F0FD-3F37-40FD-96B2-525D86B5386B}E:\nokia\nokia9500\webeml\jre7\bin\javaw.exe] => (Allow) E:\nokia\nokia9500\webeml\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{5CBBEE69-FC68-41F3-AA79-7A524B377B84}E:\nokia\nokia9500\webeml\jre7\bin\javaw.exe] => (Allow) E:\nokia\nokia9500\webeml\jre7\bin\javaw.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: SbieDrv
Description: SbieDrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SbieDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/20/2018 07:03:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/20/2018 06:10:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/20/2018 06:31:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/20/2018 12:09:00 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/19/2018 06:11:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ADC.exe, version: 7.9.5.0, time stamp: 0x4eccfa28
Faulting module name: ADC.exe, version: 7.9.5.0, time stamp: 0x4eccfa28
Exception code: 0x40000015
Fault offset: 0x00000000002a9a31
Faulting process id: 0x1398
Faulting application start time: 0x01d3a9e7a5f57223
Faulting application path: C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
Faulting module path: C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
Report Id: 08a64cad-15db-11e8-ad28-fc9edd09a435

Error: (02/19/2018 06:10:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/19/2018 09:25:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/19/2018 06:24:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (02/20/2018 07:04:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2018 07:04:20 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (02/20/2018 07:04:20 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (02/20/2018 07:04:20 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (02/20/2018 07:04:20 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (02/20/2018 07:04:20 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (02/20/2018 07:04:20 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (02/20/2018 07:04:20 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.


CodeIntegrity:
===================================

Date: 2018-02-20 19:03:57.724
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-02-20 18:10:56.128
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-02-20 06:31:47.117
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-02-19 18:10:56.388
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-02-19 09:25:22.306
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-02-19 06:24:48.899
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-02-19 05:02:58.120
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-02-18 07:26:15.509
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7-3720QM CPU @ 2.60GHz
Percentage of memory in use: 17%
Total physical RAM: 24142.79 MB
Available physical RAM: 19904.14 MB
Total Virtual: 48283.77 MB
Available Virtual: 43764.11 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:445.72 GB) (Free:242 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Nokia 9500 v7.0) (CDROM) (Total:0.47 GB) (Free:0 GB) UDF
Drive e: (SSD_2) (Fixed) (Total:465.74 GB) (Free:389.2 GB) exFAT

\\?\Volume{5fd54543-7852-11e2-84bf-806e6f6e6963}\ (SYSTEM_DRV) (Fixed) (Total:1.41 GB) (Free:0.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 447.1 GB) (Disk ID: 4840C815)
Partition 1: (Active) - (Size=1.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=445.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: A0414B6E)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:43 AM

Posted 21 February 2018 - 11:39 AM

Hi, zzyzxx_x.
 
Welcome.
 
The computer seem to be infected with a version of the SmartService Rootkit. This is a very difficult Rootkit to remove.
 
You will need a non infected secondary system to download FRST64 in a USB drive (Pen Drive), boot the infected computer in the Recovery Environment and run FRST64 at the command prompt. What it is most important is the the USB drive should not be inserted in the infected computer, but until you have reached the command prompt in the Recovery Environment. Here are the instructions.
 
In a non infectd computer, please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. In your case is FRST64.exe.

Boot in the Recovery Environment

You are running Windows 7

 

  • Restart the infected computer
  • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
  • Use the arrow keys to select Repair your computer, and press on Enter
  • Select your keyboard layout (US, French, etc.) and click on Next
  • Click on Command Prompt to open the command prompt
    Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.

 Once in the command prompt

  • In the command prompt, plug your USB Flash Drive in the infected computer.
  • Type notepad at the prompt and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe64 and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Scan button and wait for it to complete
  • A log called frst.txt will be saved on your USB Flash Drive. Post it in your next reply

If you successfully run FRST64 in the Recovery Enironment, boot the computer in Normal Mode and follow these steps:
 
favicon-32x32.png Please download Malwarebytes to your desktop.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".
  • The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.

02-malwarebytes-premium-scan-methods.jpg

  • After a scan has been executed, scan results are displayed.
  • Put a checkmark on all detected and click on "Quarantine Selected"
  • Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.


Edited by JSntgRvr, 21 February 2018 - 11:52 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 zzyzxx_x

zzyzxx_x
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 22 February 2018 - 04:00 PM

Thank you for your response, MSG. I appreciate you time and effort!

 

I could not get to the recovery options using the F8 method, and had to create the recovery disk to get there. Once that was complete, I was able to follow your instructions exactly. Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.02.2018
Ran by SYSTEM on MININT-0TPPUM1 (22-02-2018 13:40:52)
Running from G:\
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2728736 2015-02-25] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295664 2014-12-08] (Lenovo Group Limited)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-16] (Lenovo)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [141760 2017-02-22] (Panda Security, S.L.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\Default\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default\...\RunOnce: [] => [X]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] => C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q
HKU\Default\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\Default User\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\RunOnce: [] => [X]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] => C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q
HKU\Default User\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\Joe\...\Run: [AdobeBridge] => [X]
HKU\Joe\...\Run: [Active Desktop Calendar] => C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe [9143296 2011-11-23] (XemiComputers ltd.)
HKU\Joe\...\Run: [Ditto] => C:\Program Files (x86)\Ditto\Ditto.exe [1740800 2015-11-07] ()
HKU\Joe\...\Run: [NetLimiter] => C:\Program Files\NetLimiter 3\NLClientApp.exe [2910208 2011-03-21] (Locktime Software)
HKU\Joe\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_32ATI1NE.EXE [303312 2016-04-13] (Seiko Epson Corporation)
HKU\Joe\...\Policies\system: [DisableCMD] 0
HKU\Joe\...\Policies\system: [NoDispAppearancePage] 0
HKU\Joe\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Joe\...\Policies\system: [NoDispSettingsPage] 0
HKU\Joe\...\Policies\Explorer: []
HKU\Joe\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\Joe\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\Joe\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\Joe\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\Joe\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\Joe\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\Joe\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\Joe\...\Policies\Explorer: [NoFind] 0
HKU\Joe\...\Policies\Explorer: [NoFile] 0
HKU\Joe\...\Policies\Explorer: [HideClock] 0
HKU\Joe\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\Joe\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\Joe\...\Policies\Explorer: [NoSetFolders] 0
HKU\Joe\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\Joe\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\Joe\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\Joe\...\Policies\Explorer: [NoDFSTab] 0
HKU\Joe\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\Joe\...\Policies\Explorer: [NoLogoff] 0
HKU\Joe\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\Joe\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\Joe\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\Joe\...\Policies\Explorer: [NoResolveSearch] 0
HKU\Joe\...\Policies\Explorer: [NoSaveSettings] 0
HKU\Joe\...\Policies\Explorer: [NoHardwareTab] 0
HKU\Joe\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\Joe\Control Panel\Desktop\\SCRNSAVE.EXE ->
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2015-02-25] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2015-02-25] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1st Clock.lnk [2015-08-08]
ShortcutTarget: 1st Clock.lnk -> C:\Program Files (x86)\1st Clock\1stClock.exe (Green Parrots Software)
GroupPolicyScripts: Restriction <==== ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"HKLM\System\ControlSet001\Services\udiskMgr" => removed successfully
S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [694464 2016-04-07] (Adobe Systems Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S4 AtollCalcSvr; C:\Program Files\Forsk\Atoll\AtollSvr.exe [636928 2013-11-21] (Forsk)
S2 BFE; X:\windows\System32\bfe.dll [705024 2010-11-20] (Microsoft Corporation)
S3 bthserv; X:\windows\system32\bthserv.dll [83968 2009-07-13] (Microsoft Corporation)
S2 CryptSvc; X:\windows\system32\cryptsvc.dll [177152 2010-11-20] (Microsoft Corporation)
S2 DcomLaunch; X:\windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation)
S3 defragsvc; X:\windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation)
S2 Dhcp; X:\windows\system32\dhcpcore.dll [317952 2010-11-20] (Microsoft Corporation)
S2 Dnscache; X:\windows\System32\dnsrslvr.dll [183296 2010-11-20] (Microsoft Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2015-01-29] (Lenovo.)
S3 EapHost; X:\windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation)
S2 EFS; X:\windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
S2 eventlog; X:\windows\System32\wevtsvc.dll [1646080 2010-11-20] (Microsoft Corporation)
S2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-16] (Lenovo)
S2 GPAdjustTimeService; C:\Program Files (x86)\1st Clock\1stClockAdjustTimeSvc.exe [448512 2007-11-11] (Green Parrots Software)
S2 gpsvc; X:\windows\System32\gpsvc.dll [777728 2010-11-20] (Microsoft Corporation)
S3 hidserv; X:\windows\system32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation)
S2 IKEEXT; X:\windows\System32\ikeext.dll [853504 2010-11-20] (Microsoft Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
S3 KeyIso; X:\windows\system32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
S2 LanmanWorkstation; X:\windows\System32\wkssvc.dll [118784 2010-11-20] (Microsoft Corporation)
S2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197360 2014-12-08] (Lenovo Group Limited)
S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-11] (Lenovo Group Limited)
S2 lmhosts; X:\windows\System32\lmhsvc.dll [23552 2009-07-13] (Microsoft Corporation)
S2 MpsSvc; X:\windows\system32\mpssvc.dll [828416 2010-11-20] (Microsoft Corporation)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-12-04] ()
S2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [110384 2017-02-14] (Panda Security, S.L.)
S3 Netlogon; X:\windows\system32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
S3 Netman; X:\windows\System32\netman.dll [360448 2012-06-15] (Microsoft Corporation)
S2 NlaSvc; X:\windows\System32\nlasvc.dll [303616 2010-11-20] (Microsoft Corporation)
S2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1845248 2011-03-21] (Locktime Software)
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3006.dll [49152 2018-01-31] (NOS Microsystems Ltd.)
S2 nsi; X:\windows\system32\nsisvc.dll [25600 2009-07-13] (Microsoft Corporation)
S2 NVWMI; C:\Windows\System32\nvwmi64.exe [2855624 2015-02-25] ()
S2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
S2 PlugPlay; X:\windows\system32\umpnpmgr.dll [404480 2010-11-20] (Microsoft Corporation)
S3 PolicyAgent; X:\windows\System32\ipsecsvc.dll [501248 2010-11-20] (Microsoft Corporation)
S2 Power; X:\windows\system32\umpo.dll [163840 2009-07-13] (Microsoft Corporation)
S3 ProtectedStorage; X:\windows\system32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
S2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [47096 2017-04-25] (Panda Security, S.L.)
S3 RasAuto; X:\windows\System32\rasauto.dll [99328 2009-07-13] (Microsoft Corporation)
S3 RasMan; X:\windows\System32\rasmans.dll [344064 2010-11-20] (Microsoft Corporation)
S2 RpcEptMapper; X:\windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation)
S2 RpcSs; X:\windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation)
S2 SamSs; X:\windows\system32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [123664 2012-12-16] (SANDBOXIE L.T.D)
S2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [374048 2010-10-20] (SafeNet, Inc.)
S2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1250592 2010-10-20] (SafeNet, Inc)
S2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [292128 2010-10-20] (SafeNet, Inc.)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S3 SstpSvc; X:\windows\system32\sstpsvc.dll [75264 2009-07-13] (Microsoft Corporation)
S3 swprv; X:\windows\System32\swprv.dll [524288 2009-07-13] (Microsoft Corporation)
S3 TBS; X:\windows\System32\tbssvc.dll [65536 2009-07-13] (Microsoft Corporation)
S2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation)
S3 TrustedInstaller; X:\windows\servicing\TrustedInstaller.exe [194048 2010-11-20] (Microsoft Corporation)
S3 VaultSvc; X:\windows\system32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
S3 vds; X:\windows\System32\vds.exe [533504 2010-11-20] (Microsoft Corporation)
S3 VSS; X:\windows\system32\vssvc.exe [1600512 2012-06-15] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S3 W32Time; X:\windows\system32\w32time.dll [381952 2009-07-13] (Microsoft Corporation)
S3 wbengine; X:\windows\system32\wbengine.exe [1504256 2010-11-20] (Microsoft Corporation)
S2 WbioSrvc; X:\windows\System32\wbiosrvc.dll [202240 2009-07-13] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 Winmgmt; X:\windows\system32\wbem\WMIsvc.dll [242688 2012-06-15] (Microsoft Corporation)
S3 wmiApSrv; X:\windows\system32\wbem\WmiApSrv.exe [203264 2012-06-15] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-12-04] (Intel® Corporation)
S3 QWAVE; %windir%\system32\qwave.dll [X]
S3 seclogon; %windir%\system32\seclogon.dll [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394ohci; X:\windows\System32\DRIVERS\1394ohci.sys [229888 2010-11-20] (Microsoft Corporation)
S3 2413E2F2; C:\Windows\system32\drivers\2413E2F2.sys [255928 2018-01-15] (Malwarebytes)
S4 3611E6F7; C:\Windows\System32\drivers\3611E6F7.sys [255928 2018-01-15] (Malwarebytes)
S0 ACPI; X:\windows\System32\drivers\ACPI.sys [334208 2010-11-20] (Microsoft Corporation)
S3 adp94xx; X:\windows\system32\drivers\adp94xx.sys [491088 2010-11-20] (Adaptec, Inc.)
S3 adpahci; X:\windows\system32\drivers\adpahci.sys [339536 2010-11-20] (Adaptec, Inc.)
S3 adpu320; X:\windows\system32\drivers\adpu320.sys [182864 2010-11-20] (Adaptec, Inc.)
S1 AFD; X:\windows\system32\drivers\afd.sys [499712 2010-11-20] (Microsoft Corporation)
S3 agp440; X:\windows\system32\drivers\agp440.sys [61008 2010-11-20] (Microsoft Corporation)
S3 aliide; X:\windows\system32\drivers\aliide.sys [15440 2010-11-20] (Acer Laboratories Inc.)
S3 amdide; X:\windows\system32\drivers\amdide.sys [15440 2010-11-20] (Microsoft Corporation)
S3 AmdK8; X:\windows\system32\drivers\amdk8.sys [64512 2010-11-20] (Microsoft Corporation)
S3 AmdPPM; X:\windows\system32\drivers\amdppm.sys [60928 2010-11-20] (Microsoft Corporation)
S3 amdsata; X:\windows\system32\drivers\amdsata.sys [107904 2012-06-15] (Advanced Micro Devices)
S3 amdsbs; X:\windows\system32\drivers\amdsbs.sys [194128 2010-11-20] (AMD Technologies Inc.)
S0 amdxata; X:\windows\System32\drivers\amdxata.sys [27008 2012-06-15] (Advanced Micro Devices)
S3 arc; X:\windows\system32\drivers\arc.sys [87632 2010-11-20] (Adaptec, Inc.)
S3 arcsas; X:\windows\system32\drivers\arcsas.sys [97856 2010-11-20] (Adaptec, Inc.)
S3 AsyncMac; X:\windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-13] (Microsoft Corporation)
S3 atapi; X:\windows\system32\drivers\atapi.sys [24128 2010-11-20] (Microsoft Corporation)
S3 b06bdrv; X:\windows\system32\drivers\bxvbda.sys [468480 2010-11-20] (Broadcom Corporation)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
S1 blbdrive; X:\windows\System32\DRIVERS\blbdrive.sys [45056 2010-11-20] (Microsoft Corporation)
S3 bowser; X:\windows\System32\DRIVERS\bowser.sys [90624 2009-07-13] (Microsoft Corporation)
S4 cdfs; X:\windows\System32\DRIVERS\cdfs.sys [92160 2009-07-13] (Microsoft Corporation)
S1 cdrom; X:\windows\System32\DRIVERS\cdrom.sys [147456 2010-11-20] (Microsoft Corporation)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2009-06-02] (www.winchiphead.com)
S0 CLFS; X:\windows\System32\CLFS.sys [367696 2009-07-13] (Microsoft Corporation)
S3 CmBatt; X:\windows\System32\DRIVERS\CmBatt.sys [17664 2010-11-20] (Microsoft Corporation)
S3 cmdide; X:\windows\system32\drivers\cmdide.sys [17488 2010-11-20] (CMD Technology, Inc.)
S0 CNG; X:\windows\System32\Drivers\cng.sys [459248 2010-11-20] (Microsoft Corporation)
S0 Compbatt; X:\windows\System32\drivers\compbatt.sys [21584 2010-11-20] (Microsoft Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S1 DfsC; X:\windows\System32\Drivers\dfsc.sys [102400 2010-11-20] (Microsoft Corporation)
S0 Disk; X:\windows\System32\drivers\disk.sys [73280 2010-11-20] (Microsoft Corporation)
S3 ebdrv; X:\windows\system32\drivers\evbda.sys [3286016 2010-11-20] (Broadcom Corporation)
S3 elxstor; X:\windows\system32\drivers\elxstor.sys [530496 2010-11-20] (Emulex)
S3 ErrDev; X:\windows\system32\drivers\errdev.sys [9728 2010-11-20] (Microsoft Corporation)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-16] (Windows ® Win 7 DDK provider)
S3 fdc; X:\windows\system32\drivers\fdc.sys [29696 2010-11-20] (Microsoft Corporation)
S0 FileInfo; X:\windows\System32\drivers\fileinfo.sys [70224 2009-07-13] (Microsoft Corporation)
S3 Filetrace; X:\windows\System32\drivers\filetrace.sys [34304 2012-06-15] (Microsoft Corporation)
S3 flpydisk; X:\windows\system32\drivers\flpydisk.sys [24576 2010-11-20] (Microsoft Corporation)
S0 FltMgr; X:\windows\System32\drivers\fltmgr.sys [289664 2010-11-20] (Microsoft Corporation)
S3 FsDepends; X:\windows\System32\drivers\FsDepends.sys [55376 2009-07-13] (Microsoft Corporation)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [118160 2016-10-04] (Future Technology Devices International Ltd.)
S3 FTSER2K; C:\Windows\System32\drivers\ftser2k.sys [88752 2016-10-04] ()
S0 fvevol; X:\windows\System32\DRIVERS\fvevol.sys [223248 2010-11-20] (Microsoft Corporation)
S3 gagp30kx; X:\windows\system32\drivers\gagp30kx.sys [65088 2010-11-20] (Microsoft Corporation)
S3 HDAudBus; X:\windows\System32\DRIVERS\HDAudBus.sys [122368 2010-11-20] (Microsoft Corporation)
S3 HidBatt; X:\windows\system32\drivers\HidBatt.sys [26624 2010-11-20] (Microsoft Corporation)
S3 HidUsb; X:\windows\System32\DRIVERS\hidusb.sys [30208 2010-11-20] (Microsoft Corporation)
S3 HpSAMD; X:\windows\system32\drivers\HpSAMD.sys [78720 2010-11-20] (Hewlett-Packard Company)
S3 i8042prt; X:\windows\System32\DRIVERS\i8042prt.sys [105472 2010-11-20] (Microsoft Corporation)
S0 iaStor; X:\windows\System32\drivers\iaStor.sys [569152 2012-06-08] (Intel Corporation)
S3 iaStorV; X:\windows\system32\drivers\iaStorV.sys [410496 2012-06-15] (Intel Corporation)
S3 iirsp; X:\windows\system32\drivers\iirsp.sys [44112 2010-11-20] (Intel Corp./ICP vortex GmbH)
S3 intelide; X:\windows\system32\drivers\intelide.sys [16960 2010-11-20] (Microsoft Corporation)
S3 intelppm; X:\windows\System32\DRIVERS\intelppm.sys [62464 2010-11-20] (Microsoft Corporation)
S3 IPMIDRV; X:\windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20] (Microsoft Corporation)
S3 isapnp; X:\windows\system32\drivers\isapnp.sys [20544 2010-11-20] (Microsoft Corporation)
S3 iScsiPrt; X:\windows\system32\drivers\msiscsi.sys [273792 2010-11-20] (Microsoft Corporation)
S0 iusb3hcs; X:\windows\System32\DRIVERS\iusb3hcs.sys [16152 2012-06-15] (Intel Corporation)
S3 iusb3hub; X:\windows\System32\DRIVERS\iusb3hub.sys [356120 2012-03-15] (Intel Corporation)
S3 iusb3xhc; X:\windows\System32\DRIVERS\iusb3xhc.sys [788760 2012-03-15] (Intel Corporation)
S3 kbdclass; X:\windows\System32\DRIVERS\kbdclass.sys [50768 2010-11-20] (Microsoft Corporation)
S3 kbdhid; X:\windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-20] (Microsoft Corporation)
S0 KSecDD; X:\windows\System32\Drivers\ksecdd.sys [95616 2010-11-20] (Microsoft Corporation)
S0 KSecPkg; X:\windows\System32\Drivers\ksecpkg.sys [152960 2010-11-20] (Microsoft Corporation)
S3 ksthunk; X:\windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation)
S3 LSI_FC; X:\windows\system32\drivers\lsi_fc.sys [114752 2010-11-20] (LSI Corporation)
S3 LSI_SAS; X:\windows\system32\drivers\lsi_sas.sys [106560 2010-11-20] (LSI Corporation)
S3 LSI_SAS2; X:\windows\system32\drivers\lsi_sas2.sys [65600 2010-11-20] (LSI Corporation)
S3 LSI_SCSI; X:\windows\system32\drivers\lsi_scsi.sys [115776 2010-11-20] (LSI Corporation)
S3 megasas; X:\windows\system32\drivers\megasas.sys [35392 2010-11-20] (LSI Corporation)
S3 MegaSR; X:\windows\system32\drivers\MegaSR.sys [284736 2010-11-20] (LSI Corporation, Inc.)
S3 mouclass; X:\windows\System32\DRIVERS\mouclass.sys [49216 2010-11-20] (Microsoft Corporation)
S3 mouhid; X:\windows\System32\DRIVERS\mouhid.sys [31232 2010-11-20] (Microsoft Corporation)
S0 mountmgr; X:\windows\System32\drivers\mountmgr.sys [94592 2010-11-20] (Microsoft Corporation)
S3 mpsdrv; X:\windows\System32\drivers\mpsdrv.sys [77312 2009-07-13] (Microsoft Corporation)
S3 mrxsmb; X:\windows\System32\DRIVERS\mrxsmb.sys [158208 2010-11-20] (Microsoft Corporation)
S3 mrxsmb10; X:\windows\System32\DRIVERS\mrxsmb10.sys [287744 2010-11-20] (Microsoft Corporation)
S3 mrxsmb20; X:\windows\System32\DRIVERS\mrxsmb20.sys [128000 2010-11-20] (Microsoft Corporation)
S3 msahci; X:\windows\system32\drivers\msahci.sys [31104 2010-11-20] (Microsoft Corporation)
S0 msisadrv; X:\windows\System32\drivers\msisadrv.sys [15424 2010-11-20] (Microsoft Corporation)
S3 MSKSSRV; X:\windows\System32\drivers\MSKSSRV.sys [11136 2009-07-13] (Microsoft Corporation)
S3 MSPCLOCK; X:\windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-13] (Microsoft Corporation)
S3 MSPQM; X:\windows\System32\drivers\MSPQM.sys [6784 2009-07-13] (Microsoft Corporation)
S1 mssmbios; X:\windows\System32\DRIVERS\mssmbios.sys [32320 2010-11-20] (Microsoft Corporation)
S3 MSTEE; X:\windows\System32\drivers\MSTEE.sys [8064 2009-07-13] (Microsoft Corporation)
S3 MTConfig; X:\windows\system32\drivers\MTConfig.sys [15360 2010-11-20] (Microsoft Corporation)
S2 multikey; C:\Windows\System32\DRIVERS\multikey.sys [67584 2014-10-16] (Chingachguk & Denger2k (Elite & SP edition))
S0 Mup; X:\windows\System32\Drivers\mup.sys [60496 2009-07-13] (Microsoft Corporation)
S0 NDIS; X:\windows\System32\drivers\ndis.sys [951680 2010-11-20] (Microsoft Corporation)
S3 NdisTapi; X:\windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-13] (Microsoft Corporation)
S3 NdisWan; X:\windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] (Microsoft Corporation)
S1 NetBIOS; X:\windows\System32\DRIVERS\netbios.sys [44544 2009-07-13] (Microsoft Corporation)
S1 NetBT; X:\windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] (Microsoft Corporation)
S3 nfrd960; X:\windows\system32\drivers\nfrd960.sys [51264 2010-11-20] (IBM Corporation)
S1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [88200 2011-03-21] (Locktime Software)
S1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [105984 2017-02-08] (Panda Security, S.L.)
S1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [209168 2016-06-29] (Panda Security, S.L.)
S1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [119880 2017-02-08] (Panda Security, S.L.)
S1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [123664 2016-06-29] (Panda Security, S.L.)
S1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [75032 2016-06-30] (Panda Security, S.L.)
S1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [114448 2016-06-29] (Panda Security, S.L.)
S1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [83824 2017-02-08] (Panda Security, S.L.)
S1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [132880 2016-06-29] (Panda Security, S.L.)
S1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [333584 2016-06-29] (Panda Security, S.L.)
S1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [196600 2017-02-08] (Panda Security, S.L.)
S1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [121104 2016-06-29] (Panda Security, S.L.)
S1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [278432 2016-07-01] (Panda Security, S.L.)
S1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [123152 2016-06-29] (Panda Security, S.L.)
S1 nsiproxy; X:\windows\System32\drivers\nsiproxy.sys [24576 2009-07-13] (Microsoft Corporation)
S1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299664 2015-02-25] (NVIDIA Corporation)
S3 nvraid; X:\windows\system32\drivers\nvraid.sys [148352 2012-06-15] (NVIDIA Corporation)
S3 nvstor; X:\windows\system32\drivers\nvstor.sys [166272 2012-06-15] (NVIDIA Corporation)
S3 nv_agp; X:\windows\system32\drivers\nv_agp.sys [122960 2010-11-20] (Microsoft Corporation)
S3 ohci1394; X:\windows\system32\drivers\ohci1394.sys [72832 2010-11-20] (Microsoft Corporation)
S3 Parport; X:\windows\system32\drivers\parport.sys [97280 2010-11-20] (Microsoft Corporation)
S0 partmgr; X:\windows\System32\drivers\partmgr.sys [75136 2010-11-20] (Microsoft Corporation)
S0 pci; X:\windows\System32\drivers\pci.sys [184704 2010-11-20] (Microsoft Corporation)
S3 pciide; X:\windows\system32\drivers\pciide.sys [12352 2010-11-20] (Microsoft Corporation)
S3 pcmcia; X:\windows\system32\drivers\pcmcia.sys [220752 2010-11-20] (Microsoft Corporation)
S0 pcw; X:\windows\System32\drivers\pcw.sys [50768 2009-07-13] (Microsoft Corporation)
S1 pefndis; C:\Windows\System32\DRIVERS\pefndis.sys [61104 2013-09-23] (Microsoft Corporation)
S3 PptpMiniport; X:\windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] (Microsoft Corporation)
S3 Processor; X:\windows\system32\drivers\processr.sys [60416 2010-11-20] (Microsoft Corporation)
S2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [177424 2017-02-12] (Panda Security, S.L.)
S2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [131856 2017-02-12] (Panda Security, S.L.)
S1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [205584 2017-02-20] (Panda Security, S.L.)
S2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [131344 2017-02-12] (Panda Security, S.L.)
S2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [144656 2017-02-12] (Panda Security, S.L.)
S2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [114960 2017-02-12] (Panda Security, S.L.)
S3 ql2300; X:\windows\system32\drivers\ql2300.sys [1524816 2010-11-20] (QLogic Corporation)
S3 ql40xx; X:\windows\system32\drivers\ql40xx.sys [128592 2010-11-20] (QLogic Corporation)
S3 RasAcd; X:\windows\System32\DRIVERS\rasacd.sys [14848 2009-07-13] (Microsoft Corporation)
S3 RasAgileVpn; X:\windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-13] (Microsoft Corporation)
S3 Rasl2tp; X:\windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] (Microsoft Corporation)
S3 RasPppoe; X:\windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-13] (Microsoft Corporation)
S3 RasSstp; X:\windows\System32\DRIVERS\rassstp.sys [83968 2009-07-13] (Microsoft Corporation)
S1 rdbss; X:\windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] (Microsoft Corporation)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202632 2012-12-16] (SANDBOXIE L.T.D)
S3 sbp2port; X:\windows\system32\drivers\sbp2port.sys [103808 2010-11-20] (Microsoft Corporation)
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 Serenum; X:\windows\System32\DRIVERS\serenum.sys [23552 2010-11-20] (Microsoft Corporation)
S1 Serial; X:\windows\System32\DRIVERS\serial.sys [94208 2010-11-20] (Microsoft Corporation)
S3 sermouse; X:\windows\system32\drivers\sermouse.sys [26624 2010-11-20] (Microsoft Corporation)
S3 sfloppy; X:\windows\system32\drivers\sfloppy.sys [16896 2010-11-20] (Microsoft Corporation)
S3 SiSRaid2; X:\windows\system32\drivers\SiSRaid2.sys [43584 2010-11-20] (Silicon Integrated Systems Corp.)
S3 SiSRaid4; X:\windows\system32\drivers\sisraid4.sys [80464 2010-11-20] (Silicon Integrated Systems)
S3 Smb; X:\windows\System32\DRIVERS\smb.sys [93184 2009-07-13] (Microsoft Corporation)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-17] (Synaptics Incorporated)
S2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [59048 2010-10-20] (SafeNet, Inc.)
S3 stexstor; X:\windows\system32\drivers\stexstor.sys [24656 2010-11-20] (Promise Technology)
S0 storflt; X:\windows\System32\drivers\vmstorfl.sys [46464 2010-11-20] (Microsoft Corporation)
S3 storvsc; X:\windows\system32\drivers\storvsc.sys [34688 2010-11-20] (Microsoft Corporation)
S3 swenum; X:\windows\System32\DRIVERS\swenum.sys [12496 2010-11-20] (Microsoft Corporation)
S0 Tcpip; X:\windows\System32\drivers\tcpip.sys [1924480 2010-11-20] (Microsoft Corporation)
S3 TCPIP6; X:\windows\System32\DRIVERS\tcpip.sys [1924480 2010-11-20] (Microsoft Corporation)
S1 tdx; X:\windows\System32\DRIVERS\tdx.sys [119296 2010-11-20] (Microsoft Corporation)
S1 TermDD; X:\windows\System32\DRIVERS\termdd.sys [63360 2010-11-20] (Microsoft Corporation)
S3 TISDCam; C:\Windows\System32\DRIVERS\tisdcam_4401.sys [111616 2011-07-01] (The Imaging Source Europe GmbH)
S3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
S3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
S3 uagp35; X:\windows\system32\drivers\uagp35.sys [64080 2010-11-20] (Microsoft Corporation)
S0 ucpiamo; C:\Windows\System32\drivers\raasvzcf.sys [142160 2018-02-22] ()
S4 udfs; X:\windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] (Microsoft Corporation)
S3 uliagpkx; X:\windows\system32\drivers\uliagpkx.sys [64592 2010-11-20] (Microsoft Corporation)
S3 umbus; X:\windows\System32\DRIVERS\umbus.sys [48640 2010-11-20] (Microsoft Corporation)
S3 UmPass; X:\windows\system32\drivers\umpass.sys [9728 2010-11-20] (Microsoft Corporation)
S3 usbccgp; X:\windows\System32\DRIVERS\usbccgp.sys [98816 2010-11-20] (Microsoft Corporation)
S3 usbehci; X:\windows\system32\drivers\usbehci.sys [52224 2010-11-20] (Microsoft Corporation)
S3 usbhub; X:\windows\System32\DRIVERS\usbhub.sys [343040 2010-11-20] (Microsoft Corporation)
S3 usbohci; X:\windows\system32\drivers\usbohci.sys [25600 2010-11-20] (Microsoft Corporation)
S3 USBPcap; C:\Windows\System32\DRIVERS\USBPcap.sys [38456 2017-05-11] (USBPcap)
S3 USBSTOR; X:\windows\System32\DRIVERS\USBSTOR.SYS [91648 2012-06-15] (Microsoft Corporation)
S3 usbuhci; X:\windows\system32\drivers\usbuhci.sys [30720 2010-11-20] (Microsoft Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116296 2014-09-09] (Oracle Corporation)
S0 vdrvroot; X:\windows\System32\drivers\vdrvroot.sys [36432 2010-11-20] (Microsoft Corporation)
S1 VgaSave; X:\windows\System32\drivers\vga.sys [29184 2009-07-13] (Microsoft Corporation)
S3 vhdmp; X:\windows\system32\drivers\vhdmp.sys [215936 2010-11-20] (Microsoft Corporation)
S3 viaide; X:\windows\system32\drivers\viaide.sys [17488 2010-11-20] (VIA Technologies, Inc.)
S3 vmbus; X:\windows\system32\drivers\vmbus.sys [199552 2010-11-20] (Microsoft Corporation)
S3 VMBusHID; X:\windows\system32\drivers\VMBusHID.sys [21760 2010-11-20] (Microsoft Corporation)
S0 volmgr; X:\windows\System32\drivers\volmgr.sys [71552 2010-11-20] (Microsoft Corporation)
S0 volmgrx; X:\windows\System32\drivers\volmgrx.sys [363392 2010-11-20] (Microsoft Corporation)
S0 volsnap; X:\windows\System32\drivers\volsnap.sys [295808 2010-11-20] (Microsoft Corporation)
S3 vsmraid; X:\windows\system32\drivers\vsmraid.sys [161872 2010-11-20] (VIA Technologies Inc.,Ltd)
S3 WacomPen; X:\windows\system32\drivers\wacompen.sys [27776 2010-11-20] (Microsoft Corporation)
S3 WANARP; X:\windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation)
S1 Wanarpv6; X:\windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation)
S3 Wd; X:\windows\system32\drivers\wd.sys [21056 2010-11-20] (Microsoft Corporation)
S0 Wdf01000; X:\windows\System32\drivers\Wdf01000.sys [654928 2009-07-13] (Microsoft Corporation)
S3 wfpcapture; C:\Windows\System32\Drivers\wfpcapture.sys [60080 2013-09-23] (Microsoft Corporation)
S3 WIMMount; X:\windows\System32\drivers\wimmount.sys [22096 2009-07-13] (Microsoft Corporation)
S3 WmiAcpi; X:\windows\System32\DRIVERS\wmiacpi.sys [14336 2010-11-20] (Microsoft Corporation)
S4 ws2ifsl; X:\windows\system32\drivers\ws2ifsl.sys [21504 2009-07-13] (Microsoft Corporation)
S0 Partizan; system32\drivers\Partizan.sys [X]
S3 pmem; \??\C:\Users\Joe\AppData\Local\Temp\_MEI96602\drivers\winpmem64.sys [X] <==== ATTENTION
S0 SR; no ImagePath
S2 srservice; no ImagePath
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-22 12:32 - 2018-02-22 12:32 - 000142160 ____N C:\Windows\System32\Drivers\raasvzcf.sys
2018-02-22 12:20 - 2018-02-22 12:20 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2018-02-21 10:57 - 2018-02-21 10:57 - 000000325 _____ C:\Users\Joe\Desktop\MctLauncher V8.url
2018-02-21 07:41 - 2018-02-21 07:41 - 000000000 ____D C:\Nokia
2018-02-21 07:08 - 2018-02-21 10:52 - 000000304 _____ C:\Users\Joe\TCO Provisioning Tool.url
2018-02-21 07:08 - 2018-02-21 10:52 - 000000304 _____ C:\Users\Joe\Desktop\TCO Provisioning Tool.url
2018-02-20 19:40 - 2018-02-20 19:40 - 000380928 _____ C:\Users\Joe\Downloads\vzskgguf.exe
2018-02-20 19:39 - 2018-02-20 19:40 - 000019828 _____ C:\TDSSKiller.3.1.0.16_20.02.2018_20.39.46_log.txt
2018-02-20 19:39 - 2018-02-20 19:39 - 004944584 _____ (AO Kaspersky Lab) C:\Users\Joe\Downloads\tdsskiller.exe
2018-02-20 19:24 - 2018-02-20 19:25 - 000000000 ____D C:\Users\Joe\Desktop\bleeping
2018-02-20 19:22 - 2018-02-20 19:22 - 000000000 _____ C:\Users\Joe\Desktop\bleeping.txt
2018-02-20 19:03 - 2018-02-20 19:03 - 000071141 _____ C:\Users\Joe\Downloads\Addition.txt
2018-02-20 19:02 - 2018-02-20 19:03 - 000055244 _____ C:\Users\Joe\Downloads\FRST.txt
2018-02-20 19:01 - 2018-02-22 13:40 - 000000000 ____D C:\FRST
2018-02-20 19:00 - 2018-02-20 19:00 - 002403328 _____ (Farbar) C:\Users\Joe\Downloads\FRST64.exe
2018-02-20 17:54 - 2018-02-20 17:54 - 000255928 _____ (Malwarebytes) C:\Windows\System32\Drivers\7462558F.sys
2018-02-17 17:23 - 2018-02-17 17:23 - 001959828 _____ C:\Users\Joe\Desktop\SDRuno-cookbook.pdf
2018-02-15 10:46 - 2018-02-15 10:46 - 007906720 _____ (Tim Kosse) C:\Users\Joe\Downloads\FileZilla_3.30.0_win64-setup.exe
2018-02-13 19:56 - 2018-02-13 19:56 - 007174381 _____ C:\Users\Joe\Desktop\Pop-1964-03.pdf
2018-02-11 18:41 - 2018-02-11 18:41 - 000000000 ____D C:\Users\Joe\Downloads\ptswxcel
2018-02-11 16:53 - 2018-02-11 16:53 - 011205832 _____ (Piriform Ltd) C:\Users\Joe\Downloads\ccsetup539.exe
2018-02-11 15:50 - 2018-02-11 15:53 - 000000000 ____D C:\Users\Joe\AppData\Local\igfxmtc
2018-02-11 08:27 - 2018-02-11 08:27 - 129365736 ____C (Microsoft Corporation) C:\Windows\System32\MRT-KB890830.exe
2018-02-11 06:37 - 2018-02-11 06:37 - 000255928 _____ (Malwarebytes) C:\Windows\System32\Drivers\7227D6D6.sys
2018-02-08 12:39 - 2018-02-21 10:56 - 000000325 _____ C:\Users\Joe\Desktop\MctLauncher V7.url
2018-02-08 12:39 - 2018-02-21 10:52 - 000000252 _____ C:\Users\Joe\MctLauncher.url
2018-02-08 12:08 - 2018-02-08 12:08 - 000000000 ____D C:\Users\Joe\9500MPR-E
2018-02-08 11:45 - 2018-02-21 10:52 - 000000239 _____ C:\Users\Joe\WT Performance Monitoring Suite - Offline Mode.url
2018-02-08 11:45 - 2018-02-21 10:52 - 000000239 _____ C:\Users\Joe\Desktop\WT Performance Monitoring Suite - Offline Mode.url
2018-02-08 11:45 - 2018-02-21 10:52 - 000000231 _____ C:\Users\Joe\WebEML.url
2018-02-08 11:45 - 2018-02-21 10:52 - 000000231 _____ C:\Users\Joe\Desktop\WebEML.url
2018-02-08 11:42 - 2018-02-21 10:56 - 000000000 ____D C:\Alcatel-Lucent
2018-02-08 11:40 - 2018-02-21 10:51 - 000000000 ____D C:\Users\Joe\jre7
2018-02-08 11:40 - 2018-02-08 11:40 - 000000000 ____D C:\Users\Joe\Downloads\Nokia
2018-02-05 07:27 - 2018-02-05 07:27 - 000000000 ____D C:\ProgramData\Samsung
2018-01-31 16:14 - 2018-01-31 16:28 - 507029504 _____ C:\Users\Joe\Downloads\3DB18971CKAAPMZZA01_9500MPR_R7.0_TCO_ANSI_Light.iso
2018-01-31 16:13 - 2018-01-31 16:13 - 000338744 _____ (NOS Microsystems Ltd.) C:\Users\Joe\Downloads\nplucent_installer.exe
2018-01-31 16:13 - 2018-01-31 16:13 - 000000000 ____D C:\ProgramData\NOS
2018-01-31 16:13 - 2018-01-31 16:13 - 000000000 ____D C:\Program Files (x86)\NOS
2018-01-31 16:04 - 2018-02-21 06:56 - 000000000 ____D C:\Users\Joe\Desktop\NOKIA
2018-01-29 17:53 - 2018-01-29 17:53 - 001591410 _____ C:\Users\Joe\Downloads\vert.zip
2018-01-29 17:48 - 2018-01-29 17:48 - 000266240 _____ (home) C:\Users\Joe\Downloads\discone2002.exe
2018-01-27 04:30 - 2018-01-27 04:30 - 000003454 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-Thinkpad-Joe
2018-01-27 04:30 - 2018-01-27 04:30 - 000000040 ____H C:\E8BE00AD41C4
2018-01-23 18:27 - 2018-01-23 18:27 - 000000000 __SHD C:\Users\Joe\AppData\Local\icsxml

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-22 12:32 - 2009-07-13 21:13 - 000880540 _____ C:\Windows\System32\PerfStringBackup.INI
2018-02-22 12:32 - 2009-07-13 20:45 - 000034432 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-22 12:32 - 2009-07-13 20:45 - 000034432 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-22 12:32 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2018-02-22 12:32 - 2009-07-13 18:34 - 022806528 _____ C:\Windows\System32\config\HARDWARE
2018-02-22 12:28 - 2018-01-11 10:41 - 000000000 ____D C:\Users\Joe\AppData\Local\lsnzvir
2018-02-22 12:28 - 2015-06-17 15:11 - 000000000 ____D C:\Users\Joe\AppData\Local\CrashDumps
2018-02-22 12:27 - 2014-09-18 19:17 - 000000000 ____D C:\Users\Joe\AppData\Roaming\Ditto
2018-02-22 12:26 - 2018-01-11 10:40 - 002884096 _____ C:\Windows\System32\lsrmwhosvc.exe
2018-02-22 12:26 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-22 10:46 - 2017-07-13 19:46 - 000000915 _____ C:\Windows\Tasks\EPSON SC-P400 Series Update {B09CB636-7177-434A-9F8B-20FB6BC73F7A}.job
2018-02-22 10:46 - 2017-07-13 19:46 - 000000915 _____ C:\Windows\Tasks\EPSON SC-P400 Series Update {784E3173-BCB7-459D-9538-D62FCCDEF4FB}.job
2018-02-22 07:23 - 2017-10-05 07:14 - 000000000 ____D C:\Users\Joe\AppData\Roaming\LockAP
2018-02-22 04:20 - 2016-11-18 06:09 - 000000000 ____D C:\Users\Joe\AppData\LocalLow\Mozilla
2018-02-21 10:52 - 2013-02-15 07:08 - 000000000 ____D C:\users\Joe
2018-02-21 04:01 - 2018-01-15 14:48 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-02-20 18:02 - 2018-01-15 15:11 - 000000000 ____D C:\Users\Joe\Desktop\mbar
2018-02-20 17:53 - 2018-01-15 14:48 - 000192952 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamchameleon.sys
2018-02-20 17:51 - 2013-02-19 08:42 - 000000000 ____D C:\ProgramData\TEMP
2018-02-20 17:29 - 2014-02-14 14:47 - 000000000 ____D C:\Users\Joe\Desktop\Jewelry
2018-02-15 10:53 - 2017-07-07 18:11 - 000000000 ____D C:\Users\Joe\AppData\Local\FileZilla
2018-02-15 10:53 - 2014-09-30 19:30 - 000002141 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2018-02-15 10:53 - 2013-02-19 09:26 - 000000000 ____D C:\Users\Joe\AppData\Roaming\FileZilla
2018-02-15 10:53 - 2013-02-19 09:26 - 000000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2018-02-14 13:31 - 2017-11-17 08:46 - 000000000 ____D C:\Users\Joe\AppData\Roaming\pulse-sms
2018-02-11 16:58 - 2011-02-24 09:03 - 000000000 ____D C:\Windows\Panther
2018-02-11 08:27 - 2014-10-05 11:45 - 129365736 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2018-02-08 12:45 - 2013-09-02 16:59 - 000000600 _____ C:\Users\Joe\AppData\Local\PUTTY.RND
2018-02-06 09:50 - 2016-05-17 18:10 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-02-06 09:50 - 2013-02-15 07:27 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-02-06 09:50 - 2013-02-15 07:27 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-06 09:50 - 2013-02-15 07:27 - 000000000 ____D C:\Windows\System32\Macromed
2018-02-06 09:50 - 2013-01-28 14:23 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-05 07:40 - 2015-06-05 15:07 - 000000000 ____D C:\Program Files (x86)\Samsung
2018-02-01 15:59 - 2013-02-15 07:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-01 06:22 - 2016-10-11 18:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-01-29 16:46 - 2018-01-03 09:17 - 000000000 ____D C:\Users\Joe\Downloads\RF-Stencils-Visio-v3a
2018-01-28 06:49 - 2015-03-07 09:28 - 000000000 ____D C:\Users\Joe\AppData\Roaming\qBittorrent
2018-01-28 06:02 - 2009-07-13 21:08 - 000032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-01-27 04:30 - 2013-02-15 07:18 - 000000000 ____D C:\Users\Joe\AppData\Roaming\Adobe
2018-01-25 04:27 - 2013-10-22 05:50 - 000000000 ____D C:\ProgramData\Oracle
2018-01-25 04:24 - 2014-10-24 12:38 - 000097344 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2018-01-25 04:24 - 2013-06-22 09:10 - 000000000 ____D C:\Program Files (x86)\Java
2018-01-23 18:20 - 2017-07-21 16:24 - 000000000 ____D C:\Program Files\Wireshark
2018-01-23 18:20 - 2014-01-24 17:48 - 000000000 ____D C:\Users\Joe\AppData\Roaming\Wireshark
2018-01-23 08:35 - 2017-04-26 19:25 - 000000000 ____D C:\Program Files\Mozilla Firefox

Some files in TEMP:
====================
2018-02-14 15:06 - 2018-02-14 15:06 - 001353992 _____ () C:\Users\Joe\AppData\Local\Temp\AnritsuUpdater_V1.06_Installer.exe
2018-02-11 08:27 - 2018-02-11 08:27 - 040062624 _____ (Microsoft Corporation) C:\Users\Joe\AppData\Local\Temp\E8D8.tmp.exe
2016-04-12 21:52 - 2016-04-12 21:52 - 000034816 _____ (Anritsu Company) C:\Users\Joe\AppData\Local\Temp\LoadVisa.dll
2018-02-14 15:06 - 2018-02-14 15:06 - 009495368 _____ () C:\Users\Joe\AppData\Local\Temp\LST_V1.68_Installer.exe
2018-02-14 15:06 - 2018-02-14 15:06 - 000365712 _____ () C:\Users\Joe\AppData\Local\Temp\TB_V2.06_Installer.exe

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <==== ATTENTION

==================== Association (Whitelisted) =============


==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 7%
Total physical RAM: 24142.79 MB
Available physical RAM: 22298.75 MB
Total Virtual: 24140.99 MB
Available Virtual: 22294.75 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:445.72 GB) (Free:237.61 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (SSD_2) (Fixed) (Total:465.74 GB) (Free:389.2 GB) exFAT
Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.31 GB) (Free:0 GB) UDF
Drive g: (MYLINUXLIVE) (Removable) (Total:117.88 GB) (Free:116.15 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM_DRV) (Fixed) (Total:1.41 GB) (Free:0.73 GB) NTFS ==>[system with boot components (obtained from drive)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 447.1 GB) (Disk ID: 4840C815)
Partition 1: (Active) - (Size=1.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=445.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: A0414B6E)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 118 GB) (Disk ID: CA673D30)
Partition 1: (Active) - (Size=117.9 GB) - (Type=0C)

LastRegBack: 2018-02-17 07:18

==================== End of FRST.txt ============================

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/22/18
Scan Time: 1:45 PM
Log File: 58dfcfd0-1811-11e8-9a5e-3c970e6dcee1.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.4056
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Thinkpad\Joe

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 309614
Threats Detected: 49
Threats Quarantined: 3
Time Elapsed: 1 min, 48 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
Rootkit.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UDISKMGR, Delete-on-Reboot, [1260], [466343],1.0.4056

Registry Value: 1
Rootkit.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UDISKMGR|IMAGEPATH, Delete-on-Reboot, [1260], [466343],1.0.4056

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 47
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\PREFS.JS, No Action By User, [1690], [301501],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\PREFS.JS, No Action By User, [1690], [301501],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\PREFS.JS, No Action By User, [1690], [301501],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\PREFS.JS, No Action By User, [1690], [301501],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\PREFS.JS, No Action By User, [1690], [301501],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\PREFS.JS, No Action By User, [1690], [301501],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\PREFS.JS, No Action By User, [1690], [301501],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\PREFS.JS, No Action By User, [1690], [301501],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\PREFS.JS, No Action By User, [1690], [301501],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\PREFS.JS, No Action By User, [1690], [301501],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\PREFS.JS, No Action By User, [1690], [301501],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\PREFS.JS, No Action By User, [1690], [301501],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\PREFS.JS, No Action By User, [1690], [301501],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\PREFS.JS, No Action By User, [1690], [301501],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\PREFS.JS, No Action By User, [1690], [301501],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\PREFS.JS, No Action By User, [1690], [301501],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\PREFS.JS, No Action By User, [1690], [301501],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\PREFS.JS, No Action By User, [1690], [301501],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\PREFS.JS, No Action By User, [1690], [301501],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\PREFS.JS, No Action By User, [1690], [301501],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\PREFS.JS, No Action By User, [1690], [301501],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\PREFS.JS, No Action By User, [1690], [301501],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\PREFS.JS, No Action By User, [1690], [301501],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\USER.JS, No Action By User, [1690], [301503],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\USER.JS, No Action By User, [1690], [301503],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\USER.JS, No Action By User, [1690], [301503],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\USER.JS, No Action By User, [1690], [301503],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\USER.JS, No Action By User, [1690], [301503],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\USER.JS, No Action By User, [1690], [301503],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\USER.JS, No Action By User, [1690], [301503],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\USER.JS, No Action By User, [1690], [301503],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\USER.JS, No Action By User, [1690], [301503],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\USER.JS, No Action By User, [1690], [301503],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\USER.JS, No Action By User, [1690], [301503],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\USER.JS, No Action By User, [1690], [301503],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\USER.JS, No Action By User, [1690], [301503],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\USER.JS, No Action By User, [1690], [301503],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\USER.JS, No Action By User, [1690], [301503],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\USER.JS, No Action By User, [1690], [301503],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\USER.JS, No Action By User, [1690], [301503],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\USER.JS, No Action By User, [1690], [301503],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\USER.JS, No Action By User, [1690], [301503],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\USER.JS, No Action By User, [1690], [301503],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\USER.JS, No Action By User, [1690], [301503],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\USER.JS, No Action By User, [1690], [301503],1.0.4056
PUP.Optional.Babylon, C:\USERS\JOE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SMQ49UA9.DEFAULT\USER.JS, No Action By User, [1690], [301503],1.0.4056
Generic.Malware/Suspicious, C:\USERS\JOE\APPDATA\LOCAL\TEMP\EA20.TMP, Delete-on-Reboot, [0], [392686],1.0.4056

Physical Sector: 0
(No malicious items detected)


(end)

 

Please let me know how to proceed.

 

Thanks!



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:43 AM

Posted 22 February 2018 - 04:24 PM

Did you quarantine these items? Malwarebytes has two type of reports, the Scan report and the Clean report. One Starts with an S the the other with a C. Please export and post the report that starts with C.


Edited by JSntgRvr, 22 February 2018 - 04:52 PM.
typo

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:43 AM

Posted 22 February 2018 - 04:38 PM

Lets confirm some of those entries. This time in Normal Mode.

  • Highlight the entire content of the quote box below.

Start::  
Reg: Reg delete HKLM\System\ControlSet001\Services\udiskMgr /f
Reg: Reg delete HKLM\System\CurrentControlSet\Services\udiskMgr /f
C:\Windows\System32\Drivers\raasvzcf.sys
C:\Users\Joe\Downloads\vzskgguf.exe
FirewallRules: [{ACF63163-4075-4C0C-915D-EEF0644EAAFB}] => (Allow) LPort=3306
FirewallRules: [{41631664-76D2-4EAE-99FC-5B3794850428}] => (Allow) LPort=3306
FirewallRules: [{A2D23A5F-6356-44DA-81D3-D367E201375E}] => (Allow) LPort=8298
GroupPolicyScripts: Restriction <==== ATTENTION
Reg: Reg delete HKLM\SYSTEM\CurrentControlSet\Services\ucpiamo /f
S3 pmem; \??\C:\Users\Joe\AppData\Local\Temp\_MEI96602\drivers\winpmem64.sys [X] <==== ATTENTION
C:\Windows\system32\drivers\raavycfi.sys
C:\Windows\System32\lsrmwhosvc.exe
C:\Users\Joe\AppData\Local\lsnzvir
C:\Users\Joe\AppData\Local\igfxmtc
testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <==== ATTENTION
Task: {00637398-4C9F-42CB-BA1F-CD343BE36D72} - \Microsoft_Hardware_Launch_mousekeyboardcenter_exe -> No File <==== ATTENTION
Task: {39B6E69F-A045-42D4-AED9-7B4308586F63} - \Microsoft_Hardware_Launch_itype_exe -> No File <==== ATTENTION
Task: {737DE960-C004-4AB4-8BC0-760DA644E84B} - \RealDownloader Update Check -> No File <==== ATTENTION
Task: {785B7E0A-2322-4713-B5A3-7A9FC1C607B3} - \PMTask -> No File <==== ATTENTION
Task: {7CBE9303-0D71-44AB-AEA3-597526A906C7} - \Microsoft_Hardware_Launch_ipoint_exe -> No File <==== ATTENTION
Task: {7E9031D6-4ABD-475D-A241-51D0A5C3DAB2} - \Lenovo\Lenovo Customer Feedback Program -> No File <==== ATTENTION
Task: {B9938876-3605-4583-894D-13EAB91A2238} - \{41F2CA6B-4AA9-4EF3-8B73-32CED7A0E7C2} -> No File <==== ATTENTION
Task: {BCA36820-30F4-4601-915F-4F227C64FDC8} - \AutoKMS -> No File <==== ATTENTION
Task: {BFDCE46C-86E3-4F1C-BF48-FB2DB87B2478} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {EC09FFCD-A2ED-4932-996A-B24284160C29} - \DivXUpdate -> No File <==== ATTENTION
Task: {ECF4BF4C-C412-40AF-9674-5F349E8F9AC6} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
Toolbar: HKU\S-1-5-21-3290605264-3539594492-3422607212-1001 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Toolbar: HKU\S-1-5-21-3290605264-3539594492-3422607212-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin-x32: @IPC/npmedia3.0.0.2,version=3.0.0.2 -> C:\Program Files (x86)\webrec\Torch\3.0.0.2\npmedia3.0.0.2.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin HKU\S-1-5-21-3290605264-3539594492-3422607212-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [No File]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  -> No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  -> No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  -> No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> ?{85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [SugarSync] -> ?{305BC11B-5175-492B-B569-866547FCDA40} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> ?{85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [SugarSync] -> ?{305BC11B-5175-492B-B569-866547FCDA40} =>  -> No File
Task: {00637398-4C9F-42CB-BA1F-CD343BE36D72} - \Microsoft_Hardware_Launch_mousekeyboardcenter_exe -> No File <==== ATTENTION
Task: {39B6E69F-A045-42D4-AED9-7B4308586F63} - \Microsoft_Hardware_Launch_itype_exe -> No File <==== ATTENTION
Task: {737DE960-C004-4AB4-8BC0-760DA644E84B} - \RealDownloader Update Check -> No File <==== ATTENTION
Task: {785B7E0A-2322-4713-B5A3-7A9FC1C607B3} - \PMTask -> No File <==== ATTENTION
Task: {7CBE9303-0D71-44AB-AEA3-597526A906C7} - \Microsoft_Hardware_Launch_ipoint_exe -> No File <==== ATTENTION
Task: {7E9031D6-4ABD-475D-A241-51D0A5C3DAB2} - \Lenovo\Lenovo Customer Feedback Program -> No File <==== ATTENTION
Task: {B9938876-3605-4583-894D-13EAB91A2238} - \{41F2CA6B-4AA9-4EF3-8B73-32CED7A0E7C2} -> No File <==== ATTENTION
Task: {BCA36820-30F4-4601-915F-4F227C64FDC8} - \AutoKMS -> No File <==== ATTENTION
Task: {BFDCE46C-86E3-4F1C-BF48-FB2DB87B2478} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {EC09FFCD-A2ED-4932-996A-B24284160C29} - \DivXUpdate -> No File <==== ATTENTION
Task: {ECF4BF4C-C412-40AF-9674-5F349E8F9AC6} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
S3 pmem; \??\C:\Users\Joe\AppData\Local\Temp\_MEI96602\drivers\winpmem64.sys [X] <==== ATTENTION
2018-02-14 16:06 - 2018-02-14 16:06 - 001353992 _____ () C:\Users\Joe\AppData\Local\Temp\AnritsuUpdater_V1.06_Installer.exe
2018-02-11 09:27 - 2018-02-11 09:27 - 040062624 _____ (Microsoft Corporation) C:\Users\Joe\AppData\Local\Temp\E8D8.tmp.exe
2016-04-12 22:52 - 2016-04-12 22:52 - 000034816 _____ (Anritsu Company) C:\Users\Joe\AppData\Local\Temp\LoadVisa.dll
2018-02-14 16:06 - 2018-02-14 16:06 - 009495368 _____ () C:\Users\Joe\AppData\Local\Temp\LST_V1.68_Installer.exe
2018-02-14 16:06 - 2018-02-14 16:06 - 000365712 _____ () C:\Users\Joe\AppData\Local\Temp\TB_V2.06_Installer.exe
2018-02-11 09:27 - 2018-02-11 09:27 - 040062624 _____ (Microsoft Corporation) C:\Users\Joe\AppData\Local\Temp\E8D8.tmp.exe
MSCONFIG\startupreg: EPSON WorkForce 30 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEEA.EXE /FU "C:\Windows\TEMP\E_SC49E.tmp" /EF "HKCU"
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ACA & MEP 2018 Object Enabler (HKLM\...\{28B89EEF-1004-0000-5102-CF3F3A09B77D}) (Version: 8.0.40.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-1001-0000-3102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (HKLM-x32\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
AutoCAD 2018 - English (HKLM\...\{28B89EEF-1001-0409-2102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
AutoCAD 2018 (HKLM\...\{28B89EEF-1001-0000-0102-CF3F3A09B77D}) (Version: 22.0.72.0 - Autodesk) Hidden
AutoCAD 2018 Help - English (HKLM\...\{28B89EEF-1034-0409-0100-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
AutoCAD 2018 Language Pack - English (HKLM\...\{28B89EEF-1001-0409-1102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Boson NetSim 10 (HKLM-x32\...\{BB7EFCAE-611C-49F7-88AF-D91E3BCBF0C5}) (Version: 10.00.0000 - Boson Software, LLC) Hidden
Burn.Now 4.5 (HKLM-x32\...\{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation) Hidden
Corel DVD MovieFactory 7 (HKLM-x32\...\{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation) Hidden
Direct DiscRecorder (HKLM-x32\...\{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}) (Version: 1.00.0000 - Corel Corporation) Hidden
Direct DiscRecorder (HKLM-x32\...\InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}) (Version: 1.00.0000 - Corel Corporation) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Herramientas de correcci¢n de Microsoft Office 2016: espa¤ol (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - ) Hidden
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Nalpeiron License Management (HKLM-x32\...\{86148F87-2666-42F9-A712-1306176C525C}) (Version: 6.3.9.1 - Nalpeiron) Hidden
Outils de v‚rification linguistique 2016 de Microsoft Office - Fran‡ais (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Panda Devices Agent (HKLM-x32\...\{3F9548B2-0B34-4453-A92E-35056B053F19}) (Version: 1.08.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.08 - Panda Security) Hidden
Panda Protection (HKLM\...\{52F9D0C3-E6CF-4553-9013-8F2E834BD0B1}) (Version: 8.91.00 - Panda Security) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6970C7E1-F99D-388D-8903-DF8FCE677FED}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Snagit 13 (HKLM-x32\...\{B6369D04-6B02-4C63-85C5-46C09D0787EE}) (Version: 13.1.1 - TechSmith Corporation) Hidden
Sql Server Customer Experience Improvement Program (HKLM\...\{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}) (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32\...\{7A95671A-759E-3B83-B763-4289D1D24D73}) (Version: 14.102.25619 - Microsoft) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
UltraEdit (HKLM-x32\...\{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}) (Version: 18.10.1016 - IDM Computer Solutions, Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
WebViewer Plugin (HKLM-x32\...\{2DEF112F-847B-4DC4-9FC9-97EB52E2D7FC}) (Version: 2.1.0.03 - Samsung Techwin Co., Ltd.) Hidden
AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:bod2d5mUXxd6W50voomOUcc [2084]
AlternateDataStreams: C:\Program Files\Common Files\System:siI39mETDBnl5KpX528X7MtojuWC [2418]
AlternateDataStreams: C:\ProgramData\Microsoft:hDOEORID3SsVZAjrh [2010]
AlternateDataStreams: C:\ProgramData\Microsoft:zDuZXVxkY9kCsgT2EH86B [2060]
AlternateDataStreams: C:\ProgramData\TEMP:054203E4 [130]
AlternateDataStreams: C:\ProgramData\TEMP:58A5270D [414]
AlternateDataStreams: C:\ProgramData\TEMP:5A775C3F [402]
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"
CMD: BCDEDIT /ENUM ALL
CMD: fltmc instances
Folder: C:\Windows\System32\Drivers
Reg: Reg query "HKLM\SYSTEM\Select"
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

65MBhLLb.png


  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg


  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 zzyzxx_x

zzyzxx_x
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 22 February 2018 - 05:16 PM

Regarding the report you need, exactly where is that file located? I cannot find any other than the one already posted. And yes, I did quarantine the checked items.

 

Here are the new logs:

 

Joe => 205185531 B

RecycleBin => 817898012 B
EmptyTemp: => 1 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 22-02-2018 14:56:24)

C:\Users\Joe\AppData\Local\lsnzvir => Could not move
C:\Users\Joe\AppData\Local\igfxmtc => Could not move

Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00637398-4C9F-42CB-BA1F-CD343BE36D72} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00637398-4C9F-42CB-BA1F-CD343BE36D72} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39B6E69F-A045-42D4-AED9-7B4308586F63} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39B6E69F-A045-42D4-AED9-7B4308586F63} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_itype_exe => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{737DE960-C004-4AB4-8BC0-760DA644E84B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{737DE960-C004-4AB4-8BC0-760DA644E84B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloader Update Check => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{785B7E0A-2322-4713-B5A3-7A9FC1C607B3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{785B7E0A-2322-4713-B5A3-7A9FC1C607B3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PMTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CBE9303-0D71-44AB-AEA3-597526A906C7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CBE9303-0D71-44AB-AEA3-597526A906C7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_ipoint_exe => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E9031D6-4ABD-475D-A241-51D0A5C3DAB2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E9031D6-4ABD-475D-A241-51D0A5C3DAB2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9938876-3605-4583-894D-13EAB91A2238} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9938876-3605-4583-894D-13EAB91A2238} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{41F2CA6B-4AA9-4EF3-8B73-32CED7A0E7C2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{BCA36820-30F4-4601-915F-4F227C64FDC8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCA36820-30F4-4601-915F-4F227C64FDC8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFDCE46C-86E3-4F1C-BF48-FB2DB87B2478} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFDCE46C-86E3-4F1C-BF48-FB2DB87B2478} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC09FFCD-A2ED-4932-996A-B24284160C29} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC09FFCD-A2ED-4932-996A-B24284160C29} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DivXUpdate => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ECF4BF4C-C412-40AF-9674-5F349E8F9AC6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECF4BF4C-C412-40AF-9674-5F349E8F9AC6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Synaptics TouchPad Enhancements => key removed successfully

==== End of Fixlog 14:56:25 ====

 

 

# AdwCleaner 7.0.8.0 - Logfile created on Thu Feb 22 22:01:27 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 02-21-2018.1
# Running on Windows 7 Professional (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.DriverDoc, [Key] - HKLM\SOFTWARE\MimarSinan


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

 

Thanks!



#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:43 AM

Posted 22 February 2018 - 06:41 PM

Seems  that your computer still infected. Please run FRST64 in the Recovery Environment once again and post the resulting FRST.txt.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 zzyzxx_x

zzyzxx_x
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 23 February 2018 - 04:24 PM

OK, here you go. FRST.txt from the recovery environment:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.02.2018
Ran by SYSTEM on MININT-4BSPEE8 (23-02-2018 14:19:40)
Running from G:\
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2728736 2015-02-25] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295664 2014-12-08] (Lenovo Group Limited)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-16] (Lenovo)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [141760 2017-02-22] (Panda Security, S.L.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\Default\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default\...\RunOnce: [] => [X]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] => C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q
HKU\Default\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\Default User\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\RunOnce: [] => [X]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] => C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q
HKU\Default User\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\Joe\...\Run: [AdobeBridge] => [X]
HKU\Joe\...\Run: [Active Desktop Calendar] => C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe [9143296 2011-11-23] (XemiComputers ltd.)
HKU\Joe\...\Run: [Ditto] => C:\Program Files (x86)\Ditto\Ditto.exe [1740800 2015-11-07] ()
HKU\Joe\...\Run: [NetLimiter] => C:\Program Files\NetLimiter 3\NLClientApp.exe [2910208 2011-03-21] (Locktime Software)
HKU\Joe\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_32ATI1NE.EXE [303312 2016-04-13] (Seiko Epson Corporation)
HKU\Joe\...\Policies\system: [DisableCMD] 0
HKU\Joe\...\Policies\system: [NoDispAppearancePage] 0
HKU\Joe\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Joe\...\Policies\system: [NoDispSettingsPage] 0
HKU\Joe\...\Policies\Explorer: []
HKU\Joe\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\Joe\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\Joe\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\Joe\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\Joe\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\Joe\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\Joe\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\Joe\...\Policies\Explorer: [NoFind] 0
HKU\Joe\...\Policies\Explorer: [NoFile] 0
HKU\Joe\...\Policies\Explorer: [HideClock] 0
HKU\Joe\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\Joe\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\Joe\...\Policies\Explorer: [NoSetFolders] 0
HKU\Joe\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\Joe\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\Joe\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\Joe\...\Policies\Explorer: [NoDFSTab] 0
HKU\Joe\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\Joe\...\Policies\Explorer: [NoLogoff] 0
HKU\Joe\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\Joe\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\Joe\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\Joe\...\Policies\Explorer: [NoResolveSearch] 0
HKU\Joe\...\Policies\Explorer: [NoSaveSettings] 0
HKU\Joe\...\Policies\Explorer: [NoHardwareTab] 0
HKU\Joe\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\Joe\Control Panel\Desktop\\SCRNSAVE.EXE ->
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2015-02-25] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2015-02-25] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1st Clock.lnk [2015-08-08]
ShortcutTarget: 1st Clock.lnk -> C:\Program Files (x86)\1st Clock\1stClock.exe (Green Parrots Software)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"HKLM\System\ControlSet001\Services\udiskMgr" => removed successfully
S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [694464 2016-04-07] (Adobe Systems Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S4 AtollCalcSvr; C:\Program Files\Forsk\Atoll\AtollSvr.exe [636928 2013-11-21] (Forsk)
S2 BFE; X:\windows\System32\bfe.dll [705024 2010-11-20] (Microsoft Corporation)
S3 bthserv; X:\windows\system32\bthserv.dll [83968 2009-07-13] (Microsoft Corporation)
S2 CryptSvc; X:\windows\system32\cryptsvc.dll [177152 2010-11-20] (Microsoft Corporation)
S2 DcomLaunch; X:\windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation)
S3 defragsvc; X:\windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation)
S2 Dhcp; X:\windows\system32\dhcpcore.dll [317952 2010-11-20] (Microsoft Corporation)
S2 Dnscache; X:\windows\System32\dnsrslvr.dll [183296 2010-11-20] (Microsoft Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2015-01-29] (Lenovo.)
S3 EapHost; X:\windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation)
S2 EFS; X:\windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
S2 eventlog; X:\windows\System32\wevtsvc.dll [1646080 2010-11-20] (Microsoft Corporation)
S2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-16] (Lenovo)
S2 GPAdjustTimeService; C:\Program Files (x86)\1st Clock\1stClockAdjustTimeSvc.exe [448512 2007-11-11] (Green Parrots Software)
S2 gpsvc; X:\windows\System32\gpsvc.dll [777728 2010-11-20] (Microsoft Corporation)
S3 hidserv; X:\windows\system32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation)
S2 IKEEXT; X:\windows\System32\ikeext.dll [853504 2010-11-20] (Microsoft Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
S3 KeyIso; X:\windows\system32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
S2 LanmanWorkstation; X:\windows\System32\wkssvc.dll [118784 2010-11-20] (Microsoft Corporation)
S2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197360 2014-12-08] (Lenovo Group Limited)
S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-11] (Lenovo Group Limited)
S2 lmhosts; X:\windows\System32\lmhsvc.dll [23552 2009-07-13] (Microsoft Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S2 MpsSvc; X:\windows\system32\mpssvc.dll [828416 2010-11-20] (Microsoft Corporation)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-12-04] ()
S2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [110384 2017-02-14] (Panda Security, S.L.)
S3 Netlogon; X:\windows\system32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
S3 Netman; X:\windows\System32\netman.dll [360448 2012-06-15] (Microsoft Corporation)
S2 NlaSvc; X:\windows\System32\nlasvc.dll [303616 2010-11-20] (Microsoft Corporation)
S2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1845248 2011-03-21] (Locktime Software)
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3006.dll [49152 2018-01-31] (NOS Microsystems Ltd.)
S2 nsi; X:\windows\system32\nsisvc.dll [25600 2009-07-13] (Microsoft Corporation)
S2 NVWMI; C:\Windows\System32\nvwmi64.exe [2855624 2015-02-25] ()
S2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
S2 PlugPlay; X:\windows\system32\umpnpmgr.dll [404480 2010-11-20] (Microsoft Corporation)
S3 PolicyAgent; X:\windows\System32\ipsecsvc.dll [501248 2010-11-20] (Microsoft Corporation)
S2 Power; X:\windows\system32\umpo.dll [163840 2009-07-13] (Microsoft Corporation)
S3 ProtectedStorage; X:\windows\system32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
S2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [47096 2017-04-25] (Panda Security, S.L.)
S3 RasAuto; X:\windows\System32\rasauto.dll [99328 2009-07-13] (Microsoft Corporation)
S3 RasMan; X:\windows\System32\rasmans.dll [344064 2010-11-20] (Microsoft Corporation)
S2 RpcEptMapper; X:\windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation)
S2 RpcSs; X:\windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation)
S2 SamSs; X:\windows\system32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [123664 2012-12-16] (SANDBOXIE L.T.D)
S2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [374048 2010-10-20] (SafeNet, Inc.)
S2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1250592 2010-10-20] (SafeNet, Inc)
S2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [292128 2010-10-20] (SafeNet, Inc.)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S3 SstpSvc; X:\windows\system32\sstpsvc.dll [75264 2009-07-13] (Microsoft Corporation)
S3 swprv; X:\windows\System32\swprv.dll [524288 2009-07-13] (Microsoft Corporation)
S3 TBS; X:\windows\System32\tbssvc.dll [65536 2009-07-13] (Microsoft Corporation)
S2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation)
S3 TrustedInstaller; X:\windows\servicing\TrustedInstaller.exe [194048 2010-11-20] (Microsoft Corporation)
S3 VaultSvc; X:\windows\system32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
S3 vds; X:\windows\System32\vds.exe [533504 2010-11-20] (Microsoft Corporation)
S3 VSS; X:\windows\system32\vssvc.exe [1600512 2012-06-15] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S3 W32Time; X:\windows\system32\w32time.dll [381952 2009-07-13] (Microsoft Corporation)
S3 wbengine; X:\windows\system32\wbengine.exe [1504256 2010-11-20] (Microsoft Corporation)
S2 WbioSrvc; X:\windows\System32\wbiosrvc.dll [202240 2009-07-13] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 Winmgmt; X:\windows\system32\wbem\WMIsvc.dll [242688 2012-06-15] (Microsoft Corporation)
S3 wmiApSrv; X:\windows\system32\wbem\WmiApSrv.exe [203264 2012-06-15] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-12-04] (Intel® Corporation)
S3 QWAVE; %windir%\system32\qwave.dll [X]
S3 seclogon; %windir%\system32\seclogon.dll [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394ohci; X:\windows\System32\DRIVERS\1394ohci.sys [229888 2010-11-20] (Microsoft Corporation)
S3 2413E2F2; C:\Windows\system32\drivers\2413E2F2.sys [255928 2018-01-15] (Malwarebytes)
S4 3611E6F7; C:\Windows\System32\drivers\3611E6F7.sys [255928 2018-01-15] (Malwarebytes)
S0 ACPI; X:\windows\System32\drivers\ACPI.sys [334208 2010-11-20] (Microsoft Corporation)
S3 adp94xx; X:\windows\system32\drivers\adp94xx.sys [491088 2010-11-20] (Adaptec, Inc.)
S3 adpahci; X:\windows\system32\drivers\adpahci.sys [339536 2010-11-20] (Adaptec, Inc.)
S3 adpu320; X:\windows\system32\drivers\adpu320.sys [182864 2010-11-20] (Adaptec, Inc.)
S1 AFD; X:\windows\system32\drivers\afd.sys [499712 2010-11-20] (Microsoft Corporation)
S3 agp440; X:\windows\system32\drivers\agp440.sys [61008 2010-11-20] (Microsoft Corporation)
S3 aliide; X:\windows\system32\drivers\aliide.sys [15440 2010-11-20] (Acer Laboratories Inc.)
S3 amdide; X:\windows\system32\drivers\amdide.sys [15440 2010-11-20] (Microsoft Corporation)
S3 AmdK8; X:\windows\system32\drivers\amdk8.sys [64512 2010-11-20] (Microsoft Corporation)
S3 AmdPPM; X:\windows\system32\drivers\amdppm.sys [60928 2010-11-20] (Microsoft Corporation)
S3 amdsata; X:\windows\system32\drivers\amdsata.sys [107904 2012-06-15] (Advanced Micro Devices)
S3 amdsbs; X:\windows\system32\drivers\amdsbs.sys [194128 2010-11-20] (AMD Technologies Inc.)
S0 amdxata; X:\windows\System32\drivers\amdxata.sys [27008 2012-06-15] (Advanced Micro Devices)
S3 arc; X:\windows\system32\drivers\arc.sys [87632 2010-11-20] (Adaptec, Inc.)
S3 arcsas; X:\windows\system32\drivers\arcsas.sys [97856 2010-11-20] (Adaptec, Inc.)
S3 AsyncMac; X:\windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-13] (Microsoft Corporation)
S3 atapi; X:\windows\system32\drivers\atapi.sys [24128 2010-11-20] (Microsoft Corporation)
S3 b06bdrv; X:\windows\system32\drivers\bxvbda.sys [468480 2010-11-20] (Broadcom Corporation)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
S1 blbdrive; X:\windows\System32\DRIVERS\blbdrive.sys [45056 2010-11-20] (Microsoft Corporation)
S3 bowser; X:\windows\System32\DRIVERS\bowser.sys [90624 2009-07-13] (Microsoft Corporation)
S4 cdfs; X:\windows\System32\DRIVERS\cdfs.sys [92160 2009-07-13] (Microsoft Corporation)
S1 cdrom; X:\windows\System32\DRIVERS\cdrom.sys [147456 2010-11-20] (Microsoft Corporation)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2009-06-02] (www.winchiphead.com)
S0 CLFS; X:\windows\System32\CLFS.sys [367696 2009-07-13] (Microsoft Corporation)
S3 CmBatt; X:\windows\System32\DRIVERS\CmBatt.sys [17664 2010-11-20] (Microsoft Corporation)
S3 cmdide; X:\windows\system32\drivers\cmdide.sys [17488 2010-11-20] (CMD Technology, Inc.)
S0 CNG; X:\windows\System32\Drivers\cng.sys [459248 2010-11-20] (Microsoft Corporation)
S0 Compbatt; X:\windows\System32\drivers\compbatt.sys [21584 2010-11-20] (Microsoft Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S1 DfsC; X:\windows\System32\Drivers\dfsc.sys [102400 2010-11-20] (Microsoft Corporation)
S0 Disk; X:\windows\System32\drivers\disk.sys [73280 2010-11-20] (Microsoft Corporation)
S3 ebdrv; X:\windows\system32\drivers\evbda.sys [3286016 2010-11-20] (Broadcom Corporation)
S3 elxstor; X:\windows\system32\drivers\elxstor.sys [530496 2010-11-20] (Emulex)
S3 ErrDev; X:\windows\system32\drivers\errdev.sys [9728 2010-11-20] (Microsoft Corporation)
S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-16] (Windows ® Win 7 DDK provider)
S3 fdc; X:\windows\system32\drivers\fdc.sys [29696 2010-11-20] (Microsoft Corporation)
S0 FileInfo; X:\windows\System32\drivers\fileinfo.sys [70224 2009-07-13] (Microsoft Corporation)
S3 Filetrace; X:\windows\System32\drivers\filetrace.sys [34304 2012-06-15] (Microsoft Corporation)
S3 flpydisk; X:\windows\system32\drivers\flpydisk.sys [24576 2010-11-20] (Microsoft Corporation)
S0 FltMgr; X:\windows\System32\drivers\fltmgr.sys [289664 2010-11-20] (Microsoft Corporation)
S3 FsDepends; X:\windows\System32\drivers\FsDepends.sys [55376 2009-07-13] (Microsoft Corporation)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [118160 2016-10-04] (Future Technology Devices International Ltd.)
S3 FTSER2K; C:\Windows\System32\drivers\ftser2k.sys [88752 2016-10-04] ()
S0 fvevol; X:\windows\System32\DRIVERS\fvevol.sys [223248 2010-11-20] (Microsoft Corporation)
S3 gagp30kx; X:\windows\system32\drivers\gagp30kx.sys [65088 2010-11-20] (Microsoft Corporation)
S3 HDAudBus; X:\windows\System32\DRIVERS\HDAudBus.sys [122368 2010-11-20] (Microsoft Corporation)
S3 HidBatt; X:\windows\system32\drivers\HidBatt.sys [26624 2010-11-20] (Microsoft Corporation)
S3 HidUsb; X:\windows\System32\DRIVERS\hidusb.sys [30208 2010-11-20] (Microsoft Corporation)
S3 HpSAMD; X:\windows\system32\drivers\HpSAMD.sys [78720 2010-11-20] (Hewlett-Packard Company)
S3 i8042prt; X:\windows\System32\DRIVERS\i8042prt.sys [105472 2010-11-20] (Microsoft Corporation)
S0 iaStor; X:\windows\System32\drivers\iaStor.sys [569152 2012-06-08] (Intel Corporation)
S3 iaStorV; X:\windows\system32\drivers\iaStorV.sys [410496 2012-06-15] (Intel Corporation)
S3 iirsp; X:\windows\system32\drivers\iirsp.sys [44112 2010-11-20] (Intel Corp./ICP vortex GmbH)
S3 intelide; X:\windows\system32\drivers\intelide.sys [16960 2010-11-20] (Microsoft Corporation)
S3 intelppm; X:\windows\System32\DRIVERS\intelppm.sys [62464 2010-11-20] (Microsoft Corporation)
S3 IPMIDRV; X:\windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20] (Microsoft Corporation)
S3 isapnp; X:\windows\system32\drivers\isapnp.sys [20544 2010-11-20] (Microsoft Corporation)
S3 iScsiPrt; X:\windows\system32\drivers\msiscsi.sys [273792 2010-11-20] (Microsoft Corporation)
S0 iusb3hcs; X:\windows\System32\DRIVERS\iusb3hcs.sys [16152 2012-06-15] (Intel Corporation)
S3 iusb3hub; X:\windows\System32\DRIVERS\iusb3hub.sys [356120 2012-03-15] (Intel Corporation)
S3 iusb3xhc; X:\windows\System32\DRIVERS\iusb3xhc.sys [788760 2012-03-15] (Intel Corporation)
S3 kbdclass; X:\windows\System32\DRIVERS\kbdclass.sys [50768 2010-11-20] (Microsoft Corporation)
S3 kbdhid; X:\windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-20] (Microsoft Corporation)
S0 KSecDD; X:\windows\System32\Drivers\ksecdd.sys [95616 2010-11-20] (Microsoft Corporation)
S0 KSecPkg; X:\windows\System32\Drivers\ksecpkg.sys [152960 2010-11-20] (Microsoft Corporation)
S3 ksthunk; X:\windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation)
S3 LSI_FC; X:\windows\system32\drivers\lsi_fc.sys [114752 2010-11-20] (LSI Corporation)
S3 LSI_SAS; X:\windows\system32\drivers\lsi_sas.sys [106560 2010-11-20] (LSI Corporation)
S3 LSI_SAS2; X:\windows\system32\drivers\lsi_sas2.sys [65600 2010-11-20] (LSI Corporation)
S3 LSI_SCSI; X:\windows\system32\drivers\lsi_scsi.sys [115776 2010-11-20] (LSI Corporation)
S2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-02-22] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2018-02-22] (Malwarebytes)
S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2018-02-22] (Malwarebytes)
S1 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-22] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2018-02-22] (Malwarebytes)
S3 megasas; X:\windows\system32\drivers\megasas.sys [35392 2010-11-20] (LSI Corporation)
S3 MegaSR; X:\windows\system32\drivers\MegaSR.sys [284736 2010-11-20] (LSI Corporation, Inc.)
S3 mouclass; X:\windows\System32\DRIVERS\mouclass.sys [49216 2010-11-20] (Microsoft Corporation)
S3 mouhid; X:\windows\System32\DRIVERS\mouhid.sys [31232 2010-11-20] (Microsoft Corporation)
S0 mountmgr; X:\windows\System32\drivers\mountmgr.sys [94592 2010-11-20] (Microsoft Corporation)
S3 mpsdrv; X:\windows\System32\drivers\mpsdrv.sys [77312 2009-07-13] (Microsoft Corporation)
S3 mrxsmb; X:\windows\System32\DRIVERS\mrxsmb.sys [158208 2010-11-20] (Microsoft Corporation)
S3 mrxsmb10; X:\windows\System32\DRIVERS\mrxsmb10.sys [287744 2010-11-20] (Microsoft Corporation)
S3 mrxsmb20; X:\windows\System32\DRIVERS\mrxsmb20.sys [128000 2010-11-20] (Microsoft Corporation)
S3 msahci; X:\windows\system32\drivers\msahci.sys [31104 2010-11-20] (Microsoft Corporation)
S0 msisadrv; X:\windows\System32\drivers\msisadrv.sys [15424 2010-11-20] (Microsoft Corporation)
S3 MSKSSRV; X:\windows\System32\drivers\MSKSSRV.sys [11136 2009-07-13] (Microsoft Corporation)
S3 MSPCLOCK; X:\windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-13] (Microsoft Corporation)
S3 MSPQM; X:\windows\System32\drivers\MSPQM.sys [6784 2009-07-13] (Microsoft Corporation)
S1 mssmbios; X:\windows\System32\DRIVERS\mssmbios.sys [32320 2010-11-20] (Microsoft Corporation)
S3 MSTEE; X:\windows\System32\drivers\MSTEE.sys [8064 2009-07-13] (Microsoft Corporation)
S3 MTConfig; X:\windows\system32\drivers\MTConfig.sys [15360 2010-11-20] (Microsoft Corporation)
S2 multikey; C:\Windows\System32\DRIVERS\multikey.sys [67584 2014-10-16] (Chingachguk & Denger2k (Elite & SP edition))
S0 Mup; X:\windows\System32\Drivers\mup.sys [60496 2009-07-13] (Microsoft Corporation)
S0 NDIS; X:\windows\System32\drivers\ndis.sys [951680 2010-11-20] (Microsoft Corporation)
S3 NdisTapi; X:\windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-13] (Microsoft Corporation)
S3 NdisWan; X:\windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] (Microsoft Corporation)
S1 NetBIOS; X:\windows\System32\DRIVERS\netbios.sys [44544 2009-07-13] (Microsoft Corporation)
S1 NetBT; X:\windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] (Microsoft Corporation)
S3 nfrd960; X:\windows\system32\drivers\nfrd960.sys [51264 2010-11-20] (IBM Corporation)
S1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [88200 2011-03-21] (Locktime Software)
S1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [105984 2017-02-08] (Panda Security, S.L.)
S1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [209168 2016-06-29] (Panda Security, S.L.)
S1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [119880 2017-02-08] (Panda Security, S.L.)
S1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [123664 2016-06-29] (Panda Security, S.L.)
S1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [75032 2016-06-30] (Panda Security, S.L.)
S1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [114448 2016-06-29] (Panda Security, S.L.)
S1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [83824 2017-02-08] (Panda Security, S.L.)
S1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [132880 2016-06-29] (Panda Security, S.L.)
S1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [333584 2016-06-29] (Panda Security, S.L.)
S1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [196600 2017-02-08] (Panda Security, S.L.)
S1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [121104 2016-06-29] (Panda Security, S.L.)
S1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [278432 2016-07-01] (Panda Security, S.L.)
S1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [123152 2016-06-29] (Panda Security, S.L.)
S1 nsiproxy; X:\windows\System32\drivers\nsiproxy.sys [24576 2009-07-13] (Microsoft Corporation)
S1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299664 2015-02-25] (NVIDIA Corporation)
S3 nvraid; X:\windows\system32\drivers\nvraid.sys [148352 2012-06-15] (NVIDIA Corporation)
S3 nvstor; X:\windows\system32\drivers\nvstor.sys [166272 2012-06-15] (NVIDIA Corporation)
S3 nv_agp; X:\windows\system32\drivers\nv_agp.sys [122960 2010-11-20] (Microsoft Corporation)
S3 ohci1394; X:\windows\system32\drivers\ohci1394.sys [72832 2010-11-20] (Microsoft Corporation)
S3 Parport; X:\windows\system32\drivers\parport.sys [97280 2010-11-20] (Microsoft Corporation)
S0 partmgr; X:\windows\System32\drivers\partmgr.sys [75136 2010-11-20] (Microsoft Corporation)
S0 pci; X:\windows\System32\drivers\pci.sys [184704 2010-11-20] (Microsoft Corporation)
S3 pciide; X:\windows\system32\drivers\pciide.sys [12352 2010-11-20] (Microsoft Corporation)
S3 pcmcia; X:\windows\system32\drivers\pcmcia.sys [220752 2010-11-20] (Microsoft Corporation)
S0 pcw; X:\windows\System32\drivers\pcw.sys [50768 2009-07-13] (Microsoft Corporation)
S1 pefndis; C:\Windows\System32\DRIVERS\pefndis.sys [61104 2013-09-23] (Microsoft Corporation)
S3 PptpMiniport; X:\windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] (Microsoft Corporation)
S3 Processor; X:\windows\system32\drivers\processr.sys [60416 2010-11-20] (Microsoft Corporation)
S2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [177424 2017-02-12] (Panda Security, S.L.)
S2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [131856 2017-02-12] (Panda Security, S.L.)
S1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [205584 2017-02-20] (Panda Security, S.L.)
S2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [131344 2017-02-12] (Panda Security, S.L.)
S2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [144656 2017-02-12] (Panda Security, S.L.)
S2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [114960 2017-02-12] (Panda Security, S.L.)
S3 ql2300; X:\windows\system32\drivers\ql2300.sys [1524816 2010-11-20] (QLogic Corporation)
S3 ql40xx; X:\windows\system32\drivers\ql40xx.sys [128592 2010-11-20] (QLogic Corporation)
S3 RasAcd; X:\windows\System32\DRIVERS\rasacd.sys [14848 2009-07-13] (Microsoft Corporation)
S3 RasAgileVpn; X:\windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-13] (Microsoft Corporation)
S3 Rasl2tp; X:\windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] (Microsoft Corporation)
S3 RasPppoe; X:\windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-13] (Microsoft Corporation)
S3 RasSstp; X:\windows\System32\DRIVERS\rassstp.sys [83968 2009-07-13] (Microsoft Corporation)
S1 rdbss; X:\windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] (Microsoft Corporation)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202632 2012-12-16] (SANDBOXIE L.T.D)
S3 sbp2port; X:\windows\system32\drivers\sbp2port.sys [103808 2010-11-20] (Microsoft Corporation)
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 Serenum; X:\windows\System32\DRIVERS\serenum.sys [23552 2010-11-20] (Microsoft Corporation)
S1 Serial; X:\windows\System32\DRIVERS\serial.sys [94208 2010-11-20] (Microsoft Corporation)
S3 sermouse; X:\windows\system32\drivers\sermouse.sys [26624 2010-11-20] (Microsoft Corporation)
S3 sfloppy; X:\windows\system32\drivers\sfloppy.sys [16896 2010-11-20] (Microsoft Corporation)
S3 SiSRaid2; X:\windows\system32\drivers\SiSRaid2.sys [43584 2010-11-20] (Silicon Integrated Systems Corp.)
S3 SiSRaid4; X:\windows\system32\drivers\sisraid4.sys [80464 2010-11-20] (Silicon Integrated Systems)
S3 Smb; X:\windows\System32\DRIVERS\smb.sys [93184 2009-07-13] (Microsoft Corporation)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-17] (Synaptics Incorporated)
S2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [59048 2010-10-20] (SafeNet, Inc.)
S3 stexstor; X:\windows\system32\drivers\stexstor.sys [24656 2010-11-20] (Promise Technology)
S0 storflt; X:\windows\System32\drivers\vmstorfl.sys [46464 2010-11-20] (Microsoft Corporation)
S3 storvsc; X:\windows\system32\drivers\storvsc.sys [34688 2010-11-20] (Microsoft Corporation)
S3 swenum; X:\windows\System32\DRIVERS\swenum.sys [12496 2010-11-20] (Microsoft Corporation)
S0 Tcpip; X:\windows\System32\drivers\tcpip.sys [1924480 2010-11-20] (Microsoft Corporation)
S3 TCPIP6; X:\windows\System32\DRIVERS\tcpip.sys [1924480 2010-11-20] (Microsoft Corporation)
S1 tdx; X:\windows\System32\DRIVERS\tdx.sys [119296 2010-11-20] (Microsoft Corporation)
S1 TermDD; X:\windows\System32\DRIVERS\termdd.sys [63360 2010-11-20] (Microsoft Corporation)
S3 TISDCam; C:\Windows\System32\DRIVERS\tisdcam_4401.sys [111616 2011-07-01] (The Imaging Source Europe GmbH)
S3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
S3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
S3 uagp35; X:\windows\system32\drivers\uagp35.sys [64080 2010-11-20] (Microsoft Corporation)
S0 ucpiamo; C:\Windows\System32\drivers\raaimpsw.sys [142160 2018-02-23] ()
S4 udfs; X:\windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] (Microsoft Corporation)
S3 uliagpkx; X:\windows\system32\drivers\uliagpkx.sys [64592 2010-11-20] (Microsoft Corporation)
S3 umbus; X:\windows\System32\DRIVERS\umbus.sys [48640 2010-11-20] (Microsoft Corporation)
S3 UmPass; X:\windows\system32\drivers\umpass.sys [9728 2010-11-20] (Microsoft Corporation)
S3 usbccgp; X:\windows\System32\DRIVERS\usbccgp.sys [98816 2010-11-20] (Microsoft Corporation)
S3 usbehci; X:\windows\system32\drivers\usbehci.sys [52224 2010-11-20] (Microsoft Corporation)
S3 usbhub; X:\windows\System32\DRIVERS\usbhub.sys [343040 2010-11-20] (Microsoft Corporation)
S3 usbohci; X:\windows\system32\drivers\usbohci.sys [25600 2010-11-20] (Microsoft Corporation)
S3 USBPcap; C:\Windows\System32\DRIVERS\USBPcap.sys [38456 2017-05-11] (USBPcap)
S3 USBSTOR; X:\windows\System32\DRIVERS\USBSTOR.SYS [91648 2012-06-15] (Microsoft Corporation)
S3 usbuhci; X:\windows\system32\drivers\usbuhci.sys [30720 2010-11-20] (Microsoft Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116296 2014-09-09] (Oracle Corporation)
S0 vdrvroot; X:\windows\System32\drivers\vdrvroot.sys [36432 2010-11-20] (Microsoft Corporation)
S1 VgaSave; X:\windows\System32\drivers\vga.sys [29184 2009-07-13] (Microsoft Corporation)
S3 vhdmp; X:\windows\system32\drivers\vhdmp.sys [215936 2010-11-20] (Microsoft Corporation)
S3 viaide; X:\windows\system32\drivers\viaide.sys [17488 2010-11-20] (VIA Technologies, Inc.)
S3 vmbus; X:\windows\system32\drivers\vmbus.sys [199552 2010-11-20] (Microsoft Corporation)
S3 VMBusHID; X:\windows\system32\drivers\VMBusHID.sys [21760 2010-11-20] (Microsoft Corporation)
S0 volmgr; X:\windows\System32\drivers\volmgr.sys [71552 2010-11-20] (Microsoft Corporation)
S0 volmgrx; X:\windows\System32\drivers\volmgrx.sys [363392 2010-11-20] (Microsoft Corporation)
S0 volsnap; X:\windows\System32\drivers\volsnap.sys [295808 2010-11-20] (Microsoft Corporation)
S3 vsmraid; X:\windows\system32\drivers\vsmraid.sys [161872 2010-11-20] (VIA Technologies Inc.,Ltd)
S3 WacomPen; X:\windows\system32\drivers\wacompen.sys [27776 2010-11-20] (Microsoft Corporation)
S3 WANARP; X:\windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation)
S1 Wanarpv6; X:\windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation)
S3 Wd; X:\windows\system32\drivers\wd.sys [21056 2010-11-20] (Microsoft Corporation)
S0 Wdf01000; X:\windows\System32\drivers\Wdf01000.sys [654928 2009-07-13] (Microsoft Corporation)
S3 wfpcapture; C:\Windows\System32\Drivers\wfpcapture.sys [60080 2013-09-23] (Microsoft Corporation)
S3 WIMMount; X:\windows\System32\drivers\wimmount.sys [22096 2009-07-13] (Microsoft Corporation)
S3 WmiAcpi; X:\windows\System32\DRIVERS\wmiacpi.sys [14336 2010-11-20] (Microsoft Corporation)
S4 ws2ifsl; X:\windows\system32\drivers\ws2ifsl.sys [21504 2009-07-13] (Microsoft Corporation)
S0 Partizan; system32\drivers\Partizan.sys [X]
S0 SR; no ImagePath
S2 srservice; no ImagePath
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-23 09:45 - 2018-02-23 09:45 - 000142160 ____N C:\Windows\System32\Drivers\raaimpsw.sys
2018-02-22 15:08 - 2018-02-22 15:08 - 000000000 ____D C:\ProgramData\MB3Migration
2018-02-22 15:08 - 2018-02-22 15:08 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2018-02-22 14:38 - 2018-02-23 07:55 - 000000000 ____D C:\Users\Joe\AppData\Local\lsnzvir
2018-02-22 14:38 - 2018-02-22 14:41 - 000000000 ____D C:\Users\Joe\AppData\Local\igfxmtc
2018-02-22 13:59 - 2018-02-22 14:01 - 000000000 ____D C:\AdwCleaner
2018-02-22 13:57 - 2018-02-22 13:57 - 008222496 _____ (Malwarebytes) C:\Users\Joe\Desktop\adwcleaner_7.0.8.0.exe
2018-02-22 13:51 - 2018-02-23 07:53 - 002884096 _____ C:\Windows\System32\lsrmwhosvc.exe
2018-02-22 12:45 - 2018-02-22 15:16 - 000002068 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-22 12:45 - 2018-02-22 13:12 - 000084256 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2018-02-22 12:45 - 2018-02-22 13:06 - 000110016 _____ (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys
2018-02-22 12:45 - 2018-02-22 13:06 - 000046008 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2018-02-22 12:45 - 2018-02-22 12:45 - 000253880 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamswissarmy.sys
2018-02-22 12:45 - 2018-02-22 12:45 - 000193968 _____ (Malwarebytes) C:\Windows\System32\Drivers\MbamChameleon.sys
2018-02-22 12:44 - 2018-02-22 12:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-22 12:44 - 2018-02-22 12:44 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-22 12:44 - 2018-02-22 12:30 - 083316440 _____ (Malwarebytes ) C:\Users\Joe\Desktop\mb3-setup-1878.1878-3.3.1.2183.exe
2018-02-22 12:44 - 2017-11-29 08:11 - 000077432 _____ C:\Windows\System32\Drivers\mbae64.sys
2018-02-22 12:20 - 2018-02-22 12:20 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2018-02-21 10:57 - 2018-02-21 10:57 - 000000325 _____ C:\Users\Joe\Desktop\MctLauncher V8.url
2018-02-21 07:41 - 2018-02-21 07:41 - 000000000 ____D C:\Nokia
2018-02-21 07:08 - 2018-02-21 10:52 - 000000304 _____ C:\Users\Joe\TCO Provisioning Tool.url
2018-02-21 07:08 - 2018-02-21 10:52 - 000000304 _____ C:\Users\Joe\Desktop\TCO Provisioning Tool.url
2018-02-20 19:39 - 2018-02-20 19:40 - 000019828 _____ C:\TDSSKiller.3.1.0.16_20.02.2018_20.39.46_log.txt
2018-02-20 19:39 - 2018-02-20 19:39 - 004944584 _____ (AO Kaspersky Lab) C:\Users\Joe\Downloads\tdsskiller.exe
2018-02-20 19:24 - 2018-02-20 19:25 - 000000000 ____D C:\Users\Joe\Desktop\bleeping
2018-02-20 19:22 - 2018-02-20 19:22 - 000000000 _____ C:\Users\Joe\Desktop\bleeping.txt
2018-02-20 19:03 - 2018-02-20 19:03 - 000071141 _____ C:\Users\Joe\Downloads\Addition.txt
2018-02-20 19:02 - 2018-02-20 19:03 - 000055244 _____ C:\Users\Joe\Downloads\FRST.txt
2018-02-20 19:01 - 2018-02-23 14:19 - 000000000 ____D C:\FRST
2018-02-20 19:00 - 2018-02-20 19:00 - 002403328 _____ (Farbar) C:\Users\Joe\Downloads\FRST64.exe
2018-02-20 17:54 - 2018-02-20 17:54 - 000255928 _____ (Malwarebytes) C:\Windows\System32\Drivers\7462558F.sys
2018-02-17 17:23 - 2018-02-17 17:23 - 001959828 _____ C:\Users\Joe\Desktop\SDRuno-cookbook.pdf
2018-02-15 10:46 - 2018-02-15 10:46 - 007906720 _____ (Tim Kosse) C:\Users\Joe\Downloads\FileZilla_3.30.0_win64-setup.exe
2018-02-13 19:56 - 2018-02-13 19:56 - 007174381 _____ C:\Users\Joe\Desktop\Pop-1964-03.pdf
2018-02-11 18:41 - 2018-02-11 18:41 - 000000000 ____D C:\Users\Joe\Downloads\ptswxcel
2018-02-11 16:53 - 2018-02-11 16:53 - 011205832 _____ (Piriform Ltd) C:\Users\Joe\Downloads\ccsetup539.exe
2018-02-11 08:27 - 2018-02-11 08:27 - 129365736 ____C (Microsoft Corporation) C:\Windows\System32\MRT-KB890830.exe
2018-02-11 06:37 - 2018-02-11 06:37 - 000255928 _____ (Malwarebytes) C:\Windows\System32\Drivers\7227D6D6.sys
2018-02-08 12:39 - 2018-02-21 10:56 - 000000325 _____ C:\Users\Joe\Desktop\MctLauncher V7.url
2018-02-08 12:39 - 2018-02-21 10:52 - 000000252 _____ C:\Users\Joe\MctLauncher.url
2018-02-08 12:08 - 2018-02-08 12:08 - 000000000 ____D C:\Users\Joe\9500MPR-E
2018-02-08 11:45 - 2018-02-21 10:52 - 000000239 _____ C:\Users\Joe\WT Performance Monitoring Suite - Offline Mode.url
2018-02-08 11:45 - 2018-02-21 10:52 - 000000239 _____ C:\Users\Joe\Desktop\WT Performance Monitoring Suite - Offline Mode.url
2018-02-08 11:45 - 2018-02-21 10:52 - 000000231 _____ C:\Users\Joe\WebEML.url
2018-02-08 11:45 - 2018-02-21 10:52 - 000000231 _____ C:\Users\Joe\Desktop\WebEML.url
2018-02-08 11:42 - 2018-02-21 10:56 - 000000000 ____D C:\Alcatel-Lucent
2018-02-08 11:40 - 2018-02-21 10:51 - 000000000 ____D C:\Users\Joe\jre7
2018-02-08 11:40 - 2018-02-08 11:40 - 000000000 ____D C:\Users\Joe\Downloads\Nokia
2018-02-05 07:27 - 2018-02-05 07:27 - 000000000 ____D C:\ProgramData\Samsung
2018-01-31 16:14 - 2018-01-31 16:28 - 507029504 _____ C:\Users\Joe\Downloads\3DB18971CKAAPMZZA01_9500MPR_R7.0_TCO_ANSI_Light.iso
2018-01-31 16:13 - 2018-01-31 16:13 - 000338744 _____ (NOS Microsystems Ltd.) C:\Users\Joe\Downloads\nplucent_installer.exe
2018-01-31 16:13 - 2018-01-31 16:13 - 000000000 ____D C:\ProgramData\NOS
2018-01-31 16:13 - 2018-01-31 16:13 - 000000000 ____D C:\Program Files (x86)\NOS
2018-01-31 16:04 - 2018-02-21 06:56 - 000000000 ____D C:\Users\Joe\Desktop\NOKIA
2018-01-29 17:53 - 2018-01-29 17:53 - 001591410 _____ C:\Users\Joe\Downloads\vert.zip
2018-01-29 17:48 - 2018-01-29 17:48 - 000266240 _____ (home) C:\Users\Joe\Downloads\discone2002.exe
2018-01-27 04:30 - 2018-01-27 04:30 - 000003454 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-Thinkpad-Joe
2018-01-27 04:30 - 2018-01-27 04:30 - 000000040 ____H C:\E8BE00AD41C4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-23 09:45 - 2009-07-13 18:34 - 022806528 _____ C:\Windows\System32\config\HARDWARE
2018-02-23 08:46 - 2017-07-13 19:46 - 000000915 _____ C:\Windows\Tasks\EPSON SC-P400 Series Update {B09CB636-7177-434A-9F8B-20FB6BC73F7A}.job
2018-02-23 08:46 - 2017-07-13 19:46 - 000000915 _____ C:\Windows\Tasks\EPSON SC-P400 Series Update {784E3173-BCB7-459D-9538-D62FCCDEF4FB}.job
2018-02-23 08:02 - 2009-07-13 20:45 - 000034432 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-23 08:02 - 2009-07-13 20:45 - 000034432 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-23 07:56 - 2015-06-17 15:11 - 000000000 ____D C:\Users\Joe\AppData\Local\CrashDumps
2018-02-23 07:54 - 2014-09-18 19:17 - 000000000 ____D C:\Users\Joe\AppData\Roaming\Ditto
2018-02-23 07:54 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-23 07:17 - 2009-07-13 21:13 - 000880540 _____ C:\Windows\System32\PerfStringBackup.INI
2018-02-23 07:17 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2018-02-23 07:16 - 2017-10-05 07:14 - 000000000 ____D C:\Users\Joe\AppData\Roaming\LockAP
2018-02-23 04:22 - 2016-11-18 06:09 - 000000000 ____D C:\Users\Joe\AppData\LocalLow\Mozilla
2018-02-22 13:50 - 2018-01-16 05:49 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2018-02-22 13:50 - 2017-06-13 17:55 - 000000000 ____D C:\Users\Joe\AppData\LocalLow\Temp
2018-02-22 13:49 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\System32\GroupPolicy
2018-02-21 10:52 - 2013-02-15 07:08 - 000000000 ____D C:\users\Joe
2018-02-21 04:01 - 2018-01-15 14:48 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-02-20 18:02 - 2018-01-15 15:11 - 000000000 ____D C:\Users\Joe\Desktop\mbar
2018-02-20 17:51 - 2013-02-19 08:42 - 000000000 ____D C:\ProgramData\TEMP
2018-02-20 17:29 - 2014-02-14 14:47 - 000000000 ____D C:\Users\Joe\Desktop\Jewelry
2018-02-15 10:53 - 2017-07-07 18:11 - 000000000 ____D C:\Users\Joe\AppData\Local\FileZilla
2018-02-15 10:53 - 2014-09-30 19:30 - 000002141 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2018-02-15 10:53 - 2013-02-19 09:26 - 000000000 ____D C:\Users\Joe\AppData\Roaming\FileZilla
2018-02-15 10:53 - 2013-02-19 09:26 - 000000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2018-02-14 13:31 - 2017-11-17 08:46 - 000000000 ____D C:\Users\Joe\AppData\Roaming\pulse-sms
2018-02-11 16:58 - 2011-02-24 09:03 - 000000000 ____D C:\Windows\Panther
2018-02-11 08:27 - 2014-10-05 11:45 - 129365736 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2018-02-08 12:45 - 2013-09-02 16:59 - 000000600 _____ C:\Users\Joe\AppData\Local\PUTTY.RND
2018-02-06 09:50 - 2016-05-17 18:10 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-02-06 09:50 - 2013-02-15 07:27 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-02-06 09:50 - 2013-02-15 07:27 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-06 09:50 - 2013-02-15 07:27 - 000000000 ____D C:\Windows\System32\Macromed
2018-02-06 09:50 - 2013-01-28 14:23 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-05 07:40 - 2015-06-05 15:07 - 000000000 ____D C:\Program Files (x86)\Samsung
2018-02-01 15:59 - 2013-02-15 07:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-01 06:22 - 2016-10-11 18:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-01-29 16:46 - 2018-01-03 09:17 - 000000000 ____D C:\Users\Joe\Downloads\RF-Stencils-Visio-v3a
2018-01-28 06:49 - 2015-03-07 09:28 - 000000000 ____D C:\Users\Joe\AppData\Roaming\qBittorrent
2018-01-28 06:02 - 2009-07-13 21:08 - 000032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-01-27 04:30 - 2013-02-15 07:18 - 000000000 ____D C:\Users\Joe\AppData\Roaming\Adobe
2018-01-25 04:27 - 2013-10-22 05:50 - 000000000 ____D C:\ProgramData\Oracle
2018-01-25 04:24 - 2014-10-24 12:38 - 000097344 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2018-01-25 04:24 - 2013-06-22 09:10 - 000000000 ____D C:\Program Files (x86)\Java

Some files in TEMP:
====================
2018-02-22 13:56 - 2018-02-22 13:56 - 002403328 _____ (Farbar) C:\Users\Joe\AppData\Local\Temp\2403.tmp.exe

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 7%
Total physical RAM: 24142.79 MB
Available physical RAM: 22289.1 MB
Total Virtual: 24140.99 MB
Available Virtual: 22286.27 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:445.72 GB) (Free:238.02 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (SSD_2) (Fixed) (Total:465.74 GB) (Free:389.2 GB) exFAT
Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.31 GB) (Free:0 GB) UDF
Drive g: (MYLINUXLIVE) (Removable) (Total:117.9 GB) (Free:117.82 GB) exFAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM_DRV) (Fixed) (Total:1.41 GB) (Free:0.73 GB) NTFS ==>[system with boot components (obtained from drive)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 447.1 GB) (Disk ID: 4840C815)
Partition 1: (Active) - (Size=1.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=445.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: A0414B6E)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 118 GB) (Disk ID: CA673D30)
Partition 1: (Active) - (Size=117.9 GB) - (Type=07 NTFS)

LastRegBack: 2018-02-17 07:18

==================== End of FRST.txt ============================

 

Please let me know how to proceed from here.

 

Thanks!



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:43 AM

Posted 23 February 2018 - 06:38 PM

Seems that FRST64 had a bug. The developer has been notify and it is my understanding this bug is now fixed. It will be a good idea to download the latest version of FRST64.

 

Lets try this again in Normal Mode.

  • Highlight the entire content of the quote box below.

Start::  
Reg: Reg delete HKLM\System\ControlSet001\Services\udiskMgr /f
Reg: Reg delete HKLM\System\CurrentControlSet\Services\udiskMgr /f
C:\Windows\System32\Drivers\raasvzcf.sys
C:\Users\Joe\Downloads\vzskgguf.exe
FirewallRules: [{ACF63163-4075-4C0C-915D-EEF0644EAAFB}] => (Allow) LPort=3306
FirewallRules: [{41631664-76D2-4EAE-99FC-5B3794850428}] => (Allow) LPort=3306
FirewallRules: [{A2D23A5F-6356-44DA-81D3-D367E201375E}] => (Allow) LPort=8298
GroupPolicyScripts: Restriction <==== ATTENTION
Reg: Reg delete HKLM\SYSTEM\CurrentControlSet\Services\ucpiamo /f
S3 pmem; \??\C:\Users\Joe\AppData\Local\Temp\_MEI96602\drivers\winpmem64.sys [X] <==== ATTENTION
C:\Windows\system32\drivers\raavycfi.sys
C:\Windows\System32\lsrmwhosvc.exe
C:\Users\Joe\AppData\Local\lsnzvir
C:\Users\Joe\AppData\Local\igfxmtc
testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <==== ATTENTION
Task: {00637398-4C9F-42CB-BA1F-CD343BE36D72} - \Microsoft_Hardware_Launch_mousekeyboardcenter_exe -> No File <==== ATTENTION
Task: {39B6E69F-A045-42D4-AED9-7B4308586F63} - \Microsoft_Hardware_Launch_itype_exe -> No File <==== ATTENTION
Task: {737DE960-C004-4AB4-8BC0-760DA644E84B} - \RealDownloader Update Check -> No File <==== ATTENTION
Task: {785B7E0A-2322-4713-B5A3-7A9FC1C607B3} - \PMTask -> No File <==== ATTENTION
Task: {7CBE9303-0D71-44AB-AEA3-597526A906C7} - \Microsoft_Hardware_Launch_ipoint_exe -> No File <==== ATTENTION
Task: {7E9031D6-4ABD-475D-A241-51D0A5C3DAB2} - \Lenovo\Lenovo Customer Feedback Program -> No File <==== ATTENTION
Task: {B9938876-3605-4583-894D-13EAB91A2238} - \{41F2CA6B-4AA9-4EF3-8B73-32CED7A0E7C2} -> No File <==== ATTENTION
Task: {BCA36820-30F4-4601-915F-4F227C64FDC8} - \AutoKMS -> No File <==== ATTENTION
Task: {BFDCE46C-86E3-4F1C-BF48-FB2DB87B2478} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {EC09FFCD-A2ED-4932-996A-B24284160C29} - \DivXUpdate -> No File <==== ATTENTION
Task: {ECF4BF4C-C412-40AF-9674-5F349E8F9AC6} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
Toolbar: HKU\S-1-5-21-3290605264-3539594492-3422607212-1001 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Toolbar: HKU\S-1-5-21-3290605264-3539594492-3422607212-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin-x32: @IPC/npmedia3.0.0.2,version=3.0.0.2 -> C:\Program Files (x86)\webrec\Torch\3.0.0.2\npmedia3.0.0.2.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin HKU\S-1-5-21-3290605264-3539594492-3422607212-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [No File]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  -> No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  -> No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  -> No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> ?{85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [SugarSync] -> ?{305BC11B-5175-492B-B569-866547FCDA40} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> ?{85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [SugarSync] -> ?{305BC11B-5175-492B-B569-866547FCDA40} =>  -> No File
Task: {00637398-4C9F-42CB-BA1F-CD343BE36D72} - \Microsoft_Hardware_Launch_mousekeyboardcenter_exe -> No File <==== ATTENTION
Task: {39B6E69F-A045-42D4-AED9-7B4308586F63} - \Microsoft_Hardware_Launch_itype_exe -> No File <==== ATTENTION
Task: {737DE960-C004-4AB4-8BC0-760DA644E84B} - \RealDownloader Update Check -> No File <==== ATTENTION
Task: {785B7E0A-2322-4713-B5A3-7A9FC1C607B3} - \PMTask -> No File <==== ATTENTION
Task: {7CBE9303-0D71-44AB-AEA3-597526A906C7} - \Microsoft_Hardware_Launch_ipoint_exe -> No File <==== ATTENTION
Task: {7E9031D6-4ABD-475D-A241-51D0A5C3DAB2} - \Lenovo\Lenovo Customer Feedback Program -> No File <==== ATTENTION
Task: {B9938876-3605-4583-894D-13EAB91A2238} - \{41F2CA6B-4AA9-4EF3-8B73-32CED7A0E7C2} -> No File <==== ATTENTION
Task: {BCA36820-30F4-4601-915F-4F227C64FDC8} - \AutoKMS -> No File <==== ATTENTION
Task: {BFDCE46C-86E3-4F1C-BF48-FB2DB87B2478} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {EC09FFCD-A2ED-4932-996A-B24284160C29} - \DivXUpdate -> No File <==== ATTENTION
Task: {ECF4BF4C-C412-40AF-9674-5F349E8F9AC6} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
S3 pmem; \??\C:\Users\Joe\AppData\Local\Temp\_MEI96602\drivers\winpmem64.sys [X] <==== ATTENTION
2018-02-14 16:06 - 2018-02-14 16:06 - 001353992 _____ () C:\Users\Joe\AppData\Local\Temp\AnritsuUpdater_V1.06_Installer.exe
2018-02-11 09:27 - 2018-02-11 09:27 - 040062624 _____ (Microsoft Corporation) C:\Users\Joe\AppData\Local\Temp\E8D8.tmp.exe
2016-04-12 22:52 - 2016-04-12 22:52 - 000034816 _____ (Anritsu Company) C:\Users\Joe\AppData\Local\Temp\LoadVisa.dll
2018-02-14 16:06 - 2018-02-14 16:06 - 009495368 _____ () C:\Users\Joe\AppData\Local\Temp\LST_V1.68_Installer.exe
2018-02-14 16:06 - 2018-02-14 16:06 - 000365712 _____ () C:\Users\Joe\AppData\Local\Temp\TB_V2.06_Installer.exe
2018-02-11 09:27 - 2018-02-11 09:27 - 040062624 _____ (Microsoft Corporation) C:\Users\Joe\AppData\Local\Temp\E8D8.tmp.exe
MSCONFIG\startupreg: EPSON WorkForce 30 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEEA.EXE /FU "C:\Windows\TEMP\E_SC49E.tmp" /EF "HKCU"
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ACA & MEP 2018 Object Enabler (HKLM\...\{28B89EEF-1004-0000-5102-CF3F3A09B77D}) (Version: 8.0.40.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-1001-0000-3102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (HKLM-x32\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
AutoCAD 2018 - English (HKLM\...\{28B89EEF-1001-0409-2102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
AutoCAD 2018 (HKLM\...\{28B89EEF-1001-0000-0102-CF3F3A09B77D}) (Version: 22.0.72.0 - Autodesk) Hidden
AutoCAD 2018 Help - English (HKLM\...\{28B89EEF-1034-0409-0100-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
AutoCAD 2018 Language Pack - English (HKLM\...\{28B89EEF-1001-0409-1102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Boson NetSim 10 (HKLM-x32\...\{BB7EFCAE-611C-49F7-88AF-D91E3BCBF0C5}) (Version: 10.00.0000 - Boson Software, LLC) Hidden
Burn.Now 4.5 (HKLM-x32\...\{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation) Hidden
Corel DVD MovieFactory 7 (HKLM-x32\...\{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation) Hidden
Direct DiscRecorder (HKLM-x32\...\{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}) (Version: 1.00.0000 - Corel Corporation) Hidden
Direct DiscRecorder (HKLM-x32\...\InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}) (Version: 1.00.0000 - Corel Corporation) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Herramientas de correcci¢n de Microsoft Office 2016: espa¤ol (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - ) Hidden
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Nalpeiron License Management (HKLM-x32\...\{86148F87-2666-42F9-A712-1306176C525C}) (Version: 6.3.9.1 - Nalpeiron) Hidden
Outils de v‚rification linguistique 2016 de Microsoft Office - Fran‡ais (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Panda Devices Agent (HKLM-x32\...\{3F9548B2-0B34-4453-A92E-35056B053F19}) (Version: 1.08.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.08 - Panda Security) Hidden
Panda Protection (HKLM\...\{52F9D0C3-E6CF-4553-9013-8F2E834BD0B1}) (Version: 8.91.00 - Panda Security) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6970C7E1-F99D-388D-8903-DF8FCE677FED}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Snagit 13 (HKLM-x32\...\{B6369D04-6B02-4C63-85C5-46C09D0787EE}) (Version: 13.1.1 - TechSmith Corporation) Hidden
Sql Server Customer Experience Improvement Program (HKLM\...\{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}) (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32\...\{7A95671A-759E-3B83-B763-4289D1D24D73}) (Version: 14.102.25619 - Microsoft) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
UltraEdit (HKLM-x32\...\{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}) (Version: 18.10.1016 - IDM Computer Solutions, Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
WebViewer Plugin (HKLM-x32\...\{2DEF112F-847B-4DC4-9FC9-97EB52E2D7FC}) (Version: 2.1.0.03 - Samsung Techwin Co., Ltd.) Hidden
AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:bod2d5mUXxd6W50voomOUcc [2084]
AlternateDataStreams: C:\Program Files\Common Files\System:siI39mETDBnl5KpX528X7MtojuWC [2418]
AlternateDataStreams: C:\ProgramData\Microsoft:hDOEORID3SsVZAjrh [2010]
AlternateDataStreams: C:\ProgramData\Microsoft:zDuZXVxkY9kCsgT2EH86B [2060]
AlternateDataStreams: C:\ProgramData\TEMP:054203E4 [130]
AlternateDataStreams: C:\ProgramData\TEMP:58A5270D [414]
AlternateDataStreams: C:\ProgramData\TEMP:5A775C3F [402]
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"
CMD: BCDEDIT /ENUM ALL
CMD: fltmc instances
Folder: C:\Windows\System32\Drivers
Reg: Reg query "HKLM\SYSTEM\Select"
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 zzyzxx_x

zzyzxx_x
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 23 February 2018 - 07:38 PM

Hello MSG,

 

I downloaded the latest version of FRST64, and ran it as you instructed. However, there was no log file - the 'normal' window didn't open after the program completed, the program asked for a reboot (which happened), and there was no log file in the FRST directory.

 

I'm at a loss...

 

Any ideas?

 

Thanks!



#11 zzyzxx_x

zzyzxx_x
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 23 February 2018 - 07:49 PM

UPDATE:

 

I thought I'd run the FRST again, with your previous instructions. Just in case I missed something.

 

So I rebooted the computer, and before I got to run the FRST, I got a message box saying the fix was completed and the log file is:

 

Joe => 111851543 B

RecycleBin => 1197060878 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 23-02-2018 17:45:17)

C:\Users\Joe\AppData\Local\lsnzvir => Could not move
C:\Users\Joe\AppData\Local\igfxmtc => Could not move

==== End of Fixlog 17:45:17 ====

 

Ypes.

 

Thanks again for all your help, MSG!



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:43 AM

Posted 23 February 2018 - 10:18 PM

We are having the same issue, and that is due to FRST64 bug. Not the one in your computer, but the one you saved in the USB drive. Remember, that FRST64 in the USB drive, must be downloaded on a clean computer, and ran at the time the computer boots to the Recovery Environment Command prompt. Thats the run that will inactivate the rootkit. Once done, run the fix in Normal Mode, even if you  have to run FRST64 from your USB drive, but in Normal mode. Lets see if that works.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 zzyzxx_x

zzyzxx_x
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 24 February 2018 - 10:41 AM

OK MSG, I went through the entire exercise again. Here are the logs:

 

(An interesting side note - yesterday's download of FRST64 would not run in the recovery environment this morning. I tried several times and got the error "The subsystem needed to support the image type is not present". So I re-downloaded a fresh copy of FRST64, and that one ran OK.)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.02.2018
Ran by SYSTEM on MININT-LJ49DR9 (24-02-2018 08:21:42)
Running from G:\
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2728736 2015-02-25] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295664 2014-12-08] (Lenovo Group Limited)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-16] (Lenovo)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [141760 2017-02-22] (Panda Security, S.L.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\Default\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default\...\RunOnce: [] => [X]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] => C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q
HKU\Default\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\Default User\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\RunOnce: [] => [X]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] => C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q
HKU\Default User\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\Joe\...\Run: [AdobeBridge] => [X]
HKU\Joe\...\Run: [Active Desktop Calendar] => C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe [9143296 2011-11-23] (XemiComputers ltd.)
HKU\Joe\...\Run: [Ditto] => C:\Program Files (x86)\Ditto\Ditto.exe [1740800 2015-11-07] ()
HKU\Joe\...\Run: [NetLimiter] => C:\Program Files\NetLimiter 3\NLClientApp.exe [2910208 2011-03-21] (Locktime Software)
HKU\Joe\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_32ATI1NE.EXE [303312 2016-04-13] (Seiko Epson Corporation)
HKU\Joe\...\Policies\system: [DisableCMD] 0
HKU\Joe\...\Policies\system: [NoDispAppearancePage] 0
HKU\Joe\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Joe\...\Policies\system: [NoDispSettingsPage] 0
HKU\Joe\...\Policies\Explorer: []
HKU\Joe\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\Joe\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\Joe\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\Joe\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\Joe\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\Joe\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\Joe\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\Joe\...\Policies\Explorer: [NoFind] 0
HKU\Joe\...\Policies\Explorer: [NoFile] 0
HKU\Joe\...\Policies\Explorer: [HideClock] 0
HKU\Joe\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\Joe\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\Joe\...\Policies\Explorer: [NoSetFolders] 0
HKU\Joe\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\Joe\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\Joe\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\Joe\...\Policies\Explorer: [NoDFSTab] 0
HKU\Joe\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\Joe\...\Policies\Explorer: [NoLogoff] 0
HKU\Joe\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\Joe\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\Joe\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\Joe\...\Policies\Explorer: [NoResolveSearch] 0
HKU\Joe\...\Policies\Explorer: [NoSaveSettings] 0
HKU\Joe\...\Policies\Explorer: [NoHardwareTab] 0
HKU\Joe\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\Joe\Control Panel\Desktop\\SCRNSAVE.EXE ->
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2015-02-25] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2015-02-25] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1st Clock.lnk [2015-08-08]
ShortcutTarget: 1st Clock.lnk -> C:\Program Files (x86)\1st Clock\1stClock.exe (Green Parrots Software)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"HKLM\System\ControlSet001\Services\ucpiamo" => removed successfully
C:\Windows\System32\drivers\raaosvyc.sys => moved successfully
"HKLM\System\ControlSet001\Services\udiskMgr" => removed successfully
C:\Users\Joe\AppData\Local\igfxmtc\igfxmtc.exe => moved successfully
C:\Users\Joe\AppData\Local\lsnzvir\lsnzvir.exe => moved successfully
C:\Users\Joe\AppData\Local\lsnzvir\psmbdwv.exe => moved successfully
S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [694464 2016-04-07] (Adobe Systems Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S4 AtollCalcSvr; C:\Program Files\Forsk\Atoll\AtollSvr.exe [636928 2013-11-21] (Forsk)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2015-01-29] (Lenovo.)
S2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-16] (Lenovo)
S2 GPAdjustTimeService; C:\Program Files (x86)\1st Clock\1stClockAdjustTimeSvc.exe [448512 2007-11-11] (Green Parrots Software)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
S2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197360 2014-12-08] (Lenovo Group Limited)
S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-11] (Lenovo Group Limited)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-12-04] ()
S2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [110384 2017-02-14] (Panda Security, S.L.)
S2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1845248 2011-03-21] (Locktime Software)
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3006.dll [49152 2018-01-31] (NOS Microsystems Ltd.)
S2 NVWMI; C:\Windows\system32\nvwmi64.exe [2855624 2015-02-25] ()
S2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
S2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [47096 2017-04-25] (Panda Security, S.L.)
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [123664 2012-12-16] (SANDBOXIE L.T.D)
S2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [374048 2010-10-20] (SafeNet, Inc.)
S2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1250592 2010-10-20] (SafeNet, Inc)
S2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [292128 2010-10-20] (SafeNet, Inc.)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-12-04] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 2413E2F2; C:\Windows\system32\drivers\2413E2F2.sys [255928 2018-01-15] (Malwarebytes)
S4 3611E6F7; C:\Windows\System32\drivers\3611E6F7.sys [255928 2018-01-15] (Malwarebytes)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2009-06-02] (www.winchiphead.com)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-16] (Windows ® Win 7 DDK provider)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [118160 2016-10-04] (Future Technology Devices International Ltd.)
S3 FTSER2K; C:\Windows\System32\drivers\ftser2k.sys [88752 2016-10-04] ()
S2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-02-22] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2018-02-22] (Malwarebytes)
S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2018-02-22] (Malwarebytes)
S1 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-22] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2018-02-22] (Malwarebytes)
S2 multikey; C:\Windows\System32\DRIVERS\multikey.sys [67584 2014-10-16] (Chingachguk & Denger2k (Elite & SP edition))
S1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [88200 2011-03-21] (Locktime Software)
S1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [105984 2017-02-08] (Panda Security, S.L.)
S1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [209168 2016-06-29] (Panda Security, S.L.)
S1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [119880 2017-02-08] (Panda Security, S.L.)
S1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [123664 2016-06-29] (Panda Security, S.L.)
S1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [75032 2016-06-30] (Panda Security, S.L.)
S1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [114448 2016-06-29] (Panda Security, S.L.)
S1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [83824 2017-02-08] (Panda Security, S.L.)
S1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [132880 2016-06-29] (Panda Security, S.L.)
S1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [333584 2016-06-29] (Panda Security, S.L.)
S1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [196600 2017-02-08] (Panda Security, S.L.)
S1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [121104 2016-06-29] (Panda Security, S.L.)
S1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [278432 2016-07-01] (Panda Security, S.L.)
S1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [123152 2016-06-29] (Panda Security, S.L.)
S1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299664 2015-02-25] (NVIDIA Corporation)
S1 pefndis; C:\Windows\System32\DRIVERS\pefndis.sys [61104 2013-09-23] (Microsoft Corporation)
S2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [177424 2017-02-12] (Panda Security, S.L.)
S2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [131856 2017-02-12] (Panda Security, S.L.)
S1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [205584 2017-02-20] (Panda Security, S.L.)
S2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [131344 2017-02-12] (Panda Security, S.L.)
S2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [144656 2017-02-12] (Panda Security, S.L.)
S2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [114960 2017-02-12] (Panda Security, S.L.)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202632 2012-12-16] (SANDBOXIE L.T.D)
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-17] (Synaptics Incorporated)
S2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [59048 2010-10-20] (SafeNet, Inc.)
S3 TISDCam; C:\Windows\System32\DRIVERS\tisdcam_4401.sys [111616 2011-07-01] (The Imaging Source Europe GmbH)
S3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
S3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
S3 USBPcap; C:\Windows\System32\DRIVERS\USBPcap.sys [38456 2017-05-11] (USBPcap)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116296 2014-09-09] (Oracle Corporation)
S3 wfpcapture; C:\Windows\System32\Drivers\wfpcapture.sys [60080 2013-09-23] (Microsoft Corporation)
S0 Partizan; system32\drivers\Partizan.sys [X]
S0 SR; no ImagePath
S2 srservice; no ImagePath
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-23 16:30 - 2018-02-24 06:32 - 002884096 _____ C:\Windows\System32\lsrmwhosvc.exe
2018-02-23 15:13 - 2018-02-23 15:14 - 007914600 _____ (Tim Kosse) C:\Users\Joe\Downloads\FileZilla_3.31.0_win64-setup.exe
2018-02-22 15:08 - 2018-02-22 15:08 - 000000000 ____D C:\ProgramData\MB3Migration
2018-02-22 15:08 - 2018-02-22 15:08 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2018-02-22 14:38 - 2018-02-24 08:21 - 000000000 ____D C:\Users\Joe\AppData\Local\lsnzvir
2018-02-22 14:38 - 2018-02-24 08:21 - 000000000 ____D C:\Users\Joe\AppData\Local\igfxmtc
2018-02-22 13:59 - 2018-02-22 14:01 - 000000000 ____D C:\AdwCleaner
2018-02-22 13:57 - 2018-02-22 13:57 - 008222496 _____ (Malwarebytes) C:\Users\Joe\Desktop\adwcleaner_7.0.8.0.exe
2018-02-22 12:45 - 2018-02-22 15:16 - 000002068 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-22 12:45 - 2018-02-22 13:12 - 000084256 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2018-02-22 12:45 - 2018-02-22 13:06 - 000110016 _____ (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys
2018-02-22 12:45 - 2018-02-22 13:06 - 000046008 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2018-02-22 12:45 - 2018-02-22 12:45 - 000253880 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamswissarmy.sys
2018-02-22 12:45 - 2018-02-22 12:45 - 000193968 _____ (Malwarebytes) C:\Windows\System32\Drivers\MbamChameleon.sys
2018-02-22 12:44 - 2018-02-22 12:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-22 12:44 - 2018-02-22 12:44 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-22 12:44 - 2018-02-22 12:30 - 083316440 _____ (Malwarebytes ) C:\Users\Joe\Desktop\mb3-setup-1878.1878-3.3.1.2183.exe
2018-02-22 12:44 - 2017-11-29 08:11 - 000077432 _____ C:\Windows\System32\Drivers\mbae64.sys
2018-02-22 12:20 - 2018-02-23 15:22 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2018-02-21 10:57 - 2018-02-21 10:57 - 000000325 _____ C:\Users\Joe\Desktop\MctLauncher V8.url
2018-02-21 07:41 - 2018-02-21 07:41 - 000000000 ____D C:\Nokia
2018-02-21 07:08 - 2018-02-21 10:52 - 000000304 _____ C:\Users\Joe\TCO Provisioning Tool.url
2018-02-21 07:08 - 2018-02-21 10:52 - 000000304 _____ C:\Users\Joe\Desktop\TCO Provisioning Tool.url
2018-02-20 19:39 - 2018-02-20 19:40 - 000019828 _____ C:\TDSSKiller.3.1.0.16_20.02.2018_20.39.46_log.txt
2018-02-20 19:39 - 2018-02-20 19:39 - 004944584 _____ (AO Kaspersky Lab) C:\Users\Joe\Downloads\tdsskiller.exe
2018-02-20 19:24 - 2018-02-20 19:25 - 000000000 ____D C:\Users\Joe\Desktop\bleeping
2018-02-20 19:03 - 2018-02-20 19:03 - 000071141 _____ C:\Users\Joe\Downloads\Addition.txt
2018-02-20 19:02 - 2018-02-20 19:03 - 000055244 _____ C:\Users\Joe\Downloads\FRST.txt
2018-02-20 19:01 - 2018-02-24 08:21 - 000000000 ____D C:\FRST
2018-02-20 19:00 - 2018-02-20 19:00 - 002403328 _____ (Farbar) C:\Users\Joe\Downloads\FRST64.exe
2018-02-20 17:54 - 2018-02-20 17:54 - 000255928 _____ (Malwarebytes) C:\Windows\System32\Drivers\7462558F.sys
2018-02-15 10:46 - 2018-02-15 10:46 - 007906720 _____ (Tim Kosse) C:\Users\Joe\Downloads\FileZilla_3.30.0_win64-setup.exe
2018-02-11 18:41 - 2018-02-11 18:41 - 000000000 ____D C:\Users\Joe\Downloads\ptswxcel
2018-02-11 16:53 - 2018-02-11 16:53 - 011205832 _____ (Piriform Ltd) C:\Users\Joe\Downloads\ccsetup539.exe
2018-02-11 08:27 - 2018-02-11 08:27 - 129365736 ____C (Microsoft Corporation) C:\Windows\System32\MRT-KB890830.exe
2018-02-11 06:37 - 2018-02-11 06:37 - 000255928 _____ (Malwarebytes) C:\Windows\System32\Drivers\7227D6D6.sys
2018-02-08 12:39 - 2018-02-21 10:56 - 000000325 _____ C:\Users\Joe\Desktop\MctLauncher V7.url
2018-02-08 12:39 - 2018-02-21 10:52 - 000000252 _____ C:\Users\Joe\MctLauncher.url
2018-02-08 12:08 - 2018-02-08 12:08 - 000000000 ____D C:\Users\Joe\9500MPR-E
2018-02-08 11:45 - 2018-02-21 10:52 - 000000239 _____ C:\Users\Joe\WT Performance Monitoring Suite - Offline Mode.url
2018-02-08 11:45 - 2018-02-21 10:52 - 000000239 _____ C:\Users\Joe\Desktop\WT Performance Monitoring Suite - Offline Mode.url
2018-02-08 11:45 - 2018-02-21 10:52 - 000000231 _____ C:\Users\Joe\WebEML.url
2018-02-08 11:45 - 2018-02-21 10:52 - 000000231 _____ C:\Users\Joe\Desktop\WebEML.url
2018-02-08 11:42 - 2018-02-21 10:56 - 000000000 ____D C:\Alcatel-Lucent
2018-02-08 11:40 - 2018-02-21 10:51 - 000000000 ____D C:\Users\Joe\jre7
2018-02-08 11:40 - 2018-02-08 11:40 - 000000000 ____D C:\Users\Joe\Downloads\Nokia
2018-02-05 07:27 - 2018-02-05 07:27 - 000000000 ____D C:\ProgramData\Samsung
2018-01-31 16:14 - 2018-01-31 16:28 - 507029504 _____ C:\Users\Joe\Downloads\3DB18971CKAAPMZZA01_9500MPR_R7.0_TCO_ANSI_Light.iso
2018-01-31 16:13 - 2018-01-31 16:13 - 000338744 _____ (NOS Microsystems Ltd.) C:\Users\Joe\Downloads\nplucent_installer.exe
2018-01-31 16:13 - 2018-01-31 16:13 - 000000000 ____D C:\ProgramData\NOS
2018-01-31 16:13 - 2018-01-31 16:13 - 000000000 ____D C:\Program Files (x86)\NOS
2018-01-29 17:53 - 2018-01-29 17:53 - 001591410 _____ C:\Users\Joe\Downloads\vert.zip
2018-01-29 17:48 - 2018-01-29 17:48 - 000266240 _____ (home) C:\Users\Joe\Downloads\discone2002.exe
2018-01-27 04:30 - 2018-01-27 04:30 - 000003454 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-Thinkpad-Joe
2018-01-27 04:30 - 2018-01-27 04:30 - 000000040 ____H C:\E8BE00AD41C4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-24 07:15 - 2009-07-13 18:34 - 022806528 _____ C:\Windows\System32\config\HARDWARE
2018-02-24 06:46 - 2017-07-13 19:46 - 000000915 _____ C:\Windows\Tasks\EPSON SC-P400 Series Update {B09CB636-7177-434A-9F8B-20FB6BC73F7A}.job
2018-02-24 06:46 - 2017-07-13 19:46 - 000000915 _____ C:\Windows\Tasks\EPSON SC-P400 Series Update {784E3173-BCB7-459D-9538-D62FCCDEF4FB}.job
2018-02-24 06:44 - 2016-11-18 06:09 - 000000000 ____D C:\Users\Joe\AppData\LocalLow\Mozilla
2018-02-24 06:40 - 2009-07-13 20:45 - 000034432 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-24 06:40 - 2009-07-13 20:45 - 000034432 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-24 06:34 - 2015-06-17 15:11 - 000000000 ____D C:\Users\Joe\AppData\Local\CrashDumps
2018-02-24 06:33 - 2014-09-18 19:17 - 000000000 ____D C:\Users\Joe\AppData\Roaming\Ditto
2018-02-24 06:32 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-24 06:13 - 2009-07-13 21:13 - 000880540 _____ C:\Windows\System32\PerfStringBackup.INI
2018-02-24 06:13 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2018-02-23 16:30 - 2013-02-15 07:09 - 000143944 _____ C:\Users\Joe\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-23 15:16 - 2013-02-19 09:26 - 000000000 ____D C:\Users\Joe\AppData\Roaming\FileZilla
2018-02-23 07:16 - 2017-10-05 07:14 - 000000000 ____D C:\Users\Joe\AppData\Roaming\LockAP
2018-02-22 13:50 - 2018-01-16 05:49 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2018-02-22 13:50 - 2017-06-13 17:55 - 000000000 ____D C:\Users\Joe\AppData\LocalLow\Temp
2018-02-22 13:49 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\System32\GroupPolicy
2018-02-21 10:52 - 2013-02-15 07:08 - 000000000 ____D C:\users\Joe
2018-02-21 04:01 - 2018-01-15 14:48 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-02-20 17:51 - 2013-02-19 08:42 - 000000000 ____D C:\ProgramData\TEMP
2018-02-20 17:29 - 2014-02-14 14:47 - 000000000 ____D C:\Users\Joe\Desktop\Jewelry
2018-02-15 10:53 - 2017-07-07 18:11 - 000000000 ____D C:\Users\Joe\AppData\Local\FileZilla
2018-02-15 10:53 - 2014-09-30 19:30 - 000002141 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2018-02-15 10:53 - 2013-02-19 09:26 - 000000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2018-02-14 13:31 - 2017-11-17 08:46 - 000000000 ____D C:\Users\Joe\AppData\Roaming\pulse-sms
2018-02-11 16:58 - 2011-02-24 09:03 - 000000000 ____D C:\Windows\Panther
2018-02-11 08:27 - 2014-10-05 11:45 - 129365736 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2018-02-08 12:45 - 2013-09-02 16:59 - 000000600 _____ C:\Users\Joe\AppData\Local\PUTTY.RND
2018-02-06 09:50 - 2016-05-17 18:10 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-02-06 09:50 - 2013-02-15 07:27 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-02-06 09:50 - 2013-02-15 07:27 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-06 09:50 - 2013-02-15 07:27 - 000000000 ____D C:\Windows\System32\Macromed
2018-02-06 09:50 - 2013-01-28 14:23 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-05 07:40 - 2015-06-05 15:07 - 000000000 ____D C:\Program Files (x86)\Samsung
2018-02-01 15:59 - 2013-02-15 07:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-01 06:22 - 2016-10-11 18:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-01-29 16:46 - 2018-01-03 09:17 - 000000000 ____D C:\Users\Joe\Downloads\RF-Stencils-Visio-v3a
2018-01-28 06:49 - 2015-03-07 09:28 - 000000000 ____D C:\Users\Joe\AppData\Roaming\qBittorrent
2018-01-28 06:02 - 2009-07-13 21:08 - 000032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-01-27 04:30 - 2013-02-15 07:18 - 000000000 ____D C:\Users\Joe\AppData\Roaming\Adobe
2018-01-25 04:27 - 2013-10-22 05:50 - 000000000 ____D C:\ProgramData\Oracle
2018-01-25 04:24 - 2014-10-24 12:38 - 000097344 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2018-01-25 04:24 - 2013-06-22 09:10 - 000000000 ____D C:\Program Files (x86)\Java

Some files in TEMP:
====================
2018-02-23 16:45 - 2018-02-23 16:45 - 002403328 _____ (Farbar) C:\Users\Joe\AppData\Local\Temp\12C4.tmp.exe

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 7%
Total physical RAM: 24142.79 MB
Available physical RAM: 22288.02 MB
Total Virtual: 24140.99 MB
Available Virtual: 22285.13 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:445.72 GB) (Free:250.73 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (SSD_2) (Fixed) (Total:465.74 GB) (Free:369.64 GB) exFAT
Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.31 GB) (Free:0 GB) UDF
Drive g: (Rage2) (Removable) (Total:117.9 GB) (Free:117.9 GB) exFAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM_DRV) (Fixed) (Total:1.41 GB) (Free:0.73 GB) NTFS ==>[system with boot components (obtained from drive)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 447.1 GB) (Disk ID: 4840C815)
Partition 1: (Active) - (Size=1.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=445.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: A0414B6E)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 118 GB) (Disk ID: CA673D30)
Partition 1: (Active) - (Size=117.9 GB) - (Type=07 NTFS)

LastRegBack: 2018-02-17 07:18

==================== End of FRST.txt ============================

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 24.02.2018
Ran by Joe (24-02-2018 08:26:28) Run:3
Running from F:\
Loaded Profiles: Joe (Available Profiles: Joe)
Boot Mode: Normal
==============================================

fixlist content:
*****************
 
Reg: Reg delete HKLM\System\ControlSet001\Services\udiskMgr /f
Reg: Reg delete HKLM\System\CurrentControlSet\Services\udiskMgr /f
C:\Windows\System32\Drivers\raasvzcf.sys
C:\Users\Joe\Downloads\vzskgguf.exe
FirewallRules: [{ACF63163-4075-4C0C-915D-EEF0644EAAFB}] => (Allow) LPort=3306
FirewallRules: [{41631664-76D2-4EAE-99FC-5B3794850428}] => (Allow) LPort=3306
FirewallRules: [{A2D23A5F-6356-44DA-81D3-D367E201375E}] => (Allow) LPort=8298
GroupPolicyScripts: Restriction <==== ATTENTION
Reg: Reg delete HKLM\SYSTEM\CurrentControlSet\Services\ucpiamo /f
S3 pmem; \??\C:\Users\Joe\AppData\Local\Temp\_MEI96602\drivers\winpmem64.sys [X] <==== ATTENTION
C:\Windows\system32\drivers\raavycfi.sys
C:\Windows\System32\lsrmwhosvc.exe
C:\Users\Joe\AppData\Local\lsnzvir
C:\Users\Joe\AppData\Local\igfxmtc
testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <==== ATTENTION
Task: {00637398-4C9F-42CB-BA1F-CD343BE36D72} - \Microsoft_Hardware_Launch_mousekeyboardcenter_exe -> No File <==== ATTENTION
Task: {39B6E69F-A045-42D4-AED9-7B4308586F63} - \Microsoft_Hardware_Launch_itype_exe -> No File <==== ATTENTION
Task: {737DE960-C004-4AB4-8BC0-760DA644E84B} - \RealDownloader Update Check -> No File <==== ATTENTION
Task: {785B7E0A-2322-4713-B5A3-7A9FC1C607B3} - \PMTask -> No File <==== ATTENTION
Task: {7CBE9303-0D71-44AB-AEA3-597526A906C7} - \Microsoft_Hardware_Launch_ipoint_exe -> No File <==== ATTENTION
Task: {7E9031D6-4ABD-475D-A241-51D0A5C3DAB2} - \Lenovo\Lenovo Customer Feedback Program -> No File <==== ATTENTION
Task: {B9938876-3605-4583-894D-13EAB91A2238} - \{41F2CA6B-4AA9-4EF3-8B73-32CED7A0E7C2} -> No File <==== ATTENTION
Task: {BCA36820-30F4-4601-915F-4F227C64FDC8} - \AutoKMS -> No File <==== ATTENTION
Task: {BFDCE46C-86E3-4F1C-BF48-FB2DB87B2478} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {EC09FFCD-A2ED-4932-996A-B24284160C29} - \DivXUpdate -> No File <==== ATTENTION
Task: {ECF4BF4C-C412-40AF-9674-5F349E8F9AC6} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
Toolbar: HKU\S-1-5-21-3290605264-3539594492-3422607212-1001 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Toolbar: HKU\S-1-5-21-3290605264-3539594492-3422607212-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin-x32: @IPC/npmedia3.0.0.2,version=3.0.0.2 -> C:\Program Files (x86)\webrec\Torch\3.0.0.2\npmedia3.0.0.2.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin HKU\S-1-5-21-3290605264-3539594492-3422607212-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [No File]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  -> No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  -> No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  -> No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> ?{85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [SugarSync] -> ?{305BC11B-5175-492B-B569-866547FCDA40} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> ?{85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [SugarSync] -> ?{305BC11B-5175-492B-B569-866547FCDA40} =>  -> No File
Task: {00637398-4C9F-42CB-BA1F-CD343BE36D72} - \Microsoft_Hardware_Launch_mousekeyboardcenter_exe -> No File <==== ATTENTION
Task: {39B6E69F-A045-42D4-AED9-7B4308586F63} - \Microsoft_Hardware_Launch_itype_exe -> No File <==== ATTENTION
Task: {737DE960-C004-4AB4-8BC0-760DA644E84B} - \RealDownloader Update Check -> No File <==== ATTENTION
Task: {785B7E0A-2322-4713-B5A3-7A9FC1C607B3} - \PMTask -> No File <==== ATTENTION
Task: {7CBE9303-0D71-44AB-AEA3-597526A906C7} - \Microsoft_Hardware_Launch_ipoint_exe -> No File <==== ATTENTION
Task: {7E9031D6-4ABD-475D-A241-51D0A5C3DAB2} - \Lenovo\Lenovo Customer Feedback Program -> No File <==== ATTENTION
Task: {B9938876-3605-4583-894D-13EAB91A2238} - \{41F2CA6B-4AA9-4EF3-8B73-32CED7A0E7C2} -> No File <==== ATTENTION
Task: {BCA36820-30F4-4601-915F-4F227C64FDC8} - \AutoKMS -> No File <==== ATTENTION
Task: {BFDCE46C-86E3-4F1C-BF48-FB2DB87B2478} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {EC09FFCD-A2ED-4932-996A-B24284160C29} - \DivXUpdate -> No File <==== ATTENTION
Task: {ECF4BF4C-C412-40AF-9674-5F349E8F9AC6} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
S3 pmem; \??\C:\Users\Joe\AppData\Local\Temp\_MEI96602\drivers\winpmem64.sys [X] <==== ATTENTION
2018-02-14 16:06 - 2018-02-14 16:06 - 001353992 _____ () C:\Users\Joe\AppData\Local\Temp\AnritsuUpdater_V1.06_Installer.exe
2018-02-11 09:27 - 2018-02-11 09:27 - 040062624 _____ (Microsoft Corporation) C:\Users\Joe\AppData\Local\Temp\E8D8.tmp.exe
2016-04-12 22:52 - 2016-04-12 22:52 - 000034816 _____ (Anritsu Company) C:\Users\Joe\AppData\Local\Temp\LoadVisa.dll
2018-02-14 16:06 - 2018-02-14 16:06 - 009495368 _____ () C:\Users\Joe\AppData\Local\Temp\LST_V1.68_Installer.exe
2018-02-14 16:06 - 2018-02-14 16:06 - 000365712 _____ () C:\Users\Joe\AppData\Local\Temp\TB_V2.06_Installer.exe
2018-02-11 09:27 - 2018-02-11 09:27 - 040062624 _____ (Microsoft Corporation) C:\Users\Joe\AppData\Local\Temp\E8D8.tmp.exe
MSCONFIG\startupreg: EPSON WorkForce 30 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEEA.EXE /FU "C:\Windows\TEMP\E_SC49E.tmp" /EF "HKCU"
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ACA & MEP 2018 Object Enabler (HKLM\...\{28B89EEF-1004-0000-5102-CF3F3A09B77D}) (Version: 8.0.40.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-1001-0000-3102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (HKLM-x32\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
AutoCAD 2018 - English (HKLM\...\{28B89EEF-1001-0409-2102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
AutoCAD 2018 (HKLM\...\{28B89EEF-1001-0000-0102-CF3F3A09B77D}) (Version: 22.0.72.0 - Autodesk) Hidden
AutoCAD 2018 Help - English (HKLM\...\{28B89EEF-1034-0409-0100-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
AutoCAD 2018 Language Pack - English (HKLM\...\{28B89EEF-1001-0409-1102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Boson NetSim 10 (HKLM-x32\...\{BB7EFCAE-611C-49F7-88AF-D91E3BCBF0C5}) (Version: 10.00.0000 - Boson Software, LLC) Hidden
Burn.Now 4.5 (HKLM-x32\...\{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation) Hidden
Corel DVD MovieFactory 7 (HKLM-x32\...\{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation) Hidden
Direct DiscRecorder (HKLM-x32\...\{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}) (Version: 1.00.0000 - Corel Corporation) Hidden
Direct DiscRecorder (HKLM-x32\...\InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}) (Version: 1.00.0000 - Corel Corporation) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Herramientas de correcci¢n de Microsoft Office 2016: espa¤ol (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - ) Hidden
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Nalpeiron License Management (HKLM-x32\...\{86148F87-2666-42F9-A712-1306176C525C}) (Version: 6.3.9.1 - Nalpeiron) Hidden
Outils de v‚rification linguistique 2016 de Microsoft Office - Fran‡ais (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Panda Devices Agent (HKLM-x32\...\{3F9548B2-0B34-4453-A92E-35056B053F19}) (Version: 1.08.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.08 - Panda Security) Hidden
Panda Protection (HKLM\...\{52F9D0C3-E6CF-4553-9013-8F2E834BD0B1}) (Version: 8.91.00 - Panda Security) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6970C7E1-F99D-388D-8903-DF8FCE677FED}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Snagit 13 (HKLM-x32\...\{B6369D04-6B02-4C63-85C5-46C09D0787EE}) (Version: 13.1.1 - TechSmith Corporation) Hidden
Sql Server Customer Experience Improvement Program (HKLM\...\{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}) (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32\...\{7A95671A-759E-3B83-B763-4289D1D24D73}) (Version: 14.102.25619 - Microsoft) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
UltraEdit (HKLM-x32\...\{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}) (Version: 18.10.1016 - IDM Computer Solutions, Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
WebViewer Plugin (HKLM-x32\...\{2DEF112F-847B-4DC4-9FC9-97EB52E2D7FC}) (Version: 2.1.0.03 - Samsung Techwin Co., Ltd.) Hidden
AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:bod2d5mUXxd6W50voomOUcc [2084]
AlternateDataStreams: C:\Program Files\Common Files\System:siI39mETDBnl5KpX528X7MtojuWC [2418]
AlternateDataStreams: C:\ProgramData\Microsoft:hDOEORID3SsVZAjrh [2010]
AlternateDataStreams: C:\ProgramData\Microsoft:zDuZXVxkY9kCsgT2EH86B [2060]
AlternateDataStreams: C:\ProgramData\TEMP:054203E4 [130]
AlternateDataStreams: C:\ProgramData\TEMP:58A5270D [414]
AlternateDataStreams: C:\ProgramData\TEMP:5A775C3F [402]
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"
CMD: BCDEDIT /ENUM ALL
CMD: fltmc instances
Folder: C:\Windows\System32\Drivers
Reg: Reg query "HKLM\SYSTEM\Select"
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:

*****************


========= Reg delete HKLM\System\ControlSet001\Services\udiskMgr /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg delete HKLM\System\CurrentControlSet\Services\udiskMgr /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========

"C:\Windows\System32\Drivers\raasvzcf.sys" => not found
"C:\Users\Joe\Downloads\vzskgguf.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ACF63163-4075-4C0C-915D-EEF0644EAAFB}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{41631664-76D2-4EAE-99FC-5B3794850428}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A2D23A5F-6356-44DA-81D3-D367E201375E}" => not found
"C:\Windows\system32\GroupPolicy\Machine" => not found

========= Reg delete HKLM\SYSTEM\CurrentControlSet\Services\ucpiamo /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========

pmem => service not found.
"C:\Windows\system32\drivers\raavycfi.sys" => not found
C:\Windows\System32\lsrmwhosvc.exe => moved successfully
C:\Users\Joe\AppData\Local\lsnzvir => moved successfully
C:\Users\Joe\AppData\Local\igfxmtc => moved successfully

=========================  bcdedit ========================


An error occurred while attempting to delete the specified data element.
Element not found.

========= End of bcdedit =========

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00637398-4C9F-42CB-BA1F-CD343BE36D72} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39B6E69F-A045-42D4-AED9-7B4308586F63} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_itype_exe => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{737DE960-C004-4AB4-8BC0-760DA644E84B} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloader Update Check => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{785B7E0A-2322-4713-B5A3-7A9FC1C607B3} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PMTask => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CBE9303-0D71-44AB-AEA3-597526A906C7} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_ipoint_exe => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E9031D6-4ABD-475D-A241-51D0A5C3DAB2} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9938876-3605-4583-894D-13EAB91A2238} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{41F2CA6B-4AA9-4EF3-8B73-32CED7A0E7C2} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCA36820-30F4-4601-915F-4F227C64FDC8} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFDCE46C-86E3-4F1C-BF48-FB2DB87B2478} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC09FFCD-A2ED-4932-996A-B24284160C29} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DivXUpdate => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECF4BF4C-C412-40AF-9674-5F349E8F9AC6} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Synaptics TouchPad Enhancements => key not found
HKU\.DEFAULT\Software\Classes\exefile => key not found
HKU\.DEFAULT\Software\Classes\.exe => key not found
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Classes\exefile => key not found
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Classes\.exe => key not found
"HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" => not found
HKLM\Software\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => key not found
"HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => not found
HKLM\Software\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found
HKLM\Software\Wow6432Node\MozillaPlugins\@IPC/npmedia3.0.0.2,version=3.0.0.2 => key not found
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922 => key not found
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\MozillaPlugins\intel.com/AppUp => key not found
"C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key not found
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp => key not found
HKLM\Software\Classes\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending => key not found
HKLM\Software\Classes\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot => key not found
HKLM\Software\Classes\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351} => key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared => key not found
HKLM\Software\Classes\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51} => key not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => key not found
HKLM\Software\Classes\CLSID\?{85BBD920-42A0-1069-A2E4-08002B30309D} => key not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SugarSync => key not found
HKLM\Software\Classes\CLSID\?{305BC11B-5175-492B-B569-866547FCDA40} => key not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => key not found
HKLM\Software\Classes\CLSID\?{85BBD920-42A0-1069-A2E4-08002B30309D} => key not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\SugarSync => key not found
HKLM\Software\Classes\CLSID\?{305BC11B-5175-492B-B569-866547FCDA40} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00637398-4C9F-42CB-BA1F-CD343BE36D72} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39B6E69F-A045-42D4-AED9-7B4308586F63} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_itype_exe => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{737DE960-C004-4AB4-8BC0-760DA644E84B} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloader Update Check => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{785B7E0A-2322-4713-B5A3-7A9FC1C607B3} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PMTask => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CBE9303-0D71-44AB-AEA3-597526A906C7} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_ipoint_exe => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E9031D6-4ABD-475D-A241-51D0A5C3DAB2} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9938876-3605-4583-894D-13EAB91A2238} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{41F2CA6B-4AA9-4EF3-8B73-32CED7A0E7C2} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCA36820-30F4-4601-915F-4F227C64FDC8} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFDCE46C-86E3-4F1C-BF48-FB2DB87B2478} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC09FFCD-A2ED-4932-996A-B24284160C29} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DivXUpdate => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECF4BF4C-C412-40AF-9674-5F349E8F9AC6} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Synaptics TouchPad Enhancements => key not found
pmem => service not found.
"C:\Users\Joe\AppData\Local\Temp\AnritsuUpdater_V1.06_Installer.exe" => not found
"C:\Users\Joe\AppData\Local\Temp\E8D8.tmp.exe" => not found
"C:\Users\Joe\AppData\Local\Temp\LoadVisa.dll" => not found
"C:\Users\Joe\AppData\Local\Temp\LST_V1.68_Installer.exe" => not found
"C:\Users\Joe\AppData\Local\Temp\TB_V2.06_Installer.exe" => not found
"C:\Users\Joe\AppData\Local\Temp\E8D8.tmp.exe" => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON WorkForce 30 Series => key not found
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28B89EEF-1004-0000-5102-CF3F3A09B77D}\\SystemComponent" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28B89EEF-1001-0000-3102-CF3F3A09B77D}\\SystemComponent" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{32C0D7B2-1046-43AC-98AD-B748E1910916}\\SystemComponent" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}\\SystemComponent" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28B89EEF-1001-0409-2102-CF3F3A09B77D}\\SystemComponent" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28B89EEF-1001-0000-0102-CF3F3A09B77D}\\SystemComponent" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28B89EEF-1034-0409-0100-CF3F3A09B77D}\\SystemComponent" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28B89EEF-1001-0409-1102-CF3F3A09B77D}\\SystemComponent" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}\\SystemComponent" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BB7EFCAE-611C-49F7-88AF-D91E3BCBF0C5}\\SystemComponent" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A3BE3F1E-2472-4211-8735-E8239BE49D9F}\\SystemComponent" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{50F68032-B5B7-4513-9116-C978DBD8F27A}\\SystemComponent" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}\\SystemComponent" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}\\SystemComponent" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-001F-0C0A-1000-0000000FF1CE}\\SystemComponent" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb\\SystemComponent" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb\\SystemComponent" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}\\SystemComponent" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86148F87-2666-42F9-A712-1306176C525C}\\SystemComponent" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-001F-040C-1000-0000000FF1CE}\\SystemComponent" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3F9548B2-0B34-4453-A92E-35056B053F19}\\SystemComponent" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Panda Devices Agent\\SystemComponent" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{52F9D0C3-E6CF-4553-9013-8F2E834BD0B1}\\SystemComponent" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{185F9795-9663-4F13-9EF9-307A282ADB5A}\\SystemComponent" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6970C7E1-F99D-388D-8903-DF8FCE677FED}\\SystemComponent" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B6369D04-6B02-4C63-85C5-46C09D0787EE}\\SystemComponent" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}\\SystemComponent" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7A95671A-759E-3B83-B763-4289D1D24D73}\\SystemComponent" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BA5762C7-D35F-4725-A4BD-525854127018}\\SystemComponent" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}\\SystemComponent" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{933B4015-4618-4716-A828-5289FC03165F}\\SystemComponent" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2DEF112F-847B-4DC4-9FC9-97EB52E2D7FC}\\SystemComponent" => not found
"C:\Program Files\Common Files\Microsoft Shared" => ":bod2d5mUXxd6W50voomOUcc" ADS not found.
"C:\Program Files\Common Files\System" => ":siI39mETDBnl5KpX528X7MtojuWC" ADS not found.
"C:\ProgramData\Microsoft" => ":hDOEORID3SsVZAjrh" ADS not found.
"C:\ProgramData\Microsoft" => ":zDuZXVxkY9kCsgT2EH86B" ADS not found.
"C:\ProgramData\TEMP" => ":054203E4" ADS not found.
"C:\ProgramData\TEMP" => ":58A5270D" ADS not found.
"C:\ProgramData\TEMP" => ":5A775C3F" ADS not found.
HKU\.DEFAULT\Software\Classes\exefile => key not found
HKU\.DEFAULT\Software\Classes\.exe => key not found
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Classes\exefile => key not found
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Classes\.exe => key not found
HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Classes\.scr => key not found

========= BCDEDIT /ENUM ALL =========


Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
path                    \bootmgr
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
extendedinput           Yes
default                 {current}
resumeobject            {148278f3-690e-11e2-bd2b-3c970e6dcee1}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 0
customactions           0x10000ba000001
                        0x54000001
custom:54000001         {864bac68-7781-11e2-a5c7-7ce9d3ea9647}
custom:5400000f         {864bac68-7781-11e2-a5c7-7ce9d3ea9647}

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {864bac68-7781-11e2-a5c7-7ce9d3ea9647}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {148278f3-690e-11e2-bd2b-3c970e6dcee1}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {864bac68-7781-11e2-a5c7-7ce9d3ea9647}

Windows Boot Loader
-------------------
identifier              {864bac6a-7781-11e2-a5c7-7ce9d3ea9647}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{864bac6b-7781-11e2-a5c7-7ce9d3ea9647}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment (recovered)
locale                  
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{864bac6b-7781-11e2-a5c7-7ce9d3ea9647}
systemroot              \windows
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {148278f3-690e-11e2-bd2b-3c970e6dcee1}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {864bac69-7781-11e2-a5c7-7ce9d3ea9647}
description             Ramdisk Options
ramdisksdidevice        unknown
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {864bac6b-7781-11e2-a5c7-7ce9d3ea9647}
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Setup Ramdisk Options
---------------------
identifier              {ramdiskoptions}
description             Ramdisk options
ramdisksdidevice        boot
ramdisksdipath          \boot\boot.sdi

========= End of CMD: =========


========= fltmc instances =========

Filter                Volume Name                              Altitude        Instance Name      Frame  VlStatus
--------------------  -------------------------------------  ------------  ---------------------  -----  --------
MBAMChameleon         \Device\Mup                             400900       MBAMChameleon            0    
MBAMChameleon                                                 400900       MBAMChameleon            0    
MBAMChameleon         C:                                      400900       MBAMChameleon            0    
MBAMChameleon         E:                                      400900       MBAMChameleon            0    
MBAMChameleon         D:                                      400900       MBAMChameleon            0    
MBAMChameleon         F:                                      400900       MBAMChameleon            0    
PSINProc              \Device\Mup                             327620       PSINProc Instance        0    
PSINProc                                                      327620       PSINProc Instance        0    
PSINProc              C:                                      327620       PSINProc Instance        0    
PSINProc              E:                                      327620       PSINProc Instance        0    
PSINProc              D:                                      327620       PSINProc Instance        0    
PSINProc              F:                                      327620       PSINProc Instance        0    
PSINFile              \Device\Mup                             327610       PSINFile Instance        0    
PSINFile                                                      327610       PSINFile Instance        0    
PSINFile              C:                                      327610       PSINFile Instance        0    
PSINFile              E:                                      327610       PSINFile Instance        0    
PSINFile              D:                                      327610       PSINFile Instance        0    
PSINFile              F:                                      327610       PSINFile Instance        0    
luafv                 C:                                      135000       luafv                    0    
FileInfo              \Device\Mup                              45000       FileInfo                 0    
FileInfo                                                       45000       FileInfo                 0    
FileInfo              C:                                       45000       FileInfo                 0    
FileInfo              E:                                       45000       FileInfo                 0    
FileInfo              D:                                       45000       FileInfo                 0    
FileInfo              F:                                       45000       FileInfo                 0    

========= End of CMD: =========


========================= Folder: C:\Windows\System32\Drivers ========================

2009-07-13 17:06 - 2009-07-13 17:06 - 000068096 ____A [64EDD3F59DB321947969FDF1DD747323] (Microsoft Corporation) C:\Windows\System32\Drivers\1394bus.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000229888 ____A [A87D604AEA360176311474C87A63BB88] (Microsoft Corporation) C:\Windows\System32\Drivers\1394ohci.sys
2018-01-15 17:05 - 2018-01-15 17:05 - 000255928 ____A [BDFA7A13CC73B180BBDF1ABA280E1CF7] (Malwarebytes) C:\Windows\System32\Drivers\2413E2F2.sys
2018-01-15 16:28 - 2018-01-15 16:52 - 000255928 ____A [BDFA7A13CC73B180BBDF1ABA280E1CF7] (Malwarebytes) C:\Windows\System32\Drivers\256376A1.sys
2018-01-15 16:11 - 2018-01-15 16:11 - 000255928 ____A [BDFA7A13CC73B180BBDF1ABA280E1CF7] (Malwarebytes) C:\Windows\System32\Drivers\3611E6F7.sys
2018-01-16 08:19 - 2018-01-16 08:19 - 000255928 ____A [BDFA7A13CC73B180BBDF1ABA280E1CF7] (Malwarebytes) C:\Windows\System32\Drivers\411CE2B9.sys
2018-01-15 21:12 - 2018-01-15 21:12 - 000255928 ____A [BDFA7A13CC73B180BBDF1ABA280E1CF7] (Malwarebytes) C:\Windows\System32\Drivers\45159E84.sys
2013-02-15 11:23 - 2012-03-28 13:16 - 000216704 ____A [144D54704A881047AE1084C6F1163060] (Ricoh co.,Ltd.) C:\Windows\System32\Drivers\5U877.sys
2018-01-15 15:48 - 2018-01-15 15:48 - 000255928 ____A [BDFA7A13CC73B180BBDF1ABA280E1CF7] (Malwarebytes) C:\Windows\System32\Drivers\6112C6E4.sys
2018-02-11 07:37 - 2018-02-11 07:37 - 000255928 ____A [BDFA7A13CC73B180BBDF1ABA280E1CF7] (Malwarebytes) C:\Windows\System32\Drivers\7227D6D6.sys
2018-02-20 18:54 - 2018-02-20 18:54 - 000255928 ____A [BDFA7A13CC73B180BBDF1ABA280E1CF7] (Malwarebytes) C:\Windows\System32\Drivers\7462558F.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000334208 ____A [D81D9E70B8A6DD14D42D7B4EFA65D5F2] (Microsoft Corporation) C:\Windows\System32\Drivers\acpi.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000012800 ____A [99F8E788246D495CE3794D7E7821D2CA] (Microsoft Corporation) C:\Windows\System32\Drivers\acpipmi.sys
2009-06-10 13:36 - 2009-07-13 18:52 - 000491088 ____A [2F6B34B83843F0C5118B63AC634F5BF4] (Adaptec, Inc.) C:\Windows\System32\Drivers\adp94xx.sys
2009-07-13 14:59 - 2009-07-13 18:52 - 000339536 ____A [597F78224EE9224EA1A13D6350CED962] (Adaptec, Inc.) C:\Windows\System32\Drivers\adpahci.sys
2009-07-13 14:59 - 2009-07-13 18:52 - 000182864 ____A [E109549C90F62FB570B9540C4B148E54] (Adaptec, Inc.) C:\Windows\System32\Drivers\adpu320.sys
2014-10-05 12:41 - 2014-05-29 23:45 - 000497152 ____A [FA886682CFC5D36718D3E436AACF10B9] (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2009-07-13 17:10 - 2009-07-13 17:10 - 000060416 ____A [7ECFF9B22276B73F43A99A15A6094E90] (Microsoft Corporation) C:\Windows\System32\Drivers\agilevpn.sys
2009-07-13 16:38 - 2009-07-13 18:52 - 000061008 ____A [608C14DBA7299D8CB6ED035A68A15799] (Microsoft Corporation) C:\Windows\System32\Drivers\AGP440.sys
2009-07-13 16:19 - 2009-07-13 18:52 - 000015440 ____A [5812713A477A3AD7363C7438CA2EE038] (Acer Laboratories Inc.) C:\Windows\System32\Drivers\aliide.sys
2009-07-13 16:19 - 2009-07-13 18:52 - 000015440 ____A [1FF8B4431C353CE385C875F194924C0C] (Microsoft Corporation) C:\Windows\System32\Drivers\amdide.sys
2009-07-13 16:19 - 2009-07-13 16:19 - 000064512 ____A [7024F087CFF1833A806193EF9D22CDA9] (Microsoft Corporation) C:\Windows\System32\Drivers\amdk8.sys
2009-07-13 16:19 - 2009-07-13 16:19 - 000060928 ____A [1E56388B3FE0D031C44144EB8C4D6217] (Microsoft Corporation) C:\Windows\System32\Drivers\amdppm.sys
2011-12-08 14:06 - 2011-12-08 14:06 - 000107904 ____A [D4121AE6D0C0E7E13AA221AA57EF2D49] (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2009-06-10 13:37 - 2009-07-13 18:52 - 000194128 ____A [F67F933E79241ED32FF46A4F29B5120B] (AMD Technologies Inc.) C:\Windows\System32\Drivers\amdsbs.sys
2011-12-08 14:06 - 2011-12-08 14:06 - 000027008 ____A [540DAF1CEA6094886D72126FD7C33048] (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2017-05-13 07:23 - 2017-02-09 09:03 - 000062464 ____A [B84DDCCB03A9CEDC1E90A88EDA5306DB] (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2009-07-13 14:59 - 2009-07-13 18:52 - 000087632 ____A [C484F8CEB1717C540242531DB7845C4E] (Adaptec, Inc.) C:\Windows\System32\Drivers\arc.sys
2009-07-13 14:59 - 2009-07-13 18:52 - 000097856 ____A [019AF6924AEFE7839F61C830227FE79C] (Adaptec, Inc.) C:\Windows\System32\Drivers\arcsas.sys
2009-07-13 17:10 - 2009-07-13 17:10 - 000023040 ____A [769765CE2CC62867468CEA93969B2242] (Microsoft Corporation) C:\Windows\System32\Drivers\asyncmac.sys
2009-07-13 16:19 - 2009-07-13 18:52 - 000024128 ____A [02062C0B390B7729EDC9E69C680A6F3C] (Microsoft Corporation) C:\Windows\System32\Drivers\atapi.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000155520 ____A [A34FE1E025E88798E746F484956C0720] (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2009-06-10 13:34 - 2009-06-10 13:34 - 000270848 ____A [B5ACE6968304A3900EEB1EBFD9622DF2] (Broadcom Corporation) C:\Windows\System32\Drivers\b57nd60a.sys
2009-07-13 16:31 - 2009-07-13 18:52 - 000028240 ____A [F4DE2AE7A9E1BADAC70BC71EA2C17612] (Microsoft Corporation) C:\Windows\System32\Drivers\battc.sys
2013-01-28 15:15 - 2013-03-27 04:50 - 000170200 ____A [455EB0128FD08E07EACE0C6F754A3AAD] (Broadcom Corporation.) C:\Windows\System32\Drivers\bcbtums.sys
2013-01-28 15:15 - 2012-01-18 00:42 - 000056646 ____A [F85B70AA24F499F6F31CA496DB713244] () C:\Windows\System32\Drivers\BCM20702A1_001.002.014.0449.0462.hex
2009-07-13 17:00 - 2009-07-13 17:00 - 000006656 ____A [16A47CE2DECC9B099349A5F840654746] (Microsoft Corporation) C:\Windows\System32\Drivers\beep.sys
2009-07-13 16:35 - 2009-07-13 16:35 - 000045056 ____A [61583EE3C3A17003C4ACD0475646B4D3] (Microsoft Corporation) C:\Windows\System32\Drivers\blbdrive.sys
2017-05-13 07:22 - 2016-10-05 07:54 - 000090112 ____A [ABA3984C822E4D3F889699912D85D6C5] (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2009-07-13 18:19 - 2009-06-10 13:41 - 000018432 ____A [F09EEE9EDC320B5E1501F749FDE686C8] (Brother Industries, Ltd.) C:\Windows\System32\Drivers\BrFiltLo.sys
2009-07-13 18:20 - 2009-06-10 13:41 - 000008704 ____A [B114D3098E9BDB8BEA8B053685831BE6] (Brother Industries, Ltd.) C:\Windows\System32\Drivers\BrFiltUp.sys
2009-07-13 18:05 - 2009-07-13 18:01 - 000095232 ____A [5C2F352A4E961D72518261257AAE204B] (Microsoft Corporation) C:\Windows\System32\Drivers\bridge.sys
2009-07-13 18:19 - 2009-07-13 18:19 - 000286720 ____A [43BEA8D483BF1870F018E2D02E06A5BD] (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrSerId.sys
2009-07-13 18:20 - 2009-06-10 13:41 - 000047104 ____A [A6ECA2151B08A09CACECA35C07F05B42] (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrSerWdm.sys
2009-07-13 18:20 - 2009-06-10 13:41 - 000014976 ____A [B79968002C277E869CF38BD22CD61524] (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrUsbMdm.sys
2009-07-13 18:20 - 2009-06-10 13:41 - 000014720 ____A [A87528880231C54E75EA7A44943B38BF] (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrUsbSer.sys
2009-07-13 17:06 - 2009-07-13 17:06 - 000041984 ____A [CF98190A94F62E405C8CB255018B2315] (Microsoft Corporation) C:\Windows\System32\Drivers\bthenum.sys
2009-07-13 17:06 - 2009-07-13 17:06 - 000072192 ____A [9DA669F11D1F894AB4EB69BF546A42E8] (Microsoft Corporation) C:\Windows\System32\Drivers\bthmodem.sys
2009-07-13 17:07 - 2009-07-13 17:07 - 000118784 ____A [02DD601B708DD0667E1331FA8518E9FF] (Microsoft Corporation) C:\Windows\System32\Drivers\bthpan.sys
2013-02-15 10:05 - 2012-07-06 13:07 - 000552960 ____A [738D0E9272F59EB7A1449C3EC118E6C4] (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2011-12-08 13:57 - 2011-12-08 13:57 - 000080384 ____A [F188B7394D81010767B6DF3178519A37] (Microsoft Corporation) C:\Windows\System32\Drivers\BTHUSB.SYS
2013-01-28 15:15 - 2012-12-04 04:38 - 000598808 ____A [96E22173FD0E2670A2A20C1EEECA162A] (Broadcom Corporation.) C:\Windows\System32\Drivers\btwampfl.sys
2015-04-18 16:44 - 2012-05-02 07:18 - 000184144 ____A [A771078558477068DFD8037B82EB00F8] (Broadcom Corporation.) C:\Windows\System32\Drivers\btwaudio.sys
2015-04-18 16:44 - 2012-03-06 12:29 - 000210984 ____A [9FF58F76024D25784755B01F926B00BE] (Broadcom Corporation.) C:\Windows\System32\Drivers\btwavdt.sys
2015-04-18 16:44 - 2011-09-18 01:38 - 000039976 ____A [B1ACFD00CDD13B48D86F46BFEC153BF9] (Broadcom Corporation.) C:\Windows\System32\Drivers\btwl2cap.sys
2015-04-18 16:44 - 2012-03-06 12:29 - 000021544 ____A [EDD953D635F3AA89EF902E3F82D60D22] (Broadcom Corporation.) C:\Windows\System32\Drivers\btwrchid.sys
2009-06-10 13:34 - 2009-06-10 13:34 - 000468480 ____A [3E5B191307609F7514148C6832BB0842] (Broadcom Corporation) C:\Windows\System32\Drivers\bxvbda.sys
2009-07-13 16:19 - 2009-07-13 16:19 - 000092160 ____A [B8BD2BB284668C84865658C77574381A] (Microsoft Corporation) C:\Windows\System32\Drivers\cdfs.sys
2013-05-06 21:16 - 2011-10-17 03:00 - 000010224 ____N [F4C086E8E5AA8489E3476BCD40F7542D] (Sonic Solutions) C:\Windows\System32\Drivers\cdr4_xp.sys
2013-05-06 21:16 - 2011-10-17 03:00 - 000010224 ____N [C8EBA97A3C9B64282E8A57E909F1B390] (Sonic Solutions) C:\Windows\System32\Drivers\cdralw2k.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000147456 ____A [F036CE71586E93D94DAB220D7BDF4416] (Microsoft Corporation) C:\Windows\System32\Drivers\cdrom.sys
2009-06-02 16:00 - 2009-06-02 16:00 - 000058368 ____A [37C29F723A1174B21E7CC6E66D7C2C37] (www.winchiphead.com) C:\Windows\System32\Drivers\CH341S64.SYS
2009-07-13 17:06 - 2009-07-13 17:06 - 000045568 ____A [D7CD5C4E1B71FA62050515314CFB52CF] (Microsoft Corporation) C:\Windows\System32\Drivers\circlass.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000179072 ____A [ACFAD0B512226C7A83C7CB09FD55A9AD] (Microsoft Corporation) C:\Windows\System32\Drivers\Classpnp.sys
2009-07-13 16:31 - 2009-07-13 16:31 - 000017664 ____A [0840155D0BDDF1190F84A663C284BD33] (Microsoft Corporation) C:\Windows\System32\Drivers\CmBatt.sys
2009-07-13 16:19 - 2009-07-13 18:52 - 000017488 ____A [E19D3F095812725D88F9001985B94EDD] (CMD Technology, Inc.) C:\Windows\System32\Drivers\cmdide.sys
2017-05-13 07:23 - 2016-11-20 07:07 - 000467392 ____A [A98CED39AD91B445E2E442A9BD67E8B4] (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2009-07-13 16:31 - 2009-07-13 18:52 - 000021584 ____A [102DE219C3F61415F964C88E9085AD14] (Microsoft Corporation) C:\Windows\System32\Drivers\compbatt.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000038912 ____A [03EDB043586CCEBA243D689BDDA370A8] (Microsoft Corporation) C:\Windows\System32\Drivers\CompositeBus.sys
2009-07-13 17:01 - 2009-07-13 18:47 - 000039504 ____A [3E588B60EC061686BA05D33574A344C6] (Microsoft Corporation) C:\Windows\System32\Drivers\crashdmp.sys
2009-07-13 17:01 - 2009-07-13 18:47 - 000024144 ____A [1C827878A998C18847245FE1F34EE597] (Microsoft Corporation) C:\Windows\System32\Drivers\crcdisk.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000514560 ____A [54DA3DFD29ED9F1619B6F53F3CE55E49] (Microsoft Corporation) C:\Windows\System32\Drivers\csc.sys
2017-05-13 07:25 - 2016-09-08 07:55 - 000106496 ____A [9B38580063D281A99E68EF5813022A5F] (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys
2009-07-13 16:37 - 2009-07-13 16:37 - 000040448 ____A [13096B05847EC78F0977F2C0F79E9AB3] (Microsoft Corporation) C:\Windows\System32\Drivers\discache.sys
2009-07-13 16:19 - 2009-07-13 18:47 - 000073280 ____A [9819EEE8B5EA3784EC4AF3B137A5244C] (Microsoft Corporation) C:\Windows\System32\Drivers\disk.sys
2011-12-08 13:58 - 2011-12-08 13:58 - 000027520 ____A [9BBD8B5855BC6578957F82341F9CDE5A] (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000071168 ____A [5DB085A8A6600BE6401F2B24EECB5415] (Microsoft Corporation) C:\Windows\System32\Drivers\dmvsc.sys
2014-04-20 18:05 - 2013-10-03 19:16 - 000116736 ____A [E0D3CD5841E5C7BE7B94BA946AF1E498] (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2009-07-13 17:06 - 2009-07-13 17:06 - 000005632 ____A [9B19F34400D24DF84C858A421C205754] (Microsoft Corporation) C:\Windows\System32\Drivers\drmkaud.sys
2009-07-13 16:19 - 2009-07-13 18:47 - 000028736 ____A [839B5FE3D48E9F35B22C21A3D5103F6C] (Microsoft Corporation) C:\Windows\System32\Drivers\Dumpata.sys
2009-07-13 16:21 - 2009-07-13 18:43 - 000055128 ____A [814DB88F2641691575A455CF25354098] (Microsoft Corporation) C:\Windows\System32\Drivers\dumpfve.sys
2009-07-13 16:38 - 2009-07-13 16:38 - 000016896 ____A [BF24D6F2ED97FE830BFD52B246F98E67] (Microsoft Corporation) C:\Windows\System32\Drivers\dxapi.sys
2009-07-13 16:38 - 2009-07-13 16:38 - 000098816 ____A [FEDE0629ECB23650D48989517D4914DA] (Microsoft Corporation) C:\Windows\System32\Drivers\dxg.sys
2014-10-05 12:41 - 2014-06-15 19:10 - 000985536 ____A [87CE5C8965E101CCCED1F4675557E868] (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-06-23 10:41 - 2013-04-09 23:01 - 000265064 ____A [1F04CFB79DD5FB7694468CE3FB3DCC31] (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-01-28 15:21 - 2015-01-29 06:07 - 000029512 ____A [3CE83D7EE95D9C9F03323810A2E747DF] (Lenovo.) C:\Windows\System32\Drivers\DZHDD64.SYS
2015-10-29 10:55 - 2015-10-29 10:55 - 000506880 ____A [B9D6EF0377E1B3D904B2977C0BC34A0A] (Intel Corporation) C:\Windows\System32\Drivers\e1c62x64.sys
2009-06-10 13:36 - 2009-07-13 18:47 - 000530496 ____A [0E5DA5369A0FCAEA12456DD852545184] (Emulex) C:\Windows\System32\Drivers\elxstor.sys
2009-07-13 16:31 - 2009-07-13 16:31 - 000009728 ____A [34A3C54752046E79A126E15C51DB409B] (Microsoft Corporation) C:\Windows\System32\Drivers\errdev.sys
2009-06-10 13:34 - 2009-06-10 13:34 - 003286016 ____A [DC5D737F51BE844D8C82C695EB17372F] (Broadcom Corporation) C:\Windows\System32\Drivers\evbda.sys
2009-07-13 16:23 - 2009-07-13 16:23 - 000195072 ____A [A510C654EC00C1E9BDD91EEB3A59823B] (Microsoft Corporation) C:\Windows\System32\Drivers\exfat.sys
2018-02-22 13:45 - 2018-02-22 14:06 - 000110016 ____A [20046A5DB1466EBD0DCAEB84D00C5432] (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys
2013-01-28 15:26 - 2012-01-16 23:55 - 000070416 ____N [EB3A7D5663ACAC417DF986D4AEE12170] (Windows ® Win 7 DDK provider) C:\Windows\System32\Drivers\Fastboot.sys
2009-07-13 16:23 - 2009-07-13 16:23 - 000204800 ____A [0ADC83218B66A6DB380C330836F3E36D] (Microsoft Corporation) C:\Windows\System32\Drivers\fastfat.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000029696 ____A [D765D19CD8EF61F650C384F62FAC00AB] (Microsoft Corporation) C:\Windows\System32\Drivers\fdc.sys
2009-07-13 16:34 - 2009-07-13 18:47 - 000070224 ____A [655661BE46B5F5F3FD454E2C3095B930] (Microsoft Corporation) C:\Windows\System32\Drivers\fileinfo.sys
2009-07-13 16:25 - 2009-07-13 16:25 - 000034304 ____A [5F671AB5BC87EEA04EC38A6CD5962A47] (Microsoft Corporation) C:\Windows\System32\Drivers\filetrace.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000024576 ____A [C172A0F53008EAEB8EA33FE10E177AF5] (Microsoft Corporation) C:\Windows\System32\Drivers\flpydisk.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000289664 ____A [DA6B67270FD9DB3697B20FCE94950741] (Microsoft Corporation) C:\Windows\System32\Drivers\fltMgr.sys
2013-01-28 15:05 - 2013-01-28 15:05 - 000023408 ____A [6BD9295CC032DD3077C671FCCF579A7B] (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2009-07-13 16:26 - 2009-07-13 18:47 - 000055376 ____A [D43703496149971890703B4B1B723EAC] (Microsoft Corporation) C:\Windows\System32\Drivers\fsdepends.sys
2016-10-04 14:08 - 2016-10-04 14:08 - 000118160 ____A [62EC4CD5F2D14A2ECF21B163D7B70778] (Future Technology Devices International Ltd.) C:\Windows\System32\Drivers\ftdibus.sys
2016-10-04 14:11 - 2016-10-04 14:11 - 000088752 ____A [AFD2AF07AEC7177A73B736C5203E61CC] () C:\Windows\System32\Drivers\ftser2k.sys
2013-04-14 12:20 - 2013-01-23 23:01 - 000223752 ____A [8F6322049018354F45F05A2FD2D4E5E0] (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2014-10-05 12:41 - 2014-04-04 19:47 - 000288192 ____A [17F685B67C74B8F7BFED4308790B71DE] (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2009-07-13 16:38 - 2009-07-13 18:47 - 000065088 ____A [8C778D335C9D272CFD3298AB02ABE3B6] (Microsoft Corporation) C:\Windows\System32\Drivers\GAGP30KX.SYS
2013-02-21 21:36 - 2012-08-21 14:01 - 000033240 ____A [8E98D21EE06192492A5671A6144D092F] (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2009-06-10 13:30 - 2009-06-10 13:30 - 003440660 ____A [7F29903CB8F5590D52DB0C9F97049A25] () C:\Windows\System32\Drivers\gm.dls
2009-07-13 15:13 - 2009-06-10 13:30 - 000000646 ____A [7111BFA692A22E4B3C07F1E6C6FF6F72] () C:\Windows\System32\Drivers\gmreadme.txt
2009-07-13 15:53 - 2009-06-10 13:31 - 000031232 ____A [F2523EF6460FC42405B12248338AB2F0] (Hauppauge Computer Works, Inc.) C:\Windows\System32\Drivers\hcw85cir.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000122368 ____A [97BFED39B6B79EB12CDDBFEED51F56BB] (Microsoft Corporation) C:\Windows\System32\Drivers\hdaudbus.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000350208 ____A [975761C778E33CD22498059B91E7373A] (Microsoft Corporation) C:\Windows\System32\Drivers\HdAudio.sys
2012-07-17 18:12 - 2012-07-17 18:12 - 000062784 ____A [772A1DEEDFDBC244183B5C805D1B7D85] (Intel Corporation) C:\Windows\System32\Drivers\HECIx64.sys
2009-07-13 16:31 - 2009-07-13 16:31 - 000026624 ____A [78E86380454A7B10A5EB255DC44A355F] (Microsoft Corporation) C:\Windows\System32\Drivers\hidbatt.sys
2009-07-13 17:06 - 2009-07-13 17:06 - 000100864 ____A [7FD2A313F7AFE5C4DAB14798C48DD104] (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
2014-04-20 18:05 - 2013-07-02 21:05 - 000076800 ____A [597C3699384E53CC59587ED50CCE5CA2] (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2009-07-13 17:06 - 2009-07-13 17:06 - 000046592 ____A [0A77D29F311B88CFAE3B13F9C1A73825] (Microsoft Corporation) C:\Windows\System32\Drivers\hidir.sys
2014-04-20 18:05 - 2013-07-02 21:05 - 000032896 ____A [856E76B3641746ABBC2946BED1372098] (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000030208 ____A [9592090A7E2B61CD582B612B6DF70536] (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000078720 ____A [39D2ABCD392F3D8A6DCE7B60AE7B8EFC] (Hewlett-Packard Company) C:\Windows\System32\Drivers\HpSAMD.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000753664 ____A [0EA7DE1ACB728DD5A369FD742D6EEE28] (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000014720 ____A [A5462BD6884960C9DC85ED49D34FF392] (Microsoft Corporation) C:\Windows\System32\Drivers\hwpolicy.sys
2009-07-13 16:19 - 2009-07-13 16:19 - 000105472 ____A [FA55C73D4AFFA7EE23AC4BE53B4592D3] (Microsoft Corporation) C:\Windows\System32\Drivers\i8042prt.sys
2013-01-28 15:03 - 2012-05-29 21:42 - 000569152 ____A [CCFA835960E35F30D28A868E0B3B8722] (Intel Corporation) C:\Windows\System32\Drivers\iaStor.sys
2011-12-08 14:06 - 2011-12-08 14:06 - 000410496 ____A [AAAF44DB3BD0B9D1FB6969B23ECC8366] (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2015-04-18 16:42 - 2014-11-07 17:43 - 000060112 ____A [C5637F74E032C700B6F5D3EA03E8F636] (Lenovo.) C:\Windows\System32\Drivers\ibmpmdrv.sys
2012-09-03 12:52 - 2012-09-03 12:52 - 009000256 ____A [B9857625DF8B539ABCB90E15B5716568] (Intel Corporation) C:\Windows\System32\Drivers\igdkmd64.sys
2009-07-13 14:59 - 2009-07-13 18:48 - 000044112 ____A [5C18831C61933628F5BB0EA2675B9D21] (Intel Corp./ICP vortex GmbH) C:\Windows\System32\Drivers\iirsp.sys
2012-04-19 18:36 - 2012-04-19 18:36 - 000035256 ____A [314285071F7117263BD246E35C17FD82] (Intel Corporation) C:\Windows\System32\Drivers\intelaud.sys
2009-07-13 16:19 - 2009-07-13 18:48 - 000016960 ____A [F00F20E70C6EC3AA366910083A0518AA] (Microsoft Corporation) C:\Windows\System32\Drivers\intelide.sys
2013-01-28 15:16 - 2012-02-20 20:10 - 000015128 ____A [218490329DCB35D866E642BBC09D3A5A] () C:\Windows\System32\Drivers\IntelMEFWVer.dll
2009-07-13 16:19 - 2009-07-13 16:19 - 000062464 ____A [ADA036632C664CAA754079041CF1F8C1] (Microsoft Corporation) C:\Windows\System32\Drivers\intelppm.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000082944 ____A [C9F0E1BD74365A8771590E9008D22AB6] (Microsoft Corporation) C:\Windows\System32\Drivers\ipfltdrv.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000078848 ____A [0FC1AEA580957AA8817B8F305D18CA3A] (Microsoft Corporation) C:\Windows\System32\Drivers\IPMIDrv.sys
2009-07-13 17:10 - 2009-07-13 17:10 - 000116224 ____A [AF9B39A7E7B6CAA203B3862582E9F2D0] (Microsoft Corporation) C:\Windows\System32\Drivers\ipnat.sys
2009-07-13 17:09 - 2009-07-13 17:09 - 000120320 ____A [05360B1EA5A2ABF620D1D96EBD8BD8F1] (Microsoft Corporation) C:\Windows\System32\Drivers\irda.sys
2009-07-13 17:08 - 2009-07-13 17:08 - 000017920 ____A [3ABF5E7213EB28966D55D58B515D5CE9] (Microsoft Corporation) C:\Windows\System32\Drivers\irenum.sys
2009-07-13 16:31 - 2009-07-13 18:48 - 000020544 ____A [2F7B28DC3E1183E5EB418DF55C204F38] (Microsoft Corporation) C:\Windows\System32\Drivers\isapnp.sys
2015-04-18 16:41 - 2013-07-18 01:43 - 000020464 ____A [68CF5515B176527523ED379915350AE3] (Intel Corporation) C:\Windows\System32\Drivers\iusb3hcs.sys
2015-04-18 16:41 - 2013-07-18 01:43 - 000358896 ____A [EE522B28633D275BFE12EF70F4936E37] (Intel Corporation) C:\Windows\System32\Drivers\iusb3hub.sys
2015-04-18 16:41 - 2013-07-18 01:43 - 000795632 ____A [69AB13996A97F8168538F98FB832A86B] (Intel Corporation) C:\Windows\System32\Drivers\iusb3xhc.sys
2012-04-19 18:36 - 2012-04-19 18:36 - 000025528 ____A [4487AD9C070D3973FE28AB4406555FC6] (Intel Corporation) C:\Windows\System32\Drivers\iwdbus.sys
2009-07-13 16:19 - 2009-07-13 18:48 - 000050768 ____A [BC02336F1CBA7DCC7D1213BB588A68A5] (Microsoft Corporation) C:\Windows\System32\Drivers\kbdclass.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000033280 ____A [0705EFF5B42A9DB58548EEC3B26BB484] (Microsoft Corporation) C:\Windows\System32\Drivers\kbdhid.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000243712 ____A [24FBF5CC5C04150073C315A7C83521EE] (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
2017-05-13 07:26 - 2017-02-09 09:35 - 000095464 ____A [3AAA10BAF3F194F7CD34F4C78F8222EE] (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2017-05-13 07:26 - 2017-02-09 09:35 - 000154856 ____A [7B7C28D4E71E4A4365F2B7528DA619F8] (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000020992 ____A [6869281E78CB31A43E969F06B57347C4] (Microsoft Corporation) C:\Windows\System32\Drivers\ksthunk.sys
2009-07-13 17:08 - 2009-07-13 17:08 - 000060928 ____A [1538831CF8AD2979A04C423779465827] (Microsoft Corporation) C:\Windows\System32\Drivers\lltdio.sys
2009-07-13 14:59 - 2009-07-13 18:48 - 000114752 ____A [1A93E54EB0ECE102495A51266DCDB6A6] (LSI Corporation) C:\Windows\System32\Drivers\lsi_fc.sys
2009-07-13 14:59 - 2009-07-13 18:48 - 000106560 ____A [1047184A9FDC8BDBFF857175875EE810] (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas.sys
2009-07-13 14:59 - 2009-07-13 18:48 - 000065600 ____A [30F5C0DE1EE8B5BC9306C1F0E4A75F93] (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas2.sys
2009-07-13 14:59 - 2009-07-13 18:48 - 000115776 ____A [0504EACAFF0D3C8AED161C4B0D369D4A] (LSI Corporation) C:\Windows\System32\Drivers\lsi_scsi.sys
2009-07-13 16:26 - 2009-07-13 16:26 - 000113152 ____A [43D0F98E1D56CCDDB0D5254CFF7B356E] (Microsoft Corporation) C:\Windows\System32\Drivers\luafv.sys
2018-02-22 13:44 - 2017-11-29 09:11 - 000077432 ____A [680AF1647150CF9B061FF40E71C7396A] () C:\Windows\System32\Drivers\mbae64.sys
2018-02-22 13:45 - 2018-02-22 14:06 - 000046008 ____A [29BD0BB2CD7E37B8C248CFA933FBD1F4] (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2018-02-22 13:45 - 2018-02-22 13:45 - 000193968 ____A [5C3083CDE45F25797F6B4310BF916394] (Malwarebytes) C:\Windows\System32\Drivers\MbamChameleon.sys
2018-02-22 13:45 - 2018-02-22 13:45 - 000253880 ____A [B047B9CE5A0D800E6D713B43D0405221] (Malwarebytes) C:\Windows\System32\Drivers\mbamswissarmy.sys
2009-07-13 17:01 - 2009-07-13 17:01 - 000022016 ____A [3C9F072F9DCA856B9FB7A20CBD4281AC] (Microsoft Corporation) C:\Windows\System32\Drivers\mcd.sys
2009-06-10 13:37 - 2009-07-13 18:48 - 000035392 ____A [A55805F747C6EDB6A9080D7C633BD0F4] (LSI Corporation) C:\Windows\System32\Drivers\megasas.sys
2009-07-13 14:59 - 2009-07-13 18:48 - 000284736 ____A [BAF74CE0072480C3B6B7C13B2A94D6B3] (LSI Corporation, Inc.) C:\Windows\System32\Drivers\MegaSR.sys
2009-07-13 17:10 - 2009-07-13 17:10 - 000040448 ____A [800BA92F7010378B09F9ED9270F07137] (Microsoft Corporation) C:\Windows\System32\Drivers\modem.sys
2009-07-13 16:38 - 2009-07-13 16:38 - 000030208 ____A [B03D591DC7DA45ECE20B3B467E6AADAA] (Microsoft Corporation) C:\Windows\System32\Drivers\monitor.sys
2009-07-13 16:19 - 2009-07-13 18:48 - 000049216 ____A [7D27EA49F3C1F687D357E77A470AEA99] (Microsoft Corporation) C:\Windows\System32\Drivers\mouclass.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000031232 ____A [D3BF052C40B0C4166D9FD86A4288C1E6] (Microsoft Corporation) C:\Windows\System32\Drivers\mouhid.sys
2017-05-13 07:26 - 2016-06-14 10:21 - 000094440 ____A [8ADB5445B29941CB41AF2846FD5C93C7] (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000155008 ____A [A44B420D30BD56E145D6A2BC8768EC58] (Microsoft Corporation) C:\Windows\System32\Drivers\mpio.sys
2009-07-13 17:08 - 2009-07-13 17:08 - 000077312 ____A [6C38C9E45AE0EA2FA5E551F2ED5E978F] (Microsoft Corporation) C:\Windows\System32\Drivers\mpsdrv.sys
2017-05-13 07:26 - 2016-09-08 07:55 - 000142336 ____A [98DB1790F0A584E0A2528B92B052417F] (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2017-05-13 07:26 - 2017-02-09 08:55 - 000159744 ____A [819426D736BCBD31CC7CA27221954E04] (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2017-05-13 07:25 - 2017-02-09 08:55 - 000291328 ____A [85CB449B319AF69A3538BB1B97EEA2E5] (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2017-05-13 07:25 - 2017-02-09 08:55 - 000129536 ____A [C0B2DC34587FE163997055AA38EB883A] (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000031104 ____A [C25F0BAFA182CBCA2DD3C851C2E75796] (Microsoft Corporation) C:\Windows\System32\Drivers\msahci.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000140672 ____A [DB801A638D011B9633829EB6F663C900] (Microsoft Corporation) C:\Windows\System32\Drivers\msdsm.sys
2009-07-13 16:19 - 2009-07-13 16:19 - 000026112 ____A [AA3FB40E17CE1388FA1BEDAB50EA8F96] (Microsoft Corporation) C:\Windows\System32\Drivers\msfs.sys
2013-01-28 15:15 - 2013-01-28 15:15 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2013-01-28 15:36 - 2013-01-28 15:36 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_Kernel_iwdbus_01009.Wdf
2014-05-19 06:34 - 2014-05-19 06:34 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
2015-02-14 18:08 - 2015-02-14 18:08 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_Kernel_point64_01011.Wdf
2013-02-15 11:24 - 2013-02-15 11:24 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
2013-01-28 15:10 - 2013-01-28 15:10 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2014-01-24 19:14 - 2014-01-24 19:14 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_Kernel_wfpcapture_01011.Wdf
2013-01-28 15:26 - 2013-01-28 15:26 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2013-01-28 15:26 - 2013-01-28 15:26 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_User_tcwbf_01_09_00.Wdf
2011-02-24 10:04 - 2011-02-24 10:04 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-04-24 07:01 - 2013-04-24 07:01 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-07-23 15:10 - 2013-07-23 15:10 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2013-02-18 08:40 - 2012-06-02 07:35 - 000000003 ____A [933222B19FF3E7EA5F65517EA1F7D57E] () C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-02-18 08:39 - 2012-06-02 07:57 - 000000003 ____A [933222B19FF3E7EA5F65517EA1F7D57E] () C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2009-07-13 17:06 - 2009-07-13 17:06 - 000008192 ____A [F9D215A46A8B9753F61767FA72A20326] (Microsoft Corporation) C:\Windows\System32\Drivers\mshidkmdf.sys
2009-07-13 16:19 - 2009-07-13 18:48 - 000015424 ____A [D916874BBD4F8B07BFB7FA9B3CCAE29D] (Microsoft Corporation) C:\Windows\System32\Drivers\msisadrv.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000273792 ____A [D931D7309DEB2317035B07C9F9E6B0BD] (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000011136 ____A [49CCF2C4FEA34FFAD8B1B59D49439366] (Microsoft Corporation) C:\Windows\System32\Drivers\mskssrv.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000007168 ____A [BDD71ACE35A232104DDD349EE70E1AB3] (Microsoft Corporation) C:\Windows\System32\Drivers\mspclock.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000006784 ____A [4ED981241DB27C3383D72092B618A1D0] (Microsoft Corporation) C:\Windows\System32\Drivers\mspqm.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000366976 ____A [759A9EEB0FA9ED79DA1FB7D4EF78866D] (Microsoft Corporation) C:\Windows\System32\Drivers\msrpc.sys
2009-07-13 16:31 - 2009-07-13 18:48 - 000032320 ____A [0EED230E37515A0EAEE3C2E1BC97B288] (Microsoft Corporation) C:\Windows\System32\Drivers\mssmbios.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000008064 ____A [2E66F9ECB30B4221A318C92AC2250779] (Microsoft Corporation) C:\Windows\System32\Drivers\mstee.sys
2009-07-13 17:02 - 2009-07-13 17:02 - 000015360 ____A [7EA404308934E675BFFDE8EDF0757BCD] (Microsoft Corporation) C:\Windows\System32\Drivers\MTConfig.sys
2014-10-16 15:11 - 2014-10-16 16:31 - 000067584 ____A [FD75AB79EB27660948504FC7AE38FA5E] (Chingachguk & Denger2k (Elite & SP edition)) C:\Windows\System32\Drivers\multikey.sys
2009-07-13 16:23 - 2009-07-13 18:48 - 000060496 ____A [F9A18612FD3526FE473C1BDA678D61C8] (Microsoft Corporation) C:\Windows\System32\Drivers\mup.sys
2018-02-22 13:45 - 2018-02-22 14:12 - 000084256 ____A [8135271183EA7C59BD865873C972159D] (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2013-02-15 10:05 - 2012-08-22 11:12 - 000950128 ____A [760E38053BF56E501D562B70AD796B88] (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2009-07-13 17:08 - 2009-07-13 17:08 - 000035328 ____A [9F9A1F53AAD7DA4D6FEF5BB73AB811AC] (Microsoft Corporation) C:\Windows\System32\Drivers\ndiscap.sys
2009-07-13 17:10 - 2009-07-13 17:10 - 000024064 ____A [30639C932D9FEF22B31268FE25A1B6E5] (Microsoft Corporation) C:\Windows\System32\Drivers\ndistapi.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000056832 ____A [136185F9FB2CC61E573E676AA5402356] (Microsoft Corporation) C:\Windows\System32\Drivers\ndisuio.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000164352 ____A [53F7305169863F0A2BDDC49E116C2E11] (Microsoft Corporation) C:\Windows\System32\Drivers\ndiswan.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000057856 ____A [015C0D8E0E0421B4CFD48CFFE2825879] (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2009-07-13 17:09 - 2009-07-13 17:09 - 000044544 ____A [86743D9F5D2B1048062B14B1D84501C4] (Microsoft Corporation) C:\Windows\System32\Drivers\netbios.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000261632 ____A [09594D1089C523423B32A4229263F068] (Microsoft Corporation) C:\Windows\System32\Drivers\netbt.sys
2014-10-05 12:41 - 2013-11-26 04:40 - 000376768 ____A [3555BA97171CD153118F73FDCCC8BFDE] (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2014-07-01 06:50 - 2014-07-01 06:50 - 011524096 ____A [9233F2F1A3CD407A6622F6D38F120838] (Intel Corporation) C:\Windows\System32\Drivers\NETwsw00.sys
2009-07-13 14:59 - 2009-07-13 18:48 - 000051264 ____A [77889813BE4D166CDAB78DDBA990DA92] (IBM Corporation) C:\Windows\System32\Drivers\nfrd960.sys
2011-03-21 17:44 - 2011-03-21 17:44 - 000033416 ____A [AD42FB061166AF0643806800304BD76F] (Locktime Software) C:\Windows\System32\Drivers\nlndis.sys
2017-02-08 04:56 - 2017-02-08 04:56 - 000105984 ____A [7104EFADB4680B6A3899CBAAFBE5EE0F] (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSAlpc.sys
2016-06-29 06:54 - 2016-06-29 06:54 - 000209168 ____A [EE0435CD263A53AC2BA55ABAFED43274] (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSHttp.sys
2017-02-08 04:56 - 2017-02-08 04:56 - 000119880 ____A [371FD860829BED0AB8DEDAAD6513B535] (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSHttps.sys
2016-06-29 06:54 - 2016-06-29 06:54 - 000123664 ____A [579D93AC089EDAB730203B45A9384D93] (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSIds.sys
2016-06-30 13:10 - 2016-06-30 13:10 - 000075032 ____A [F69499C58D816C54BCC5876EB9CE4D27] (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSNAHSL.sys
2016-06-29 06:54 - 2016-06-29 06:54 - 000114448 ____A [3DEAD0E358B80E85FDC10CD483390B09] (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSpicc.sys
2017-02-08 04:55 - 2017-02-08 04:55 - 000083824 ____A [9882EDCA3B7A2DD0362E92C0BFC51FEE] (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSPihsw.sys
2016-06-29 06:54 - 2016-06-29 06:54 - 000132880 ____A [B1BDDDFF9CABF59441E5C2C100F44AA4] (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSPop3.sys
2016-06-29 06:54 - 2016-06-29 06:54 - 000333584 ____A [5DE4C21234436DC44DE9177AC32D831E] (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSProt.sys
2017-02-08 04:57 - 2017-02-08 04:57 - 000196600 ____A [5118AA106F2236174626F9DD40FB7183] (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSPrv.sys
2016-06-29 06:54 - 2016-06-29 06:54 - 000121104 ____A [FC7B47D0D9A3C79BF26736BFE228B746] (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSSmtp.sys
2016-07-01 05:18 - 2016-07-01 05:18 - 000278432 ____A [FBBC7D427971454C167C288EDE06F28F] (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSStrm.sys
2016-06-29 06:54 - 2016-06-29 06:54 - 000123152 ____A [8C188B1BF8F677AAB7EEC3D945631F56] (Panda Security, S.L.) C:\Windows\System32\Drivers\NNStlsc.sys
2009-07-13 16:19 - 2009-07-13 16:19 - 000044032 ____A [1E4C4AB5C9B8DD13179BBDC75A2A01F7] (Microsoft Corporation) C:\Windows\System32\Drivers\npfs.sys
2009-07-13 16:21 - 2009-07-13 16:21 - 000024576 ____A [E7F5AE18AF4168178A642A9247C63001] (Microsoft Corporation) C:\Windows\System32\Drivers\nsiproxy.sys
2013-04-24 06:05 - 2013-04-12 07:45 - 001656680 ____A [B98F8C6E31CD07B2E6F71F7F648E38C0] (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2009-07-13 16:19 - 2009-07-13 16:19 - 000006144 ____A [9899284589F75FA8724FF3D16AED75C1] (Microsoft Corporation) C:\Windows\System32\Drivers\null.sys
2009-07-13 16:38 - 2009-07-13 18:48 - 000122960 ____A [270D7CD42D6E3979F6DD0146650F0E05] (Microsoft Corporation) C:\Windows\System32\Drivers\NV_AGP.SYS
2015-02-25 11:32 - 2015-02-25 11:32 - 000197408 ____A [C87B11EB78428853F9E8495C47E53C10] (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2015-02-25 11:32 - 2015-02-25 11:32 - 000299664 ____A [9412BBE7B4416692901B1BE8D962183E] (NVIDIA Corporation) C:\Windows\System32\Drivers\nvkflt.sys
2015-02-25 11:32 - 2015-02-25 11:32 - 013045960 ____A [23FDD36706F27B9BAECE11E6C1804F00] (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2015-02-25 11:32 - 2015-02-25 11:32 - 000031560 ____A [98B1C3093E7012691882111DB7978103] (NVIDIA Corporation) C:\Windows\System32\Drivers\nvpciflt.sys
2011-12-08 14:06 - 2011-12-08 14:06 - 000148352 ____A [0A92CB65770442ED0DC44834632F66AD] (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2011-12-08 14:06 - 2011-12-08 14:06 - 000166272 ____A [DAB0E87525C10052BF65F06152F37E4A] (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2009-07-13 17:07 - 2009-07-13 17:07 - 000318976 ____A [1EA3749C4114DB3E3161156FFFFA6B33] (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys
2009-07-13 17:06 - 2009-07-13 17:06 - 000072832 ____A [3589478E4B22CE21B41FA1BFC0B8B8A0] (Microsoft Corporation) C:\Windows\System32\Drivers\ohci1394.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000131584 ____A [0557CF5A2556BD58E26384169D72438D] (Microsoft Corporation) C:\Windows\System32\Drivers\pacer.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000097280 ____A [0086431C29C35BE1DBC43F52CC273887] (Microsoft Corporation) C:\Windows\System32\Drivers\parport.sys
2013-01-28 15:06 - 2013-01-28 15:06 - 000075120 ____A [E9766131EEADE40A27DC27D2D68FBA9C] (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000184704 ____A [94575C0571D1462A0F70BDE6BD6EE6B3] (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys
2009-07-13 16:19 - 2009-07-13 18:45 - 000012352 ____A [B5B8B5EF2E5CB34DF8DCF8831E3534FA] (Microsoft Corporation) C:\Windows\System32\Drivers\pciide.sys
2009-07-13 16:19 - 2009-07-13 18:45 - 000048720 ____A [144497DAA145BA0F7BE896064146C058] (Microsoft Corporation) C:\Windows\System32\Drivers\pciidex.sys
2009-07-13 16:31 - 2009-07-13 18:45 - 000220752 ____A [B2E81D4E87CE48589F98CB8C05B01F2F] (Microsoft Corporation) C:\Windows\System32\Drivers\pcmcia.sys
2009-07-13 16:19 - 2009-07-13 18:45 - 000050768 ____A [D6B9C2E1A11A3A4B26A182FFEF18F603] (Microsoft Corporation) C:\Windows\System32\Drivers\pcw.sys
2017-05-13 07:25 - 2016-06-14 10:11 - 000663552 ____A [EA4D67448BE493D543F1730D6CD04694] (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2013-09-23 12:51 - 2013-09-23 12:51 - 000061104 ____A [9DB24070EFC7817225469E28D0578218] (Microsoft Corporation) C:\Windows\System32\Drivers\pefndis.sys
2014-03-19 15:23 - 2014-03-19 15:23 - 000050896 ____A [E4799B87675C59AA1F620DE5C6F113BB] (Microsoft Corporation) C:\Windows\System32\Drivers\point64.sys
2014-04-20 18:05 - 2013-10-03 18:36 - 000230400 ____A [1E0B4CBBA91C6B041A14ECC2186F7E24] (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2009-07-13 16:19 - 2009-07-13 16:19 - 000060416 ____A [0D922E23C041EFB1C3FAC2A6F943C9BF] (Microsoft Corporation) C:\Windows\System32\Drivers\processr.sys
2012-02-06 22:20 - 2011-12-26 02:10 - 000040248 ____A [05A4779E4994B21473EDBE85AABE8030] (Lenovo Information Product(ShenZhen China) Inc.) C:\Windows\System32\Drivers\psadd.sys
2017-02-12 03:28 - 2017-02-12 03:28 - 000177424 ____A [F71FBBA06B96E2780F0B526759D0615E] (Panda Security, S.L.) C:\Windows\System32\Drivers\PSINAflt.sys
2017-02-12 03:35 - 2017-02-12 03:35 - 000131856 ____A [158864559795BDD893B77FCEAEB949A0] (Panda Security, S.L.) C:\Windows\System32\Drivers\PSINFile.sys
2017-02-20 06:16 - 2017-02-20 06:16 - 000205584 ____A [1A02931E7D5CB758A62F4433BD168D6C] (Panda Security, S.L.) C:\Windows\System32\Drivers\PSINKNC.sys
2017-02-12 03:46 - 2017-02-12 03:46 - 000131344 ____A [186EAA5FCD67658429CDCDB0258AB018] (Panda Security, S.L.) C:\Windows\System32\Drivers\PSINProc.sys
2017-02-12 03:51 - 2017-02-12 03:51 - 000144656 ____A [0956CF08B2BE10663456B52A9CCE876A] (Panda Security, S.L.) C:\Windows\System32\Drivers\PSINProt.sys
2017-02-12 03:40 - 2017-02-12 03:40 - 000114960 ____A [4022C53A9B901158D2A4AB984FAB21BE] (Panda Security, S.L.) C:\Windows\System32\Drivers\PSINReg.sys
2018-02-24 08:23 - 2016-08-08 02:00 - 000070360 ____A [7A0DB69C5FAE330BD9F492A817B9AA8E] (Panda Security, S.L.) C:\Windows\System32\Drivers\PSKMAD.sys
2013-05-06 21:16 - 2011-11-03 03:01 - 000056208 ____N [BC08F7F3C53CBEE68670ED1314E290FD] (Rovi Corporation) C:\Windows\System32\Drivers\PxHlpa64.sys
2009-06-10 13:37 - 2009-07-13 18:45 - 001524816 ____A [A53A15A11EBFD21077463EE2C7AFEEF0] (QLogic Corporation) C:\Windows\System32\Drivers\ql2300.sys
2009-07-13 14:59 - 2009-07-13 18:45 - 000128592 ____A [4F6D12B51DE1AAEFF7DC58C4D75423C8] (QLogic Corporation) C:\Windows\System32\Drivers\ql40xx.sys
2009-07-13 17:09 - 2009-07-13 17:09 - 000046592 ____A [76707BB36430888D9CE9D705398ADB6C] (Microsoft Corporation) C:\Windows\System32\Drivers\qwavedrv.sys
2009-07-13 17:10 - 2009-07-13 17:10 - 000014848 ____A [5A0DA8AD5762FA2D91678A8A01311704] (Microsoft Corporation) C:\Windows\System32\Drivers\rasacd.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000129536 ____A [471815800AE33E6F1C32FB1B97C490CA] (Microsoft Corporation) C:\Windows\System32\Drivers\rasl2tp.sys
2009-07-13 17:10 - 2009-07-13 17:10 - 000092672 ____A [855C9B1CD4756C5E9A2AA58A15F58C25] (Microsoft Corporation) C:\Windows\System32\Drivers\raspppoe.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000111104 ____A [F92A2C41117A11A00BE01CA01A7FCDE9] (Microsoft Corporation) C:\Windows\System32\Drivers\raspptp.sys
2009-07-13 17:10 - 2009-07-13 17:10 - 000083968 ____A [E8B1E447B008D07FF47D016C2B0EEECB] (Microsoft Corporation) C:\Windows\System32\Drivers\rassstp.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000309248 ____A [77F665941019A1594D887A74F301FA2F] (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2009-07-13 17:17 - 2009-07-13 17:17 - 000024064 ____A [302DA2A0539F2CF54D7C6CC30C1F2D8D] (Microsoft Corporation) C:\Windows\System32\Drivers\rdpbus.sys
2009-07-13 17:16 - 2009-07-13 17:16 - 000007680 ____A [CEA6CC257FC9B7715F1C2B4849286D24] (Microsoft Corporation) C:\Windows\System32\Drivers\RDPCDD.sys
2010-11-20 20:25 - 2010-11-20 20:25 - 000165888 ____A [1B6163C503398B23FF8B939C67747683] (Microsoft Corporation) C:\Windows\System32\Drivers\rdpdr.sys
2009-07-13 17:16 - 2009-07-13 17:16 - 000007680 ____A [BB5971A4F00659529A5C44831AF22365] (Microsoft Corporation) C:\Windows\System32\Drivers\RDPENCDD.sys
2009-07-13 17:16 - 2009-07-13 17:16 - 000008192 ____A [216F3FA57533D98E1F74DED70113177A] (Microsoft Corporation) C:\Windows\System32\Drivers\RDPREFMP.sys
2014-11-16 12:17 - 2014-07-16 18:21 - 000212480 ____A [FE571E088C2D83619D2D48D4E961BF41] (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000213888 ____A [34ED295FA0121C241BFEF24764FC4520] (Microsoft Corporation) C:\Windows\System32\Drivers\rdyboost.sys
2009-07-13 17:06 - 2009-07-13 17:06 - 000158720 ____A [3DD798846E2C28102B922C56E71B7932] (Microsoft Corporation) C:\Windows\System32\Drivers\rfcomm.sys
2013-01-28 15:15 - 2011-05-25 18:23 - 000101888 ____A [5A227511ED22DDFEDF7EF7323C8F7D2F] (REDC) C:\Windows\System32\Drivers\risdxc64.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000146432 ____A [CAF88D6573D21CD2AA27001DDBFDC74D] (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys
2013-02-15 10:05 - 2012-07-04 13:26 - 000041472 ____A [0E01641D96889BDEB22DE12D30575B08] (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2013-02-15 10:05 - 2012-07-04 13:26 - 000041472 ____A [9EBE1CA4BEDBAA510DCAC418B87B3C45] (Microsoft Corporation) C:\Windows\System32\Drivers\rndismpx.sys
2009-07-13 17:10 - 2009-07-13 17:10 - 000011264 ____A [388D3DD1A6457280F3BADBA9F3ACD6B1] (Microsoft Corporation) C:\Windows\System32\Drivers\rootmdm.sys
2009-03-30 03:53 - 2009-03-30 03:53 - 000303464 ____A [364DD03F176B93757498FABB3E7F9E32] (Microsoft Corporation) C:\Windows\System32\Drivers\RsFx0100.sys
2009-03-30 03:53 - 2009-03-30 03:53 - 000307560 ____A [EFD0C3EC19390DE6BD5A9A5EC8AFC031] (Microsoft Corporation) C:\Windows\System32\Drivers\RsFx0101.sys
2009-03-30 03:53 - 2009-03-30 03:53 - 000311640 ____A [6C6FDA3133C1C52DF9149D4205D6B07F] (Microsoft Corporation) C:\Windows\System32\Drivers\RsFx0102.sys
2009-03-30 03:53 - 2009-03-30 03:53 - 000311656 ____A [CD553B8633466A6D1C115812F2619F1F] (Microsoft Corporation) C:\Windows\System32\Drivers\RsFx0103.sys
2009-07-13 17:08 - 2009-07-13 17:08 - 000076800 ____A [DDC86E4F8E7456261E637E3552E804FF] (Microsoft Corporation) C:\Windows\System32\Drivers\rspndr.sys
2015-04-18 16:45 - 2013-09-13 19:38 - 000646313 ____A [0F74F85AAB85B099BF900D6FF63D85B9] () C:\Windows\System32\Drivers\RTAIODAT.DAT
2015-04-18 16:45 - 2013-09-13 18:54 - 003641688 ____A [0CDE7928C4B99C25AAED3B4E84E78168] (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2015-04-18 16:45 - 2012-03-08 15:47 - 000002872 ____A [6FA0019CDCE471D8288E95058A2572EA] () C:\Windows\System32\Drivers\SAMSFPA.DAT
2010-11-20 20:23 - 2010-11-20 20:23 - 000103808 ____A [AC03AF3329579FFFB455AA2DAABBE22B] (Microsoft Corporation) C:\Windows\System32\Drivers\sbp2port.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000029696 ____A [253F38D0D7074C02FF8DEB9836C97D2B] (Microsoft Corporation) C:\Windows\System32\Drivers\scfilter.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000171392 ____A [1B1E264203D4EF9D3DA1987AD70355AB] (Microsoft Corporation) C:\Windows\System32\Drivers\scsiport.sys
2009-07-13 19:36 - 2009-06-10 13:37 - 000023040 ____A [3EA8A16169C26AFBEB544E0E48421186] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\System32\Drivers\secdrv.sys
2014-10-16 18:16 - 2009-09-17 07:05 - 000145448 ____A [255476B54C82A89416EFDF09FD62F107] (SafeNet, Inc.) C:\Windows\System32\Drivers\sentinel64.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000023552 ____A [CB624C0035412AF0DEBEC78C41F5CA1B] (Microsoft Corporation) C:\Windows\System32\Drivers\serenum.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000094208 ____A [C1D8E28B2C2ADFAEC4BA89E9FDA69BD6] (Microsoft Corporation) C:\Windows\System32\Drivers\serial.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000026624 ____A [1C545A7D0691CC4A027396535691C3E3] (Microsoft Corporation) C:\Windows\System32\Drivers\sermouse.sys
2009-07-13 17:01 - 2009-07-13 17:01 - 000014336 ____A [A554811BCD09279536440C964AE35BBF] (Microsoft Corporation) C:\Windows\System32\Drivers\sffdisk.sys
2009-07-13 17:01 - 2009-07-13 17:01 - 000013824 ____A [FF414F0BAEFEBA59BC6C04B3DB0B87BF] (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_mmc.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000014336 ____A [DD85B78243A19B59F0637DCF284DA63C] (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_sd.sys
2009-07-13 17:01 - 2009-07-13 17:01 - 000016896 ____A [A9D601643A1647211A1EE2EC4E433FF4] (Microsoft Corporation) C:\Windows\System32\Drivers\sfloppy.sys
2009-06-10 13:37 - 2009-07-13 18:45 - 000043584 ____A [843CAF1E5FDE1FFD5FF768F23A51E2E1] (Silicon Integrated Systems Corp.) C:\Windows\System32\Drivers\sisraid2.sys
2009-07-13 14:59 - 2009-07-13 18:45 - 000080464 ____A [6A6C106D42E9FFFF8B9FCB4F754F6DA4] (Silicon Integrated Systems) C:\Windows\System32\Drivers\sisraid4.sys
2009-07-13 17:09 - 2009-07-13 17:09 - 000093184 ____A [548260A7B8654E024DC30BF8A7C5BAA4] (Microsoft Corporation) C:\Windows\System32\Drivers\smb.sys
2013-02-15 11:24 - 2012-10-17 23:19 - 000044344 ____A [E11C9E13E92DA6747363924CFFCBD7EF] (Synaptics Incorporated) C:\Windows\System32\Drivers\Smb_driver_Intel.sys
2009-07-13 17:00 - 2009-07-13 17:00 - 000020992 ____A [A80348BA03E96C70852959655CA3E084] (Microsoft Corporation) C:\Windows\System32\Drivers\smclib.sys
2013-02-16 08:30 - 2013-02-16 08:30 - 000215536 ____A [B4CF45B6554C4C5C7FC2909F1C10427B] (Apricorn) C:\Windows\System32\Drivers\snapman.sys
2010-10-20 07:05 - 2010-10-20 07:05 - 000059048 ____A [47F99A3FF5900F70ADCF043580E595CB] (SafeNet, Inc.) C:\Windows\System32\Drivers\SNTUSB64.SYS
2009-07-13 17:06 - 2009-07-13 17:06 - 000033792 ____A [B1AB5A5C3DD725FDD0600BCC46A2845E] (Microsoft Corporation) C:\Windows\System32\Drivers\sonydcam.sys
2009-07-13 13:27 - 2009-07-13 18:45 - 000019008 ____A [B9E31E5CACDFE584F34F730A677803F9] (Microsoft Corporation) C:\Windows\System32\Drivers\spldr.sys
2009-06-10 13:48 - 2009-06-10 13:48 - 000426496 ____A [FFF95479C7AB1550F0750A5D01744211] (Microsoft Corporation) C:\Windows\System32\Drivers\spsys.sys
2017-05-13 07:24 - 2017-02-11 08:58 - 000462848 ____A [EB15C46477EB84B6B520871ED5936CCF] (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2017-05-13 07:24 - 2017-02-11 08:58 - 000405504 ____A [7F4FDC9528BCE6FB919615B6A77D5724] (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2017-05-13 07:24 - 2017-02-11 08:58 - 000168960 ____A [3F20CD2A11872284BD667DAD6D4801CC] (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2009-07-13 14:59 - 2009-07-13 18:45 - 000024656 ____A [F3817967ED533D08327DC73BC4D5542A] (Promise Technology) C:\Windows\System32\Drivers\stexstor.sys
2011-12-08 14:06 - 2011-12-08 14:06 - 000189824 ____A [19CB37AC38B802BE9C441D094521A29A] (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000034688 ____A [D34E4943D5AC096C8EDEEBFD80D76E23] (Microsoft Corporation) C:\Windows\System32\Drivers\storvsc.sys
2013-01-28 15:06 - 2013-01-28 15:06 - 000068864 ____A [F85FB5BF61FBA9830512B9ED8239F681] (Microsoft Corporation) C:\Windows\System32\Drivers\stream.sys
2009-07-13 17:00 - 2009-07-13 18:45 - 000012496 ____A [D01EC09B6711A5F8E7E6564A4D0FBC90] (Microsoft Corporation) C:\Windows\System32\Drivers\swenum.sys
2013-04-24 01:23 - 2013-04-24 01:23 - 000460528 ____A [AEAE48AF681BAF5904608FF5D84E3C9C] (Synaptics Incorporated) C:\Windows\System32\Drivers\SynTP.sys
2009-07-13 17:01 - 2009-07-13 17:01 - 000029184 ____A [6E316C01CBA8B785FE495F5CC4F48C6F] (Microsoft Corporation) C:\Windows\System32\Drivers\tape.sys
2014-10-05 12:41 - 2014-04-04 19:47 - 001903552 ____A [04ADD18EE5CC9FBEDAEC1DD1CD0CB45E] (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-02-15 10:05 - 2012-10-03 09:07 - 000045568 ____A [1B16D0BD9841794A6E0CDE0CEF744ABC] (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000026624 ____A [6F020A220388ECA0AB6062DC27BD16B6] (Microsoft Corporation) C:\Windows\System32\Drivers\tdi.sys
2009-07-13 17:16 - 2009-07-13 17:16 - 000015872 ____A [3371D21011695B16333A3934340C4E7C] (Microsoft Corporation) C:\Windows\System32\Drivers\tdpipe.sys
2013-01-28 15:04 - 2013-01-28 15:04 - 000023552 ____A [51C5ECEB1CDEE2468A1748BE550CFBC8] (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000119296 ____A [DDAD5A7AB24D8B65F8D724F5C20FD806] (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000063360 ____A [561E7E1F06895D78DE991E01DD0FB6E5] (Microsoft Corporation) C:\Windows\System32\Drivers\termdd.sys
2013-02-16 08:30 - 2013-02-16 08:30 - 000066032 ____A [644C4D0CD5EDEC837CDAA358F4406457] (Apricorn) C:\Windows\System32\Drivers\tifsfilt.sys
2013-02-16 08:30 - 2013-02-16 08:30 - 000637424 ____A [8719ED3B8C9C24168DA7198A4F5922A3] (Apricorn) C:\Windows\System32\Drivers\timntr.sys
2013-12-04 17:32 - 2011-07-01 03:41 - 000111616 ____A [0146D88C5AEA99A52F050130B9844958] (The Imaging Source Europe GmbH) C:\Windows\System32\Drivers\tisdcam_4401.sys
2009-07-13 16:21 - 2009-07-13 16:21 - 000038400 ____A [DBCC20C02E8A3E43B03C304A4E40A84F] (Microsoft Corporation) C:\Windows\System32\Drivers\tpm.sys
2013-01-28 15:21 - 2015-01-29 06:07 - 000020736 ____A [A9EF6C7E62DC3B01C51CFB92C1596C62] (Lenovo Group Limited) C:\Windows\System32\Drivers\TPPWR64V.SYS
2014-11-16 12:17 - 2014-07-16 18:21 - 000039936 ____A [E232A3B43A894BB327FC161529BD9ED1] (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000059392 ____A [D11C783E3EF9A3C52C0EBE83CC5000E9] (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000031232 ____A [9CC2CCAE8A84820EAECB886D477CBCB8] (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000125440 ____A [3566A8DAAFA27AF944F5D705EAA64894] (Microsoft Corporation) C:\Windows\System32\Drivers\tunnel.sys
2012-02-06 22:20 - 2011-05-29 03:48 - 000040248 ____A [D4915DB03B19F9FD50EC084CC0ED15FC] (Lenovo Information Product(ShenZhen China) Inc.) C:\Windows\System32\Drivers\tvti2c.sys
2013-01-28 15:21 - 2011-12-07 19:59 - 000027432 ____A [760B34088C2AD8D634CC3784EF3A2CA2] (ThinkVantage Communications Utility) C:\Windows\System32\Drivers\tvtvcamd.sys
2009-07-13 16:38 - 2009-07-13 18:45 - 000064080 ____A [B4DD609BD7E282BFC683CEC7EAAAAD67] (Microsoft Corporation) C:\Windows\System32\Drivers\UAGP35.SYS
2010-11-20 20:23 - 2010-11-20 20:23 - 000328192 ____A [FF4232A1A64012BAA1FD97C7B67DF593] (Microsoft Corporation) C:\Windows\System32\Drivers\udfs.sys
2009-07-13 16:38 - 2009-07-13 18:45 - 000064592 ____A [4BFE1BC28391222894CBF1E7D0E42320] (Microsoft Corporation) C:\Windows\System32\Drivers\ULIAGPKX.SYS
2010-11-20 20:23 - 2010-11-20 20:23 - 000048640 ____A [DC54A574663A895C8763AF0FA1FF7561] (Microsoft Corporation) C:\Windows\System32\Drivers\umbus.sys
2009-07-13 17:06 - 2009-07-13 17:06 - 000009728 ____A [B2E8E8CB557B156DA5493BBDDCC1474D] (Microsoft Corporation) C:\Windows\System32\Drivers\umpass.sys
2013-01-28 15:15 - 2013-07-18 01:43 - 000041984 ____A [13C8D4C52C6492E8B19AC39B301B0B55] (Intel Corporation) C:\Windows\System32\Drivers\USB3Ver.dll
2013-03-14 08:07 - 2013-02-11 21:12 - 000019968 ____A [92B3172E8C14C1444682F510843A9988] (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-03-14 08:07 - 2013-02-11 21:12 - 000019968 ____A [7B28E2FBE75115660FAB31079C0A9F29] (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023x.sys
2015-06-10 23:08 - 2015-06-10 23:08 - 000054784 ____A [F957092C63CD71D85903CA0D8370F473] (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl64.sys
2014-04-20 18:05 - 2013-07-12 03:40 - 000109824 ____A [B0435098C81D04CAFFF80DDB746CD3A2] (Microsoft Corporation) C:\Windows\System32\Drivers\USBAUDIO.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000032896 ____A [292A8E03B3FCE04E39B5BE9B14132030] (Microsoft Corporation) C:\Windows\System32\Drivers\USBCAMD2.sys
2014-04-20 18:06 - 2013-11-26 18:42 - 000099840 ____A [91D3C92A44FC682DD791147604E79152] (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2014-04-20 18:05 - 2013-07-12 03:41 - 000100864 ____A [80B0F7D5CCF86CEB5D402EAAF61FEC31] (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2014-04-20 18:06 - 2013-11-26 18:42 - 000007808 ____A [1A13DCABD19D093B4D3949CE33EF1FA1] (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2014-04-20 18:06 - 2013-11-26 18:42 - 000053248 ____A [F7FFDF2A1D19A76A87759126B244C816] (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2014-04-20 18:06 - 2013-11-26 18:42 - 000343040 ____A [245FE7FC634D6A993E682E0A9EBA4ABB] (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2014-04-20 18:06 - 2013-11-26 18:42 - 000025600 ____A [C1A8966E0D09BFB501045105B30D86F2] (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2017-05-11 07:41 - 2017-05-11 07:41 - 000038456 ____A [76A4A8381FC8FCAB7A2B346B3A124E9A] (USBPcap) C:\Windows\System32\Drivers\USBPcap.sys
2014-04-20 18:06 - 2013-11-26 18:42 - 000325120 ____A [D7322DA647332AB0FA3809555BB04325] (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2009-07-13 17:38 - 2009-07-13 17:38 - 000025088 ____A [73188F58FB384E75C4063D29413CEE3D] (Microsoft Corporation) C:\Windows\System32\Drivers\usbprint.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000031744 ____A [C3EC945DEC43C00E2AD4C98DDDD064C7] (Microsoft Corporation) C:\Windows\System32\Drivers\usbrpm.sys
2014-04-20 18:05 - 2013-07-02 21:40 - 000042496 ____A [9661DA76B4531B2DA272ECCE25A8AF24] (Microsoft Corporation) C:\Windows\System32\Drivers\usbscan.sys
2014-04-20 18:05 - 2013-08-28 18:29 - 000033280 ____A [B57B4F0BEC4270A281B9F8537EB2FA04] (Microsoft Corporation) C:\Windows\System32\Drivers\usbser.sys
2011-12-08 14:06 - 2011-12-08 14:06 - 000091648 ____A [FED648B01349A3C8395A5169DB5FB7D6] (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2014-04-20 18:06 - 2013-11-26 18:42 - 000030720 ____A [2E682DCE4319A90E02A327F8A427544A] (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2014-04-20 18:05 - 2013-07-12 03:41 - 000185344 ____A [1F775DA4CF1A3A1834207E975A72E9D7] (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2014-10-05 09:05 - 2014-09-09 17:29 - 000910920 ____A [BC72F198968C1D483435F29ACFAFEA78] (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys
2014-09-09 17:27 - 2014-09-09 17:27 - 000142528 ____A [8FD4BE594B4247E534E5D7CADA47FF20] (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetAdp.sys
2014-09-09 17:27 - 2014-09-09 17:27 - 000116296 ____A [BA25E5462C1FF0FD50D10FE6E8AC01BA] (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSB.sys
2014-10-05 09:05 - 2014-09-09 17:27 - 000129168 ____A [97F31032ECA2AA9CD6F456ADEA27EDA4] (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys
2009-07-13 17:01 - 2009-07-13 18:45 - 000036432 ____A [C5C876CCFC083FF3B128F933823E87BD] (Microsoft Corporation) C:\Windows\System32\Drivers\vdrvroot.sys
2009-07-13 16:38 - 2009-07-13 16:38 - 000029184 ____A [53E92A310193CB3C03BEA963DE7D9CFC] (Microsoft Corporation) C:\Windows\System32\Drivers\vga.sys
2009-07-13 16:38 - 2009-07-13 16:38 - 000029184 ____A [DA4DA3F5E02943C2DC8C6ED875DE68DD] (Microsoft Corporation) C:\Windows\System32\Drivers\vgapnp.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000215936 ____A [2CE2DF28C83AEAF30084E1B1EB253CBB] (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys
2009-07-13 16:19 - 2009-07-13 18:45 - 000017488 ____A [E5689D93FFE4E5D66C0178761240DD54] (VIA Technologies, Inc.) C:\Windows\System32\Drivers\viaide.sys
2009-07-13 16:38 - 2009-07-13 16:38 - 000129024 ____A [E7353D59C9842BC7299FAEB7E7E09340] (Microsoft Corporation) C:\Windows\System32\Drivers\videoprt.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000199552 ____A [86EA3E79AE350FEA5331A1303054005F] (Microsoft Corporation) C:\Windows\System32\Drivers\vmbus.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000021760 ____A [7DE90B48F210D29649380545DB45A187] (Microsoft Corporation) C:\Windows\System32\Drivers\VMBusHID.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000006656 ____A [E60C0A09F997826C7627B244195AB581] (Microsoft Corporation) C:\Windows\System32\Drivers\vms3cap.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000046464 ____A [7785DC213270D2FC066538DAF94087E7] (Microsoft Corporation) C:\Windows\System32\Drivers\vmstorfl.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000071552 ____A [D2AAFD421940F640B407AEFAAEBD91B0] (Microsoft Corporation) C:\Windows\System32\Drivers\volmgr.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000363392 ____A [A255814907C89BE58B79EF2F189B843B] (Microsoft Corporation) C:\Windows\System32\Drivers\volmgrx.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000295808 ____A [0D08D2F3B3FF84E433346669B5E0F639] (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2009-06-10 13:37 - 2009-07-13 18:45 - 000161872 ____A [5E2016EA6EBACA03C04FEAC5F330D997] (VIA Technologies Inc.,Ltd) C:\Windows\System32\Drivers\vsmraid.sys
2009-07-13 17:07 - 2009-07-13 17:07 - 000024576 ____A [36D4720B72B5C5D9CB2B9C29E9DF67A1] (Microsoft Corporation) C:\Windows\System32\Drivers\vwifibus.sys
2009-07-13 17:07 - 2009-07-13 17:07 - 000059904 ____A [6A3D66263414FF0D6FA754C646612F3F] (Microsoft Corporation) C:\Windows\System32\Drivers\vwififlt.sys
2009-07-13 17:07 - 2009-07-13 17:07 - 000017920 ____A [6A638FC4BFDDC4D9B186C28C91BD1A01] (Microsoft Corporation) C:\Windows\System32\Drivers\vwifimp.sys
2009-07-13 17:02 - 2009-07-13 17:02 - 000027776 ____A [4E9440F4F152A7B944CB1663D3935A3E] (Microsoft Corporation) C:\Windows\System32\Drivers\wacompen.sys
2010-11-20 20:24 - 2010-11-20 20:24 - 000088576 ____A [356AFD78A6ED4457169241AC3965230C] (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2009-07-13 16:37 - 2009-07-13 16:37 - 000042496 ____A [FC438D1430B28618E2D0C7C332A710AD] (Microsoft Corporation) C:\Windows\System32\Drivers\watchdog.sys
2009-07-13 16:19 - 2009-07-13 18:45 - 000021056 ____A [72889E16FF12BA0F235467D6091B17DC] (Microsoft Corporation) C:\Windows\System32\Drivers\wd.sys
2014-04-20 18:05 - 2013-06-25 15:55 - 000785624 ____A [E2C933EDBC389386EBE6D2BA953F43D8] (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-02-18 08:40 - 2012-07-25 21:55 - 000054376 ____A [AEA0A67275CFBA0E463E00C6E9A1DDAE] (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2013-09-23 12:51 - 2013-09-23 12:51 - 000060080 ____A [D562B77F402805459B8F113B9C4737A5] (Microsoft Corporation) C:\Windows\System32\Drivers\wfpcapture.sys
2009-07-13 17:09 - 2009-07-13 17:09 - 000012800 ____A [611B23304BF067451A9FDEE01FBDD725] (Microsoft Corporation) C:\Windows\System32\Drivers\wfplwf.sys
2009-07-13 16:29 - 2009-07-13 18:45 - 000022096 ____A [05ECAEC3E4529A7153B3136CEB49F0EC] (Microsoft Corporation) C:\Windows\System32\Drivers\wimmount.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000052096 ____A [B4A1002206F6810EABC027DBBCE3B737] (Microsoft Corporation) C:\Windows\System32\Drivers\winhv.sys
2010-11-20 20:23 - 2010-11-20 20:23 - 000041984 ____A [FE88B288356E7B47B74B13372ADD906D] (Microsoft Corporation) C:\Windows\System32\Drivers\winusb.sys
2009-07-13 16:31 - 2009-07-13 16:31 - 000014336 ____A [F6FF8944478594D0E414D3F048F0D778] (Microsoft Corporation) C:\Windows\System32\Drivers\wmiacpi.sys
2009-07-13 16:19 - 2009-07-13 18:45 - 000016464 ____A [FC146F46872D4C5B529B89A5131FD1E6] (Microsoft Corporation) C:\Windows\System32\Drivers\wmilib.sys
2009-07-13 17:10 - 2009-07-13 17:10 - 000021504 ____A [6BCC1D7D2FD2453957C5479A32364E52] (Microsoft Corporation) C:\Windows\System32\Drivers\ws2ifsl.sys
2009-07-13 17:39 - 2009-07-13 17:39 - 000023040 ____A [8D918B1DB190A4D9B1753A66FA8C96E8] (Microsoft Corporation) C:\Windows\System32\Drivers\WSDPrint.sys
2013-02-18 08:39 - 2012-07-25 19:26 - 000087040 ____A [AB886378EEB55C6C75B4F2D14B6C869F] (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2013-02-18 08:39 - 2012-07-25 19:26 - 000198656 ____A [DDA4CAF29D8C0A297F886BFE561E6659] (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2010-11-21 00:06 - 2017-05-19 13:31 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\en-US
2010-11-21 00:06 - 2010-11-21 00:06 - 000011776 ____A [54DB21D20958E3D690BCC9F85E760354] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\1394ohci.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000009216 ____A [32022C811A44B86FF45D20ACAB6D9BF6] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\acpi.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000014848 ____A [E6A5E6AD9C6F4F30061068F321C0EC5A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\afd.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 ____A [112E5E0E93886F5F4662F8AB16A41953] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\AGP440.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002048 ____A [431EEF89634DC46CCADD489A5E242D96] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\amdide.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000014336 ____A [5A407CCC623EF4748FCFD65D8BF36E53] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\amdk8.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000014336 ____A [02EF6091D3B2E3DD52148D69B084CC6A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\amdppm.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003072 ____A [0AB55BC2F5C3B1F6DD41C4A8F2C598AE] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ataport.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003072 ____A [2990593CBE18904D5EC0D8D012F56BE0] (ATI Technologies Inc.) C:\Windows\System32\Drivers\en-US\atikmdag.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000007168 ____A [39C77D306B5BC4EE5B84F257BD8C11D4] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\battc.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000025600 ____A [D33E31F95C553085F8F008269716AE3C] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bfe.dll.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 ____A [19772EAF65F4DC67D258A0204BDF53BB] (Brother Industries Ltd.) C:\Windows\System32\Drivers\en-US\BrParwdm.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000010240 ____A [E2D40298D837850BE3D3ED553D557916] (Brother Industries Ltd.) C:\Windows\System32\Drivers\en-US\BrSerIb.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000010240 ____A [FFFAE2F485EE4846D3926D8143DC52D0] (Brother Industries Ltd.) C:\Windows\System32\Drivers\en-US\BrSerId.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002048 ____A [996AD950DC5511CAC3E23887F36D00CE] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bthenum.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000004608 ____A [9F6C0ED8C73E45B8B39E93C4F19EC51D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bthpan.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000007680 ____A [E811F270074C90EFFB62E26419C5A478] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bthport.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 ____A [427AFD042BF91F651AAAF2F8333946D3] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\BTHUSB.SYS.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002048 ____A [E4AD0963F2B4C256C9B752809FF5A17D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\cdrom.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002048 ____A [E113E3358247C4399ACAA9394A13CAC1] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\disk.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 ____A [4DF602FA4237A02CFBA5443807ACE756] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\Dot4usb.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000005120 ____A [9F29D656CAA5CB37DC988FC1B0899728] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\fltmgr.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000014336 ____A [F376F1DB8D6B5C7D4AACA77016547269] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\fvevol.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 ____A [F800E677010DCCC1D1F3DD80C1208ADD] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\GAGP30KX.SYS.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000004096 ____A [CF9ED88D2707FB6175D56A8EEF56AE2A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\hdaudbus.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003072 ____A [C9AFAE18805C92774E55D85C34687D98] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\HdAudio.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003072 ____A [6289F615503FABB5721E885F76C21094] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\hidbth.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000032256 ____A [E7385B794486432C74CA8CBEAE1E957C] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\http.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000010240 ____A [7932917F9F40083310D3C597CA89138A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\i8042prt.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000014336 ____A [A9DAE67F67C8736EAB89BE629A100134] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\intelppm.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000006144 ____A [32E82AD8C30775AF16F8FCB6B233768E] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\IPMIDrv.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003584 ____A [13121C32919056A572109E59591E3DD1] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ipnat.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003584 ____A [095EE8818E7CFEEFCA144737D5EE7EC5] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\isapnp.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000004608 ____A [07E46CC39BDC4296D798560E248C4C8F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\kbdclass.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 ____A [7776875C8810B7995B7F8935A73C5675] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\kbdhid.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000006144 ____A [09654F384E8F48403AFEED23EC29D98A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\luafv.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003584 ____A [B9D5D5C08D86E45933607821949F64A3] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\modem.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000004096 ____A [586AF4C75447643EA998E7AFE717F6B3] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mouclass.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 ____A [A15D1C07F7CF3AF5F8595187D7B2D7BA] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mouhid.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 ____A [838D30D5F14F004544A4A139CA5EB95D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mountmgr.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000026624 ____A [5824985855E951FD7081EDA73014159F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mpio.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000005632 ____A [21DDE99325EE591D56E838F65372FCDC] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\msdsm.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003072 ____A [21AD775A1C84C086E630D3C8BEE807FF] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mssmbios.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 ____A [CD483881C9EEAA0A092BADB0E9E31D44] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\MTConfig.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000035328 ____A [C3DB52AAA8F7FBE7BB48BBE1552FD9D4] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ndis.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000005632 ____A [0E5C3B2A88938BFA39A3660525EED627] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ndiscap.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003072 ____A [82364E6C73DE7B0D9A14ED696663691D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ndisuio.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000059904 ____A [826CC149F7AE403090D8EE13421907D3] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ntfs.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 ____A [402C5F373E3348172A21E2C4E47FE9A5] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\NV_AGP.SYS.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000013824 ____A [4A911620A8D4A92B4829088313262C65] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\nwifi.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000011776 ____A [FCF1928FC42F3FF495AABBF531925912] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ohci1394.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000015360 ____A [FE8EE46359CCA5797116E999AC9027E8] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pacer.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003584 ____A [1897DD879E564636B62C7438BEDD7ED8] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\parport.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 ____A [5B7B4A639557BCCBF6CFB19D01CED6F6] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\partmgr.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000008192 ____A [852A0E7E335D7403456C5493C3602DFA] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pci.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000004096 ____A [C4179FB59F7C58207724DD200A50A623] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pcmcia.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 ____A [A32BF5D2ABCE0A52AC08759883100FA1] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pnpmem.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003584 ____A [FD3DC59E253F1588CFDC984A08D5AB06] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\portcls.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000014336 ____A [12EE9100FC4EE882DC9D807518EA456F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\processr.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003584 ____A [9AE150B07FBB235F7DD98B016B728245] (SCM Microsystems, Inc.) C:\Windows\System32\Drivers\en-US\pscr.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 ____A [EBF10A20E41E54D35E24BB1477B3790A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\qwavedrv.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000004608 ____A [836EC1DA853C3CC5AFA72FF1C56FECC1] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rdbss.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 ____A [6289416B950764322B45E9C55A5645B4] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rdpwd.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003072 ____A [0A86155D9CF13C36C1C11097895B7D23] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\RNDISMP.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003072 ____A [69A5BEFB6D15DB21FEA9ACC7E514B29E] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rndismp6.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003072 ____A [0A86155D9CF13C36C1C11097895B7D23] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rndismpx.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 ____A [68A170329824FD91839D15DA6CB616C8] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\scfilter.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003072 ____A [67BDCDBBB8FB81865DCDB07142471C81] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\scsiport.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000010240 ____A [28FDCD5276E588B1C82E8390C331A672] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\serial.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000005120 ____A [EC3DB882F53F67457701F2674E16A255] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\sermouse.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 ____A [531E4F70FCD5D5A278EAB6E2D1849847] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\serscan.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 ____A [8B900D6E6253E72975747D40F0B4CE4D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\srv.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000044032 ____A [147A70680DFE10726938C932C529C500] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tcpip.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000004096 ____A [3D6B1FE4ABBF448D3A51075B7291E4BD] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tpm.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003072 ____A [21F72D8267B7CADE3A734212E5B6B8B4] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tsusbflt.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000007680 ____A [00D0ADEB9470F4E73C675F4271579AEE] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tunnel.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 ____A [258EE691A306B61FD78F6EA2AE68EC4D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\UAGP35.SYS.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 ____A [0603331E5CCDC80476C869C22AB49CEC] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ULIAGPKX.SYS.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003072 ____A [B1EF6396D59394A839242635B193C19D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\umbus.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000011776 ____A [293E4A13C5D84CC4AF49EF3DC1CF1EA2] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbhub.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000024576 ____A [DC9385D41849D0D7E357B34E3C157B52] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbport.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002048 ____A [A477495EDAB1FC652C3E7F48D9879E61] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbrpm.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003584 ____A [B6CBD22F79E099E7B9C7AD30B0EB3E33] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\vdrvroot.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000003584 ____A [9EA0366724437C0448BC242C90D073BF] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\vhdmp.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 ____A [8B43588430EBA0E1C4C6B2909B3FA616] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\volmgrx.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000023552 ____A [308E04CFA8407B0C7099C9D40BC19023] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\volsnap.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002048 ____A [AC0CDAA74A6DF9FA99D39BA5E3E32852] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\vwifibus.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000004096 ____A [4820660F8636CA590F6DDE44037C240A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wacompen.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002048 ____A [29F6CD4D49286520658A9F8257DB95ED] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wd.sys.mui
2013-02-18 08:40 - 2012-07-25 21:47 - 000002560 ____A [986A09DC5E1645ED4733065547DCC5DD] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wdf01000.sys.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000002048 ____A [FA13EB401D8A26D185C6D0B2AA1427E5] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ws2ifsl.sys.mui
2009-07-13 20:20 - 2018-02-23 17:28 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\etc
2009-07-13 19:34 - 2009-06-10 14:00 - 000000824 ____A [3688374325B992DEF12793500307566D] () C:\Windows\System32\Drivers\etc\~hosts
2009-07-13 19:34 - 2012-11-16 12:56 - 000306052 ____A [207B3DE8596ABC5DFA840489ABCC962F] () C:\Windows\System32\Drivers\etc\~hosts (2)
2009-07-13 19:34 - 2018-02-23 17:28 - 000000035 ____A [90C8F3BA7DB5CB3562298C2E11C97C52] () C:\Windows\System32\Drivers\etc\hosts
2018-01-16 06:50 - 2018-01-15 15:43 - 000306189 ____A [1DBA3AB50516FFE63668A81B6F7B1FE2] () C:\Windows\System32\Drivers\etc\hosts.old
2009-07-13 19:35 - 2009-06-10 14:00 - 000003683 ____A [18413B90E1B291EC3E777A845C37CFEE] () C:\Windows\System32\Drivers\etc\lmhosts.sam
2009-07-13 19:34 - 2009-06-10 14:00 - 000000407 ____A [B65A1232FB4B35827CE7C5E2F8EC8947] () C:\Windows\System32\Drivers\etc\networks
2009-07-13 19:34 - 2009-06-10 14:00 - 000001358 ____A [7700D22FA108234E623D65FA72D9E29C] () C:\Windows\System32\Drivers\etc\protocol
2009-07-13 19:34 - 2009-06-10 14:00 - 000017463 ____A [D9E1A01B480D961B7CF0509D597A92D6] () C:\Windows\System32\Drivers\etc\services
2009-07-13 20:20 - 2013-11-18 18:37 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF
2012-08-08 12:16 - 2012-08-08 12:16 - 001014440 ____A [94EB4CB0E760EC2808176D6C85B9091F] (AuthenTec) C:\Windows\System32\Drivers\UMDF\SETAC65.tmp
2013-02-27 14:12 - 2013-02-27 14:12 - 001014880 ____A [837FEE8B64939C0EF26E399E74036968] (AuthenTec) C:\Windows\System32\Drivers\UMDF\tcwbf.dll
2009-07-13 17:21 - 2009-07-13 18:41 - 000299520 ____A [91D6F0AB79AA36FFB932157865206F35] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\WpdFs.dll
2009-07-13 17:22 - 2009-07-13 18:41 - 001195008 ____A [C97BBC1F50B859CD729DD8FED715CCB1] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\WpdMtpDr.dll
2010-07-13 11:29 - 2010-07-13 11:29 - 001093632 ____A [8336EC0880989B921024C451BE9264BD] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\ZuneDriver.dll
2010-11-21 00:06 - 2010-11-21 00:06 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF\en-US
2010-11-21 00:06 - 2010-11-21 00:06 - 000002560 ____A [5D15B0705E707F02D71B9547007D2727] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\WpdMtpDr.dll.mui
2010-11-21 00:06 - 2010-11-21 00:06 - 000006144 ____A [930D103D5C3BE0F6074C67C0F3296602] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\WUDFUsbccidDriver.dll.mui

====== End of Folder: ======


========= Reg query "HKLM\SYSTEM\Select" =========


HKEY_LOCAL_MACHINE\SYSTEM\Select
    Current    REG_DWORD    0x1
    Default    REG_DWORD    0x1
    Failed    REG_DWORD    0x0
    LastKnownGood    REG_DWORD    0x2



========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3290605264-3539594492-3422607212-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset C:\resettcpip.txt =========

Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

Failed to clear log AirSpaceChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
Failed to clear log DebugChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
Failed to clear log Microsoft-RMS-MSIPC/Debug. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.

========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5893045 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2843 B
Edge => 0 B
Chrome => 0 B
Firefox => 7637569 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
UpdatusUser => 0 B
Joe => 6189235 B

RecycleBin => 0 B
EmptyTemp: => 26.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:27:26 ====



#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:43 AM

Posted 24 February 2018 - 01:27 PM

I believe this time we got it.

Now let's do a sweep with RogueKiller and AdwCleaner.

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
Your next reply(ies) should therefore contain:
  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 zzyzxx_x

zzyzxx_x
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 24 February 2018 - 04:35 PM

Yes, I think it's gone. No more "client" applications running, and no more mysterious network usage :)

 

Here's the RogueKiller log:

 

RogueKiller V12.12.5.0 (x64) [Feb 19 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Joe [Administrator]
Started from : C:\Users\Joe\Desktop\RogueKiller_portable64.exe
Mode : Scan -- Date : 02/24/2018 13:55:55 (Duration : 00:21:05)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 7 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Babylon -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3290605264-3539594492-3422607212-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.SearchEngine][Firefox:Config] smq49ua9.default : user_pref("browser.search.defaultenginename", "DuckDuckGo HTTP"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: OCZ-SOLID3 +++++
--- User ---
[MBR] 280703731007ee2be460fec227128794
[BSP] 367202a9a5a7680bf5a7cf5f94be63b5 : Lenovo|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 1443 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2955960 | Size: 456417 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Samsung Portable SSD T5 +++++
--- User ---
[MBR] 21eeb046bc6191733ecd44e4177c9a7a
[BSP] be609fb886169a51e9124466edbd3f03 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB [Unknown Bootstrap | Unknown Bootloader]
User = LL1 ... OK
User = LL2 ... OK

 

The AdwCleaner didn't leave a log, however when it completed, a pop-up window said something to the effect of "Nothing found!"

 

Thanks again for your help with this. Great work!

I was absolutely dreading the thought of re-installing Windows...you saved the day, err, week!

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users