Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue screens, blocked sites, random site closures


  • This topic is locked This topic is locked
23 replies to this topic

#1 sh4rkbyt31

sh4rkbyt31

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 21 February 2018 - 04:42 PM

I'm not sure what's going on at this point. Been happening for almost a month internittently and now is become a regular issue. Experienced the title listed issues and then replaced the motherboard thinking it may be something electrical. I regularly scan my drives with Malwarebytes, Eset Nod32, and a few other programs. Recently only found one item but am still experiencing weird things going on.

Included is my FRST64 scan results:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.02.2018
Ran by Gemini IV (administrator) on GEMINIIV-PC (21-02-2018 16:28:52)
Running from L:\
Loaded Profiles: Gemini IV (Available Profiles: Gemini IV)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Windows\DAODx.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\FAHClient\FAHClient.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\FAHClient\FAHCoreWrapper.exe
() C:\Users\Gemini IV\AppData\Roaming\FAHClient\cores\fahwebx.stanford.edu\cores\Win32\AMD64\NVIDIA\Fermi\Core_21.fah\FahCore_21.exe
() C:\Program Files (x86)\FAHClient\FAHCoreWrapper.exe
() C:\Users\Gemini IV\AppData\Roaming\FAHClient\cores\fahwebx.stanford.edu\cores\Win32\AMD64\AVX\Core_a7.fah\FahCore_a7.exe
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser_crashreporter.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() C:\Program Files\AVAST Software\Avast\AvastNM.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17361016 2016-12-19] (Logitech Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [243496 2018-01-28] (AVAST Software)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-08-04] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1767816 2016-08-05] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1953688 2016-08-05] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3833649738-2791359992-3759682749-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10290608 2018-02-07] (Piriform Ltd)
HKU\S-1-5-21-3833649738-2791359992-3759682749-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.)
HKU\S-1-5-21-3833649738-2791359992-3759682749-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILOE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3833649738-2791359992-3759682749-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-12-12] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-12-12] (Garmin Ltd. or its subsidiaries)
IFEO\bd_advisor.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\consumer_cpl.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\effectextractor.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\foxitreader.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\lcore.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\mediaespresso.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\mediashow6.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\olrsubmission.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\pdvdlaunchpolicy.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\powerbackup.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\prefutil.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\ps.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\readysharevault.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\steam.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\wddriveutilities.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\wdsecurity.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2017-11-10]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{17122FF1-0017-44FD-8686-938296993877}: [DhcpNameServer] 172.16.42.1
Tcpip\..\Interfaces\{9C100BA6-B061-4C46-B05A-D56643A2177D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A38814FF-D7E7-4033-851B-500EE7F521D0}: [NameServer] 208.67.222.222,208.67.220.230
Tcpip\..\Interfaces\{A38814FF-D7E7-4033-851B-500EE7F521D0}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3833649738-2791359992-3759682749-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3833649738-2791359992-3759682749-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.duckduckgo.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3833649738-2791359992-3759682749-1000 -> {36F7F8E3-BD30-4af3-B9F8-0CF355A38D82} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
SearchScopes: HKU\S-1-5-21-3833649738-2791359992-3759682749-1000 -> {D44BF8BE-6D97-4d1b-8821-BD74F40C5BE0} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-01-28] (AVAST Software)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-23] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-01-28] (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-23] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Gemini IV\AppData\Roaming\Mozilla\Firefox\Profiles\33uh42ed.default-1475180159640 [2018-02-21]
FF Extension: (Avast Passwords) - C:\Users\Gemini IV\AppData\Roaming\Mozilla\Firefox\Profiles\33uh42ed.default-1475180159640\Extensions\jid1-r1tDuNiNb4SEww@jetpack.xpi [2018-02-21]
FF Extension: (Avast SafePrice) - C:\Users\Gemini IV\AppData\Roaming\Mozilla\Firefox\Profiles\33uh42ed.default-1475180159640\Extensions\sp@avast.com.xpi [2018-02-21]
FF Extension: (Avast Online Security) - C:\Users\Gemini IV\AppData\Roaming\Mozilla\Firefox\Profiles\33uh42ed.default-1475180159640\Extensions\wrc@avast.com.xpi [2017-11-10]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-06-01] ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-23] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-01-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-01-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3833649738-2791359992-3759682749-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7564512 2018-01-28] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [300600 2018-01-28] (AVAST Software)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [7650600 2018-01-28] (AVAST Software)
S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-02] (CyberLink)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
S4 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-06-29] (Foxit Software Inc.)
S4 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1134608 2017-12-12] (Garmin Ltd. or its subsidiaries)
S4 GenieTimelineService; C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineService.exe [673856 2014-06-18] (Genie9)
S4 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Leawo_service; C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe [1232880 2014-05-04] ()
S4 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2016-12-19] (Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519240 2018-01-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519240 2018-01-23] (NVIDIA Corporation)
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [315768 2016-08-05] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [84816 2014-01-27] (Asmedia Technology)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [192944 2018-01-28] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2017-12-21] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2017-12-21] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2017-12-21] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2017-12-21] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [190440 2018-01-28] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-01-28] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146648 2018-01-28] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110328 2018-01-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-01-28] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-01-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [459952 2018-01-28] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205464 2018-01-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [379448 2018-01-28] (AVAST Software)
S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [83968 2013-12-03] (ASIX Electronics Corp.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 epp; C:\EEK\bin64\epp.sys [124552 2017-04-22] (Emsisoft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-05-09] ()
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2016-12-19] (Logitech Inc.)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2016-12-19] (Logitech Inc.)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-21] (Malwarebytes)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2017-04-05] (CACE Technologies, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30280 2018-01-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [59240 2018-01-23] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-12-05] (NVIDIA Corporation)
S3 skfiltv; C:\Windows\System32\drivers\skfiltv.sys [24064 2008-08-14] (Creative Technology Ltd.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-06-06] (BitDefender S.R.L.)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2016-08-05] (Western Digital Technologies)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [107872 2015-06-06] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [107872 2015-06-06] (Zemana Ltd.)
S2 AODDriver4.2; \??\C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver2.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-21 16:28 - 2018-02-21 16:28 - 000000000 ____D C:\FRST
2018-02-21 12:09 - 2018-02-21 12:09 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2018-02-21 11:15 - 2018-02-21 11:15 - 008222496 _____ (Malwarebytes) C:\Users\Gemini IV\Desktop\adwcleaner_7.0.8.0.exe
2018-02-19 22:02 - 2018-02-19 22:03 - 000000000 ____D C:\Users\Gemini IV\Desktop\GE-7 Pedal
2018-02-19 20:59 - 2018-02-19 21:00 - 000000000 ____D C:\Users\Gemini IV\Desktop\85mm
2018-02-19 19:45 - 2018-02-21 16:05 - 000516152 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-12 17:05 - 2018-02-12 17:05 - 000000000 ____D C:\Program Files (x86)\ASM106xSATA
2018-02-12 17:04 - 2018-02-12 17:04 - 012707908 _____ C:\Users\Gemini IV\Desktop\Asmedia_Win7-8-81-10_V1340-2080-3160.zip
2018-02-12 17:04 - 2018-02-12 17:04 - 000000000 ____D C:\Users\Gemini IV\Desktop\Asmedia_Win7-8-81-10_V1340-2080-3160
2018-02-12 17:03 - 2018-02-12 17:03 - 000000000 ____D C:\Users\Gemini IV\Desktop\Asmedia_USB3_XPVistaWin7-8-81_VER116120
2018-02-12 17:03 - 2018-02-12 17:03 - 000000000 ____D C:\Program Files (x86)\ASM104xUSB3
2018-02-12 17:02 - 2018-02-12 17:02 - 005500868 _____ C:\Users\Gemini IV\Desktop\Asmedia_USB3_XPVistaWin7-8-81_VER116120.zip
2018-02-12 16:59 - 2018-02-12 16:59 - 000000000 ____D C:\Program Files (x86)\AMD APP
2018-02-12 16:59 - 2018-02-12 16:58 - 000058536 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2018-02-12 16:58 - 2018-02-12 16:58 - 000016896 _____ (ASUS) C:\Windows\AsTaskSched.dll
2018-02-12 16:58 - 2018-02-12 16:58 - 000000000 ____D C:\Program Files\ATI Technologies
2018-02-12 16:58 - 2018-02-12 16:58 - 000000000 ____D C:\Program Files\ATI
2018-02-12 16:57 - 2018-02-12 16:57 - 000000000 ____D C:\Users\Gemini IV\Desktop\AMD_Chipset_XPVistaWin7_8_V8973_V901
2018-02-12 16:49 - 2018-02-12 16:55 - 944709898 _____ C:\Users\Gemini IV\Desktop\AMD_Chipset_XPVistaWin7_8_V8973_V901.zip
2018-01-28 10:01 - 2018-01-28 10:01 - 000058080 _____ C:\Users\Gemini IV\Desktop\bca29f20-1037-11e8-b1b7-53a32e7d9dad_image-1229.cf.webp
2018-01-28 09:11 - 2018-01-28 09:11 - 003384642 _____ C:\Users\Gemini IV\Desktop\CROSSHAIR-V-FORMULA-Z-ASUS-2201.zip
2018-01-28 08:56 - 2018-01-28 08:56 - 000000000 ____D C:\Users\Gemini IV\ansel
2018-01-28 08:53 - 2018-01-28 08:53 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2018-01-28 08:53 - 2018-01-28 08:53 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-01-28 08:53 - 2018-01-23 17:42 - 000137712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-01-28 08:53 - 2017-11-02 15:15 - 000928568 _____ C:\Windows\system32\vulkan-1.dll
2018-01-28 08:53 - 2017-11-02 15:15 - 000798520 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-01-28 08:53 - 2017-11-02 15:15 - 000490808 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-01-28 08:53 - 2017-11-02 15:14 - 000591672 _____ C:\Windows\system32\vulkaninfo.exe
2018-01-28 08:51 - 2018-01-23 19:19 - 040269808 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 035359216 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 035180016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 027940336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 022583576 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 019795824 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 019686704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 018738544 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 017309584 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-01-28 08:51 - 2018-01-23 19:19 - 016450056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 015415776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 013444552 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 012842984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 011026080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 004376344 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 003904496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 003874544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 003433776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 001976120 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439077.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 001673616 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439077.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 001134768 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 001125872 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 001054280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 000987960 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 000939312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 000616432 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 000528128 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 000506864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 000492048 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 000447240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 000407248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 000226760 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2018-01-28 08:51 - 2018-01-23 19:19 - 000171712 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 000154208 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 000149736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 000132256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 000059240 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2018-01-28 08:51 - 2018-01-23 19:19 - 000045600 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2018-01-28 08:51 - 2018-01-23 19:19 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2018-01-28 08:51 - 2018-01-23 19:19 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2018-01-28 08:29 - 2018-01-28 08:29 - 000380768 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-01-28 08:25 - 2018-01-28 08:48 - 408328472 _____ (NVIDIA Corporation) C:\Users\Gemini IV\Desktop\390.77-desktop-win8-win7-64bit-international-whql.exe
2018-01-28 08:24 - 2018-01-28 08:24 - 000000000 ____D C:\Program Files\Intel
2018-01-28 08:24 - 2013-02-07 08:17 - 000544568 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2018-01-28 08:24 - 2006-01-13 06:52 - 000001904 ____N C:\Windows\system32\SetupBD.din
2018-01-28 08:20 - 2018-01-28 08:21 - 000000000 ____D C:\New folder
2018-01-28 07:57 - 2018-01-28 07:57 - 000000000 ____D C:\Users\Gemini IV\AppData\Roaming\ATI
2018-01-28 07:57 - 2018-01-28 07:57 - 000000000 ____D C:\Users\Gemini IV\AppData\Local\ATI
2018-01-28 07:53 - 2018-01-28 07:53 - 000000000 ____D C:\Program Files (x86)\Creative
2018-01-28 07:52 - 2018-01-28 07:59 - 000001769 _____ C:\Windows\Language_trs.ini
2018-01-28 07:52 - 2018-01-28 07:59 - 000000000 ____D C:\Program Files (x86)\ASUS
2018-01-28 07:52 - 2018-01-28 07:52 - 000029169 _____ C:\Windows\Ascd_tmp.ini
2018-01-28 07:52 - 2018-01-28 07:52 - 000000000 ____D C:\Windows\System32\Tasks\ASUS
2018-01-26 19:03 - 2018-01-26 19:05 - 008206624 _____ (Malwarebytes) C:\Users\Gemini IV\Desktop\adwcleaner_7.0.7.0.exe
2018-01-24 10:45 - 2018-02-21 15:33 - 000003472 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-GeminiIV-PC-Gemini IV
2018-01-22 10:54 - 2018-01-29 19:41 - 000000000 ____D C:\Users\Gemini IV\Desktop\Zenfolio
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-21 16:11 - 2009-07-14 00:13 - 000006210 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-21 16:11 - 2009-07-13 23:45 - 000009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-21 16:11 - 2009-07-13 23:45 - 000009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-21 16:07 - 2017-04-05 19:15 - 000000000 ____D C:\Users\Gemini IV\AppData\Local\NETGEARGenie
2018-02-21 16:06 - 2016-11-14 15:30 - 000000000 ____D C:\Users\Gemini IV\AppData\Roaming\FAHClient
2018-02-21 16:06 - 2015-04-06 16:18 - 000000000 ____D C:\ProgramData\NVIDIA
2018-02-21 16:06 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-02-21 16:05 - 2017-11-17 17:41 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-02-21 16:05 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-21 15:47 - 2016-12-17 14:23 - 000000000 ____D C:\Users\Gemini IV\AppData\LocalLow\Mozilla
2018-02-21 15:34 - 2017-02-13 12:12 - 000000000 ____D C:\Program Files (x86)\Steam
2018-02-21 15:33 - 2017-12-10 00:03 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-21 15:33 - 2017-12-10 00:03 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-21 15:33 - 2017-12-10 00:03 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-21 15:33 - 2017-10-24 12:06 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-02-21 15:33 - 2017-10-18 20:22 - 000003150 _____ C:\Windows\System32\Tasks\{0C212DC2-9503-4187-A6F4-44CC693F2F5B}
2018-02-21 15:33 - 2017-07-15 17:21 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-21 15:33 - 2017-07-15 17:21 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-21 15:33 - 2017-07-15 17:21 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-21 15:33 - 2017-07-15 17:21 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-21 15:33 - 2017-07-15 17:21 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-21 15:33 - 2016-03-24 16:54 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-02-21 15:33 - 2016-03-24 16:54 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-02-21 15:33 - 2015-12-03 10:05 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-02-21 15:33 - 2015-07-25 10:01 - 000002804 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-02-21 14:18 - 2016-06-15 14:27 - 000000000 ____D C:\Users\Gemini IV\AppData\Local\CrashDumps
2018-02-21 14:18 - 2015-11-04 23:41 - 000000000 ____D C:\Windows\Minidump
2018-02-21 14:18 - 2015-05-11 09:56 - 000000000 ____D C:\Users\Gemini IV\AppData\Roaming\TeamViewer
2018-02-21 14:18 - 2015-04-06 16:29 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-02-21 13:25 - 2015-04-06 16:38 - 000000000 ____D C:\EEK
2018-02-21 11:55 - 2015-05-07 11:45 - 008390656 _____ C:\Users\Gemini IV\Desktop\C5FZ.CAP
2018-02-21 11:16 - 2015-04-14 21:06 - 000000000 ____D C:\AdwCleaner
2018-02-19 18:25 - 2015-04-06 16:27 - 000000000 ____D C:\Users\Gemini IV\AppData\Local\NVIDIA
2018-02-18 12:29 - 2015-07-25 10:01 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-02-12 18:40 - 2017-04-22 12:32 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Gemini IV\Desktop\esetonlinescanner_enu.exe
2018-01-28 10:36 - 2018-01-10 15:52 - 000000000 ____D C:\Users\Gemini IV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FAHClient
2018-01-28 10:36 - 2018-01-10 15:52 - 000000000 ____D C:\Program Files (x86)\FAHClient
2018-01-28 10:36 - 2017-04-05 19:15 - 000000000 ____D C:\Program Files (x86)\NETGEAR Genie
2018-01-28 10:36 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
2018-01-28 08:58 - 2015-12-10 03:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-01-28 08:56 - 2017-12-10 00:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-01-28 08:56 - 2015-04-06 16:21 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-01-28 08:56 - 2015-03-30 20:04 - 000000000 ____D C:\Users\Gemini IV
2018-01-28 08:54 - 2017-12-10 00:07 - 000001416 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2018-01-28 08:54 - 2015-04-06 16:21 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-01-28 08:54 - 2015-04-06 16:20 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-01-28 08:29 - 2017-11-10 17:20 - 000192944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-01-28 08:29 - 2017-05-08 11:57 - 000459952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-01-28 08:29 - 2017-05-08 11:57 - 000379448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-01-28 08:29 - 2017-05-08 11:57 - 000205464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-01-28 08:29 - 2017-05-08 11:57 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-01-28 08:29 - 2017-05-08 11:57 - 000110328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-01-28 08:29 - 2017-05-08 11:57 - 000084368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-01-28 08:29 - 2017-05-08 11:57 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-01-28 08:29 - 2017-03-18 09:09 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-01-28 08:28 - 2017-12-21 14:16 - 000190440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-01-28 08:28 - 2017-05-08 11:57 - 001026696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-01-28 08:18 - 2015-03-30 20:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2018-01-28 08:18 - 2015-03-30 20:08 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-01-28 07:58 - 2015-03-30 20:12 - 000000000 ____D C:\Program Files (x86)\ATI Technologies
2018-01-28 07:49 - 2017-11-10 17:21 - 000004194 _____ C:\Windows\System32\Tasks\Avast TUNEUP Update
2018-01-28 07:38 - 2017-05-08 11:57 - 000001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-01-26 17:25 - 2017-12-18 20:26 - 000000000 ____D C:\Users\Gemini IV\Desktop\2017
2018-01-26 10:57 - 2017-02-14 17:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-23 19:19 - 2017-12-21 14:24 - 010900432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-01-23 19:19 - 2017-12-21 14:24 - 000885680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-01-23 19:19 - 2017-12-10 00:03 - 002424904 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2018-01-23 19:19 - 2017-12-10 00:03 - 002090056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2018-01-23 19:19 - 2017-12-10 00:03 - 001309256 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2018-01-23 19:19 - 2017-08-12 17:38 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-01-23 19:19 - 2017-08-03 15:00 - 001682288 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2018-01-23 19:19 - 2017-07-15 17:21 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2018-01-23 19:19 - 2017-07-15 17:19 - 000187704 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2018-01-23 19:19 - 2017-07-15 17:19 - 000152976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2018-01-23 19:19 - 2015-04-06 16:21 - 000045511 _____ C:\Windows\system32\nvinfo.pb
2018-01-23 17:57 - 2016-06-01 13:26 - 000633328 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-01-23 17:57 - 2016-06-01 13:26 - 000082744 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-01-23 17:57 - 2015-04-06 16:22 - 005950024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-01-23 17:57 - 2015-04-06 16:22 - 002589168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-01-23 17:57 - 2015-04-06 16:22 - 001766288 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-01-23 17:57 - 2015-04-06 16:22 - 000450352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-01-23 17:57 - 2015-04-06 16:22 - 000122768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-01-23 14:01 - 2017-12-21 14:15 - 000097344 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2018-01-23 14:01 - 2017-12-21 14:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-01-23 14:01 - 2015-08-28 13:22 - 000000000 ____D C:\Program Files (x86)\Java
2018-01-22 00:46 - 2015-04-06 16:22 - 007947791 _____ C:\Windows\system32\nvcoproc.bin
 
==================== Files in the root of some directories =======
 
2016-07-13 12:35 - 2016-07-13 12:35 - 000001456 _____ () C:\Users\Gemini IV\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-05-08 23:01 - 2017-02-14 15:33 - 000007597 _____ () C:\Users\Gemini IV\AppData\Local\resmon.resmoncfg
 
Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-02-20 11:27
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:18 PM

Posted 21 February 2018 - 07:17 PM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)

Let's begin... :)

  • Highlight the entire content of the quote box below.

Start::  
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
2018-01-28 07:52 - 2018-01-28 07:52 - 000029169 _____ C:\Windows\Ascd_tmp.ini
2018-01-23 19:19 - 2017-12-10 00:03 - 001309256 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
IFEO\bd_advisor.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\consumer_cpl.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\effectextractor.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\foxitreader.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\lcore.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\mediaespresso.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\mediashow6.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\olrsubmission.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\pdvdlaunchpolicy.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\powerbackup.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\prefutil.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\ps.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\readysharevault.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\steam.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\wddriveutilities.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\wdsecurity.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
CMD: fltmc instances
Folder: C:\Windows\System32\Drivers
Reg: Reg query "HKLM\SYSTEM\Select"
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

65MBhLLb.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 sh4rkbyt31

sh4rkbyt31
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 21 February 2018 - 08:30 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 21.02.2018
Ran by Gemini IV (21-02-2018 20:19:30) Run:1
Running from C:\Users\Gemini IV\Desktop
Loaded Profiles: Gemini IV (Available Profiles: Gemini IV)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
  
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
2018-01-28 07:52 - 2018-01-28 07:52 - 000029169 _____ C:\Windows\Ascd_tmp.ini
2018-01-23 19:19 - 2017-12-10 00:03 - 001309256 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
IFEO\bd_advisor.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\consumer_cpl.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\effectextractor.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\foxitreader.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\lcore.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\mediaespresso.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\mediashow6.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\olrsubmission.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\pdvdlaunchpolicy.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\powerbackup.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\prefutil.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\ps.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\readysharevault.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\steam.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\wddriveutilities.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\wdsecurity.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
CMD: fltmc instances
Folder: C:\Windows\System32\Drivers
Reg: Reg query "HKLM\SYSTEM\Select"
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
 
*****************
 
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => removed successfully
C:\Windows\Ascd_tmp.ini => moved successfully
C:\Windows\system32\NvRtmpStreamer64.dll => moved successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bd_advisor.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\consumer_cpl.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\effectextractor.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\excel.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\foxitreader.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\groove.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\infopath.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\lcore.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mediaespresso.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mediashow6.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msaccess.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msoxmled.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mspub.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mstore.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\olrsubmission.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\onenote.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pdvdlaunchpolicy.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\powerbackup.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\powerpnt.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\prefutil.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ps.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\readysharevault.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\steam.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wddriveutilities.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wdsecurity.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\winword.exe" => removed successfully
 
========= fltmc instances =========
 
Filter                Volume Name                              Altitude        Instance Name      Frame  VlStatus
--------------------  -------------------------------------  ------------  ---------------------  -----  --------
aswSP                 C:                                      388401       aswSP Instance           0    
aswSP                 J:                                      388401       aswSP Instance           0    
aswSP                 K:                                      388401       aswSP Instance           0    
aswSP                                                         388401       aswSP Instance           0    
aswSP                 L:                                      388401       aswSP Instance           0    
epp                   \Device\Mup                             328900       epp Instance             0    
epp                   C:                                      328900       epp Instance             0    
epp                   J:                                      328900       epp Instance             0    
epp                   K:                                      328900       epp Instance             0    
epp                                                           328900       epp Instance             0    
epp                   L:                                      328900       epp Instance             0    
aswMonFlt             \Device\Mup                             320700       aswMonFlt Instance       0    
aswMonFlt             C:                                      320700       aswMonFlt Instance       0    
aswMonFlt             J:                                      320700       aswMonFlt Instance       0    
aswMonFlt             K:                                      320700       aswMonFlt Instance       0    
aswMonFlt                                                     320700       aswMonFlt Instance       0    
aswMonFlt             L:                                      320700       aswMonFlt Instance       0    
aswSnx                \Device\Mup                             137600       aswSnx Instance          0    
aswSnx                C:                                      137600       aswSnx Instance          0    
aswSnx                J:                                      137600       aswSnx Instance          0    
aswSnx                K:                                      137600       aswSnx Instance          0    
aswSnx                                                        137600       aswSnx Instance          0    
aswSnx                L:                                      137600       aswSnx Instance          0    
luafv                 C:                                      135000       luafv                    0    
FileInfo              \Device\Mup                              45000       FileInfo                 0    
FileInfo              C:                                       45000       FileInfo                 0    
FileInfo              J:                                       45000       FileInfo                 0    
FileInfo              K:                                       45000       FileInfo                 0    
FileInfo                                                       45000       FileInfo                 0    
FileInfo              L:                                       45000       FileInfo                 0    
 
========= End of CMD: =========
 
 
========================= Folder: C:\Windows\System32\Drivers ========================
 
2009-07-13 19:06 - 2009-07-13 19:06 - 000068096 ____A [64EDD3F59DB321947969FDF1DD747323] (Microsoft Corporation) C:\Windows\System32\Drivers\1394bus.sys
2015-03-31 20:59 - 2010-11-20 05:44 - 000229888 ____A [A87D604AEA360176311474C87A63BB88] (Microsoft Corporation) C:\Windows\System32\Drivers\1394ohci.sys
2015-03-31 20:59 - 2010-11-20 08:32 - 000334208 ____A [D81D9E70B8A6DD14D42D7B4EFA65D5F2] (Microsoft Corporation) C:\Windows\System32\Drivers\acpi.sys
2015-03-31 20:59 - 2010-11-20 04:30 - 000012800 ____A [99F8E788246D495CE3794D7E7821D2CA] (Microsoft Corporation) C:\Windows\System32\Drivers\acpipmi.sys
2009-06-10 15:36 - 2009-07-13 20:52 - 000491088 ____A [2F6B34B83843F0C5118B63AC634F5BF4] (Adaptec, Inc.) C:\Windows\System32\Drivers\adp94xx.sys
2009-07-13 16:59 - 2009-07-13 20:52 - 000339536 ____A [597F78224EE9224EA1A13D6350CED962] (Adaptec, Inc.) C:\Windows\System32\Drivers\adpahci.sys
2009-07-13 16:59 - 2009-07-13 20:52 - 000182864 ____A [E109549C90F62FB570B9540C4B148E54] (Adaptec, Inc.) C:\Windows\System32\Drivers\adpu320.sys
2017-08-12 17:19 - 2017-04-04 09:53 - 000496128 ____A [0DC2A9882540DEA4A55B08785E09D8FC] (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2009-07-13 19:10 - 2009-07-13 19:10 - 000060416 ____A [7ECFF9B22276B73F43A99A15A6094E90] (Microsoft Corporation) C:\Windows\System32\Drivers\agilevpn.sys
2009-07-13 18:38 - 2009-07-13 20:52 - 000061008 ____A [608C14DBA7299D8CB6ED035A68A15799] (Microsoft Corporation) C:\Windows\System32\Drivers\AGP440.sys
2009-07-13 18:19 - 2009-07-13 20:52 - 000015440 ____A [5812713A477A3AD7363C7438CA2EE038] (Acer Laboratories Inc.) C:\Windows\System32\Drivers\aliide.sys
2015-03-30 20:11 - 2012-04-10 20:40 - 000082560 ____A [EE4797DFEBBE8ACDB548DD8E80BE0A88] (Advanced Micro Devices) C:\Windows\System32\Drivers\amd_sata.sys
2015-03-30 20:11 - 2012-04-10 20:40 - 000042624 ____A [D56EAD71A86FD2ACAE2DB47D0A6A3A41] (Advanced Micro Devices) C:\Windows\System32\Drivers\amd_xata.sys
2009-07-13 18:19 - 2009-07-13 20:52 - 000015440 ____A [1FF8B4431C353CE385C875F194924C0C] (Microsoft Corporation) C:\Windows\System32\Drivers\amdide.sys
2015-03-30 20:12 - 2010-02-18 08:18 - 000046136 ____A [6A2EEB0C4133B20773BB3DD0B7B377B4] (Advanced Micro Devices) C:\Windows\System32\Drivers\amdiox64.sys
2009-07-13 18:19 - 2009-07-13 18:19 - 000064512 ____A [7024F087CFF1833A806193EF9D22CDA9] (Microsoft Corporation) C:\Windows\System32\Drivers\amdk8.sys
2009-07-13 18:19 - 2009-07-13 18:19 - 000060928 ____A [1E56388B3FE0D031C44144EB8C4D6217] (Microsoft Corporation) C:\Windows\System32\Drivers\amdppm.sys
2015-05-11 22:00 - 2011-03-11 01:41 - 000107904 ____A [D4121AE6D0C0E7E13AA221AA57EF2D49] (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2009-06-10 15:37 - 2009-07-13 20:52 - 000194128 ____A [F67F933E79241ED32FF46A4F29B5120B] (AMD Technologies Inc.) C:\Windows\System32\Drivers\amdsbs.sys
2015-05-11 22:00 - 2011-03-11 01:41 - 000027008 ____A [540DAF1CEA6094886D72126FD7C33048] (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2017-08-12 17:18 - 2017-07-07 10:01 - 000062464 ____A [F5206C19AAD6BA60360888E9A20396C7] (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2015-03-30 20:15 - 2012-10-25 08:01 - 000022680 ____A [CC19A6452BA688EA32D14D8DBEC190F4] () C:\Windows\System32\Drivers\AppleCharger.sys
2009-07-13 16:59 - 2009-07-13 20:52 - 000087632 ____A [C484F8CEB1717C540242531DB7845C4E] (Adaptec, Inc.) C:\Windows\System32\Drivers\arc.sys
2009-07-13 16:59 - 2009-07-13 20:52 - 000097856 ____A [019AF6924AEFE7839F61C830227FE79C] (Adaptec, Inc.) C:\Windows\System32\Drivers\arcsas.sys
2013-08-16 15:37 - 2013-08-16 15:37 - 000140032 ____A [10920CCB66203D7EF48F024B1B35AE6F] (ASMedia Technology Inc) C:\Windows\System32\Drivers\asmthub3.sys
2013-08-16 15:37 - 2013-08-16 15:37 - 000424192 ____A [C479BFAF73CF726E01AA0A487B268A5E] (ASMedia Technology Inc) C:\Windows\System32\Drivers\asmtxhci.sys
2014-01-27 17:30 - 2014-01-27 17:30 - 000084816 ____A [7F31020C06C8EC1B7013F8A8EF6B0C7E] (Asmedia Technology) C:\Windows\System32\Drivers\asstor64.sys
2017-11-10 17:20 - 2018-01-28 08:29 - 000192944 ____A [99A8C4ADE17B9CF2B5373E5BDE354DC4] (AVAST Software) C:\Windows\System32\Drivers\aswArPot.sys
2017-05-08 11:57 - 2017-12-21 14:16 - 000321512 ____A [9E3CAA4E0E81BDC0E529BF3B32F9A08F] (AVAST Software) C:\Windows\System32\Drivers\aswbidsdrivera.sys
2017-05-08 11:57 - 2017-12-21 14:16 - 000199448 ____A [FD31AC49D034541FF25BD6B158153035] (AVAST Software) C:\Windows\System32\Drivers\aswbidsha.sys
2017-05-08 11:57 - 2017-12-21 14:16 - 000343768 ____A [47DF29AA4FBE5A290B309D7F9109233E] (AVAST Software) C:\Windows\System32\Drivers\aswbloga.sys
2017-05-08 11:57 - 2017-12-21 14:16 - 000057696 ____A [0C9979B3B4B8472EB4286DFBBE37DEDA] (AVAST Software) C:\Windows\System32\Drivers\aswbuniva.sys
2017-12-21 14:16 - 2018-01-28 08:28 - 000190440 ____A [A3B07E62979505688581D55182F5E617] (AVAST Software) C:\Windows\System32\Drivers\aswHdsKe.sys
2017-05-08 11:57 - 2018-01-28 08:29 - 000046968 ____A [E4BCCBD78DB4DEC414DE4F1578328B24] (AVAST Software) C:\Windows\System32\Drivers\aswHwid.sys
2017-05-08 11:57 - 2017-09-03 20:35 - 000041832 ____A [894472E7EC9D427907881A4B42B61CC5] (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2017-05-08 11:57 - 2018-01-28 08:29 - 000146648 ____A [96A7DBC6B971CBFF8322AEE66EA671F9] (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2017-05-08 11:57 - 2017-07-18 11:28 - 000146664 ____A [580B81A80E0FDD35EBD92F8C5591181F] (AVAST Software) C:\Windows\System32\Drivers\aswmonflt.sys.150039531440403
2017-05-08 11:57 - 2018-01-28 08:29 - 000110328 ____A [A47527A8E9A5BD0C30703BD90DC5D4FF] (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2017-05-08 11:57 - 2018-01-28 08:29 - 000084368 ____A [A9D1665A18B3C7B763C1A4CF7AB1DD09] (AVAST Software) C:\Windows\System32\Drivers\aswRvrt.sys
2017-05-08 11:57 - 2018-01-28 08:28 - 001026696 ____A [B05F534A31CE10355A0F25DAED14CA3E] (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2017-05-08 11:57 - 2018-01-28 08:29 - 000459952 ____A [3687CDF17F8BBB6134BC1C289674564D] (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2015-03-30 22:36 - 2016-07-11 18:32 - 000473592 ____A [51EBFBA074F2002F4DBF76C0AF4DF95D] (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys.146827996364602
2015-03-30 22:36 - 2017-03-18 09:09 - 000547904 ____A [3F03AC6E5D25A8AD51C56CAB24348F73] (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys.148984617819304
2017-05-08 11:57 - 2018-01-28 08:29 - 000205464 ____A [CFC4326AC78CCAB412D4729DB38946DF] (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2017-05-08 11:57 - 2018-01-28 08:29 - 000379448 ____A [0B2CB619C6A36A9490C251E2A15E92C4] (AVAST Software) C:\Windows\System32\Drivers\aswVmm.sys
2015-03-30 22:36 - 2017-03-18 09:09 - 000337592 ____A [2AFBECFCB18B2BA5FDB0CB18A995CBF8] (AVAST Software) C:\Windows\System32\Drivers\aswvmm.sys.148984617911306
2017-05-08 11:57 - 2017-07-03 14:05 - 000360792 ____A [7931BD782515E22AA005B01AD1C4424F] (AVAST Software) C:\Windows\System32\Drivers\aswvmm.sys.149910871045206
2009-07-13 19:10 - 2009-07-13 19:10 - 000023040 ____A [769765CE2CC62867468CEA93969B2242] (Microsoft Corporation) C:\Windows\System32\Drivers\asyncmac.sys
2009-07-13 18:19 - 2009-07-13 20:52 - 000024128 ____A [02062C0B390B7729EDC9E69C680A6F3C] (Microsoft Corporation) C:\Windows\System32\Drivers\atapi.sys
2015-04-06 16:42 - 2013-08-04 21:25 - 000155584 ____A [059F00DEF82BF41E433B7ED465847726] (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2013-12-03 01:52 - 2013-12-03 01:52 - 000083968 ____A [2FDE0CD829A488051C04386266F01630] (ASIX Electronics Corp.) C:\Windows\System32\Drivers\ax88772.sys
2009-06-10 15:34 - 2009-06-10 15:34 - 000270848 ____A [B5ACE6968304A3900EEB1EBFD9622DF2] (Broadcom Corporation) C:\Windows\System32\Drivers\b57nd60a.sys
2009-07-13 18:31 - 2009-07-13 20:52 - 000028240 ____A [F4DE2AE7A9E1BADAC70BC71EA2C17612] (Microsoft Corporation) C:\Windows\System32\Drivers\battc.sys
2009-07-13 19:00 - 2009-07-13 19:00 - 000006656 ____A [16A47CE2DECC9B099349A5F840654746] (Microsoft Corporation) C:\Windows\System32\Drivers\beep.sys
2009-07-13 18:35 - 2009-07-13 18:35 - 000045056 ____A [61583EE3C3A17003C4ACD0475646B4D3] (Microsoft Corporation) C:\Windows\System32\Drivers\blbdrive.sys
2017-08-12 17:18 - 2016-10-05 09:54 - 000090112 ____A [ABA3984C822E4D3F889699912D85D6C5] (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2009-07-13 20:19 - 2009-06-10 15:41 - 000018432 ____A [F09EEE9EDC320B5E1501F749FDE686C8] (Brother Industries, Ltd.) C:\Windows\System32\Drivers\BrFiltLo.sys
2009-07-13 20:20 - 2009-06-10 15:41 - 000008704 ____A [B114D3098E9BDB8BEA8B053685831BE6] (Brother Industries, Ltd.) C:\Windows\System32\Drivers\BrFiltUp.sys
2009-07-13 20:05 - 2009-07-13 20:01 - 000095232 ____A [5C2F352A4E961D72518261257AAE204B] (Microsoft Corporation) C:\Windows\System32\Drivers\bridge.sys
2009-07-13 20:19 - 2009-07-13 20:19 - 000286720 ____A [43BEA8D483BF1870F018E2D02E06A5BD] (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrSerId.sys
2009-07-13 20:20 - 2009-06-10 15:41 - 000047104 ____A [A6ECA2151B08A09CACECA35C07F05B42] (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrSerWdm.sys
2009-07-13 20:20 - 2009-06-10 15:41 - 000014976 ____A [B79968002C277E869CF38BD22CD61524] (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrUsbMdm.sys
2009-07-13 20:20 - 2009-06-10 15:41 - 000014720 ____A [A87528880231C54E75EA7A44943B38BF] (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrUsbSer.sys
2009-07-13 19:06 - 2009-07-13 19:06 - 000072192 ____A [9DA669F11D1F894AB4EB69BF546A42E8] (Microsoft Corporation) C:\Windows\System32\Drivers\bthmodem.sys
2009-06-10 15:34 - 2009-06-10 15:34 - 000468480 ____A [3E5B191307609F7514148C6832BB0842] (Broadcom Corporation) C:\Windows\System32\Drivers\bxvbda.sys
2009-07-13 18:19 - 2009-07-13 18:19 - 000092160 ____A [B8BD2BB284668C84865658C77574381A] (Microsoft Corporation) C:\Windows\System32\Drivers\cdfs.sys
2016-07-13 11:56 - 2012-04-24 02:01 - 000010864 ____N [13E531377E9BAA6E37F6471E0E8277AC] (Corel Corporation) C:\Windows\System32\Drivers\cdr4_xp.sys
2016-07-13 11:56 - 2012-04-24 02:01 - 000011376 ____N [DAEF5180E390E56F354FE6D69D354EBC] (Corel Corporation) C:\Windows\System32\Drivers\cdralw2k.sys
2015-03-31 20:59 - 2010-11-20 04:19 - 000147456 ____A [F036CE71586E93D94DAB220D7BDF4416] (Microsoft Corporation) C:\Windows\System32\Drivers\cdrom.sys
2009-07-13 19:06 - 2009-07-13 19:06 - 000045568 ____A [D7CD5C4E1B71FA62050515314CFB52CF] (Microsoft Corporation) C:\Windows\System32\Drivers\circlass.sys
2015-03-31 20:59 - 2010-11-20 08:32 - 000179072 ____A [ACFAD0B512226C7A83C7CB09FD55A9AD] (Microsoft Corporation) C:\Windows\System32\Drivers\Classpnp.sys
2009-07-13 18:31 - 2009-07-13 18:31 - 000017664 ____A [0840155D0BDDF1190F84A663C284BD33] (Microsoft Corporation) C:\Windows\System32\Drivers\CmBatt.sys
2009-07-13 18:19 - 2009-07-13 20:52 - 000017488 ____A [E19D3F095812725D88F9001985B94EDD] (CMD Technology, Inc.) C:\Windows\System32\Drivers\cmdide.sys
2017-07-03 15:32 - 2016-11-20 09:07 - 000467392 ____A [A98CED39AD91B445E2E442A9BD67E8B4] (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2009-07-13 18:31 - 2009-07-13 20:52 - 000021584 ____A [102DE219C3F61415F964C88E9085AD14] (Microsoft Corporation) C:\Windows\System32\Drivers\compbatt.sys
2015-03-31 20:59 - 2010-11-20 05:33 - 000038912 ____A [03EDB043586CCEBA243D689BDDA370A8] (Microsoft Corporation) C:\Windows\System32\Drivers\CompositeBus.sys
2009-07-13 19:01 - 2009-07-13 20:47 - 000039504 ____A [3E588B60EC061686BA05D33574A344C6] (Microsoft Corporation) C:\Windows\System32\Drivers\crashdmp.sys
2009-07-13 19:01 - 2009-07-13 20:47 - 000024144 ____A [1C827878A998C18847245FE1F34EE597] (Microsoft Corporation) C:\Windows\System32\Drivers\crcdisk.sys
2015-03-31 20:59 - 2010-11-20 04:27 - 000514560 ____A [54DA3DFD29ED9F1619B6F53F3CE55E49] (Microsoft Corporation) C:\Windows\System32\Drivers\csc.sys
2017-08-12 17:18 - 2016-09-08 09:55 - 000106496 ____A [9B38580063D281A99E68EF5813022A5F] (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys
2009-07-13 18:37 - 2009-07-13 18:37 - 000040448 ____A [13096B05847EC78F0977F2C0F79E9AB3] (Microsoft Corporation) C:\Windows\System32\Drivers\discache.sys
2009-07-13 18:19 - 2009-07-13 20:47 - 000073280 ____A [9819EEE8B5EA3784EC4AF3B137A5244C] (Microsoft Corporation) C:\Windows\System32\Drivers\disk.sys
2015-04-06 16:40 - 2014-02-03 21:35 - 000027584 ____A [B3222734D80013D2C73841B0C549FA63] (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2017-08-12 17:17 - 2015-12-08 13:54 - 000116736 ____A [C51B07394A087DA666A410DBFD26663A] (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2017-08-12 17:17 - 2015-12-08 13:11 - 000005632 ____A [26FE888505E5A945B0536AF9A2A27A6F] (Microsoft Corporation) C:\Windows\System32\Drivers\drmkaud.sys
2009-07-13 18:19 - 2009-07-13 20:47 - 000028736 ____A [839B5FE3D48E9F35B22C21A3D5103F6C] (Microsoft Corporation) C:\Windows\System32\Drivers\Dumpata.sys
2009-07-13 18:21 - 2009-07-13 20:43 - 000055128 ____A [814DB88F2641691575A455CF25354098] (Microsoft Corporation) C:\Windows\System32\Drivers\dumpfve.sys
2009-07-13 18:38 - 2009-07-13 18:38 - 000016896 ____A [BF24D6F2ED97FE830BFD52B246F98E67] (Microsoft Corporation) C:\Windows\System32\Drivers\dxapi.sys
2009-07-13 18:38 - 2009-07-13 18:38 - 000098816 ____A [FEDE0629ECB23650D48989517D4914DA] (Microsoft Corporation) C:\Windows\System32\Drivers\dxg.sys
2017-08-12 17:19 - 2017-05-16 10:35 - 000986856 ____A [5CEF80AE869336376F550ECAE91E424A] (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2017-08-12 17:19 - 2017-05-16 10:35 - 000265448 ____A [1792FCF97D2420514F9102C18B015B29] (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2012-11-30 09:43 - 2012-11-30 09:43 - 000488784 ____A [8E0B386825E450E710FB3059FE70D578] (Intel Corporation) C:\Windows\System32\Drivers\e1q62x64.sys
2009-06-10 15:36 - 2009-07-13 20:47 - 000530496 ____A [0E5DA5369A0FCAEA12456DD852545184] (Emulex) C:\Windows\System32\Drivers\elxstor.sys
2015-06-19 19:25 - 2015-06-19 19:02 - 000135800 ____A [CA4ADE6C3929B70317BFDDF9ABBFE0CE] (Emsisoft GmbH) C:\Windows\System32\Drivers\epp64.sys
2009-07-13 18:31 - 2009-07-13 18:31 - 000009728 ____A [34A3C54752046E79A126E15C51DB409B] (Microsoft Corporation) C:\Windows\System32\Drivers\errdev.sys
2015-03-30 20:14 - 2012-08-07 02:09 - 000065152 ____A [3DBC10CBC436288801FAEE66DE91AE47] (Etron Technology Inc) C:\Windows\System32\Drivers\EtronHub3.sys
2015-03-30 20:14 - 2012-08-07 02:09 - 000088832 ____A [DE261095A2220D400D9603E1E42D4185] (Etron Technology Inc) C:\Windows\System32\Drivers\EtronXHCI.sys
2009-06-10 15:34 - 2009-06-10 15:34 - 003286016 ____A [DC5D737F51BE844D8C82C695EB17372F] (Broadcom Corporation) C:\Windows\System32\Drivers\evbda.sys
2017-08-12 17:18 - 2017-03-10 10:55 - 000195584 ____A [7E45F8B117419ABA3BB26579F6E70324] (Microsoft Corporation) C:\Windows\System32\Drivers\exfat.sys
2017-08-12 17:18 - 2017-03-10 10:55 - 000205312 ____A [6EDFA237D25433C03F42FBFDB16BDD24] (Microsoft Corporation) C:\Windows\System32\Drivers\fastfat.sys
2009-07-13 19:00 - 2009-07-13 19:00 - 000029696 ____A [D765D19CD8EF61F650C384F62FAC00AB] (Microsoft Corporation) C:\Windows\System32\Drivers\fdc.sys
2009-07-13 18:34 - 2009-07-13 20:47 - 000070224 ____A [655661BE46B5F5F3FD454E2C3095B930] (Microsoft Corporation) C:\Windows\System32\Drivers\fileinfo.sys
2009-07-13 18:25 - 2009-07-13 18:25 - 000034304 ____A [5F671AB5BC87EEA04EC38A6CD5962A47] (Microsoft Corporation) C:\Windows\System32\Drivers\filetrace.sys
2009-07-13 19:00 - 2009-07-13 19:00 - 000024576 ____A [C172A0F53008EAEB8EA33FE10E177AF5] (Microsoft Corporation) C:\Windows\System32\Drivers\flpydisk.sys
2015-03-31 20:59 - 2010-11-20 08:33 - 000289664 ____A [DA6B67270FD9DB3697B20FCE94950741] (Microsoft Corporation) C:\Windows\System32\Drivers\fltMgr.sys
2015-04-06 16:53 - 2012-03-01 01:46 - 000023408 ____A [6BD9295CC032DD3077C671FCCF579A7B] (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2009-07-13 18:26 - 2009-07-13 20:47 - 000055376 ____A [D43703496149971890703B4B1B723EAC] (Microsoft Corporation) C:\Windows\System32\Drivers\fsdepends.sys
2015-04-06 16:38 - 2013-01-24 01:01 - 000223752 ____A [8F6322049018354F45F05A2FD2D4E5E0] (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2017-08-12 17:18 - 2017-05-29 23:56 - 000287976 ____A [0F2573E43C95ECC25F0F03A056052948] (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2009-07-13 18:38 - 2009-07-13 20:47 - 000065088 ____A [8C778D335C9D272CFD3298AB02ABE3B6] (Microsoft Corporation) C:\Windows\System32\Drivers\GAGP30KX.SYS
2009-06-10 15:30 - 2009-06-10 15:30 - 003440660 ____A [7F29903CB8F5590D52DB0C9F97049A25] () C:\Windows\System32\Drivers\gm.dls
2009-07-13 17:13 - 2009-06-10 15:30 - 000000646 ____A [7111BFA692A22E4B3C07F1E6C6FF6F72] () C:\Windows\System32\Drivers\gmreadme.txt
2009-07-13 17:53 - 2009-06-10 15:31 - 000031232 ____A [F2523EF6460FC42405B12248338AB2F0] (Hauppauge Computer Works, Inc.) C:\Windows\System32\Drivers\hcw85cir.sys
2015-03-31 20:59 - 2010-11-20 05:43 - 000122368 ____A [97BFED39B6B79EB12CDDBFEED51F56BB] (Microsoft Corporation) C:\Windows\System32\Drivers\hdaudbus.sys
2015-03-31 20:59 - 2010-11-20 05:44 - 000350208 ____A [975761C778E33CD22498059B91E7373A] (Microsoft Corporation) C:\Windows\System32\Drivers\HdAudio.sys
2009-07-13 18:31 - 2009-07-13 18:31 - 000026624 ____A [78E86380454A7B10A5EB255DC44A355F] (Microsoft Corporation) C:\Windows\System32\Drivers\hidbatt.sys
2009-07-13 19:06 - 2009-07-13 19:06 - 000100864 ____A [7FD2A313F7AFE5C4DAB14798C48DD104] (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
2015-04-06 16:41 - 2013-07-02 23:05 - 000076800 ____A [597C3699384E53CC59587ED50CCE5CA2] (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2009-07-13 19:06 - 2009-07-13 19:06 - 000046592 ____A [0A77D29F311B88CFAE3B13F9C1A73825] (Microsoft Corporation) C:\Windows\System32\Drivers\hidir.sys
2015-07-25 20:57 - 2012-10-12 02:20 - 000013728 ____A [957BD482212B77624E63A54EDDB414F8] (Windows ® Win 7 DDK provider) C:\Windows\System32\Drivers\hidkmdf.sys
2015-04-06 16:41 - 2013-07-02 23:05 - 000032896 ____A [856E76B3641746ABBC2946BED1372098] (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2015-03-31 20:59 - 2010-11-20 05:43 - 000030208 ____A [9592090A7E2B61CD582B612B6DF70536] (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2015-03-31 20:59 - 2010-11-20 08:33 - 000078720 ____A [39D2ABCD392F3D8A6DCE7B60AE7B8EFC] (Hewlett-Packard Company) C:\Windows\System32\Drivers\HpSAMD.sys
2017-08-12 17:19 - 2017-06-15 15:23 - 000753664 ____A [CF5C9BD985120781200D35FD445D0BD5] (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2015-03-31 20:59 - 2010-11-20 08:33 - 000014720 ____A [A5462BD6884960C9DC85ED49D34FF392] (Microsoft Corporation) C:\Windows\System32\Drivers\hwpolicy.sys
2009-07-13 18:19 - 2009-07-13 18:19 - 000105472 ____A [FA55C73D4AFFA7EE23AC4BE53B4592D3] (Microsoft Corporation) C:\Windows\System32\Drivers\i8042prt.sys
2012-12-12 23:15 - 2012-12-12 23:15 - 000163552 ____A [20D6C8EBFF592EF4FC0BDF58AFEB7F95] (Intel Corporation) C:\Windows\System32\Drivers\iANSW60e.sys
2015-05-11 22:00 - 2011-03-11 01:41 - 000410496 ____A [AAAF44DB3BD0B9D1FB6969B23ECC8366] (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2009-07-13 16:59 - 2009-07-13 20:48 - 000044112 ____A [5C18831C61933628F5BB0EA2675B9D21] (Intel Corp./ICP vortex GmbH) C:\Windows\System32\Drivers\iirsp.sys
2009-07-13 18:19 - 2009-07-13 20:48 - 000016960 ____A [F00F20E70C6EC3AA366910083A0518AA] (Microsoft Corporation) C:\Windows\System32\Drivers\intelide.sys
2009-07-13 18:19 - 2009-07-13 18:19 - 000062464 ____A [ADA036632C664CAA754079041CF1F8C1] (Microsoft Corporation) C:\Windows\System32\Drivers\intelppm.sys
2015-03-31 20:59 - 2010-11-20 05:52 - 000082944 ____A [C9F0E1BD74365A8771590E9008D22AB6] (Microsoft Corporation) C:\Windows\System32\Drivers\ipfltdrv.sys
2015-03-31 20:59 - 2010-11-20 05:04 - 000078848 ____A [0FC1AEA580957AA8817B8F305D18CA3A] (Microsoft Corporation) C:\Windows\System32\Drivers\IPMIDrv.sys
2009-07-13 19:10 - 2009-07-13 19:10 - 000116224 ____A [AF9B39A7E7B6CAA203B3862582E9F2D0] (Microsoft Corporation) C:\Windows\System32\Drivers\ipnat.sys
2013-02-21 03:40 - 2013-02-21 03:40 - 000033616 ____A [73A40E29F61E5D142C8F42B28A351190] (Intel Corporation ) C:\Windows\System32\Drivers\iqvw64e.sys
2009-07-13 19:09 - 2009-07-13 19:09 - 000120320 ____A [05360B1EA5A2ABF620D1D96EBD8BD8F1] (Microsoft Corporation) C:\Windows\System32\Drivers\irda.sys
2009-07-13 19:08 - 2009-07-13 19:08 - 000017920 ____A [3ABF5E7213EB28966D55D58B515D5CE9] (Microsoft Corporation) C:\Windows\System32\Drivers\irenum.sys
2009-07-13 18:31 - 2009-07-13 20:48 - 000020544 ____A [2F7B28DC3E1183E5EB418DF55C204F38] (Microsoft Corporation) C:\Windows\System32\Drivers\isapnp.sys
2009-07-13 18:19 - 2009-07-13 20:48 - 000050768 ____A [BC02336F1CBA7DCC7D1213BB588A68A5] (Microsoft Corporation) C:\Windows\System32\Drivers\kbdclass.sys
2015-03-31 20:59 - 2010-11-20 05:33 - 000033280 ____A [0705EFF5B42A9DB58548EEC3B26BB484] (Microsoft Corporation) C:\Windows\System32\Drivers\kbdhid.sys
2015-03-31 20:59 - 2010-11-20 05:33 - 000243712 ____A [24FBF5CC5C04150073C315A7C83521EE] (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
2017-08-12 17:18 - 2017-07-07 10:33 - 000095464 ____A [B6839909DDC1DDA53A5470DA3DE638A4] (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2017-08-12 17:18 - 2017-07-07 10:33 - 000154856 ____A [EF5F0751E656C74E550E46B047FBEA57] (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2009-07-13 19:00 - 2009-07-13 19:00 - 000020992 ____A [6869281E78CB31A43E969F06B57347C4] (Microsoft Corporation) C:\Windows\System32\Drivers\ksthunk.sys
2016-12-19 18:59 - 2016-12-19 18:59 - 000036496 ____A [A6F294B38F3DFB67D6B6E1D1E60A402A] (Logitech Inc.) C:\Windows\System32\Drivers\LGBusEnum.sys
2016-12-19 18:59 - 2016-12-19 18:59 - 000067736 ____A [2A9F60E6531F42B31874618743037719] (Logitech Inc.) C:\Windows\System32\Drivers\LGJoyXlCore.sys
2016-12-19 18:59 - 2016-12-19 18:59 - 000030728 ____A [F705A641C18DF31B48B5DBDA94B425E4] (Logitech Inc.) C:\Windows\System32\Drivers\LGPBTDD.sys
2016-12-19 18:59 - 2016-12-19 18:59 - 000026008 ____A [FA59A7421049F5852C1182345A4B8C4F] (Logitech Inc.) C:\Windows\System32\Drivers\LGVirHid.sys
2009-07-13 19:08 - 2009-07-13 19:08 - 000060928 ____A [1538831CF8AD2979A04C423779465827] (Microsoft Corporation) C:\Windows\System32\Drivers\lltdio.sys
2009-07-13 16:59 - 2009-07-13 20:48 - 000114752 ____A [1A93E54EB0ECE102495A51266DCDB6A6] (LSI Corporation) C:\Windows\System32\Drivers\lsi_fc.sys
2009-07-13 16:59 - 2009-07-13 20:48 - 000106560 ____A [1047184A9FDC8BDBFF857175875EE810] (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas.sys
2009-07-13 16:59 - 2009-07-13 20:48 - 000065600 ____A [30F5C0DE1EE8B5BC9306C1F0E4A75F93] (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas2.sys
2009-07-13 16:59 - 2009-07-13 20:48 - 000115776 ____A [0504EACAFF0D3C8AED161C4B0D369D4A] (LSI Corporation) C:\Windows\System32\Drivers\lsi_scsi.sys
2009-07-13 18:26 - 2009-07-13 18:26 - 000113152 ____A [43D0F98E1D56CCDDB0D5254CFF7B356E] (Microsoft Corporation) C:\Windows\System32\Drivers\luafv.sys
2017-11-17 17:41 - 2017-12-12 11:57 - 000077432 ____A [680AF1647150CF9B061FF40E71C7396A] () C:\Windows\System32\Drivers\mbae64.sys
2017-11-17 17:41 - 2018-02-21 19:49 - 000253880 ____A [B047B9CE5A0D800E6D713B43D0405221] (Malwarebytes) C:\Windows\System32\Drivers\mbamswissarmy.sys
2009-07-13 19:01 - 2009-07-13 19:01 - 000022016 ____A [3C9F072F9DCA856B9FB7A20CBD4281AC] (Microsoft Corporation) C:\Windows\System32\Drivers\mcd.sys
2009-06-10 15:37 - 2009-07-13 20:48 - 000035392 ____A [A55805F747C6EDB6A9080D7C633BD0F4] (LSI Corporation) C:\Windows\System32\Drivers\megasas.sys
2009-07-13 16:59 - 2009-07-13 20:48 - 000284736 ____A [BAF74CE0072480C3B6B7C13B2A94D6B3] (LSI Corporation, Inc.) C:\Windows\System32\Drivers\MegaSR.sys
2009-07-13 19:10 - 2009-07-13 19:10 - 000040448 ____A [800BA92F7010378B09F9ED9270F07137] (Microsoft Corporation) C:\Windows\System32\Drivers\modem.sys
2009-07-13 18:38 - 2009-07-13 18:38 - 000030208 ____A [B03D591DC7DA45ECE20B3B467E6AADAA] (Microsoft Corporation) C:\Windows\System32\Drivers\monitor.sys
2009-07-13 18:19 - 2009-07-13 20:48 - 000049216 ____A [7D27EA49F3C1F687D357E77A470AEA99] (Microsoft Corporation) C:\Windows\System32\Drivers\mouclass.sys
2009-07-13 19:00 - 2009-07-13 19:00 - 000031232 ____A [D3BF052C40B0C4166D9FD86A4288C1E6] (Microsoft Corporation) C:\Windows\System32\Drivers\mouhid.sys
2017-08-12 17:18 - 2017-05-07 10:33 - 000094440 ____A [072D8646E23ECF8A3F5F0157017B4DB6] (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys
2015-03-31 20:59 - 2010-11-20 08:33 - 000155008 ____A [A44B420D30BD56E145D6A2BC8768EC58] (Microsoft Corporation) C:\Windows\System32\Drivers\mpio.sys
2009-07-13 19:08 - 2009-07-13 19:08 - 000077312 ____A [6C38C9E45AE0EA2FA5E551F2ED5E978F] (Microsoft Corporation) C:\Windows\System32\Drivers\mpsdrv.sys
2017-08-12 17:19 - 2016-09-08 09:55 - 000142336 ____A [98DB1790F0A584E0A2528B92B052417F] (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2017-08-12 17:18 - 2017-07-07 09:54 - 000159744 ____A [0CAFC684CABD24D089A53467CAF5C7BB] (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2017-08-12 17:19 - 2017-07-07 09:54 - 000291328 ____A [B9361F539BAAC1D362808157EAE0BA3B] (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2017-08-12 17:18 - 2017-07-07 09:54 - 000129536 ____A [A77260AE4B9E7B6C11675FB907D27AE8] (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2015-03-31 20:59 - 2010-11-20 08:33 - 000031104 ____A [C25F0BAFA182CBCA2DD3C851C2E75796] (Microsoft Corporation) C:\Windows\System32\Drivers\msahci.sys
2015-03-31 20:59 - 2010-11-20 08:33 - 000140672 ____A [DB801A638D011B9633829EB6F663C900] (Microsoft Corporation) C:\Windows\System32\Drivers\msdsm.sys
2009-07-13 18:19 - 2009-07-13 18:19 - 000026112 ____A [AA3FB40E17CE1388FA1BEDAB50EA8F96] (Microsoft Corporation) C:\Windows\System32\Drivers\msfs.sys
2016-09-29 16:50 - 2016-09-29 16:50 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_Kernel_ax88772_01009.Wdf
2015-07-25 20:58 - 2015-07-25 20:58 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_Kernel_wachidrouter_01009.Wdf
2016-05-11 08:36 - 2016-05-11 08:36 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2015-03-30 23:00 - 2015-03-30 23:00 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-07-03 17:39 - 2015-07-03 17:39 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-04-06 16:41 - 2012-11-28 17:56 - 000000003 ____A [933222B19FF3E7EA5F65517EA1F7D57E] () C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2015-04-06 19:09 - 2012-06-02 09:57 - 000000003 ____A [933222B19FF3E7EA5F65517EA1F7D57E] () C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2009-07-13 19:06 - 2009-07-13 19:06 - 000008192 ____A [F9D215A46A8B9753F61767FA72A20326] (Microsoft Corporation) C:\Windows\System32\Drivers\mshidkmdf.sys
2009-07-13 18:19 - 2009-07-13 20:48 - 000015424 ____A [D916874BBD4F8B07BFB7FA9B3CCAE29D] (Microsoft Corporation) C:\Windows\System32\Drivers\msisadrv.sys
2015-04-06 16:40 - 2014-02-03 21:35 - 000274880 ____A [96BB922A0981BC7432C8CF52B5410FE6] (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2009-07-13 19:00 - 2009-07-13 19:00 - 000011136 ____A [49CCF2C4FEA34FFAD8B1B59D49439366] (Microsoft Corporation) C:\Windows\System32\Drivers\mskssrv.sys
2009-07-13 19:00 - 2009-07-13 19:00 - 000007168 ____A [BDD71ACE35A232104DDD349EE70E1AB3] (Microsoft Corporation) C:\Windows\System32\Drivers\mspclock.sys
2009-07-13 19:00 - 2009-07-13 19:00 - 000006784 ____A [4ED981241DB27C3383D72092B618A1D0] (Microsoft Corporation) C:\Windows\System32\Drivers\mspqm.sys
2015-03-31 20:59 - 2010-11-20 08:33 - 000366976 ____A [759A9EEB0FA9ED79DA1FB7D4EF78866D] (Microsoft Corporation) C:\Windows\System32\Drivers\msrpc.sys
2009-07-13 18:31 - 2009-07-13 20:48 - 000032320 ____A [0EED230E37515A0EAEE3C2E1BC97B288] (Microsoft Corporation) C:\Windows\System32\Drivers\mssmbios.sys
2009-07-13 19:00 - 2009-07-13 19:00 - 000008064 ____A [2E66F9ECB30B4221A318C92AC2250779] (Microsoft Corporation) C:\Windows\System32\Drivers\mstee.sys
2009-07-13 19:02 - 2009-07-13 19:02 - 000015360 ____A [7EA404308934E675BFFDE8EDF0757BCD] (Microsoft Corporation) C:\Windows\System32\Drivers\MTConfig.sys
2009-07-13 18:23 - 2009-07-13 20:48 - 000060496 ____A [F9A18612FD3526FE473C1BDA678D61C8] (Microsoft Corporation) C:\Windows\System32\Drivers\mup.sys
2012-02-22 22:20 - 2012-02-22 22:20 - 000317744 ____A [7EAE8A7EE4955DC1439E6C93D5CC7EE4] (Marvell Semiconductor, Inc.) C:\Windows\System32\Drivers\mvs91xx.sys
2012-02-22 22:20 - 2012-02-22 22:20 - 000014128 ____A [42A925A12DD6EBABB22CCE0DE1032D84] (Marvell Semiconductor Inc.) C:\Windows\System32\Drivers\mvxxmm.sys
2017-08-12 17:06 - 2015-10-12 23:57 - 000950720 ____A [F7309F42555F8AAB7144A51A1F2585B0] (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2009-07-13 19:08 - 2009-07-13 19:08 - 000035328 ____A [9F9A1F53AAD7DA4D6FEF5BB73AB811AC] (Microsoft Corporation) C:\Windows\System32\Drivers\ndiscap.sys
2009-07-13 19:10 - 2009-07-13 19:10 - 000024064 ____A [30639C932D9FEF22B31268FE25A1B6E5] (Microsoft Corporation) C:\Windows\System32\Drivers\ndistapi.sys
2015-03-31 20:59 - 2010-11-20 05:50 - 000056832 ____A [136185F9FB2CC61E573E676AA5402356] (Microsoft Corporation) C:\Windows\System32\Drivers\ndisuio.sys
2015-03-31 20:59 - 2010-11-20 05:52 - 000164352 ____A [53F7305169863F0A2BDDC49E116C2E11] (Microsoft Corporation) C:\Windows\System32\Drivers\ndiswan.sys
2015-03-31 20:59 - 2010-11-20 05:52 - 000057856 ____A [015C0D8E0E0421B4CFD48CFFE2825879] (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2009-07-13 19:09 - 2009-07-13 19:09 - 000044544 ____A [86743D9F5D2B1048062B14B1D84501C4] (Microsoft Corporation) C:\Windows\System32\Drivers\netbios.sys
2017-08-12 17:08 - 2016-05-11 09:58 - 000262144 ____A [E47D571FEC2C76E867935109AB2A770C] (Microsoft Corporation) C:\Windows\System32\Drivers\netbt.sys
2017-08-12 17:19 - 2017-05-29 23:56 - 000377576 ____A [0A3848951C6C8922DD04CCC3808F2B83] (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2009-07-13 16:59 - 2009-07-13 20:48 - 000051264 ____A [77889813BE4D166CDAB78DDBA990DA92] (IBM Corporation) C:\Windows\System32\Drivers\nfrd960.sys
2017-04-05 19:15 - 2017-04-05 19:15 - 000035344 ____A [351533ACC2A069B94E80BBFC177E8FDF] (CACE Technologies, Inc.) C:\Windows\System32\Drivers\npf.sys
2009-07-13 18:19 - 2009-07-13 18:19 - 000044032 ____A [1E4C4AB5C9B8DD13179BBDC75A2A01F7] (Microsoft Corporation) C:\Windows\System32\Drivers\npfs.sys
2009-07-13 18:21 - 2009-07-13 18:21 - 000024576 ____A [E7F5AE18AF4168178A642A9247C63001] (Microsoft Corporation) C:\Windows\System32\Drivers\nsiproxy.sys
2017-08-12 17:19 - 2017-06-09 10:33 - 001680616 ____A [7FD5A7FB8F55254E9AF5666C653AF3CA] (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2009-07-13 18:19 - 2009-07-13 18:19 - 000006144 ____A [9899284589F75FA8724FF3D16AED75C1] (Microsoft Corporation) C:\Windows\System32\Drivers\null.sys
2009-07-13 18:38 - 2009-07-13 20:48 - 000122960 ____A [270D7CD42D6E3979F6DD0146650F0E05] (Microsoft Corporation) C:\Windows\System32\Drivers\NV_AGP.SYS
2018-01-28 08:51 - 2018-01-23 19:19 - 000226760 ____A [BF58D8D2DA50AF7A8E55567B7C73661A] (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2018-01-28 08:51 - 2018-01-23 19:19 - 017309584 ____A [DA4F89250A6BFC0AFD1A2B98ECBEE808] (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2015-05-11 22:00 - 2011-03-11 01:41 - 000148352 ____A [0A92CB65770442ED0DC44834632F66AD] (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2015-05-11 22:00 - 2011-03-11 01:41 - 000166272 ____A [DAB0E87525C10052BF65F06152F37E4A] (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2018-01-28 08:51 - 2018-01-23 19:19 - 000059240 ____A [036A8C30C662397A2D882D9AFF99089F] (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys
2017-12-10 00:01 - 2017-12-05 16:17 - 000057792 ____A [7ED39FCEB91F0F93897349A4748699EA] (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvhci.sys
2009-07-13 19:07 - 2009-07-13 19:07 - 000318976 ____A [1EA3749C4114DB3E3161156FFFFA6B33] (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys
2009-07-13 19:06 - 2009-07-13 19:06 - 000072832 ____A [3589478E4B22CE21B41FA1BFC0B8B8A0] (Microsoft Corporation) C:\Windows\System32\Drivers\ohci1394.sys
2015-03-31 20:59 - 2010-11-20 05:52 - 000131584 ____A [0557CF5A2556BD58E26384169D72438D] (Microsoft Corporation) C:\Windows\System32\Drivers\pacer.sys
2009-07-13 19:00 - 2009-07-13 19:00 - 000097280 ____A [0086431C29C35BE1DBC43F52CC273887] (Microsoft Corporation) C:\Windows\System32\Drivers\parport.sys
2015-04-06 16:40 - 2012-03-17 02:58 - 000075120 ____A [E9766131EEADE40A27DC27D2D68FBA9C] (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2015-03-31 20:59 - 2010-11-20 08:33 - 000184704 ____A [94575C0571D1462A0F70BDE6BD6EE6B3] (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys
2009-07-13 18:19 - 2009-07-13 20:45 - 000012352 ____A [B5B8B5EF2E5CB34DF8DCF8831E3534FA] (Microsoft Corporation) C:\Windows\System32\Drivers\pciide.sys
2009-07-13 18:19 - 2009-07-13 20:45 - 000048720 ____A [144497DAA145BA0F7BE896064146C058] (Microsoft Corporation) C:\Windows\System32\Drivers\pciidex.sys
2009-07-13 18:31 - 2009-07-13 20:45 - 000220752 ____A [B2E81D4E87CE48589F98CB8C05B01F2F] (Microsoft Corporation) C:\Windows\System32\Drivers\pcmcia.sys
2009-07-13 18:19 - 2009-07-13 20:45 - 000050768 ____A [D6B9C2E1A11A3A4B26A182FFEF18F603] (Microsoft Corporation) C:\Windows\System32\Drivers\pcw.sys
2017-08-12 17:19 - 2016-06-14 12:11 - 000663552 ____A [EA4D67448BE493D543F1730D6CD04694] (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2017-08-12 17:17 - 2015-12-08 13:12 - 000230400 ____A [647599CAE8CA0EF2FB09C4B150BC97FF] (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2009-07-13 18:19 - 2009-07-13 18:19 - 000060416 ____A [0D922E23C041EFB1C3FAC2A6F943C9BF] (Microsoft Corporation) C:\Windows\System32\Drivers\processr.sys
2009-06-10 15:37 - 2009-07-13 20:45 - 001524816 ____A [A53A15A11EBFD21077463EE2C7AFEEF0] (QLogic Corporation) C:\Windows\System32\Drivers\ql2300.sys
2009-07-13 16:59 - 2009-07-13 20:45 - 000128592 ____A [4F6D12B51DE1AAEFF7DC58C4D75423C8] (QLogic Corporation) C:\Windows\System32\Drivers\ql40xx.sys
2009-07-13 19:09 - 2009-07-13 19:09 - 000046592 ____A [76707BB36430888D9CE9D705398ADB6C] (Microsoft Corporation) C:\Windows\System32\Drivers\qwavedrv.sys
2009-07-13 19:10 - 2009-07-13 19:10 - 000014848 ____A [5A0DA8AD5762FA2D91678A8A01311704] (Microsoft Corporation) C:\Windows\System32\Drivers\rasacd.sys
2015-03-31 20:59 - 2010-11-20 05:52 - 000129536 ____A [471815800AE33E6F1C32FB1B97C490CA] (Microsoft Corporation) C:\Windows\System32\Drivers\rasl2tp.sys
2009-07-13 19:10 - 2009-07-13 19:10 - 000092672 ____A [855C9B1CD4756C5E9A2AA58A15F58C25] (Microsoft Corporation) C:\Windows\System32\Drivers\raspppoe.sys
2015-03-31 20:59 - 2010-11-20 05:52 - 000111104 ____A [F92A2C41117A11A00BE01CA01A7FCDE9] (Microsoft Corporation) C:\Windows\System32\Drivers\raspptp.sys
2009-07-13 19:10 - 2009-07-13 19:10 - 000083968 ____A [E8B1E447B008D07FF47D016C2B0EEECB] (Microsoft Corporation) C:\Windows\System32\Drivers\rassstp.sys
2015-03-31 20:59 - 2010-11-20 04:27 - 000309248 ____A [77F665941019A1594D887A74F301FA2F] (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2009-07-13 19:17 - 2009-07-13 19:17 - 000024064 ____A [302DA2A0539F2CF54D7C6CC30C1F2D8D] (Microsoft Corporation) C:\Windows\System32\Drivers\rdpbus.sys
2009-07-13 19:16 - 2009-07-13 19:16 - 000007680 ____A [CEA6CC257FC9B7715F1C2B4849286D24] (Microsoft Corporation) C:\Windows\System32\Drivers\RDPCDD.sys
2015-03-31 20:59 - 2010-11-20 06:06 - 000165888 ____A [1B6163C503398B23FF8B939C67747683] (Microsoft Corporation) C:\Windows\System32\Drivers\rdpdr.sys
2009-07-13 19:16 - 2009-07-13 19:16 - 000007680 ____A [BB5971A4F00659529A5C44831AF22365] (Microsoft Corporation) C:\Windows\System32\Drivers\RDPENCDD.sys
2009-07-13 19:16 - 2009-07-13 19:16 - 000008192 ____A [216F3FA57533D98E1F74DED70113177A] (Microsoft Corporation) C:\Windows\System32\Drivers\RDPREFMP.sys
2015-07-21 23:49 - 2015-06-11 12:15 - 000020992 ____A [065F79543D7999EC28B687F87E96B803] (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2015-04-06 16:38 - 2014-07-16 20:21 - 000212480 ____A [FE571E088C2D83619D2D48D4E961BF41] (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2015-03-31 20:59 - 2010-11-20 08:33 - 000213888 ____A [34ED295FA0121C241BFEF24764FC4520] (Microsoft Corporation) C:\Windows\System32\Drivers\rdyboost.sys
2017-08-12 17:08 - 2015-11-05 04:53 - 000146944 ____A [5BD6B1EC997FF3DD779D62E05D2079A8] (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys
2015-04-06 16:41 - 2012-07-04 15:26 - 000041472 ____A [0E01641D96889BDEB22DE12D30575B08] (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2009-07-13 19:10 - 2009-07-13 19:10 - 000011264 ____A [388D3DD1A6457280F3BADBA9F3ACD6B1] (Microsoft Corporation) C:\Windows\System32\Drivers\rootmdm.sys
2009-07-13 19:08 - 2009-07-13 19:08 - 000076800 ____A [DDC86E4F8E7456261E637E3552E804FF] (Microsoft Corporation) C:\Windows\System32\Drivers\rspndr.sys
2015-03-30 20:23 - 2011-09-29 04:30 - 000646248 ____A [7F4F11527AF5A7E4526CB6A146B3E40C] (Realtek ) C:\Windows\System32\Drivers\Rt64win7.sys
2014-12-11 14:15 - 2014-12-11 14:15 - 001489244 ____A [4D7640083EA0598B1D036B441B35F136] () C:\Windows\System32\Drivers\RTAIODAT.DAT
2014-12-11 14:15 - 2014-12-11 14:15 - 004351960 ____A [CC279B89A16615B8DD13422544F6B478] (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2014-12-11 14:15 - 2014-12-11 14:15 - 005804772 ____A [7D7FBC9504575D97885A858EA93684F5] () C:\Windows\System32\Drivers\rtvienna.dat
2015-03-31 20:59 - 2010-11-20 08:33 - 000103808 ____A [AC03AF3329579FFFB455AA2DAABBE22B] (Microsoft Corporation) C:\Windows\System32\Drivers\sbp2port.sys
2015-03-31 20:59 - 2010-11-20 05:09 - 000029696 ____A [253F38D0D7074C02FF8DEB9836C97D2B] (Microsoft Corporation) C:\Windows\System32\Drivers\scfilter.sys
2015-03-31 20:59 - 2010-11-20 08:33 - 000171392 ____A [1B1E264203D4EF9D3DA1987AD70355AB] (Microsoft Corporation) C:\Windows\System32\Drivers\scsiport.sys
2009-07-13 21:36 - 2009-06-10 15:37 - 000023040 ____A [3EA8A16169C26AFBEB544E0E48421186] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\System32\Drivers\secdrv.sys
2009-07-13 19:00 - 2009-07-13 19:00 - 000023552 ____A [CB624C0035412AF0DEBEC78C41F5CA1B] (Microsoft Corporation) C:\Windows\System32\Drivers\serenum.sys
2009-07-13 19:00 - 2009-07-13 19:00 - 000094208 ____A [C1D8E28B2C2ADFAEC4BA89E9FDA69BD6] (Brother Industries Ltd.) C:\Windows\System32\Drivers\serial.sys
2009-07-13 19:00 - 2009-07-13 19:00 - 000026624 ____A [1C545A7D0691CC4A027396535691C3E3] (Microsoft Corporation) C:\Windows\System32\Drivers\sermouse.sys
2009-07-13 19:01 - 2009-07-13 19:01 - 000014336 ____A [A554811BCD09279536440C964AE35BBF] (Microsoft Corporation) C:\Windows\System32\Drivers\sffdisk.sys
2009-07-13 19:01 - 2009-07-13 19:01 - 000013824 ____A [FF414F0BAEFEBA59BC6C04B3DB0B87BF] (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_mmc.sys
2015-03-31 20:59 - 2010-11-20 05:34 - 000014336 ____A [DD85B78243A19B59F0637DCF284DA63C] (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_sd.sys
2009-07-13 19:01 - 2009-07-13 19:01 - 000016896 ____A [A9D601643A1647211A1EE2EC4E433FF4] (Microsoft Corporation) C:\Windows\System32\Drivers\sfloppy.sys
2009-06-10 15:37 - 2009-07-13 20:45 - 000043584 ____A [843CAF1E5FDE1FFD5FF768F23A51E2E1] (Silicon Integrated Systems Corp.) C:\Windows\System32\Drivers\sisraid2.sys
2009-07-13 16:59 - 2009-07-13 20:45 - 000080464 ____A [6A6C106D42E9FFFF8B9FCB4F754F6DA4] (Silicon Integrated Systems) C:\Windows\System32\Drivers\sisraid4.sys
2008-08-14 05:48 - 2008-08-14 05:48 - 000024064 ____A [01ACB9228C303DE1FFF82B807D28B2B0] (Creative Technology Ltd.) C:\Windows\System32\Drivers\skfiltv.sys
2009-07-13 19:09 - 2009-07-13 19:09 - 000093184 ____A [548260A7B8654E024DC30BF8A7C5BAA4] (Microsoft Corporation) C:\Windows\System32\Drivers\smb.sys
2009-07-13 19:00 - 2009-07-13 19:00 - 000020992 ____A [A80348BA03E96C70852959655CA3E084] (Microsoft Corporation) C:\Windows\System32\Drivers\smclib.sys
2009-07-13 15:27 - 2009-07-13 20:45 - 000019008 ____A [B9E31E5CACDFE584F34F730A677803F9] (Microsoft Corporation) C:\Windows\System32\Drivers\spldr.sys
2009-06-10 15:48 - 2009-06-10 15:48 - 000426496 ____A [FFF95479C7AB1550F0750A5D01744211] (Microsoft Corporation) C:\Windows\System32\Drivers\spsys.sys
2017-08-12 17:19 - 2017-04-05 09:55 - 000460800 ____A [546C81F238F084A393EC54114741A0A8] (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2017-08-12 17:19 - 2017-04-05 09:55 - 000405504 ____A [431D2B06E8F93EAEC53E8FA37FCFF2F1] (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2017-08-12 17:19 - 2017-04-05 09:55 - 000168960 ____A [42EDAB3E3E8E25C7093674936C2DB4BD] (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2016-09-05 04:47 - 2016-09-05 04:47 - 000131712 ____A [9593475FBC857A05D93BFF4FA7323C2B] (Samsung Electronics Co., Ltd.) C:\Windows\System32\Drivers\ssudbus.sys
2016-09-05 04:47 - 2016-09-05 04:47 - 000165504 ____A [592FF34A2FD6C6351B8A3AA76B2C0A9E] (Samsung Electronics Co., Ltd.) C:\Windows\System32\Drivers\ssudmdm.sys
2009-07-13 16:59 - 2009-07-13 20:45 - 000024656 ____A [F3817967ED533D08327DC73BC4D5542A] (Promise Technology) C:\Windows\System32\Drivers\stexstor.sys
2015-04-06 16:40 - 2014-02-03 21:35 - 000190912 ____A [A3F0BC5897F9D3786A3CB695B163633A] (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2015-03-31 20:59 - 2010-11-20 08:34 - 000034688 ____A [D34E4943D5AC096C8EDEEBFD80D76E23] (Microsoft Corporation) C:\Windows\System32\Drivers\storvsc.sys
2015-06-11 16:56 - 2015-04-10 22:19 - 000069888 ____A [36E0DDD19038C92B7C7709BFA03F813F] (Microsoft Corporation) C:\Windows\System32\Drivers\stream.sys
2009-07-13 19:00 - 2009-07-13 20:45 - 000012496 ____A [D01EC09B6711A5F8E7E6564A4D0FBC90] (Microsoft Corporation) C:\Windows\System32\Drivers\swenum.sys
2009-07-13 19:01 - 2009-07-13 19:01 - 000029184 ____A [6E316C01CBA8B785FE495F5CC4F48C6F] (Microsoft Corporation) C:\Windows\System32\Drivers\tape.sys
2017-08-12 17:19 - 2017-05-29 23:56 - 001895656 ____A [7FB36A0A036ADDACE0A868E4A43C1C27] (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2017-08-12 17:17 - 2016-07-07 10:08 - 000046080 ____A [7FE5586314EE7D6AA8483264A089E5AF] (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2015-03-31 20:59 - 2010-11-20 04:22 - 000026624 ____A [6F020A220388ECA0AB6062DC27BD16B6] (Microsoft Corporation) C:\Windows\System32\Drivers\tdi.sys
2009-07-13 19:16 - 2009-07-13 19:16 - 000015872 ____A [3371D21011695B16333A3934340C4E7C] (Microsoft Corporation) C:\Windows\System32\Drivers\tdpipe.sys
2015-04-06 16:22 - 2012-02-16 23:57 - 000023552 ____A [51C5ECEB1CDEE2468A1748BE550CFBC8] (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2017-08-12 17:18 - 2017-07-29 09:56 - 000117248 ____A [4DD986720F7CB7A8A5D1226793097B9A] (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys
2015-03-31 20:59 - 2010-11-20 08:33 - 000063360 ____A [561E7E1F06895D78DE991E01DD0FB6E5] (Microsoft Corporation) C:\Windows\System32\Drivers\termdd.sys
2015-06-06 19:10 - 2015-06-06 19:10 - 000350160 ____A [B66EE1D68197DFB9AA24F961E68ACDCC] (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys
2015-04-06 16:38 - 2014-07-16 20:21 - 000039936 ____A [E232A3B43A894BB327FC161529BD9ED1] (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2015-03-31 20:59 - 2010-11-20 06:07 - 000059392 ____A [D11C783E3EF9A3C52C0EBE83CC5000E9] (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2015-03-31 20:59 - 2010-11-20 05:51 - 000125440 ____A [3566A8DAAFA27AF944F5D705EAA64894] (Microsoft Corporation) C:\Windows\System32\Drivers\tunnel.sys
2009-07-13 18:38 - 2009-07-13 20:45 - 000064080 ____A [B4DD609BD7E282BFC683CEC7EAAAAD67] (Microsoft Corporation) C:\Windows\System32\Drivers\UAGP35.SYS
2015-03-31 20:59 - 2010-11-20 04:26 - 000328192 ____A [FF4232A1A64012BAA1FD97C7B67DF593] (Microsoft Corporation) C:\Windows\System32\Drivers\udfs.sys
2009-07-13 18:38 - 2009-07-13 20:45 - 000064592 ____A [4BFE1BC28391222894CBF1E7D0E42320] (Microsoft Corporation) C:\Windows\System32\Drivers\ULIAGPKX.SYS
2015-03-31 20:59 - 2010-11-20 05:44 - 000048640 ____A [DC54A574663A895C8763AF0FA1FF7561] (Microsoft Corporation) C:\Windows\System32\Drivers\umbus.sys
2009-07-13 19:06 - 2009-07-13 19:06 - 000009728 ____A [B2E8E8CB557B156DA5493BBDDCC1474D] (Microsoft Corporation) C:\Windows\System32\Drivers\umpass.sys
2015-04-06 16:41 - 2013-02-11 23:12 - 000019968 ____A [92B3172E8C14C1444682F510843A9988] (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2015-04-06 16:41 - 2013-07-12 05:40 - 000109824 ____A [B0435098C81D04CAFFF80DDB746CD3A2] (Microsoft Corporation) C:\Windows\System32\Drivers\USBAUDIO.sys
2015-03-31 20:59 - 2010-11-20 05:44 - 000032896 ____A [292A8E03B3FCE04E39B5BE9B14132030] (Microsoft Corporation) C:\Windows\System32\Drivers\USBCAMD2.sys
2017-08-12 17:08 - 2016-08-16 15:40 - 000099840 ____A [28B81917A195B67617AF7DCF4DFE5736] (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2015-04-06 16:41 - 2013-07-12 05:41 - 000100864 ____A [80B0F7D5CCF86CEB5D402EAAF61FEC31] (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2017-08-12 17:08 - 2016-08-16 15:40 - 000007808 ____A [614A71B78C6807D95A30A89B5A69669A] (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2017-08-12 17:08 - 2016-08-16 15:40 - 000056320 ____A [B626F048318DAE65A3317F0592BE592C] (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2018-02-12 16:59 - 2018-02-12 16:58 - 000058536 ____A [504901430B6E03B99EBB6BF26E0868C6] (Advanced Micro Devices) C:\Windows\System32\Drivers\usbfilter.sys
2017-08-12 17:08 - 2016-08-16 15:40 - 000343552 ____A [390109E8E05BA00375DCB1ED64DC60AF] (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2017-08-12 17:08 - 2016-08-16 15:40 - 000025600 ____A [B4DF0F4C1D9D25DFE1DAD1D8670F1D4F] (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2017-08-12 17:08 - 2016-08-16 15:40 - 000327168 ____A [43F6BED028FA27D3F3CE852EDBBE0F81] (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2009-07-13 19:38 - 2009-07-13 19:38 - 000025088 ____A [73188F58FB384E75C4063D29413CEE3D] (Microsoft Corporation) C:\Windows\System32\Drivers\usbprint.sys
2015-03-31 20:59 - 2010-11-20 06:37 - 000031744 ____A [C3EC945DEC43C00E2AD4C98DDDD064C7] (Microsoft Corporation) C:\Windows\System32\Drivers\usbrpm.sys
2015-04-06 16:41 - 2013-07-02 23:40 - 000042496 ____A [9661DA76B4531B2DA272ECCE25A8AF24] (Microsoft Corporation) C:\Windows\System32\Drivers\usbscan.sys
2017-08-12 17:08 - 2016-02-03 13:07 - 000091648 ____A [D029DD09E22EB24318A8FC3D8138BA43] (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2017-08-12 17:08 - 2016-08-16 15:40 - 000030720 ____A [CFEAAF96E666E3DCBD8F6DFF516784AE] (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2009-07-13 19:01 - 2009-07-13 20:45 - 000036432 ____A [C5C876CCFC083FF3B128F933823E87BD] (Microsoft Corporation) C:\Windows\System32\Drivers\vdrvroot.sys
2009-07-13 18:38 - 2009-07-13 18:38 - 000029184 ____A [53E92A310193CB3C03BEA963DE7D9CFC] (Microsoft Corporation) C:\Windows\System32\Drivers\vga.sys
2009-07-13 18:38 - 2009-07-13 18:38 - 000029184 ____A [DA4DA3F5E02943C2DC8C6ED875DE68DD] (Microsoft Corporation) C:\Windows\System32\Drivers\vgapnp.sys
2015-03-31 20:59 - 2010-11-20 08:34 - 000215936 ____A [2CE2DF28C83AEAF30084E1B1EB253CBB] (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys
2009-07-13 18:19 - 2009-07-13 20:45 - 000017488 ____A [E5689D93FFE4E5D66C0178761240DD54] (VIA Technologies, Inc.) C:\Windows\System32\Drivers\viaide.sys
2009-07-13 18:38 - 2009-07-13 18:38 - 000129024 ____A [E7353D59C9842BC7299FAEB7E7E09340] (Microsoft Corporation) C:\Windows\System32\Drivers\videoprt.sys
2015-03-31 20:59 - 2010-11-20 08:34 - 000199552 ____A [86EA3E79AE350FEA5331A1303054005F] (Microsoft Corporation) C:\Windows\System32\Drivers\vmbus.sys
2015-03-31 20:59 - 2010-11-20 04:57 - 000021760 ____A [7DE90B48F210D29649380545DB45A187] (Microsoft Corporation) C:\Windows\System32\Drivers\VMBusHID.sys
2015-03-31 20:59 - 2010-11-20 04:57 - 000006656 ____A [E60C0A09F997826C7627B244195AB581] (Microsoft Corporation) C:\Windows\System32\Drivers\vms3cap.sys
2015-03-31 20:59 - 2010-11-20 08:34 - 000046464 ____A [7785DC213270D2FC066538DAF94087E7] (Microsoft Corporation) C:\Windows\System32\Drivers\vmstorfl.sys
2015-03-31 20:59 - 2010-11-20 08:34 - 000071552 ____A [D2AAFD421940F640B407AEFAAEBD91B0] (Microsoft Corporation) C:\Windows\System32\Drivers\volmgr.sys
2017-08-12 17:18 - 2017-07-07 10:33 - 000363752 ____A [85C5468BC395819AE2A0C747334BA14C] (Microsoft Corporation) C:\Windows\System32\Drivers\volmgrx.sys
2015-03-31 20:59 - 2010-11-20 08:34 - 000295808 ____A [0D08D2F3B3FF84E433346669B5E0F639] (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2009-06-10 15:37 - 2009-07-13 20:45 - 000161872 ____A [5E2016EA6EBACA03C04FEAC5F330D997] (VIA Technologies Inc.,Ltd) C:\Windows\System32\Drivers\vsmraid.sys
2009-07-13 19:07 - 2009-07-13 19:07 - 000024576 ____A [36D4720B72B5C5D9CB2B9C29E9DF67A1] (Microsoft Corporation) C:\Windows\System32\Drivers\vwifibus.sys
2009-07-13 19:07 - 2009-07-13 19:07 - 000059904 ____A [6A3D66263414FF0D6FA754C646612F3F] (Microsoft Corporation) C:\Windows\System32\Drivers\vwififlt.sys
2009-07-13 19:07 - 2009-07-13 19:07 - 000017920 ____A [6A638FC4BFDDC4D9B186C28C91BD1A01] (Microsoft Corporation) C:\Windows\System32\Drivers\vwifimp.sys
2015-07-25 20:57 - 2012-10-12 02:20 - 000081312 ____A [2F4B66BAB9F4C9D0FF4FCAA6D8888991] (Wacom Technology) C:\Windows\System32\Drivers\wachidrouter.sys
2009-07-13 19:02 - 2009-07-13 19:02 - 000027776 ____A [4E9440F4F152A7B944CB1663D3935A3E] (Microsoft Corporation) C:\Windows\System32\Drivers\wacompen.sys
2015-07-25 20:58 - 2012-10-12 02:54 - 000015776 ____A [366669F53F8CAF96AF9264EF9BC95084] (Wacom Technology) C:\Windows\System32\Drivers\wacomrouterfilter.sys
2015-03-31 20:59 - 2010-11-20 05:52 - 000088576 ____A [356AFD78A6ED4457169241AC3965230C] (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2009-07-13 18:37 - 2009-07-13 18:37 - 000042496 ____A [FC438D1430B28618E2D0C7C332A710AD] (Microsoft Corporation) C:\Windows\System32\Drivers\watchdog.sys
2009-07-13 18:19 - 2009-07-13 20:45 - 000021056 ____A [72889E16FF12BA0F235467D6091B17DC] (Microsoft Corporation) C:\Windows\System32\Drivers\wd.sys
2015-04-30 00:01 - 2015-04-30 00:01 - 000023200 ____A [D0335A55E5C3F812548E18300C2ACB62] (Western Digital Technologies) C:\Windows\System32\Drivers\wdcsam64.sys
2016-08-05 10:34 - 2016-08-05 10:34 - 000023200 ____A [CC46CB1B492D69A5EF554F807DA01729] (Western Digital Technologies) C:\Windows\System32\Drivers\wdcsam64_prewin8.sys
2015-04-06 16:41 - 2013-06-25 17:55 - 000785624 ____A [E2C933EDBC389386EBE6D2BA953F43D8] (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2015-04-06 16:41 - 2012-11-28 17:56 - 000054376 ____A [AEA0A67275CFBA0E463E00C6E9A1DDAE] (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2009-07-13 19:09 - 2009-07-13 19:09 - 000012800 ____A [611B23304BF067451A9FDEE01FBDD725] (Microsoft Corporation) C:\Windows\System32\Drivers\wfplwf.sys
2009-07-13 18:29 - 2009-07-13 20:45 - 000022096 ____A [05ECAEC3E4529A7153B3136CEB49F0EC] (Microsoft Corporation) C:\Windows\System32\Drivers\wimmount.sys
2015-03-31 20:59 - 2010-11-20 08:33 - 000052096 ____A [B4A1002206F6810EABC027DBBCE3B737] (Microsoft Corporation) C:\Windows\System32\Drivers\winhv.sys
2015-03-31 20:59 - 2010-11-20 05:43 - 000041984 ____A [FE88B288356E7B47B74B13372ADD906D] (Microsoft Corporation) C:\Windows\System32\Drivers\winusb.sys
2009-07-13 18:31 - 2009-07-13 18:31 - 000014336 ____A [F6FF8944478594D0E414D3F048F0D778] (Microsoft Corporation) C:\Windows\System32\Drivers\wmiacpi.sys
2009-07-13 18:19 - 2009-07-13 20:45 - 000016464 ____A [FC146F46872D4C5B529B89A5131FD1E6] (Microsoft Corporation) C:\Windows\System32\Drivers\wmilib.sys
2009-07-13 19:10 - 2009-07-13 19:10 - 000021504 ____A [6BCC1D7D2FD2453957C5479A32364E52] (Microsoft Corporation) C:\Windows\System32\Drivers\ws2ifsl.sys
2015-04-06 19:09 - 2012-07-25 21:26 - 000087040 ____A [AB886378EEB55C6C75B4F2D14B6C869F] (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2015-04-06 19:09 - 2012-07-25 21:26 - 000198656 ____A [DDA4CAF29D8C0A297F886BFE561E6659] (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2015-06-06 18:10 - 2015-06-06 18:10 - 000107872 ____A [D4A10447FDAFF7A001715191C1F914B6] (Zemana Ltd.) C:\Windows\System32\Drivers\zam64.sys
2015-06-06 18:10 - 2015-06-06 18:10 - 000107872 ____A [D4A10447FDAFF7A001715191C1F914B6] (Zemana Ltd.) C:\Windows\System32\Drivers\zamguard64.sys
2009-07-14 00:37 - 2017-08-13 07:02 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\en-US
2009-07-14 00:35 - 2009-07-13 21:29 - 000011776 ____A [54DB21D20958E3D690BCC9F85E760354] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\1394ohci.sys.mui
2009-07-14 00:35 - 2009-07-13 21:23 - 000009216 ____A [32022C811A44B86FF45D20ACAB6D9BF6] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\acpi.sys.mui
2009-07-14 00:35 - 2009-07-13 21:30 - 000014848 ____A [E6A5E6AD9C6F4F30061068F321C0EC5A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\afd.sys.mui
2009-07-14 00:35 - 2009-07-13 21:25 - 000002560 ____A [112E5E0E93886F5F4662F8AB16A41953] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\AGP440.sys.mui
2009-07-14 00:35 - 2009-07-13 21:25 - 000002048 ____A [431EEF89634DC46CCADD489A5E242D96] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\amdide.sys.mui
2009-07-14 00:35 - 2009-07-13 21:28 - 000014336 ____A [5A407CCC623EF4748FCFD65D8BF36E53] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\amdk8.sys.mui
2009-07-14 00:35 - 2009-07-13 21:28 - 000014336 ____A [02EF6091D3B2E3DD52148D69B084CC6A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\amdppm.sys.mui
2009-07-14 00:35 - 2009-07-13 21:29 - 000003072 ____A [0AB55BC2F5C3B1F6DD41C4A8F2C598AE] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ataport.sys.mui
2009-07-14 00:35 - 2009-07-13 21:29 - 000003072 ____A [2990593CBE18904D5EC0D8D012F56BE0] (ATI Technologies Inc.) C:\Windows\System32\Drivers\en-US\atikmdag.sys.mui
2009-07-14 00:35 - 2009-07-13 21:27 - 000007168 ____A [39C77D306B5BC4EE5B84F257BD8C11D4] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\battc.sys.mui
2009-07-14 00:35 - 2009-07-13 21:30 - 000025600 ____A [D33E31F95C553085F8F008269716AE3C] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bfe.dll.mui
2009-07-14 00:35 - 2009-07-13 21:28 - 000002560 ____A [19772EAF65F4DC67D258A0204BDF53BB] (Brother Industries Ltd.) C:\Windows\System32\Drivers\en-US\BrParwdm.sys.mui
2009-07-14 00:35 - 2009-07-13 21:25 - 000010240 ____A [E2D40298D837850BE3D3ED553D557916] (Brother Industries Ltd.) C:\Windows\System32\Drivers\en-US\BrSerIb.sys.mui
2009-07-14 00:35 - 2009-07-13 21:30 - 000010240 ____A [FFFAE2F485EE4846D3926D8143DC52D0] (Brother Industries Ltd.) C:\Windows\System32\Drivers\en-US\BrSerId.sys.mui
2009-07-14 00:35 - 2009-07-13 21:30 - 000002048 ____A [996AD950DC5511CAC3E23887F36D00CE] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bthenum.sys.mui
2009-07-14 00:35 - 2009-07-13 21:27 - 000004608 ____A [9F6C0ED8C73E45B8B39E93C4F19EC51D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bthpan.sys.mui
2009-07-14 00:35 - 2009-07-13 21:27 - 000007680 ____A [E811F270074C90EFFB62E26419C5A478] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bthport.sys.mui
2009-07-14 00:35 - 2009-07-13 21:30 - 000002560 ____A [427AFD042BF91F651AAAF2F8333946D3] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\BTHUSB.SYS.mui
2009-07-14 00:35 - 2009-07-13 21:29 - 000002048 ____A [E4AD0963F2B4C256C9B752809FF5A17D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\cdrom.sys.mui
2009-07-14 00:35 - 2009-07-13 21:29 - 000002048 ____A [E113E3358247C4399ACAA9394A13CAC1] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\disk.sys.mui
2009-07-14 00:35 - 2009-07-13 21:28 - 000002560 ____A [4DF602FA4237A02CFBA5443807ACE756] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\Dot4usb.sys.mui
2009-07-14 00:35 - 2009-07-13 21:23 - 000005120 ____A [9F29D656CAA5CB37DC988FC1B0899728] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\fltmgr.sys.mui
2009-07-14 00:35 - 2009-07-13 21:30 - 000014336 ____A [F376F1DB8D6B5C7D4AACA77016547269] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\fvevol.sys.mui
2009-07-14 00:35 - 2009-07-13 21:29 - 000002560 ____A [F800E677010DCCC1D1F3DD80C1208ADD] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\GAGP30KX.SYS.mui
2009-07-14 00:35 - 2009-07-13 21:28 - 000004096 ____A [CF9ED88D2707FB6175D56A8EEF56AE2A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\hdaudbus.sys.mui
2009-07-14 00:35 - 2009-07-13 21:30 - 000003072 ____A [C9AFAE18805C92774E55D85C34687D98] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\HdAudio.sys.mui
2009-07-14 00:35 - 2009-07-13 21:24 - 000003072 ____A [6289F615503FABB5721E885F76C21094] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\hidbth.sys.mui
2009-07-14 00:35 - 2009-07-13 21:30 - 000032256 ____A [E7385B794486432C74CA8CBEAE1E957C] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\http.sys.mui
2009-07-14 00:35 - 2009-07-13 21:29 - 000010240 ____A [7932917F9F40083310D3C597CA89138A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\i8042prt.sys.mui
2009-07-14 00:35 - 2009-07-13 21:28 - 000014336 ____A [A9DAE67F67C8736EAB89BE629A100134] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\intelppm.sys.mui
2015-03-31 20:59 - 2010-11-20 08:11 - 000006144 ____A [32E82AD8C30775AF16F8FCB6B233768E] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\IPMIDrv.sys.mui
2009-07-14 00:35 - 2009-07-13 21:23 - 000003584 ____A [13121C32919056A572109E59591E3DD1] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ipnat.sys.mui
2009-07-14 00:35 - 2009-07-13 21:30 - 000003584 ____A [095EE8818E7CFEEFCA144737D5EE7EC5] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\isapnp.sys.mui
2015-03-31 20:59 - 2010-11-20 08:10 - 000004608 ____A [07E46CC39BDC4296D798560E248C4C8F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\kbdclass.sys.mui
2009-07-14 00:35 - 2009-07-13 21:24 - 000002560 ____A [7776875C8810B7995B7F8935A73C5675] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\kbdhid.sys.mui
2009-07-14 00:35 - 2009-07-13 21:29 - 000006144 ____A [09654F384E8F48403AFEED23EC29D98A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\luafv.sys.mui
2009-07-14 00:35 - 2009-07-13 21:28 - 000003584 ____A [B9D5D5C08D86E45933607821949F64A3] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\modem.sys.mui
2009-07-14 00:35 - 2009-07-13 21:26 - 000004096 ____A [586AF4C75447643EA998E7AFE717F6B3] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mouclass.sys.mui
2009-07-14 00:35 - 2009-07-13 21:24 - 000002560 ____A [A15D1C07F7CF3AF5F8595187D7B2D7BA] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mouhid.sys.mui
2017-08-12 17:18 - 2015-07-15 13:02 - 000002560 ____A [DCB0BF8BEDF446B36EE1A77C0D86F31F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mountmgr.sys.mui
2009-07-14 00:35 - 2009-07-13 21:27 - 000026624 ____A [5824985855E951FD7081EDA73014159F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mpio.sys.mui
2009-07-14 00:35 - 2009-07-13 21:29 - 000005632 ____A [21DDE99325EE591D56E838F65372FCDC] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\msdsm.sys.mui
2009-07-14 00:35 - 2009-07-13 21:24 - 000003072 ____A [21AD775A1C84C086E630D3C8BEE807FF] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mssmbios.sys.mui
2009-07-14 00:35 - 2009-07-13 21:27 - 000002560 ____A [CD483881C9EEAA0A092BADB0E9E31D44] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\MTConfig.sys.mui
2009-07-14 00:35 - 2009-07-13 21:29 - 000035328 ____A [C3DB52AAA8F7FBE7BB48BBE1552FD9D4] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ndis.sys.mui
2009-07-14 00:35 - 2009-07-13 21:29 - 000005632 ____A [0E5C3B2A88938BFA39A3660525EED627] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ndiscap.sys.mui
2009-07-14 00:35 - 2009-07-13 21:23 - 000003072 ____A [82364E6C73DE7B0D9A14ED696663691D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ndisuio.sys.mui
2009-07-14 00:35 - 2009-07-13 21:26 - 000059904 ____A [826CC149F7AE403090D8EE13421907D3] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ntfs.sys.mui
2009-07-14 00:35 - 2009-07-13 21:24 - 000002560 ____A [402C5F373E3348172A21E2C4E47FE9A5] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\NV_AGP.SYS.mui
2009-07-14 00:35 - 2009-07-13 21:23 - 000013824 ____A [4A911620A8D4A92B4829088313262C65] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\nwifi.sys.mui
2009-07-14 00:35 - 2009-07-13 21:29 - 000011776 ____A [FCF1928FC42F3FF495AABBF531925912] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ohci1394.sys.mui
2009-07-14 00:35 - 2009-07-13 21:25 - 000015360 ____A [FE8EE46359CCA5797116E999AC9027E8] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pacer.sys.mui
2009-07-14 00:35 - 2009-07-13 21:29 - 000003584 ____A [1897DD879E564636B62C7438BEDD7ED8] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\parport.sys.mui
2009-07-14 00:35 - 2009-07-13 21:29 - 000002560 ____A [5B7B4A639557BCCBF6CFB19D01CED6F6] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\partmgr.sys.mui
2009-07-14 00:35 - 2009-07-13 21:29 - 000008192 ____A [852A0E7E335D7403456C5493C3602DFA] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pci.sys.mui
2009-07-14 00:35 - 2009-07-13 21:28 - 000004096 ____A [C4179FB59F7C58207724DD200A50A623] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pcmcia.sys.mui
2009-07-14 00:35 - 2009-07-13 21:26 - 000002560 ____A [A32BF5D2ABCE0A52AC08759883100FA1] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pnpmem.sys.mui
2009-07-14 00:35 - 2009-07-13 21:23 - 000003584 ____A [FD3DC59E253F1588CFDC984A08D5AB06] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\portcls.sys.mui
2009-07-14 00:35 - 2009-07-13 21:29 - 000014336 ____A [12EE9100FC4EE882DC9D807518EA456F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\processr.sys.mui
2009-07-14 00:35 - 2009-07-13 21:30 - 000003584 ____A [9AE150B07FBB235F7DD98B016B728245] (SCM Microsystems, Inc.) C:\Windows\System32\Drivers\en-US\pscr.sys.mui
2009-07-14 00:35 - 2009-07-13 21:24 - 000002560 ____A [EBF10A20E41E54D35E24BB1477B3790A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\qwavedrv.sys.mui
2009-07-14 00:35 - 2009-07-13 21:25 - 000004608 ____A [836EC1DA853C3CC5AFA72FF1C56FECC1] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rdbss.sys.mui
2015-03-31 20:59 - 2010-11-20 08:01 - 000002560 ____A [6289416B950764322B45E9C55A5645B4] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rdpwd.sys.mui
2015-03-31 20:59 - 2010-11-20 08:13 - 000006144 ____A [D5ACC340A830BE7A51DE61F5A84B3AA3] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rdvgkmd.sys.mui
2009-07-14 00:35 - 2009-07-13 21:28 - 000003072 ____A [0A86155D9CF13C36C1C11097895B7D23] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\RNDISMP.sys.mui
2009-07-14 00:35 - 2009-07-13 21:25 - 000003072 ____A [69A5BEFB6D15DB21FEA9ACC7E514B29E] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rndismp6.sys.mui
2009-07-14 00:35 - 2009-07-13 21:28 - 000003072 ____A [0A86155D9CF13C36C1C11097895B7D23] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rndismpx.sys.mui
2009-07-14 00:35 - 2009-07-13 21:30 - 000002560 ____A [68A170329824FD91839D15DA6CB616C8] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\scfilter.sys.mui
2009-07-14 00:35 - 2009-07-13 21:24 - 000003072 ____A [67BDCDBBB8FB81865DCDB07142471C81] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\scsiport.sys.mui
2009-07-14 00:35 - 2009-07-13 21:30 - 000010240 ____A [28FDCD5276E588B1C82E8390C331A672] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\serial.sys.mui
2009-07-14 00:35 - 2009-07-13 21:29 - 000005120 ____A [EC3DB882F53F67457701F2674E16A255] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\sermouse.sys.mui
2009-07-14 00:35 - 2009-07-13 21:26 - 000002560 ____A [531E4F70FCD5D5A278EAB6E2D1849847] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\serscan.sys.mui
2009-07-14 00:35 - 2009-07-13 21:25 - 000002560 ____A [8B900D6E6253E72975747D40F0B4CE4D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\srv.sys.mui
2009-07-14 00:35 - 2009-07-13 21:28 - 000044032 ____A [147A70680DFE10726938C932C529C500] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tcpip.sys.mui
2009-07-14 00:35 - 2009-07-13 21:29 - 000004096 ____A [3D6B1FE4ABBF448D3A51075B7291E4BD] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tpm.sys.mui
2015-03-31 20:59 - 2010-11-20 07:57 - 000003072 ____A [21F72D8267B7CADE3A734212E5B6B8B4] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tsusbflt.sys.mui
2015-03-31 20:59 - 2010-11-20 08:11 - 000004096 ____A [E3E1BC6EF907645E1AFD3E4E287C37BB] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tsusbhub.sys.mui
2009-07-14 00:35 - 2009-07-13 21:24 - 000007680 ____A [00D0ADEB9470F4E73C675F4271579AEE] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tunnel.sys.mui
2009-07-14 00:35 - 2009-07-13 21:24 - 000002560 ____A [258EE691A306B61FD78F6EA2AE68EC4D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\UAGP35.SYS.mui
2009-07-14 00:35 - 2009-07-13 21:23 - 000002560 ____A [0603331E5CCDC80476C869C22AB49CEC] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ULIAGPKX.SYS.mui
2009-07-14 00:35 - 2009-07-13 21:29 - 000003072 ____A [B1EF6396D59394A839242635B193C19D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\umbus.sys.mui
2017-08-12 17:08 - 2016-08-16 16:03 - 000003072 ____A [1C6483E6D529CBE8F0B5139F8E25F531] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbehci.sys.mui
2017-08-12 17:08 - 2016-08-16 16:03 - 000011776 ____A [0014F46198699E0755D24D78F27CA4E7] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbhub.sys.mui
2017-08-12 17:08 - 2016-08-16 16:03 - 000024576 ____A [28128F7C040AA9C0DB2A2494D460DFA1] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbport.sys.mui
2009-07-14 00:35 - 2009-07-13 21:24 - 000002048 ____A [A477495EDAB1FC652C3E7F48D9879E61] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbrpm.sys.mui
2009-07-14 00:35 - 2009-07-13 21:26 - 000003584 ____A [B6CBD22F79E099E7B9C7AD30B0EB3E33] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\vdrvroot.sys.mui
2009-07-14 00:35 - 2009-07-13 21:29 - 000003584 ____A [9EA0366724437C0448BC242C90D073BF] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\vhdmp.sys.mui
2009-07-14 00:35 - 2009-07-13 21:23 - 000002560 ____A [8B43588430EBA0E1C4C6B2909B3FA616] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\volmgrx.sys.mui
2009-07-14 00:35 - 2009-07-13 21:28 - 000023552 ____A [308E04CFA8407B0C7099C9D40BC19023] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\volsnap.sys.mui
2009-07-14 00:35 - 2009-07-13 21:29 - 000002048 ____A [AC0CDAA74A6DF9FA99D39BA5E3E32852] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\vwifibus.sys.mui
2009-07-14 00:35 - 2009-07-13 21:27 - 000004096 ____A [4820660F8636CA590F6DDE44037C240A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wacompen.sys.mui
2009-07-14 00:35 - 2009-07-13 21:26 - 000002048 ____A [29F6CD4D49286520658A9F8257DB95ED] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wd.sys.mui
2015-04-06 17:47 - 2012-07-25 23:47 - 000002560 ____A [986A09DC5E1645ED4733065547DCC5DD] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wdf01000.sys.mui
2009-07-14 00:35 - 2009-07-13 21:29 - 000002048 ____A [FA13EB401D8A26D185C6D0B2AA1427E5] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ws2ifsl.sys.mui
2009-07-13 22:20 - 2018-01-28 10:36 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\etc
2009-07-13 21:34 - 2017-01-31 16:47 - 000002917 ____A [3D7C14963253656C3D5F9F4EA3B44AD4] () C:\Windows\System32\Drivers\etc\hosts
2009-07-13 21:35 - 2009-06-10 16:00 - 000003683 ____A [18413B90E1B291EC3E777A845C37CFEE] () C:\Windows\System32\Drivers\etc\lmhosts.sam
2009-07-13 21:34 - 2009-06-10 16:00 - 000000407 ____A [B65A1232FB4B35827CE7C5E2F8EC8947] () C:\Windows\System32\Drivers\etc\networks
2009-07-13 21:34 - 2009-06-10 16:00 - 000001358 ____A [7700D22FA108234E623D65FA72D9E29C] () C:\Windows\System32\Drivers\etc\protocol
2009-07-13 21:34 - 2009-06-10 16:00 - 000017463 ____A [D9E1A01B480D961B7CF0509D597A92D6] () C:\Windows\System32\Drivers\etc\services
2018-01-28 08:53 - 2018-01-28 08:53 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\NVIDIA Corporation
2018-01-28 08:53 - 2018-01-28 08:53 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\NVIDIA Corporation\Drs
2018-01-28 08:51 - 2018-01-23 19:19 - 000464880 ____A [3A55320C16933B988F851CBC55B1FE3F] (NVIDIA Corporation) C:\Windows\System32\Drivers\NVIDIA Corporation\Drs\dbInstaller.exe
2018-01-28 08:51 - 2018-01-23 19:19 - 001473020 ____A [F146037EF9BFBBABC5647B3F8882025E] () C:\Windows\System32\Drivers\NVIDIA Corporation\Drs\nvdrsdb.bin
2009-07-13 22:20 - 2015-07-22 01:05 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF
2015-03-31 20:59 - 2010-11-20 08:27 - 000109056 ____A [8F1E572C5DF084ECD65C3CBCD720534C] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\usbdr.dll
2009-07-13 19:21 - 2009-07-13 20:41 - 000299520 ____A [91D6F0AB79AA36FFB932157865206F35] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\WpdFs.dll
2009-07-13 19:22 - 2015-01-28 22:19 - 001195008 ____A [E506DF49926F3086124F629D3352976E] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\WpdMtpDr.dll
2009-07-14 00:37 - 2009-07-14 00:37 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\UMDF\en-US
2009-07-14 00:35 - 2009-07-13 21:24 - 000002560 ____A [5D15B0705E707F02D71B9547007D2727] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\WpdMtpDr.dll.mui
2009-07-14 00:35 - 2009-07-13 21:26 - 000006144 ____A [930D103D5C3BE0F6074C67C0F3296602] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\WUDFUsbccidDriver.dll.mui
 
====== End of Folder: ======
 
 
========= Reg query "HKLM\SYSTEM\Select" =========
 
 
HKEY_LOCAL_MACHINE\SYSTEM\Select
    Current    REG_DWORD    0x1
    Default    REG_DWORD    0x1
    Failed    REG_DWORD    0x0
    LastKnownGood    REG_DWORD    0x2
 
 
 
========= End of Reg: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= RemoveProxy: =========
 
"HKU\S-1-5-21-3833649738-2791359992-3759682749-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3833649738-2791359992-3759682749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3833649738-2791359992-3759682749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 2757012 B
Java, Flash, Steam htmlcache => 376071290 B
Windows/system/drivers => 317692 B
Edge => 0 B
Chrome => 0 B
Firefox => 12409595 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33125 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83519 B
systemprofile32 => 70054 B
LocalService => 66228 B
NetworkService => 66228 B
Gemini IV => 17799600 B
 
RecycleBin => 0 B
EmptyTemp: => 398.7 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 20:19:53 ====


# AdwCleaner 7.0.8.0 - Logfile created on Thu Feb 22 01:25:49 2018
# Updated on 2018/08/02 by Malwarebytes 
# Database: 02-21-2018.1
# Running on Windows 7 Ultimate (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C1].txt - [2652 B] - [2016/7/1 16:54:10]
C:/AdwCleaner/AdwCleaner[S0].txt - [898 B] - [2015/4/15 2:6:58]
C:/AdwCleaner/AdwCleaner[S10].txt - [3491 B] - [2016/8/20 1:38:26]
C:/AdwCleaner/AdwCleaner[S11].txt - [3509 B] - [2016/11/15 15:21:7]
C:/AdwCleaner/AdwCleaner[S12].txt - [1823 B] - [2018/1/27 0:7:24]
C:/AdwCleaner/AdwCleaner[S13].txt - [1890 B] - [2018/1/27 0:11:2]
C:/AdwCleaner/AdwCleaner[S14].txt - [1957 B] - [2018/2/5 7:54:6]
C:/AdwCleaner/AdwCleaner[S15].txt - [2560 B] - [2018/1/28 14:6:54]
C:/AdwCleaner/AdwCleaner[S16].txt - [2091 B] - [2018/2/12 23:34:1]
C:/AdwCleaner/AdwCleaner[S17].txt - [2159 B] - [2018/2/21 16:16:12]
C:/AdwCleaner/AdwCleaner[S1].txt - [4152 B] - [2015/5/5 20:53:58]
C:/AdwCleaner/AdwCleaner[S2].txt - [4131 B] - [2015/5/9 13:54:58]
C:/AdwCleaner/AdwCleaner[S3].txt - [1255 B] - [2015/5/18 4:31:57]
C:/AdwCleaner/AdwCleaner[S4].txt - [1455 B] - [2015/6/5 19:52:23]
C:/AdwCleaner/AdwCleaner[S5].txt - [1536 B] - [2015/6/13 5:36:54]
C:/AdwCleaner/AdwCleaner[S6].txt - [1654 B] - [2015/6/17 15:0:19]
C:/AdwCleaner/AdwCleaner[S7].txt - [2202 B] - [2015/8/28 3:2:30]
C:/AdwCleaner/AdwCleaner[S8].txt - [2206 B] - [2015/10/30 15:10:55]
C:/AdwCleaner/AdwCleaner[S9].txt - [2496 B] - [2015/11/19 5:23:32]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S18].txt ##########


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:18 PM

Posted 21 February 2018 - 10:31 PM

That looks clear. How is the computer doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 sh4rkbyt31

sh4rkbyt31
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 22 February 2018 - 01:33 PM

First let me thank you for your help MSG, it is HIGHLY appreciated!

After about an hour or so of use using Lightroom to work on some photos, the program completely shut down for no reason. Didn't restart just simply stopped and shut down faster than normally, no warning, no nothing just boom, off. 
Normally it takes a while for it to shutdown, close up, etc.

 



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:18 PM

Posted 22 February 2018 - 03:09 PM

Lets check the even viewer. Sometimes the event is recorded.
  • Please download the Event Viewer Tool by Vino Rosso VEW and save it to your Desktop:
  • Right-click VEW.exe and select Run as Administrator.
  • Under 'Select log to query', select
    • Application
  • Under 'Select type to list', select
    • Error
  • Click the radio button for 'Number of events'
  • Type 20 in the 1 to 20 box
  • Then click the Run button.
  • Notepad will open with the output log.
Please post the Output log in your next reply

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 sh4rkbyt31

sh4rkbyt31
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 23 February 2018 - 02:28 PM

Report run at 23/02/2018 2:28:23 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 22/02/2018 6:32:17 PM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Log: 'Application' Date/Time: 22/02/2018 6:32:17 PM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Log: 'Application' Date/Time: 22/02/2018 6:02:56 PM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files\netgear\readyshare vault\x86\GenieTimeLineAgent.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Log: 'Application' Date/Time: 22/02/2018 6:02:27 PM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Log: 'Application' Date/Time: 22/02/2018 6:02:27 PM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Log: 'Application' Date/Time: 22/02/2018 4:04:06 AM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Log: 'Application' Date/Time: 22/02/2018 4:04:06 AM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Log: 'Application' Date/Time: 22/02/2018 2:29:06 AM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Log: 'Application' Date/Time: 22/02/2018 2:29:06 AM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Log: 'Application' Date/Time: 22/02/2018 1:27:33 AM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Log: 'Application' Date/Time: 22/02/2018 1:27:33 AM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


#8 sh4rkbyt31

sh4rkbyt31
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 23 February 2018 - 02:30 PM

I Can go a little while back further if you'd like? I had to update my router and then was receiving DNS errors that fixed.



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:18 PM

Posted 23 February 2018 - 05:02 PM

What I am interested in are the latest errors, and if it returns after the fix. Any errors concerning Lightroom?

Open an Administrator Command prompt. At the prompt type the following and press Enter:

lodctr /r

Type Exit and press Enter.

Restart the computer.

Let me know of any improvement.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 sh4rkbyt31

sh4rkbyt31
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 23 February 2018 - 05:47 PM

Ok MSG, since that one program shutdown and your lodctr/ r were run it seems as though everything is fine now. I've not had anymore mysterious shutdowns and it doe ssem to be running a little faster and smoother now :).



#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:18 PM

Posted 23 February 2018 - 06:30 PM

Congratulations.

 

Use this application to remove tools and quarantined items.

 

Please download DelFix by Xplode and save to your Desktop.

  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)

 

Always keep your antivirus active and updated.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 sh4rkbyt31

sh4rkbyt31
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 24 February 2018 - 12:23 PM

Thank you very much for your help :)!



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:18 PM

Posted 24 February 2018 - 02:26 PM

Best regards. :)

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 sh4rkbyt31

sh4rkbyt31
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 05 March 2018 - 04:52 PM

Submitted a previous log here but it seems as if the issue is persisting?

https://www.bleepingcomputer.com/forums/t/671362/blue-screens-blocked-sites-random-site-closures/

Seemed to run fine for a little while and then I experienced 2 more BSOD the only thing I could catch was BC code: dc1 and BC code: 24 which were 2 I had previously seen.

Now I am getting intermittent popups from NetGear Genie to allow (yes/no) Windows  Comman Processor? Here is the line C:\Windows\SysWOW64\cmd.exe "/k sc start NETGEAR Genie daemon, no clue if it's legit or not. Did click "yes" once but still pops up.

Here is my current Farabar scan result:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018
Ran by Gemini IV (administrator) on GEMINIIV-PC (06-03-2018 17:35:11)
Running from C:\Users\Gemini IV\Desktop
Loaded Profiles: Gemini IV (Available Profiles: Gemini IV)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Windows\DAODx.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7200984 2018-03-02] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17361016 2016-12-19] (Logitech Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [243496 2018-01-28] (AVAST Software)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2018-03-02] (Realtek Semiconductor)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-08-04] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1767816 2016-08-05] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1953688 2016-08-05] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3833649738-2791359992-3759682749-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10290608 2018-02-07] (Piriform Ltd)
HKU\S-1-5-21-3833649738-2791359992-3759682749-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILOE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3833649738-2791359992-3759682749-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-12-12] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3833649738-2791359992-3759682749-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [612336 2017-07-04] (NETGEAR Inc.)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-12-12] (Garmin Ltd. or its subsidiaries)
IFEO\steam.exe: [Debugger] "C:\Program Files (x86)\AVAST Software\Avast Cleanup\autoreactivator.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2017-11-10]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{17122FF1-0017-44FD-8686-938296993877}: [DhcpNameServer] 172.16.42.1
Tcpip\..\Interfaces\{9C100BA6-B061-4C46-B05A-D56643A2177D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A38814FF-D7E7-4033-851B-500EE7F521D0}: [NameServer] 208.67.222.222,208.67.220.230
Tcpip\..\Interfaces\{A38814FF-D7E7-4033-851B-500EE7F521D0}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3833649738-2791359992-3759682749-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3833649738-2791359992-3759682749-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.duckduckgo.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3833649738-2791359992-3759682749-1000 -> {36F7F8E3-BD30-4af3-B9F8-0CF355A38D82} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
SearchScopes: HKU\S-1-5-21-3833649738-2791359992-3759682749-1000 -> {D44BF8BE-6D97-4d1b-8821-BD74F40C5BE0} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-01-28] (AVAST Software)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-23] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-01-28] (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-23] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Gemini IV\AppData\Roaming\Mozilla\Firefox\Profiles\33uh42ed.default-1475180159640 [2018-03-06]
FF Extension: (Avast Passwords) - C:\Users\Gemini IV\AppData\Roaming\Mozilla\Firefox\Profiles\33uh42ed.default-1475180159640\Extensions\jid1-r1tDuNiNb4SEww@jetpack.xpi [2018-02-21]
FF Extension: (Avast SafePrice) - C:\Users\Gemini IV\AppData\Roaming\Mozilla\Firefox\Profiles\33uh42ed.default-1475180159640\Extensions\sp@avast.com.xpi [2018-02-21]
FF Extension: (Avast Online Security) - C:\Users\Gemini IV\AppData\Roaming\Mozilla\Firefox\Profiles\33uh42ed.default-1475180159640\Extensions\wrc@avast.com.xpi [2017-11-10]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-06-01] ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-23] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-02-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3833649738-2791359992-3759682749-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7564512 2018-01-28] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [300600 2018-01-28] (AVAST Software)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [7650600 2018-01-28] (AVAST Software)
S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-02] (CyberLink)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
S4 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-06-29] (Foxit Software Inc.)
S4 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1134608 2017-12-12] (Garmin Ltd. or its subsidiaries)
S4 GenieTimelineService; C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineService.exe [673856 2014-06-18] (Genie9)
S4 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Leawo_service; C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe [1232880 2014-05-04] ()
S4 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2016-12-19] (Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [233456 2017-07-04] (NETGEAR)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519240 2018-02-24] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519240 2018-02-24] (NVIDIA Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [315768 2016-08-05] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [84816 2014-01-27] (Asmedia Technology)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [192944 2018-01-28] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2017-12-21] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2017-12-21] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2017-12-21] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2017-12-21] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [190440 2018-01-28] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-01-28] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146648 2018-01-28] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110328 2018-01-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84368 2018-01-28] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026696 2018-01-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [459952 2018-01-28] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205464 2018-01-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [379448 2018-01-28] (AVAST Software)
S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [83968 2013-12-03] (ASIX Electronics Corp.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 epp; C:\EEK\bin64\epp.sys [124552 2017-04-22] (Emsisoft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-05-09] ()
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2016-12-19] (Logitech Inc.)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2016-12-19] (Logitech Inc.)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-03-06] (Malwarebytes)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2018-02-27] (CACE Technologies, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30280 2018-02-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [59240 2018-01-23] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-12-05] (NVIDIA Corporation)
R3 skfiltv; C:\Windows\System32\drivers\skfiltv.sys [24064 2008-08-14] (Creative Technology Ltd.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-06-06] (BitDefender S.R.L.)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2016-08-05] (Western Digital Technologies)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [107872 2015-06-06] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [107872 2015-06-06] (Zemana Ltd.)
S2 AODDriver4.2; \??\C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver2.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-06 17:35 - 2018-03-06 17:35 - 000020599 _____ C:\Users\Gemini IV\Desktop\FRST.txt
2018-03-06 17:35 - 2018-03-06 17:35 - 000000000 ____D C:\FRST
2018-03-06 17:34 - 2018-03-06 17:34 - 002403328 _____ (Farbar) C:\Users\Gemini IV\Desktop\FRST64.exe
2018-03-06 14:56 - 2018-03-06 14:56 - 000002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2018-03-06 14:56 - 2018-03-06 14:56 - 000000000 ____D C:\ProgramData\Sophos
2018-03-06 14:56 - 2018-03-06 14:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2018-03-06 14:56 - 2018-03-06 14:56 - 000000000 ____D C:\Program Files (x86)\Sophos
2018-03-06 14:55 - 2018-03-06 14:55 - 193222560 _____ (Sophos Limited) C:\Users\Gemini IV\Desktop\Sophos Virus Removal Tool.exe
2018-03-02 01:13 - 2018-03-02 01:13 - 028213247 _____ C:\Users\Gemini IV\Desktop\DSC_7854-1000.zip
2018-03-02 01:12 - 2018-03-02 01:12 - 025461494 _____ C:\Users\Gemini IV\Desktop\DSC_4398-1000.zip
2018-03-02 01:11 - 2018-03-02 01:11 - 027158485 _____ C:\Users\Gemini IV\Desktop\DSC_1855-1000.zip
2018-03-02 01:11 - 2018-03-02 01:11 - 019671188 _____ C:\Users\Gemini IV\Desktop\DSC_2896-1000.zip
2018-03-02 01:11 - 2018-03-02 01:11 - 017031710 _____ C:\Users\Gemini IV\Desktop\DSC_1237-1000.zip
2018-03-02 01:10 - 2018-03-02 01:10 - 026347689 _____ C:\Users\Gemini IV\Desktop\DSC_1221-1000.zip
2018-03-02 01:09 - 2018-03-02 01:09 - 014890228 _____ C:\Users\Gemini IV\Desktop\DSC_1151-1000.zip
2018-03-02 00:37 - 2018-03-02 00:37 - 033917440 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2018-03-02 00:37 - 2018-03-02 00:37 - 027518208 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2018-03-02 00:37 - 2018-03-02 00:37 - 014048512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2018-03-02 00:37 - 2018-03-02 00:37 - 005681192 _____ C:\Windows\system32\Drivers\rtvienna.dat
2018-03-02 00:37 - 2018-03-02 00:37 - 005538072 _____ (ASUSTeKcomputer.Inc Inc) C:\Windows\system32\RTKSMlfx.dll
2018-03-02 00:37 - 2018-03-02 00:37 - 003680728 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2018-03-02 00:37 - 2018-03-02 00:37 - 003610880 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2018-03-02 00:37 - 2018-03-02 00:37 - 002810072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2018-03-02 00:37 - 2018-03-02 00:37 - 002586840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2018-03-02 00:37 - 2018-03-02 00:37 - 002103040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2018-03-02 00:37 - 2018-03-02 00:37 - 001916672 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2018-03-02 00:37 - 2018-03-02 00:37 - 001662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2018-03-02 00:37 - 2018-03-02 00:37 - 001284680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2018-03-02 00:37 - 2018-03-02 00:37 - 001021656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2018-03-02 00:37 - 2018-03-02 00:37 - 001014016 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2018-03-02 00:37 - 2018-03-02 00:37 - 000947248 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2018-03-02 00:37 - 2018-03-02 00:37 - 000907008 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2018-03-02 00:37 - 2018-03-02 00:37 - 000906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2018-03-02 00:37 - 2018-03-02 00:37 - 000897792 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2018-03-02 00:37 - 2018-03-02 00:37 - 000871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2018-03-02 00:37 - 2018-03-02 00:37 - 000765184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2018-03-02 00:37 - 2018-03-02 00:37 - 000754488 _____ (ASUSTeKcomputer.Inc Inc) C:\Windows\system32\RTKSMSettingsIPC.dll
2018-03-02 00:37 - 2018-03-02 00:37 - 000722688 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2018-03-02 00:37 - 2018-03-02 00:37 - 000664465 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2018-03-02 00:37 - 2018-03-02 00:37 - 000617176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2018-03-02 00:37 - 2018-03-02 00:37 - 000582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2018-03-02 00:37 - 2018-03-02 00:37 - 000244480 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2018-03-02 00:37 - 2018-03-02 00:37 - 000162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2018-03-02 00:37 - 2018-03-02 00:37 - 000150744 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2018-03-02 00:37 - 2018-03-02 00:36 - 006217904 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2018-03-02 00:37 - 2018-03-02 00:36 - 002743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2018-03-02 00:37 - 2018-03-02 00:36 - 002032896 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2018-03-02 00:37 - 2018-03-02 00:36 - 001938608 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2018-03-02 00:37 - 2018-03-02 00:36 - 001325312 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2018-03-02 00:37 - 2018-03-02 00:36 - 001084160 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2018-03-02 00:37 - 2018-03-02 00:36 - 000922880 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2018-03-02 00:37 - 2018-03-02 00:36 - 000790272 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxAudioAPOShell.dll
2018-03-02 00:37 - 2018-03-02 00:36 - 000605496 _____ C:\Windows\system32\audioLibVc.dll
2018-03-02 00:37 - 2018-03-02 00:36 - 000313520 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2018-03-02 00:37 - 2018-03-02 00:36 - 000260272 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2018-03-02 00:37 - 2018-03-02 00:36 - 000209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2018-03-02 00:37 - 2018-03-02 00:36 - 000113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2018-03-02 00:37 - 2018-03-02 00:36 - 000109848 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2018-03-02 00:37 - 2018-03-02 00:36 - 000001332 _____ C:\Windows\system32\Drivers\DTSU2P.DAT
2018-03-02 00:36 - 2018-03-02 00:36 - 000000000 ____D C:\Users\Gemini IV\Desktop\Realtek_Audio_XPVistaWin7-8-81-10_V510_6017058_6017525
2018-03-02 00:27 - 2018-03-02 00:34 - 655285894 _____ C:\Users\Gemini IV\Desktop\Realtek_Audio_XPVistaWin7-8-81-10_V510_6017058_6017525.zip
2018-03-01 16:20 - 2018-03-01 16:20 - 015867696 _____ C:\Users\Gemini IV\Desktop\WDDriveUtilitiesSetup_for_web_2.0.0.25.zip
2018-02-27 21:52 - 2018-02-24 07:46 - 001309256 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2018-02-27 21:51 - 2018-02-23 14:28 - 000136536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-02-27 21:50 - 2018-02-27 21:50 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-02-27 21:50 - 2017-12-08 17:25 - 000798520 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-02-27 21:50 - 2017-12-08 17:25 - 000490808 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-02-27 21:50 - 2017-12-08 17:24 - 000928568 _____ C:\Windows\system32\vulkan-1.dll
2018-02-27 21:50 - 2017-12-08 17:24 - 000591672 _____ C:\Windows\system32\vulkaninfo.exe
2018-02-27 21:47 - 2018-02-25 00:41 - 035619872 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-02-27 21:47 - 2018-02-25 00:40 - 028201048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-02-27 21:47 - 2018-02-25 00:40 - 017353248 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-02-27 21:47 - 2018-02-25 00:40 - 000996768 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-02-27 21:47 - 2018-02-25 00:40 - 000625512 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-02-27 21:47 - 2018-02-25 00:40 - 000514544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-02-27 21:47 - 2018-02-25 00:39 - 000948128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-02-27 21:47 - 2018-02-25 00:38 - 003913016 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-02-27 21:47 - 2018-02-25 00:38 - 003443800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-02-27 21:47 - 2018-02-25 00:38 - 001985384 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439101.dll
2018-02-27 21:47 - 2018-02-25 00:38 - 001684000 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439101.dll
2018-02-27 21:47 - 2018-02-25 00:38 - 001137512 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-02-27 21:47 - 2018-02-25 00:38 - 001064760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-02-27 21:47 - 2018-02-25 00:37 - 035188640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-02-27 21:47 - 2018-02-25 00:36 - 019925592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-02-27 21:47 - 2018-02-25 00:36 - 013571008 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-02-27 21:47 - 2018-02-25 00:36 - 011131696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-02-27 21:47 - 2018-02-25 00:36 - 000419488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2018-02-27 21:47 - 2018-02-25 00:35 - 016496080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-02-27 21:47 - 2018-02-25 00:35 - 000541672 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-02-27 21:47 - 2018-02-25 00:35 - 000460024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-02-27 21:47 - 2018-02-25 00:35 - 000182600 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2018-02-27 21:47 - 2018-02-25 00:35 - 000164952 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2018-02-27 21:47 - 2018-02-25 00:35 - 000159712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2018-02-27 21:47 - 2018-02-25 00:35 - 000142816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2018-02-27 21:47 - 2018-02-25 00:34 - 015558416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-02-27 21:47 - 2018-02-25 00:34 - 012966032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-02-27 21:45 - 2018-02-27 21:46 - 411289848 _____ (NVIDIA Corporation) C:\Users\Gemini IV\Desktop\391.01-desktop-win8-win7-64bit-international-whql.exe
2018-02-25 11:12 - 2018-02-25 12:37 - 000000000 ____D C:\Users\Gemini IV\Desktop\BadnRuin
2018-02-24 15:51 - 2018-02-24 15:51 - 000001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-02-24 15:51 - 2018-02-24 15:51 - 000001035 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-02-24 15:50 - 2018-02-24 15:50 - 019315456 _____ (TeamViewer GmbH) C:\Users\Gemini IV\Desktop\TeamViewer_Setup.exe
2018-02-24 12:22 - 2018-02-24 12:22 - 000001113 _____ C:\DelFix.txt
2018-02-24 12:22 - 2018-02-24 12:22 - 000000000 ____D C:\Windows\ERUNT
2018-02-24 12:19 - 2018-02-25 10:50 - 000516952 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-23 16:05 - 2018-02-23 16:05 - 000000000 ____D C:\Users\Gemini IV\Desktop\Brookbend
2018-02-23 15:04 - 2018-02-23 15:05 - 000000000 ____D C:\Users\Gemini IV\Desktop\Chesapeake City
2018-02-23 14:28 - 2018-02-23 14:28 - 000004717 _____ C:\VEW.txt
2018-02-21 23:10 - 2018-02-21 23:01 - 032463767 _____ C:\Users\Gemini IV\Desktop\R8500-V1.0.2.116_1.0.90.zip
2018-02-21 17:13 - 2018-02-21 17:13 - 008191090 _____ C:\Users\Gemini IV\Documents\memtest86-usb.zip
2018-02-12 17:05 - 2018-02-12 17:05 - 000000000 ____D C:\Program Files (x86)\ASM106xSATA
2018-02-12 17:03 - 2018-02-12 17:03 - 000000000 ____D C:\Program Files (x86)\ASM104xUSB3
2018-02-12 16:59 - 2018-02-12 16:59 - 000000000 ____D C:\Program Files (x86)\AMD APP
2018-02-12 16:59 - 2018-02-12 16:58 - 000058536 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2018-02-12 16:58 - 2018-02-12 16:58 - 000016896 _____ (ASUS) C:\Windows\AsTaskSched.dll
2018-02-12 16:58 - 2018-02-12 16:58 - 000000000 ____D C:\Program Files\ATI Technologies
2018-02-12 16:58 - 2018-02-12 16:58 - 000000000 ____D C:\Program Files\ATI
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-06 14:57 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-03-06 14:55 - 2015-04-06 16:38 - 000000000 ____D C:\EEK
2018-03-06 13:43 - 2016-12-17 14:23 - 000000000 ____D C:\Users\Gemini IV\AppData\LocalLow\Mozilla
2018-03-06 12:51 - 2017-04-05 19:15 - 000000000 ____D C:\Users\Gemini IV\AppData\Local\NETGEARGenie
2018-03-06 12:31 - 2009-07-13 23:45 - 000009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-06 12:31 - 2009-07-13 23:45 - 000009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-06 12:25 - 2015-04-06 16:18 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-06 12:15 - 2017-11-17 17:41 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-03-06 12:15 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-05 23:18 - 2017-02-13 12:12 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-05 23:18 - 2015-11-04 23:41 - 000000000 ____D C:\Windows\Minidump
2018-03-05 23:17 - 2018-01-24 10:45 - 000003472 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-GeminiIV-PC-Gemini IV
2018-03-05 23:17 - 2017-12-10 00:03 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-05 23:17 - 2017-12-10 00:03 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-05 23:17 - 2017-12-10 00:03 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-05 23:17 - 2017-10-24 12:06 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-03-05 23:17 - 2017-10-18 20:22 - 000003150 _____ C:\Windows\System32\Tasks\{0C212DC2-9503-4187-A6F4-44CC693F2F5B}
2018-03-05 23:17 - 2017-07-15 17:21 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-05 23:17 - 2017-07-15 17:21 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-05 23:17 - 2017-07-15 17:21 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-05 23:17 - 2017-07-15 17:21 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-05 23:17 - 2017-07-15 17:21 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-05 23:17 - 2016-03-24 16:54 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-03-05 23:17 - 2016-03-24 16:54 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-03-05 23:17 - 2015-12-03 10:05 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-03-05 23:17 - 2015-07-25 10:01 - 000002804 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-03-02 00:37 - 2015-03-30 20:09 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2018-03-02 00:37 - 2015-03-30 20:08 - 000000000 ___HD C:\Program Files (x86)\Temp
2018-03-02 00:36 - 2015-03-30 20:08 - 002080472 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2018-03-01 17:41 - 2017-07-10 14:59 - 000000440 __RSH C:\ProgramData\ntuser.pol
2018-03-01 17:29 - 2009-07-13 22:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-03-01 17:29 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2018-03-01 17:19 - 2009-07-14 00:13 - 000772352 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-27 23:42 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\registration
2018-02-27 22:59 - 2016-11-14 15:30 - 000000000 ____D C:\Users\Gemini IV\AppData\Roaming\FAHClient
2018-02-27 21:53 - 2017-12-10 00:07 - 000001416 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2018-02-27 21:53 - 2015-04-06 16:21 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-02-27 21:52 - 2017-12-10 00:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-02-27 21:52 - 2015-04-06 16:21 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-02-27 21:52 - 2015-04-06 16:20 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-02-27 21:50 - 2015-04-06 16:27 - 000000000 ____D C:\Users\Gemini IV\AppData\Local\NVIDIA
2018-02-27 20:48 - 2017-04-05 19:15 - 000000000 ____D C:\Program Files (x86)\NETGEAR Genie
2018-02-27 20:46 - 2017-04-05 19:15 - 000369168 _____ (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll
2018-02-27 20:46 - 2017-04-05 19:15 - 000281104 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\wpcap.dll
2018-02-27 20:46 - 2017-04-05 19:15 - 000106000 _____ (CACE Technologies, Inc.) C:\Windows\system32\packet.dll
2018-02-27 20:46 - 2017-04-05 19:15 - 000096784 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\packet.dll
2018-02-27 20:46 - 2017-04-05 19:15 - 000035344 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
2018-02-27 20:46 - 2017-04-05 19:15 - 000002066 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
2018-02-27 20:46 - 2017-04-05 19:15 - 000002054 _____ C:\Users\Public\Desktop\NETGEAR Genie.lnk
2018-02-27 18:38 - 2015-09-07 23:42 - 000000000 ____D C:\Program Files\Recuva
2018-02-25 12:36 - 2015-05-11 09:56 - 000000000 ____D C:\Users\Gemini IV\AppData\Roaming\TeamViewer
2018-02-25 11:06 - 2015-03-31 19:37 - 000000000 ____D C:\Users\Gemini IV\AppData\Roaming\Adobe
2018-02-25 00:38 - 2018-01-28 08:51 - 040277488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-02-25 00:36 - 2018-01-28 08:51 - 022845992 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2018-02-25 00:36 - 2018-01-28 08:51 - 019854312 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-02-25 00:36 - 2018-01-28 08:51 - 000505232 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2018-02-25 00:35 - 2018-01-28 08:51 - 001153752 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-02-25 00:35 - 2017-12-21 14:24 - 000902280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-02-25 00:34 - 2018-01-28 08:51 - 018910384 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2018-02-25 00:34 - 2018-01-28 08:51 - 004424400 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-02-25 00:34 - 2018-01-28 08:51 - 003918512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-02-25 00:34 - 2017-12-21 14:24 - 011000288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-02-24 16:23 - 2017-11-06 13:23 - 000116424 _____ C:\Users\Gemini IV\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-24 15:51 - 2015-04-06 16:29 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-02-24 07:46 - 2017-12-10 00:03 - 002424904 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2018-02-24 07:46 - 2017-12-10 00:03 - 002090056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2018-02-24 07:46 - 2017-08-12 17:38 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-02-24 07:46 - 2017-07-15 17:21 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2018-02-24 07:46 - 2017-07-15 17:19 - 000187704 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2018-02-24 07:46 - 2017-07-15 17:19 - 000152976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2018-02-24 07:46 - 2015-04-06 16:21 - 000045511 _____ C:\Windows\system32\nvinfo.pb
2018-02-23 15:29 - 2017-12-18 20:26 - 000000000 ____D C:\Users\Gemini IV\Desktop\2017
2018-02-23 14:22 - 2016-06-01 13:26 - 000633984 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-02-23 14:22 - 2016-06-01 13:26 - 000081752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-02-23 14:22 - 2015-04-06 16:22 - 005953096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-02-23 14:22 - 2015-04-06 16:22 - 002587992 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-02-23 14:22 - 2015-04-06 16:22 - 001768008 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-02-23 14:22 - 2015-04-06 16:22 - 000451144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-02-23 14:22 - 2015-04-06 16:22 - 000122896 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-02-22 13:27 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2018-02-22 13:05 - 2017-11-10 17:21 - 000004194 _____ C:\Windows\System32\Tasks\Avast TUNEUP Update
2018-02-22 13:05 - 2017-03-18 09:09 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-02-21 14:18 - 2016-06-15 14:27 - 000000000 ____D C:\Users\Gemini IV\AppData\Local\CrashDumps
2018-02-18 12:29 - 2015-07-25 10:01 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-02-16 09:48 - 2015-04-06 16:22 - 008083703 _____ C:\Windows\system32\nvcoproc.bin
2018-02-12 18:40 - 2017-04-22 12:32 - 006968952 _____ (ESET spol. s r.o.) C:\Users\Gemini IV\Desktop\esetonlinescanner_enu.exe
 
==================== Files in the root of some directories =======
 
2016-07-13 12:35 - 2016-07-13 12:35 - 000001456 _____ () C:\Users\Gemini IV\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-05-08 23:01 - 2017-02-14 15:33 - 000007597 _____ () C:\Users\Gemini IV\AppData\Local\resmon.resmoncfg
 
Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-02-20 11:27
 
==================== End of FRST.txt ============================

Attached Files



#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:18 PM

Posted 05 March 2018 - 09:59 PM

This topic has been re-opened at the request of the person who originally posted.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users