Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RAT / Spyware problem


  • This topic is locked This topic is locked
5 replies to this topic

#1 LazarusLong69

LazarusLong69

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 24 February 2018 - 04:16 PM

Hello Folks,

 

I'm looking for help with some rather nasty piece of malware. First of all, let me make clear that I am serious and that I DO know what I am talking about. I'm not some forum troll looking for attention, and I can prove what say.

 

The malware I am struggling to remove - so far in vain for several months - is multi-platform capable, stealthy and polymorphic. It is NOT detected by any major antivirus product (Kaspersky, McAfee, Norton, F-Prot, TrendMicro or Malwarebytes).

 

It has encrypted my persona data - photos,mp3s, videos, Word, Powerpoint and Excel files - on mz former Workstation and Laptop, but this is not about rescuing my data. I had three backup, two are certainly gone. One more was made onto VeraCrypt encrzpted USB-HD's not attached to the network and might or might not still exist, I can not saz without mounting and that I dare not do for want of a clean system. No ranson has been asked.

 

When my Octacore Athlon with 32GB RAm got slower and slower and Kasperskz KIS did not find anything I scanned with three different boot CD's. No result, all was said to be clean.

 

I then ran GMER which went berserk but crashed. some of the several 100 issues GMER found maz have been false alarms, but "Winmail.exe" alone had 122 autostart entries. I never used that, Outlook 2013 was my sole mailer. 

I then tried MS Sysinternals, there as well I got an enormous amount of autostarts for seeminglz innocous files such as dismhost.exe, dism.exe etc. However, the files occured in multiple directories and have different sizes.

 

I maintain my own systems and until then considered mzself quite knowledgeable in regards to IT. I'm no longer having that illusion.

 

When it was clear that there were considerable issues Ishut down the PC, took out one of the mirrored boot SSD's and mounted it with a Kali Linux machine with not network access I kept for such occasions.When that machine crashed I wasted about three hours looking for non-existen hardware issues until I started to realized, reluctantly, that whatever this was affected Linux.

 

Long story short, this thing marched through MacOS High Sierra and SecureBoot UEFI Win7Pro Installations like unsecured Dos 5.0. I've tried RedHat Enterprise 6.9 to 7 , CentOs, Fedora, Mint Cinnamon, whatever I use gets infected.

 

It took me months to figure out (and again, I can prove this) that my solutions were pretty much part of the problem. You see, I use PartedMagic to maintain and set up my systems. This thing creates not onlz hidden partitions (i could deal with that) but is also capable of hiding itself in somefileszstem I can't see or detect. Assuming I have a hd with two partitions (usual Windows 7 boot setup if you dont use restore partitions). The command sudo fdisk /dev/sda followed by d1 and d should delete both partitions. And so it says.

However, if I type "d" again, it tells me that partition 9318872801027 or something could not be deleted. 

 

On all HDs and sticks I use capacity is missing  (yes, I know that there are 1024 MB to one GB and that the filesystem itself needs some space), but still.

 

On any computer which I try to set up with Windows I end up with FIVE partitions, one is always of the type MS-Restore and 16 MB (!?). What it contains is verifiably an image of a squashfs-system which extracts itself into RAM and starts to run a hypervisor before booting whatever OS i use.Needless to say that I have all support for virtualzation turned off in the BIOS, but still.

 

I've bought nine systems and dozens of HD's since this started, to no avail. For now I only use Laptops (Dell Latitude and Precision) from which I have taken out the Bluetooth and WiFi adapters. If I have to use USB Sticks I use mechanically write protected TrekStor. 

 

My Install media I download in internet cafes, different ones. If a write protected stick or a DVD-R (NOT RW!) is really clean I can usually tell because they're not booting. Any Linux, Mac or Windows based machine is turned inot a perfect surveillance tool which sends whatever I say, write or do via encrypted TOR servers to the person who gave this to me.

I actually know who it is and why. Former boss of mine . I won in labor court and tipped off the police about a few rather disturbing issues, just so you know I do not conduct activities which would warrant something like this. I did press criminal charges, although in regard to this issue against #persons unknown' as I can't prove it - yet. I was able to prove that my former employer hd used likewise illegal staff monitoring software, staffcop.ru on my corporate laptop before this started so I have some hope the police may come to the same conclusion.

 

Nevertheless, I would appreciate any help in getting rid of this digital curse. If zou want some screenshots or system reports, not matter if from Windows, Mac or Linux just ask. I'll try to upload that asap.

 

One more thing: This malware does not spread, otherwise it'd be out of control. It affects onlz computers either owned by me or on which I have admin rights.

 

And, again - do I need to say it? - I am not joking. I don't think Red Hat's fileszstem team would fall for a stupid prank.

  

 

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:41 AM

Posted 01 March 2018 - 04:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/671683 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:41 AM

Posted 06 March 2018 - 04:25 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#4 LazarusLong69

LazarusLong69
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 13 March 2018 - 05:04 PM

First, thanks to Andrew for reopening, and I apologize for the delay. Guess my computer issues went from bad to worse :-(.

 

As these questions may come up later here's some info ahead:

 

The machine in question. is a Dell Precision Laptop with 16GB RAM and a Quadcore Intel I7-4700@2.4GHZ Installed is a fresh (e.g., just a few minutes ago) Windows 10. I will try to follow any instruction to the letter and deviate only where not otherwise possible.

 

For one, it is (as you will likely find out) a VERY bad idea to let any of my Windows machines talk to the internet. I have removed the Bluetooth and WiFi hardware from the machine, it can connect only by means of ethernet cable which isn"t connected.

 

The Setup was made with an x64 Win10 Pro DVD-R (NOT RW) I believe to be clean, I downloaded it in an Internet cafe from Microsoft.com using the MS Install Media Creation tool. I selected only x64 files.

 

The HD is a 128GB mSATA. I usually prep my systems using a licensed copy of PartedMagic, but for some reason the ATA Secure Erase command refused to work, please see the log hereafter:

 

Parted Magic 2017_08_28 (hdparm v9.51) Secure Erase Log
 
Started: Tue Mar 13 20:57:25 CDT 2018
Finished: Tue Mar 13 20:57:30 CDT 2018
 
TS128GMSA370 (/dev/sda) SERIAL NUMBER: E104170478 SIZE:119.2G RESULTS:Erase Failed
   Secure Erase Method: Enhanced Secure Erase
 
==================================================
TS128GMSA370     (/dev/sda)
==================================================
 
hdparm v9.51
 
/dev/sda:
 
ATA device, with non-removable media
Model Number:       TS128GMSA370                            
Serial Number:      E104170478          
Firmware Revision:  P1225CH1
Transport:          Serial, ATA8-AST, SATA 1.0a, SATA II Extensions, SATA Rev 2.5, SATA Rev 2.6, SATA Rev 3.0
Standards:
Supported: 9 8 7 6 5 
Likely used: 9
Configuration:
Logical max current
cylinders 16383 16383
heads 16 16
sectors/track 63 63
--
CHS current addressable sectors:    16514064
LBA    user addressable sectors:   250069680
LBA48  user addressable sectors:   250069680
Logical  Sector size:                   512 bytes
Physical Sector size:                   512 bytes
Logical Sector-0 offset:                  0 bytes
device size with M = 1024*1024:      122104 MBytes
device size with M = 1000*1000:      128035 MBytes (128 GB)
cache/buffer size  = unknown
Nominal Media Rotation Rate: Solid State Device
Capabilities:
LBA, IORDY(can be disabled)
Queue depth: 32
Standby timer values: spec'd by Standard, no device specific minimum
R/W multiple sector transfer: Max = 2 Current = 1
DMA: mdma0 mdma1 mdma2 udma0 udma1 udma2 udma3 udma4 udma5 *udma6 
    Cycle time: min=120ns recommended=120ns
PIO: pio0 pio1 pio2 pio3 pio4 
    Cycle time: no flow control=120ns  IORDY flow control=120ns
Commands/features:
Enabled Supported:
  * SMART feature set
    Security Mode feature set
  * Power Management feature set
  * Write cache
  * Look-ahead
  * Host Protected Area feature set
  * WRITE_BUFFER command
  * READ_BUFFER command
  * NOP cmd
  * DOWNLOAD_MICROCODE
    SET_MAX security extension
    Automatic Acoustic Management feature set
  * 48-bit Address feature set
  * Mandatory FLUSH_CACHE
  * FLUSH_CACHE_EXT
  * SMART error logging
  * SMART self-test
  * General Purpose Logging feature set
  * WRITE_{DMA|MULTIPLE}_FUA_EXT
  * {READ,WRITE}_DMA_EXT_GPL commands
  * Segmented DOWNLOAD_MICROCODE
  * Gen1 signaling speed (1.5Gb/s)
  * Gen2 signaling speed (3.0Gb/s)
  * Gen3 signaling speed (6.0Gb/s)
  * Native Command Queueing (NCQ)
  * READ_LOG_DMA_EXT equivalent to READ_LOG_EXT
    DMA Setup Auto-Activate optimization
    Device-initiated interface power management
  * Software settings preservation
    Device Sleep (DEVSLP)
  * SANITIZE feature set
  * BLOCK_ERASE_EXT command
  * DOWNLOAD MICROCODE DMA command
  * WRITE BUFFER DMA command
  * READ BUFFER DMA command
  * Data Set Management TRIM supported (limit 8 blocks)
  * Deterministic read ZEROs after TRIM
Security: 
supported
not enabled
not locked
not frozen
not expired: security count
supported: enhanced erase
4min for SECURITY ERASE UNIT. 4min for ENHANCED SECURITY ERASE UNIT.
Device Sleep:
DEVSLP Exit Timeout (DETO): 40 ms (drive)
Minimum DEVSLP Assertion Time (MDAT): 31 ms (drive)
Checksum: correct
 
smartctl 6.5 2016-05-07 r4318 [x86_64-linux-4.12.9-pmagic64] (local build)
Copyright © 2002-16, Bruce Allen, Christian Franke, www.smartmontools.org
 
=== START OF INFORMATION SECTION ===
Model Family:     SiliconMotion based SSDs
Device Model:     TS128GMSA370
Serial Number:    E104170478
Firmware Version: P1225CH1
User Capacity:    128,035,676,160 bytes [128 GB]
Sector Size:      512 bytes logical/physical
Rotation Rate:    Solid State Device
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   ACS-2 (minor revision not indicated)
SATA Version is:  SATA 3.1, 6.0 Gb/s (current: 6.0 Gb/s)
Local Time is:    Tue Mar 13 20:57:30 2018 CDT
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
 
=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED
 
General SMART Values:
Offline data collection status:  (0x02) Offline data collection activity
was completed without error.
Auto Offline Data Collection: Disabled.
Self-test execution status:      (   0) The previous self-test routine completed
without error or no self-test has ever 
been run.
Total time to complete Offline 
data collection: (    0) seconds.
Offline data collection
capabilities: (0x71) SMART execute Offline immediate.
No Auto Offline data collection support.
Suspend Offline collection upon new
command.
No Offline surface scan supported.
Self-test supported.
Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities:            (0x0002) Does not save SMART data before
entering power-saving mode.
Supports SMART auto save timer.
Error logging capability:        (0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine 
recommended polling time: (   1) minutes.
Extended self-test routine
recommended polling time: (   1) minutes.
Conveyance self-test routine
recommended polling time: (   1) minutes.
 
SMART Attributes Data Structure revision number: 1
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x0000   100   100   000    Old_age   Offline      -       0
  5 Reallocated_Sector_Ct   0x0000   100   100   000    Old_age   Offline      -       0
  9 Power_On_Hours          0x0000   100   100   000    Old_age   Offline      -       23
 12 Power_Cycle_Count       0x0000   100   100   000    Old_age   Offline      -       268
160 Uncorrectable_Error_Cnt 0x0000   100   100   000    Old_age   Offline      -       0
161 Valid_Spare_Block_Cnt   0x0000   100   100   000    Old_age   Offline      -       45
163 Initial_Bad_Block_Count 0x0000   100   100   000    Old_age   Offline      -       0
164 Total_Erase_Count       0x0000   100   100   000    Old_age   Offline      -       48524
165 Max_Erase_Count         0x0000   100   100   000    Old_age   Offline      -       56
166 Min_Erase_Count         0x0000   100   100   000    Old_age   Offline      -       0
167 Average_Erase_Count     0x0000   100   100   000    Old_age   Offline      -       47
168 Max_Erase_Count_of_Spec 0x0000   100   100   000    Old_age   Offline      -       3000
169 Remaining_Lifetime_Perc 0x0000   100   100   000    Old_age   Offline      -       99
175 Program_Fail_Count_Chip 0x0000   100   100   000    Old_age   Offline      -       0
176 Erase_Fail_Count_Chip   0x0000   100   100   000    Old_age   Offline      -       0
177 Wear_Leveling_Count     0x0000   100   100   050    Old_age   Offline      -       0
178 Runtime_Invalid_Blk_Cnt 0x0000   100   100   000    Old_age   Offline      -       0
181 Program_Fail_Cnt_Total  0x0000   100   100   000    Old_age   Offline      -       0
182 Erase_Fail_Count_Total  0x0000   100   100   000    Old_age   Offline      -       0
192 Power-Off_Retract_Count 0x0000   100   100   000    Old_age   Offline      -       23
194 Temperature_Celsius     0x0000   100   100   000    Old_age   Offline      -       44
195 Hardware_ECC_Recovered  0x0000   100   100   000    Old_age   Offline      -       0
196 Reallocated_Event_Count 0x0000   100   100   016    Old_age   Offline      -       0
197 Current_Pending_Sector  0x0000   100   100   000    Old_age   Offline      -       0
198 Offline_Uncorrectable   0x0000   100   100   000    Old_age   Offline      -       0
199 UDMA_CRC_Error_Count    0x0000   100   100   050    Old_age   Offline      -       14
232 Available_Reservd_Space 0x0000   100   100   000    Old_age   Offline      -       100
241 Host_Writes_32MiB       0x0000   100   100   000    Old_age   Offline      -       152291
242 Host_Reads_32MiB        0x0000   100   100   000    Old_age   Offline      -       13261
245 TLC_Writes_32MiB        0x0000   100   100   000    Old_age   Offline      -       194096
 
SMART Error Log Version: 1
No Errors Logged
 
SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Extended offline    Completed without error       00%        17         -
# 2  Short offline       Self-test routine in progress 90%        17         -
# 3  Short offline       Completed without error       00%         1         -
 
SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
    7        0    65535  Read_scanning was completed without error
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.

 

 
I DD"d the HD, created a new GPT partition table and three Primary partitions, one EFI/FAT32 with 100 MB, one primary NTFS with 75GB and the remainder another primary NTFS, my usual procedure (refi, os and data on SSD)
I then reflashed the BIOS to version A19 using a write-protected TrekStor USB stick with the mechanical write protection activated.
 
I had previously run the Intel AMT/ME firmware updater provided by Dell on that machine. It said it installed okay although I have some doubts about that.
 
I have not installed any drivers, my experience is that is counterproductive and I want to keep the system as simple as possible as that might make it easier to analyze the issues. Again, the system was not and IS NOT connected to any network. I have copied FARBAR using an USB stick and likewise transferred back the logs . I'll post this from a Mac which runs but is verifiably infected as well.
 
Here's the FRST log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.03.2018
Ran by JR (administrator) on DESKTOP-2HKFOI9 (13-03-2018 22:15:11)
Running from C:\
Loaded Profiles: JR (Available Profiles: JR)
Platform: Windows 10 Pro N Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
 
Internet Explorer:
==================
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-13] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [151552 2017-09-29] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\drivers\1394ohci.sys 08312DEEF0D3F8647AA53AD90A69094E
C:\Windows\System32\drivers\3ware.sys 645009E711BBF117CCEE917A03FB0CDD
C:\Windows\System32\drivers\ACPI.sys 91A59E1A94F1A267FA9F8F6FC9AA9497
C:\Windows\System32\drivers\AcpiDev.sys 44EA35A4B397898A83BF1B9B4B8DAE35
C:\Windows\System32\Drivers\acpiex.sys 91D113A1532B8AB1E25B7DE5AB3C2F83
C:\Windows\System32\drivers\acpipagr.sys 620BB2682BA625DF037072D89F44F6EE
C:\Windows\System32\drivers\acpipmi.sys B9805A3C479390CEAEA5AEF5E4A90A2E
C:\Windows\System32\drivers\acpitime.sys ABD4EB55C661143B015BD0B9B47B235C
C:\Windows\System32\drivers\ADP80XX.SYS 8C58BD711FAD5F11E8CFDBC5CED973A5
C:\Windows\system32\drivers\afd.sys 6FB5A2026B16D596DEABF550E7A4BD82
C:\Windows\System32\DRIVERS\ahcache.sys 56166D110D3ECFFC595E5FA02D9BA491
C:\Windows\System32\drivers\amdk8.sys 62619E31AFF88F906A7E793AC4A9FF51
C:\Windows\System32\drivers\amdppm.sys 735142DD039BEB35632765C41FC6E397
C:\Windows\System32\drivers\amdsata.sys F1C16AABA27E9E153AEC7BD2AB853F30
C:\Windows\System32\drivers\amdsbs.sys C834D0F1ECB8473E9E6D18EE1BCEECB2
C:\Windows\System32\drivers\amdxata.sys 49203D2FFE30CBB36BE66A0E70F3D954
C:\Windows\System32\drivers\appid.sys 3692C75C47285D388C886D162F54C430
C:\Windows\System32\drivers\applockerfltr.sys 1E085E2302D568F0CE041732B3E887B0
C:\Windows\system32\drivers\AppvStrm.sys 05B19AD776D80FF0FADB44608896C16F
C:\Windows\system32\drivers\AppvVemgr.sys 3EA678F2C70083FB1588772FE7FAFFE1
C:\Windows\system32\drivers\AppvVfs.sys ADD72B1FFE20B37A13A5A861724ECA05
C:\Windows\System32\drivers\arcsas.sys B42C83DE28776B80DBA1310C56DD4F74
C:\Windows\System32\drivers\asyncmac.sys C2151380227CD1F7DDA2401C1F151367
C:\Windows\System32\drivers\atapi.sys 6191B9B2EE0E8CB957C683B9B341CC86
C:\Windows\System32\drivers\bxvbda.sys A921805C1ED3253DF48FCA4D724173EB
C:\Windows\System32\drivers\bam.sys 0565247091903FA6C148EF3A9A7F4D9A
C:\Windows\System32\drivers\BasicDisplay.sys 2A7267AA15E508F6D05A5B562F1FD1CE
C:\Windows\System32\drivers\BasicRender.sys 2E1EE0F10FAF1250D1AC05BFB0E6BD3D
C:\Windows\System32\drivers\bcmfn2.sys 739D089777D2B66DBE7201E5EA4BA2D7
C:\Windows\System32\Drivers\Beep.sys EDDAA3A563E7EB71C991FE91249C7D81
C:\Windows\System32\DRIVERS\bowser.sys D030A1203680D66716F4E74053468627
C:\Windows\System32\drivers\BthAvrcpTg.sys A4863B7B1F0DB513D6E34547BACC211A
C:\Windows\System32\drivers\bthhfenum.sys 9C9EE272C11252C651C5DE6A1AC1EDAA
C:\Windows\System32\drivers\BthHFHid.sys 69734E386826ED857C889330F35B4D9C
C:\Windows\System32\drivers\bthmodem.sys A94AFAEA86F5F792BB4ECA095B231464
C:\Windows\System32\drivers\bttflt.sys 39E7437FC59CDD7A303ABD514E462E8B
C:\Windows\System32\drivers\buttonconverter.sys 522888590B0C19BC8128119060AE7901
C:\Windows\System32\drivers\CAD.sys 2AB01CE5E233A6FBA3E91BD57772AA4B
C:\Windows\System32\drivers\capimg.sys F6F97879F53AD57194C6BC8272FD73EA
C:\Windows\System32\DRIVERS\cdfs.sys 9E82A95D77AC78C84BA75FF896B060BF
C:\Windows\System32\drivers\cdrom.sys 6D83565C1652E80447EDEA6947FA89D7
C:\Windows\System32\drivers\cht4sx64.sys D81954CE5E016FD716EDDB2B2FD9BA58
C:\Windows\System32\drivers\cht4vx64.sys F9A8570805807FFD66488F0A858E1308
C:\Windows\System32\drivers\circlass.sys 9798D58461706930190F1F2F6BF21D80
C:\Windows\System32\drivers\cldflt.sys CC8F32D22A8616F3A38FE43B23611CC5
C:\Windows\System32\drivers\CLFS.sys 59D46CE57A49353A733D162DBA65A4FA
C:\Windows\System32\drivers\CmBatt.sys 2BA3BA38B5A6A667B0EAEC477276707B
C:\Windows\System32\Drivers\cng.sys 58EF380A20B212FF5E0E337A2F36EBF7
C:\Windows\System32\DRIVERS\cnghwassist.sys C65AF00EF12A1755E7CA370B0C71935D
C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_9c1fb8f4db31c348\CompositeBus.sys A50300498D56B2448F3593D25478D508
C:\Windows\System32\drivers\condrv.sys 65602B0DB49199647FECB2D1212147BE
C:\Windows\System32\drivers\csc.sys 0AAC6E3138AB83C466281642D1A48F15
C:\Windows\System32\drivers\dam.sys 72BE43ABD786E86AAE7EA2193201E100
C:\Windows\System32\Drivers\dfsc.sys 9910E9CFF5ECDCB225F82E72CE9DE459
C:\Windows\System32\drivers\disk.sys 811173C821171BB910219E53C7FD97AD
C:\Windows\System32\drivers\dmvsc.sys 569FE16775E15A49DC904DE20BF8CAA0
C:\Windows\System32\drivers\drmkaud.sys F4800922F4ABA619585CE320A72E6389
C:\Windows\System32\drivers\dxgkrnl.sys 0DF6B436F579E1DD23C8EBD61EE749E8
C:\Windows\System32\drivers\e1i63x64.sys 83E4A14F851341C933C3235BFB882ECA
C:\Windows\System32\drivers\evbda.sys C99D40C97841E0A7F0F90B8629593A97
C:\Windows\System32\drivers\EhStorClass.sys 260BBD6B1ED06298E509B452354EDB91
C:\Windows\System32\drivers\EhStorTcgDrv.sys F3BEBDC1B9DBA32F183079EAE6244837
C:\Windows\System32\drivers\errdev.sys 1B63CA857FD03FD0A5A1379F2996784F
C:\Windows\System32\Drivers\exfat.sys F1ACA42D448E3986565EA54275EEEA65
C:\Windows\System32\Drivers\fastfat.sys 0AF4B36754A6EAE794EE4398E219A9E1
C:\Windows\System32\drivers\fdc.sys 7CD8426A33F06EB72BFEC51F7C264AF8
C:\Windows\System32\drivers\filecrypt.sys DE51BBBCF358188F9736F031546F9908
C:\Windows\System32\drivers\fileinfo.sys 822F664952B0F8D11BB6BD2F11779602
C:\Windows\System32\drivers\filetrace.sys 5A4935682A0D47A4EAC4BE3C2ACF74D6
C:\Windows\System32\drivers\flpydisk.sys 60641F22D1D38EAD197C25F0339C9712
C:\Windows\System32\drivers\fltmgr.sys 8F0A9F3BEBEE86A88BC82B222488B2FD
C:\Windows\System32\drivers\FsDepends.sys FB55F4ACC55261B25B3FF1B5BF87F10A
C:\Windows\System32\Drivers\Fs_Rec.sys BB82CC2F51F7C3D5DCD13FA3B040D8F8
C:\Windows\System32\DRIVERS\fvevol.sys 11C39CA2326F1F1DBEC11C7A3D26A6A4
C:\Windows\System32\drivers\vmgencounter.sys 3B5DDF1061930A0A891FA63DB0CB878B
C:\Windows\System32\drivers\genericusbfn.sys 8B34E3F794F652082D7E8AF112F71681
C:\Windows\System32\Drivers\msgpioclx.sys 127C23F4720C8902A3AB0FEE12205317
C:\Windows\System32\drivers\gpuenergydrv.sys C7DEA3458E50B691E69EFF0B47CBCCDB
C:\Windows\system32\DRIVERS\HdAudio.sys 6B76F5915654F647B06EDBE63BCB5116
C:\Windows\System32\drivers\HDAudBus.sys 99A34FD1F6431A10D8C3BB50E170D0F2
C:\Windows\System32\drivers\HidBatt.sys 2443FC6EEB9CF092B62127D867901B02
C:\Windows\System32\drivers\hidbth.sys 205043CDC16ADE85E252DD54AE925161
C:\Windows\System32\drivers\hidi2c.sys B521DDDC9038C066B1B957BF063A531A
C:\Windows\System32\drivers\hidinterrupt.sys 5AC0EBFA76E93273A806176D3178E986
C:\Windows\System32\drivers\hidir.sys 366AC0E05EBF5D5C375F65CD8BC7F0DF
C:\Windows\System32\drivers\hidusb.sys 7CB54D02746024648FCE184FC3F941FF
C:\Windows\System32\drivers\HpSAMD.sys 835FB95D85D362057A72D21A48C2C7F8
C:\Windows\System32\drivers\HTTP.sys 82C0A5B7D21442D063FFAFD0B6AAC086
C:\Windows\System32\drivers\hvservice.sys 9F2CFC90306532866C62BDCDFD2532AA
C:\Windows\System32\Drivers\mshwnclx.sys 3737FE486929AFC48F1D10677B698E52
C:\Windows\System32\drivers\hwpolicy.sys 3C65EBF7F1BFD98426C355D66876ECEE
C:\Windows\System32\drivers\hyperkbd.sys 7E00234C67A322988AFEA717D5609C9E
C:\Windows\System32\drivers\HyperVideo.sys FBF5BB641DE99AE1DF4835E88D4F8993
C:\Windows\System32\drivers\i8042prt.sys 56FF074E50F9042FD2856AB3418F4B18
C:\Windows\System32\drivers\iagpio.sys B5EC43755E62591197DE5CBBDAA9FEB7
C:\Windows\System32\drivers\iai2c.sys D8CA23F9C5FEF44296FDE1E005C06EC0
C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys 7B769C9D19C013F94874C4B15D59A005
C:\Windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys E0F1B3A2A70FABE3BE1C9140BB55E607
C:\Windows\System32\drivers\iaLPSS2i_I2C.sys 89A869BCC0588A3009ECB875B09ECD39
C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys 2E693DF3C02A0859DB8DE25772751100
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\Windows\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\Windows\System32\drivers\iaStorAV.sys 435883A27A376B125BD4DF888417C85F
C:\Windows\System32\drivers\iaStorV.sys 7118E4390C4ACDE61E280CE52BCAF44E
C:\Windows\System32\drivers\ibbus.sys 9DBE8C359ABACE1BE1BBAB687D114506
C:\Windows\System32\drivers\IndirectKmd.sys 42CAF6216A6E516DC56BA319ACC7EEC5
C:\Windows\System32\drivers\intelide.sys 40943C1CD031ACE06A8374AD56B9E5EA
C:\Windows\System32\drivers\intelpep.sys 327D9CCF5492543AEF3979F9EEAD02BE
C:\Windows\System32\drivers\intelppm.sys 10F2757836F41BFAEA2AE19F6FE869B2
C:\Windows\System32\drivers\invdimm.sys 8387E90B551B9B7F32EDC69909591E9E
C:\Windows\System32\drivers\iorate.sys E207078E0E1BB3524277DB9077E4148E
C:\Windows\System32\DRIVERS\ipfltdrv.sys FD8F64B7B345E539F2EA7F72846F83B4
C:\Windows\System32\drivers\IPMIDrv.sys 8AAB863E72A4F9C578FED2EE3541545B
C:\Windows\System32\drivers\ipnat.sys 7BEC2AF23F586EFF0DB4DBF4331B0C70
C:\Windows\System32\drivers\ipt.sys 35A54F19E703D4FE5919F812F6CC5D0A
C:\Windows\system32\drivers\irda.sys 359CDDBC825959DA28FA886B3C271B53
C:\Windows\System32\drivers\irenum.sys F88664A2A82DDA456180FFF95A771765
C:\Windows\System32\drivers\isapnp.sys 2296B158C43C306B0AC5B4D57EA9F0E1
C:\Windows\System32\drivers\msiscsi.sys 2DC0765992CFECE3B13F3BFD20E69DCC
C:\Windows\System32\drivers\kbdclass.sys E320F986BBE0CD9324EA0A193EBF29B1
C:\Windows\System32\drivers\kbdhid.sys AFF5DDCC1A79217C9526FF5E01A69E89
C:\Windows\System32\drivers\kdnic.sys 916E62AF3386F7A74603E5C545F6FF2D
C:\Windows\System32\Drivers\ksecdd.sys 69FA8BEBADF807089FEFCD3F59CFAC1E
C:\Windows\System32\Drivers\ksecpkg.sys C1081E2B36F77781167FD9401119B98E
C:\Windows\system32\drivers\ksthunk.sys DD8C4726127CFE313233372D70787C37
C:\Windows\System32\drivers\lltdio.sys CB5A6E117502156794F0DA9E61506006
C:\Windows\System32\drivers\lsi_sas.sys 20048BEE892138A745B1C23EBB0E069F
C:\Windows\System32\drivers\lsi_sas2i.sys 9EAB16572B576979D585DDEDB12417CD
C:\Windows\System32\drivers\lsi_sas3i.sys 3B7B359C0870317106DF3438D4FF491D
C:\Windows\System32\drivers\lsi_sss.sys 2DE03BA338A4B0ACDB416A30F1C7D56F
C:\Windows\system32\drivers\luafv.sys 9A497169E145FCE2D8AA7DBC67377F64
C:\Windows\System32\drivers\mausbhost.sys BF56CB9D02DEE8CA9CBA50220BE16F15
C:\Windows\System32\drivers\mausbip.sys 01BDEE1FFF6D2216797DFEE4ABD937D9
C:\Windows\System32\drivers\megasas.sys C7B8B5053D646CBD30BE1BA6B487D396
C:\Windows\System32\drivers\MegaSas2i.sys EB8ED3204499DDB2D3BA094A4563EE3E
C:\Windows\System32\drivers\megasr.sys F1C1D4E752DE1D58295040E5BE8813AF
C:\Windows\System32\drivers\mlx4_bus.sys 16B078D1089FEA98710C9D07C152DCEE
C:\Windows\system32\drivers\mmcss.sys 20C57CE47B1A877C48A4B68E9A4E21FA
C:\Windows\System32\drivers\modem.sys A4467A5C080318F0CCCF5ED463821F8B
C:\Windows\System32\drivers\monitor.sys 78BE85C1F1C7F3AF6C87BCE127007D5A
C:\Windows\System32\drivers\mouclass.sys 8E262B34A8BD184B4B3025AA8C396B00
C:\Windows\System32\drivers\mouhid.sys C094A555F148495EA130D3BBC5232D5E
C:\Windows\System32\drivers\mountmgr.sys 6434BC884502E95EEA2379C92DD22B60
C:\Windows\System32\drivers\mpsdrv.sys F36E4074C66DD31855A8D79EF0AE8066
C:\Windows\system32\drivers\mrxdav.sys 215D672CB71987CD98EB2298EFB84DDC
C:\Windows\System32\DRIVERS\mrxsmb.sys 34898F29BF0E9A84E183046318D17814
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6537678DEEA2A5B079052D75E21E46DA
C:\Windows\System32\DRIVERS\mrxsmb20.sys 87FF93E7420C9068C0D5B2F3109809F4
C:\Windows\System32\drivers\bridge.sys 167408B38458ECAE545C57527BC99024
C:\Windows\System32\Drivers\Msfs.sys AE111778CA6AC08862B3C713F0413333
C:\Windows\System32\drivers\msgpiowin32.sys 6DDDFCAB646BBBCFC583135C4430E10F
C:\Windows\System32\drivers\mshidkmdf.sys 01C6A86BEA8279E557A5056148F068BF
C:\Windows\System32\drivers\mshidumdf.sys F65ABC7DE945047147F17330F79732CB
C:\Windows\System32\drivers\msisadrv.sys 05B23012427801E710BDD12720B9020B
C:\Windows\System32\drivers\MSKSSRV.sys B25B2CD3E052D68075A3814AAA0C6421
C:\Windows\System32\drivers\mslldp.sys C3F5EA6B9041A30B4F11BE2E7863E487
C:\Windows\System32\drivers\MSPCLOCK.sys 601D666820F0408B896791D19BE6D258
C:\Windows\System32\drivers\MSPQM.sys 46E61FBA0097E48E5628C74A3F72233A
C:\Windows\System32\Drivers\MsRPC.sys 4EB9B77179BDEE89C496E60D4BF85CC1
C:\Windows\System32\drivers\mssecflt.sys 29DC5DFDF305E73A40AB13D102736EEA
C:\Windows\System32\drivers\mssmbios.sys CBD56E0B55FB3672BA80382EC2F8835C
C:\Windows\System32\drivers\MSTEE.sys 5734B2A36D3BB13A638E5305EEEC582D
C:\Windows\System32\drivers\MTConfig.sys 85270E0DC6907C6B99F72A36F17AED34
C:\Windows\System32\Drivers\mup.sys DB5B1539F5EBB3DD3A7ED25ADBC4D6D9
C:\Windows\System32\drivers\mvumis.sys 3C57FF3BCF496D24C39C2198158864BB
C:\Windows\System32\DRIVERS\nwifi.sys 8A9CD53B0FBE679116638120CCBB201E
C:\Windows\System32\drivers\ndfltr.sys 77B047B109CE758A017F58FAE5038D0D
C:\Windows\System32\drivers\ndis.sys 44071DC1A957B2062E0C2EE14E05A607
C:\Windows\System32\drivers\ndiscap.sys 067AE5BA349CC35AF8975D22DC483DDF
C:\Windows\System32\drivers\NdisImPlatform.sys 6FC4D7EB5D38CFB7966405036116F065
C:\Windows\System32\DRIVERS\ndistapi.sys ED7CC4E16B76B2603C9F827188EA63B4
C:\Windows\System32\drivers\ndisuio.sys 8D977AFC195A3F4B15B05D02B2BD0292
C:\Windows\System32\drivers\NdisVirtualBus.sys DC1D26D62F40B7552BCF49D92774F0C5
C:\Windows\System32\drivers\ndiswan.sys 66F56AC744101DB870934D0EB31C2426
C:\Windows\System32\DRIVERS\ndiswan.sys 66F56AC744101DB870934D0EB31C2426
C:\Windows\System32\DRIVERS\NDProxy.sys AC908EF74DB5BC1DC7FB2BF0205D4FF1
C:\Windows\System32\drivers\Ndu.sys A791792DC412CCD83DA0AF6871682552
C:\Windows\System32\drivers\NetAdapterCx.sys BE79982A50AC88BC0765F3AFECFCB596
C:\Windows\System32\drivers\netbios.sys AAC1622CA213F7DA660A04FD51B730C3
C:\Windows\System32\DRIVERS\netbt.sys 401C17200AA0433D94EA61695F111DC3
C:\Windows\System32\drivers\netvsc.sys 19A981EC09C5C78A063FFF2E1E71CD28
C:\Windows\System32\Drivers\Npfs.sys 84EB8F01B140618518AFF30B9951F132
C:\Windows\System32\drivers\npsvctrig.sys 5CB8082E51DE7D19042F0FF8C517CB0D
C:\Windows\System32\drivers\nsiproxy.sys 958921BB7AE2671983743FDA0DD587C4
C:\Windows\System32\Drivers\NTFS.sys 70750B27A72427B0ACAE2D6CD161946A
C:\Windows\System32\Drivers\Null.sys 0D1E03A5F87F4DE04D97622C686910A2
C:\Windows\System32\drivers\nvdimmn.sys 532F27A2B62D70C327E763F035AED6C1
C:\Windows\System32\drivers\nvraid.sys 7E04652EB1A476BC0A72ECDC613AF0C5
C:\Windows\System32\drivers\nvstor.sys 880B3E874914DAEF97119876543AE117
C:\Windows\System32\drivers\parport.sys 2E07EC2C1622F5E7B535D62DCD61F3AB
C:\Windows\System32\drivers\partmgr.sys BD93CDE9A332C00BCB0836483271781F
C:\Windows\System32\drivers\pci.sys FC0D7D7ADACA8A3746D31F9C710F9E2B
C:\Windows\System32\drivers\pciide.sys E5AF806815ED797086629741F29E4156
C:\Windows\System32\drivers\pcmcia.sys 2A631D447B988AFBE847CBAA8E5CC298
C:\Windows\System32\drivers\pcw.sys ACD510CF2B631A2D36B2CFB7D31E22FD
C:\Windows\System32\drivers\pdc.sys 1796112EB89559910BC18865A29C8894
C:\Windows\System32\drivers\peauth.sys F21127EDE5D72090A1B029AFF4AFFD17
C:\Windows\System32\drivers\percsas2i.sys 35FD028E4323018202C0B7D115FD3AEF
C:\Windows\System32\drivers\percsas3i.sys F9F3D8BE9BC9241CC726197261362AC4
C:\Windows\System32\drivers\pmem.sys 36D43EA5517F3F4AAAC8EE061C957EF1
C:\Windows\System32\drivers\pnpmem.sys 59048555B59FD69287CFAB6022B5CC86
C:\Windows\System32\drivers\raspptp.sys C6010D36B68FB534D1B1245978C9921D
C:\Windows\System32\drivers\processr.sys B1111C47F128C946BDC87A18E44007EB
C:\Windows\System32\drivers\pacer.sys 5818FE76C3C6AE0CA723EBE483BF447F
C:\Windows\system32\drivers\qwavedrv.sys 16F9A6B593B52EB18F7ECB9D251BDF7A
C:\Windows\System32\DRIVERS\ramdisk.sys 13600C467512147E99052806F2C1307A
C:\Windows\System32\DRIVERS\rasacd.sys F57D1DE0C9522BCD590A69D044641B5A
C:\Windows\System32\drivers\AgileVpn.sys ED0EE10911C16AD8B21B9003C90E968F
C:\Windows\System32\drivers\rasl2tp.sys E0220BB6580D34001D4D1D133052DAA4
C:\Windows\System32\DRIVERS\raspppoe.sys 12EE1D92F4E5FAE4B6F65195A2016CE5
C:\Windows\System32\drivers\rassstp.sys 91CE469015979E5B3C3DBC2C41A476E8
C:\Windows\System32\DRIVERS\rdbss.sys 0945839C334DAAD62EB528F8A5C7F946
C:\Windows\System32\drivers\rdpbus.sys 8A5285B38A203D15110E142DE68406DD
C:\Windows\System32\drivers\rdpdr.sys DF83769C92527DB50653F8FB57D001FF
C:\Windows\System32\drivers\rdpvideominiport.sys 4D1A63ACEC42A88E52AFC4E84A8CE9EE
C:\Windows\System32\drivers\rdyboost.sys 12AF835862F2B6B2FB9DEA8BA2288587
C:\Windows\System32\Drivers\ReFS.sys FB0577F6BC9E07549CEACF5224327499
C:\Windows\System32\Drivers\ReFSv1.sys 4136BCA61BCDCC79DCE145F9CB639CD6
C:\Windows\System32\drivers\rhproxy.sys BBC228CA2F96B784B01FE7F1C5E3CFBB
C:\Windows\System32\drivers\rspndr.sys 27B80E5766B114621980F82FB78E912A
C:\Windows\System32\drivers\vms3cap.sys F0FA6B67B16EEFDEF8E8AFAD47A4F9B8
C:\Windows\System32\drivers\sbp2port.sys 324FA3C337EB54B43448F7B08444DC8D
C:\Windows\System32\DRIVERS\scfilter.sys 62A33CE69DB508BCEC63F4D3BFF400CE
C:\Windows\System32\drivers\scmbus.sys 7B057373146CC4E5A1F1DA665EA55DC7
C:\Windows\System32\drivers\sdbus.sys 0FB6CCFA52FE5AD0B8D86E8AB370EF34
C:\Windows\System32\drivers\SDFRd.sys 6D3853838864886B4F10B074282772E0
C:\Windows\System32\drivers\sdstor.sys C289832A3174DC9D393C7603C511DF79
C:\Windows\System32\drivers\SerCx.sys 75A27472AFD009255DBDE52038E3BDB5
C:\Windows\System32\drivers\SerCx2.sys 84005F54308109A022413D628E966412
C:\Windows\System32\drivers\serenum.sys 40384793F74CFFA45BCC38DF65E978EC
C:\Windows\System32\drivers\serial.sys 699470AD24D67908991A777716A352FD
C:\Windows\System32\drivers\sermouse.sys 92453F065F52A8EF0328A926B2C9502F
C:\Windows\System32\drivers\sfloppy.sys 1D8920C40F19B5FBA5F4897779840AD1
C:\Windows\System32\drivers\SiSRaid2.sys A871F9CC9CF388DC7193D22EF8D8C8DF
C:\Windows\System32\drivers\sisraid4.sys D30FC341550CC364880950152AE8B1C5
C:\Windows\System32\DRIVERS\smbdirect.sys ED2DA8C2F985BDAA3999FD70CE9B5285
C:\Windows\System32\drivers\spaceport.sys 215836D9719355A2C378300BDE31FB83
C:\Windows\System32\drivers\SpbCx.sys 545507AF670BC88B89200A118513ED9A
C:\Windows\System32\DRIVERS\srv2.sys C7DAAB9C4A77B3C3C38A7CB6158E82ED
C:\Windows\System32\DRIVERS\srvnet.sys 43480B3EE4D23F5AA8EE7C6D83B09487
C:\Windows\System32\drivers\stexstor.sys 162A805E13B3C0DD06AE8B6FC1900156
C:\Windows\System32\drivers\storahci.sys DD1F00B80DDD12252B7B228ABCE181A9
C:\Windows\System32\drivers\vmstorfl.sys A12CFAAA0F113A25D8CEFE58B1CBB207
C:\Windows\System32\drivers\stornvme.sys DA0097E6C70EA25F6020CC97C7828F70
C:\Windows\System32\drivers\storqosflt.sys 57377953F5688158054BC8CB5A243115
C:\Windows\System32\drivers\storufs.sys B59D29E535AF7E82717C2AD2C57EEC67
C:\Windows\System32\drivers\storvsc.sys 9B431079624306B5659B3B7208A71C75
C:\Windows\System32\drivers\swenum.sys 027B27E4B9DB3931D64159B81BD915A0
C:\Windows\System32\drivers\Synth3dVsc.sys AB15F9FDCD11D5283891BC956E8C5C95
C:\Windows\System32\drivers\tcpip.sys 420A2A36A7E04D137DB35126C0C451A3
C:\Windows\System32\drivers\tcpip.sys 420A2A36A7E04D137DB35126C0C451A3
C:\Windows\System32\drivers\tcpipreg.sys 74A1BF4093FA7B7D6C9366A39911A78E
C:\Windows\system32\DRIVERS\tdx.sys 571D82ABAC428D902ACA0CF60373C039
C:\Windows\System32\drivers\terminpt.sys B4B68E1DB59456419D9E49645729502A
C:\Windows\System32\drivers\tpm.sys 1658D060057C85DEC82BFCB018C4C22F
C:\Windows\System32\drivers\tsusbflt.sys 8D811209E34358EAD3FD8E40F657E59C
C:\Windows\System32\drivers\TsUsbGD.sys 68DE1735FB020AE8948BD7B60F2EBD3B
C:\Windows\System32\drivers\tsusbhub.sys 32230D3F06B0874DFB727028CA4F6348
C:\Windows\System32\drivers\tunnel.sys ACD39B0E5CFDA7B1AB7DF33FC5CC0E46
C:\Windows\System32\drivers\uaspstor.sys 04FC2C7F73AE58BF0DD674164E28A6DF
C:\Windows\System32\Drivers\UcmCx.sys E437FC4B1833F6B745184F78C4921FB8
C:\Windows\System32\Drivers\UcmTcpciCx.sys 950A3E42167904CAB9AA64863C31CEB5
C:\Windows\System32\drivers\UcmUcsi.sys 149CBBB74DFC3E52F242029A27B0F8EB
C:\Windows\System32\drivers\ucx01000.sys E6E91B3980A495D2A9D28A09580EA993
C:\Windows\System32\drivers\udecx.sys DACA289DFFA7658C04FEF6DCFA2AA9CE
C:\Windows\System32\DRIVERS\udfs.sys 12383D410AEF99AD6979A8EFD3D61888
C:\Windows\System32\drivers\UEFI.sys AB7FE51D818B6059C2F56FA62268CCAC
C:\Windows\system32\drivers\UevAgentDriver.sys A6134CA92B545353EEB0420F36D39F1C
C:\Windows\System32\drivers\ufx01000.sys 58447F28E697A93521DD20530A8D50ED
C:\Windows\System32\drivers\UfxChipidea.sys 69ED2D00A7787D9D84E6C90CE0B02B2D
C:\Windows\System32\drivers\ufxsynopsys.sys F061EC57330FBC597A4E7298BE667780
C:\Windows\System32\drivers\umbus.sys D40BCED160D332005AF612E1228825E6
C:\Windows\System32\drivers\umpass.sys 64CF24D7B1FA4975C52A31BF4C82EB73
C:\Windows\System32\drivers\urschipidea.sys ACE4C3B4C7D17B154FFC5BBE5F7A9835
C:\Windows\System32\drivers\urscx01000.sys ECE40EB976A5ACB366808AECF6B235BA
C:\Windows\System32\drivers\urssynopsys.sys EB738F830D3E7EA62A218F101EF91FD4
C:\Windows\System32\drivers\usbccgp.sys B43E28E5CF868517EEC0923AB2BC366B
C:\Windows\System32\drivers\usbcir.sys 1080D80B5F6D249F23BAE1C0C36233A4
C:\Windows\System32\drivers\usbehci.sys EE162DA2C92026A5B96ED89737975AA8
C:\Windows\System32\drivers\usbhub.sys C27FEE9758E3BEDE4D48B5EDBE1122CF
C:\Windows\System32\drivers\UsbHub3.sys 4FA9C956E569D0D380C2859542361780
C:\Windows\System32\drivers\usbohci.sys 44B954306BB2B311E070EDA276FECAB1
C:\Windows\System32\drivers\usbprint.sys EEF26F9034F0608B93D4D239534BB0BA
C:\Windows\System32\drivers\usbser.sys 913CFF365DB1803525DBD2AA8B8188B4
C:\Windows\System32\drivers\USBSTOR.SYS 441CAE778B6A1FF6E618E37814A7A52A
C:\Windows\System32\drivers\usbuhci.sys 2D6BB2157B37B2D9DABF8C218F2A805B
C:\Windows\System32\drivers\USBXHCI.SYS 41E5A6188180DC72BCECA999ED2532D4
C:\Windows\System32\drivers\vdrvroot.sys C77C537077822D8EA529AD4EBFD971D6
C:\Windows\System32\drivers\VerifierExt.sys 9D4EEE333603F3675685F644053499D5
C:\Windows\System32\drivers\vhdmp.sys EA64495B9FAF0052113890184DA57573
C:\Windows\System32\drivers\vhf.sys E10FEBB566E1F0A3936AB304F338637E
C:\Windows\System32\drivers\vmbus.sys 164E6B2919FF12911F63C7EC526ED669
C:\Windows\System32\drivers\VMBusHID.sys DC9E0600B356258E31403789119C78A9
C:\Windows\System32\drivers\vmgid.sys B24F74B2710B66F647419697BDB9E163
C:\Windows\System32\drivers\vnvdimm.sys D81F6B790519A60F3D1788B45D04B749
C:\Windows\System32\drivers\volmgr.sys DCE032DE20AB85CFA92141F419CFE68E
C:\Windows\System32\drivers\volmgrx.sys 6D6CACED512C1EF1FEAC215E37E3A9BC
C:\Windows\System32\drivers\volsnap.sys 5B27846CF4B1C21AFB3A35A8336BA02F
C:\Windows\System32\drivers\volume.sys 72A95A844D6BAF2924A4C15BEDFD6BCA
C:\Windows\System32\drivers\vpci.sys 702273C7C1BE9D366BAF1305D382F03C
C:\Windows\System32\drivers\vsmraid.sys 075CE3C9E77D2666AFA888951E5F07A9
C:\Windows\System32\drivers\vstxraid.sys 26D00E85BE4726B114335250FCDEDA89
C:\Windows\System32\drivers\vwifibus.sys 3DFDB573E4D49EA8F416B573525B7A86
C:\Windows\System32\drivers\vwififlt.sys A40FA64655AB5B8773A96A821616C5FC
C:\Windows\System32\drivers\wacompen.sys 5B5430522E0BDF2A753D758710BE7C5E
C:\Windows\System32\DRIVERS\wanarp.sys 478193CE0AAD5C8515568592F1F640D1
C:\Windows\System32\DRIVERS\wanarp.sys 478193CE0AAD5C8515568592F1F640D1
C:\Windows\system32\drivers\wcifs.sys A8DFD1465C05D9EFBDFD5C3A25B7F496
C:\Windows\system32\drivers\wcnfs.sys 9DE3FDFF295F2534DF0A8B6FC4F06355
C:\Windows\System32\drivers\WdBoot.sys 6FD8F1FBED780A7F3DF329C834E52AC5
C:\Windows\System32\drivers\Wdf01000.sys FCC960498E3CD899F0A429F7CF9E77AD
C:\Windows\System32\drivers\WdFilter.sys 7D182F0F227FC141C5D2085175BE05F6
C:\Windows\System32\DRIVERS\wdiwifi.sys 2D50C46EFE924BC24F63A45D2DB1AA3A
C:\Windows\System32\Drivers\WdNisDrv.sys 0D38C257A7B34A818726BA2F323B196E
C:\Windows\System32\drivers\wdnsfltr.sys DF58AA71FBA55E15F572C93447696DEC
C:\Windows\System32\drivers\wfplwfs.sys 4EAE206AF1D880C9C06FB4ACD17F0506
C:\Windows\System32\drivers\wimmount.sys C8D3FC38426E990E2787771678B19C6D
C:\Windows\System32\drivers\WindowsTrustedRT.sys 0484B0D01EA6F7017519EBDDBADE759D
C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys 813EE0F4D4B8D599DB1968682D080732
C:\Windows\System32\drivers\winmad.sys E23475E9150E6A50B12DB176EA5CDD56
C:\Windows\System32\drivers\winnat.sys 3E27B5B573DCC8DE15A93F61C01713B6
C:\Windows\System32\drivers\WinUSB.SYS E92F3539C4758F6A9F4B80CBAC75B3E6
C:\Windows\System32\drivers\winverbs.sys 59126AFCC64270747B5CC9B44A4A48F4
C:\Windows\System32\drivers\wmiacpi.sys E8C793ED028E132771988760819E3754
C:\Windows\System32\Drivers\Wof.sys 8D6E6F6C233AF450C50FA615530B44D2
C:\Windows\system32\drivers\ws2ifsl.sys 367B3ED0C688AFE28C376B0230814567
C:\Windows\System32\drivers\WudfPf.sys BD5E68B369DF3453A0A87663C6C5476D
C:\Windows\system32\DRIVERS\WUDFRd.sys A86A249314FD0A780214028B0C31A386
C:\Windows\System32\drivers\xboxgip.sys 2244A4CEFE8F9C74091369ACE2E9EBC6
C:\Windows\System32\drivers\xinputhid.sys 4A91B49C6B1E41151D47CB919ADF013A
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-13 22:33 - 2018-03-13 21:35 - 000000000 ____D C:\Windows\Panther
2018-03-13 22:15 - 2018-03-13 22:15 - 000027563 _____ C:\FRST.txt
2018-03-13 22:14 - 2018-03-13 22:15 - 000000000 ____D C:\FRST
2018-03-13 22:12 - 2018-03-13 20:51 - 002402816 _____ (Farbar) C:\FRST64.exe
2018-03-13 22:05 - 2018-03-13 22:05 - 000000000 ____D C:\Users\JR\AppData\Local\Comms
2018-03-13 21:40 - 2018-03-13 21:40 - 000003284 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2018-03-13 21:40 - 2018-03-13 21:40 - 000002354 _____ C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-13 21:40 - 2018-03-13 21:40 - 000000000 ___RD C:\Users\JR\OneDrive
2018-03-13 21:39 - 2018-03-13 21:55 - 000000000 ____D C:\Users\JR\AppData\Local\Packages
2018-03-13 21:39 - 2018-03-13 21:39 - 000841206 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-13 21:39 - 2018-03-13 21:39 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-13 21:39 - 2018-03-13 21:39 - 000000000 ___RD C:\Users\JR\3D Objects
2018-03-13 21:39 - 2018-03-13 21:39 - 000000000 ____D C:\Users\JR\AppData\Roaming\Adobe
2018-03-13 21:39 - 2018-03-13 21:39 - 000000000 ____D C:\Users\JR\AppData\Local\VirtualStore
2018-03-13 21:39 - 2018-03-13 21:39 - 000000000 ____D C:\Users\JR\AppData\Local\Publishers
2018-03-13 21:39 - 2018-03-13 21:39 - 000000000 ____D C:\Users\JR\AppData\Local\ConnectedDevicesPlatform
2018-03-13 21:38 - 2018-03-13 21:40 - 000000000 ____D C:\Users\JR
2018-03-13 21:38 - 2018-03-13 21:38 - 000000020 ___SH C:\Users\JR\ntuser.ini
2018-03-13 21:35 - 2018-03-13 21:35 - 000000000 ____D C:\Windows\CSC
2018-03-13 21:35 - 2017-09-29 06:40 - 002241024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2018-03-13 21:34 - 2018-03-13 21:35 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-13 21:34 - 2018-03-13 21:34 - 000221944 _____ C:\Windows\system32\FNTCACHE.DAT
2018-03-13 21:34 - 2018-03-13 21:34 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_11_00.Wdf
2018-03-13 21:34 - 2018-03-13 21:34 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-03-13 21:34 - 2018-03-13 21:34 - 000000000 ____D C:\Windows\ServiceProfiles
2017-12-13 18:34 - 2017-12-13 18:34 - 025245696 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 023652864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 021352136 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 020286120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 019336192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 018916352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 017159680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 013703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 012829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 011923456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 008590744 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 008097280 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 007831248 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 007676296 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 007545344 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 007385088 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 006478528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 006466048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 006092664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 006037504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 005905752 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 005615968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 004772352 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 004740608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 004592640 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 004504456 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 004385280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 003903784 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 003678208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 003669504 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 003578368 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 003484840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 003478016 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 003334144 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 003331520 _____ C:\Windows\system32\Windows.Mirage.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 003211776 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 003186688 _____ (Microsoft Corporation) C:\Windows\system32\Windows.CloudStore.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 003163648 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 003121664 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 003010720 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 002972672 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 002905600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 002890240 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 002869760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 002864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 002862080 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 002859520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 002783744 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 002709200 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 002666496 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 002633216 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 002596352 _____ (Microsoft Corporation) C:\Windows\system32\smartscreen.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 002573208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 002510336 _____ (Microsoft Corporation) C:\Windows\system32\ResetEngine.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 002491112 _____ C:\Windows\SysWOW64\Windows.Mirage.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 002467840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 002446744 _____ (Microsoft Corporation) C:\Windows\system32\UpdateAgent.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 002412168 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 002395032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 002393600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcGenral.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 002339296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 002220952 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystems64.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 002208768 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 002192112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 002117632 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 002105856 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 001990160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001980928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001954048 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001925296 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001822208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001806336 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Speech.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001778584 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntVirtualization.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001739264 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001670656 _____ (Microsoft Corporation) C:\Windows\system32\batmeter.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001666048 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001664000 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001663488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\batmeter.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001642520 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001636376 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001634288 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001628056 _____ (Microsoft Corporation) C:\Windows\system32\AppVIntegration.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001615720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001585376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001570816 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 001559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001554216 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001547264 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001528904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001509888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001498112 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001495040 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001490840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVEntSubsystems32.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001490328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001488792 _____ (Microsoft Corporation) C:\Windows\system32\ContentDeliveryManager.Utilities.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001487872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001474680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001470976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001463856 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001432816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001426152 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001425408 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001424896 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001420696 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001413760 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-12-13 18:34 - 2017-12-13 18:34 - 001353728 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001323840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001321472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001289216 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001280000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001277848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 001261864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001246432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001208184 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 001200536 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 001170000 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001167360 _____ (Microsoft Corporation) C:\Windows\system32\ISM.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001160704 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001145104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001124760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContentDeliveryManager.Utilities.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001090440 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-12-13 18:34 - 2017-12-13 18:34 - 001058304 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001054720 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001053592 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 001012120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Services.TargetedContent.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001008640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001003104 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000982016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000979352 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000975872 _____ C:\Windows\system32\FaceProcessor.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000956416 _____ (Microsoft Corporation) C:\Windows\system32\Spectrum.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 000925184 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000924136 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 000902416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000899584 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000891800 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 000887296 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000882688 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Mirage.Internal.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000841728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000840440 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Perception.Stub.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000831384 _____ (Microsoft Corporation) C:\Windows\system32\AppVOrchestration.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000830464 _____ (Microsoft Corporation) C:\Windows\system32\d3d9on12.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000823808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000819096 _____ (Microsoft Corporation) C:\Windows\system32\AppVClient.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 000815616 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000813976 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntStreamingManager.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000813056 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000812032 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000791960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 000779440 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 000770048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000769096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000768512 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000749976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000747416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000746904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Services.TargetedContent.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000744856 _____ (Microsoft Corporation) C:\Windows\system32\AppVReporting.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000739696 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000726016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000721592 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000720896 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000713624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000710912 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000708096 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000708096 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000705944 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000703568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000703536 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000685056 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000677272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000676352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVolSSO.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000669592 _____ (Microsoft Corporation) C:\Windows\system32\AppVCatalog.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000665088 _____ (Microsoft Corporation) C:\Windows\system32\TpmCoreProvisioning.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000660480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000654848 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000654048 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000649304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 000645528 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000630752 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000618496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000615768 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 000614912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000612760 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000610712 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000603920 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 000601088 _____ (Microsoft Corporation) C:\Windows\system32\ipnathlp.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000597160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000592280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000590944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000588288 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000571288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000568832 _____ (Microsoft Corporation) C:\Windows\system32\TileDataRepository.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000566272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TpmCoreProvisioning.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000559616 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000559512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000557056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9on12.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000556544 _____ (Microsoft Corporation) C:\Windows\system32\LockAppBroker.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000555416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2017-12-13 18:34 - 2017-12-13 18:34 - 000542208 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000536064 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000534528 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000529408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000525208 _____ (Microsoft Corporation) C:\Windows\system32\wimserv.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 000519152 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthService.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 000516096 _____ (Microsoft Corporation) C:\Windows\system32\ActivationManager.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000506256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Perception.Stub.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000496640 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000495000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000487424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcSpecfc.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcext.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000479912 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000478208 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnr.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000474112 _____ (Microsoft Corporation) C:\Windows\system32\DictationManager.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000471960 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000464408 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000462336 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000456704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppBroker.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000450048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TileDataRepository.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActivationManager.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000442880 _____ (Microsoft Corporation) C:\Windows\system32\cryptngc.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000437144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2017-12-13 18:34 - 2017-12-13 18:34 - 000436120 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHostCommon.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000432640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000432640 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000431616 _____ (Microsoft Corporation) C:\Windows\system32\msIso.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000428952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000424960 _____ (Microsoft Corporation) C:\Windows\system32\provhandlers.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000418712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000404888 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000403968 _____ (Microsoft Corporation) C:\Windows\system32\WpAXHolder.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000401304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000398744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000394752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000374032 _____ (Microsoft Corporation) C:\Windows\system32\vac.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 000373656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000372224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcLayers.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000363008 _____ (Microsoft Corporation) C:\Windows\system32\SettingsEnvironment.Desktop.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000362904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000362176 _____ (Microsoft Corporation) C:\Windows\system32\BioIso.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\SpatializerApo.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000354304 _____ (Microsoft Corporation) C:\Windows\system32\WwaApi.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000354200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudExperienceHostCommon.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000353848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000353688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000351232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DictationManager.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000334848 _____ (Microsoft Corporation) C:\Windows\system32\dusmsvc.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000329728 _____ (Microsoft Corporation) C:\Windows\system32\AcGenral.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000327680 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 000326144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptngc.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000319352 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000315392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000308736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\FSClient.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000301056 _____ (Microsoft Corporation) C:\Windows\system32\AcLayers.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000293888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WwaApi.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000292864 _____ (Microsoft Corporation) C:\Windows\system32\ExecModelClient.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000285080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000271872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SpatializerApo.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000269696 _____ C:\Windows\system32\FaceProcessorCore.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000266752 _____ (Microsoft Corporation) C:\Windows\system32\SIHClient.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 000264040 _____ (Microsoft Corporation) C:\Windows\system32\MusNotifyIcon.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000259072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000254976 _____ (Microsoft Corporation) C:\Windows\system32\PushToInstall.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000250368 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000246272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000246168 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000242176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExecModelClient.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000239104 _____ (Microsoft Corporation) C:\Windows\system32\smartscreenps.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000238080 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FSClient.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000230296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000227328 _____ (Microsoft Corporation) C:\Windows\system32\CapabilityAccessManager.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000222208 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000211456 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 000206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000204288 _____ (Microsoft Corporation) C:\Windows\system32\provisioningcsp.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000198888 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netvsc.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000187288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000184984 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000175104 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000174080 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcui.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_ContentDeliveryManager.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000169472 _____ (Microsoft Corporation) C:\Windows\system32\wuuhosdeployment.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_SIUF.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000166296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\dmcertinst.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 000160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\smartscreenps.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000151040 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000149400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storahci.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000147864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcifs.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 000143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000137544 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000136704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gamingtcui.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000135168 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_CapabilityAccess.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000129432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvsocket.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\cryptcatsvc.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000123512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UcmCx.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000101376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscript.ocx
2017-12-13 18:34 - 2017-12-13 18:34 - 000098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000097792 _____ C:\Windows\system32\runexehelper.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 000097144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\CapabilityAccessManagerClient.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\usoapi.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthTokenBrokerExt.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000085504 _____ (Microsoft Corporation) C:\Windows\system32\hascsp.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\DeviceUpdateAgent.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000082840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000079360 _____ (Microsoft Corporation) C:\Windows\system32\acppage.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\provtool.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XblAuthTokenBrokerExt.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\acppage.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usoapi.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CapabilityAccessManagerClient.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000060824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\urscx01000.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000059800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bam.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\aadjcsp.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\wuautoappupdate.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000057344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UcmUcsi.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\AcSpecfc.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000048112 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 000047000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KeyboardFilterShim.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\rdrleakdiag.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 000045464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storufs.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdrleakdiag.exe
2017-12-13 18:34 - 2017-12-13 18:34 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2017-12-13 18:34 - 2017-12-13 18:34 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdtcVSp1res.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\msdtcVSp1res.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000021504 _____ (Microsoft Corporation) C:\Windows\system32\slcext.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000019456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slcext.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 000000000 ____D C:\Windows\containers
 
==================== Three Months Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-13 22:33 - 2017-09-29 06:45 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2018-03-13 22:03 - 2017-09-29 06:43 - 000000000 ____D C:\Windows\INF
2018-03-13 21:55 - 2017-09-29 06:45 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-13 21:55 - 2017-09-29 06:45 - 000000000 ____D C:\Windows\AppReadiness
2018-03-13 21:37 - 2017-09-29 06:37 - 000000000 ____D C:\Windows\CbsTemp
2018-03-13 21:35 - 2017-09-29 06:45 - 000000000 ____D C:\Windows\system32\spool
2018-03-13 21:35 - 2017-09-29 06:45 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-03-13 21:35 - 2017-09-29 01:45 - 000131072 _____ C:\Windows\system32\config\BBI
2018-03-13 21:34 - 2017-09-29 06:45 - 000000000 ___RD C:\Windows\PrintDialog
2018-03-13 21:34 - 2017-09-29 06:45 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2018-03-13 21:34 - 2017-09-29 01:45 - 000032768 _____ C:\Windows\system32\config\ELAM
2018-03-13 21:34 - 2017-09-29 01:45 - 000000000 ____D C:\Windows\system32\Sysprep
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {3fc36697-2747-11e8-a6ce-bf45eec79027}
                        {4ac00cbb-2749-11e8-a1d4-806e6f6e6963}
timeout                 2
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {3fc36698-2747-11e8-a6ce-bf45eec79027}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Firmware Application (101fffff)
-------------------------------
identifier              {3fc36697-2747-11e8-a6ce-bf45eec79027}
description             UEFI: HL-DT-ST DVD+/-RW GU90N
 
Firmware Application (101fffff)
-------------------------------
identifier              {4ac00cbb-2749-11e8-a1d4-806e6f6e6963}
device                  partition=\Device\HarddiskVolume2
description             UEFI: TS128GMSA370
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.efi
description             Windows 10
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {3fc3669a-2747-11e8-a6ce-bf45eec79027}
displaymessageoverride  Recovery
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \Windows
resumeobject            {3fc36698-2747-11e8-a6ce-bf45eec79027}
nx                      OptIn
bootmenupolicy          Standard
 
Windows Boot Loader
-------------------
identifier              {3fc3669a-2747-11e8-a6ce-bf45eec79027}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{3fc3669b-2747-11e8-a6ce-bf45eec79027}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-us
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{3fc3669b-2747-11e8-a6ce-bf45eec79027}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {3fc36698-2747-11e8-a6ce-bf45eec79027}
device                  partition=C:
path                    \Windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {3fc3669a-2747-11e8-a6ce-bf45eec79027}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 No
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Local
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {3fc3669b-2747-11e8-a6ce-bf45eec79027}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
LastRegBack: 2018-03-13 21:34
 
==================== End of FRST.txt ============================
 
Now here comes the Additional log data:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.03.2018
Ran by JR (13-03-2018 22:15:31)
Running from C:\
Windows 10 Pro N Version 1709 16299.125 (X64) (2018-03-14 04:35:29)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2755528407-823532755-441143749-500 - Administrator - Enabled)
DefaultAccount (S-1-5-21-2755528407-823532755-441143749-503 - Limited - Disabled)
Guest (S-1-5-21-2755528407-823532755-441143749-501 - Limited - Disabled)
JR (S-1-5-21-2755528407-823532755-441143749-1001 - Administrator - Enabled) => C:\Users\JR
WDAGUtilityAccount (S-1-5-21-2755528407-823532755-441143749-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Microsoft OneDrive (HKU\S-1-5-21-2755528407-823532755-441143749-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 06:40 - 2017-09-29 06:40 - 000184432 _____ () C:\Windows\SYSTEM32\inputhost.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 18:34 - 2017-12-13 18:34 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-09-29 06:45 - 2017-09-29 06:43 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2755528407-823532755-441143749-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: Broadcom USH
Description: Broadcom USH
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Microsoft Basic Display Adapter
Description: Microsoft Basic Display Adapter
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard display types)
Service: BasicDisplay
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Network and Computing Encryption/Decryption Controller
Description: Network and Computing Encryption/Decryption Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/13/2018 09:39:17 PM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (5096,P,0) TILEREPOSITORYS-1-5-21-2755528407-823532755-441143749-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).
 
Error: (03/13/2018 09:39:17 PM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (5096,P,0) TILEREPOSITORYS-1-5-21-2755528407-823532755-441143749-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).
 
Error: (03/13/2018 09:39:17 PM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (5096,P,0) TILEREPOSITORYS-1-5-21-2755528407-823532755-441143749-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).
 
Error: (03/13/2018 09:39:17 PM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (5096,P,0) TILEREPOSITORYS-1-5-21-2755528407-823532755-441143749-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).
 
Error: (03/13/2018 09:39:17 PM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (5096,P,0) TILEREPOSITORYS-1-5-21-2755528407-823532755-441143749-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).
 
Error: (03/13/2018 09:39:17 PM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (5096,P,0) TILEREPOSITORYS-1-5-21-2755528407-823532755-441143749-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).
 
Error: (03/13/2018 09:39:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8024402C
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9fbaf5d6-4d83-4422-870d-fdda6e5858aa;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
 
Error: (03/13/2018 09:37:27 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.
 
 
System errors:
=============
Error: (03/13/2018 09:55:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/13/2018 09:55:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/13/2018 09:55:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/13/2018 09:55:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/13/2018 09:55:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/13/2018 09:55:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/13/2018 09:55:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/13/2018 09:55:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 8%
Total physical RAM: 16289.27 MB
Available physical RAM: 14928.5 MB
Total Virtual: 19233.27 MB
Available Virtual: 17964.36 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:118.64 GB) (Free:101.17 GB) NTFS
Drive d: (ESD-ISO) (CDROM) (Total:3.96 GB) (Free:0 GB) UDF
Drive e: (TEST33) (Removable) (Total:7.21 GB) (Free:7.14 GB) FAT32
 
\\?\Volume{ea3f1464-2f8a-4ac1-8724-f5c3303fc9e1}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.13 GB) NTFS
\\?\Volume{c95dfd79-f407-442c-9bf9-89560d99220a}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Protective MBR) (Size: 119.2 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (Protective MBR) (Size: 7.2 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
and last but not least the shortcuts log:
 
Users shortcut scan result (x64) Version: 13.03.2018
Ran by JR (13-03-2018 22:15:34)
Running from C:\
Boot Mode: Normal
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\JR\Links\Desktop.lnk -> C:\Users\JR\Desktop ()
Shortcut: C:\Users\JR\Links\Downloads.lnk -> C:\Users\JR\Downloads ()
Shortcut: C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\JR\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\JR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\JR\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\JR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\JR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\JR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\JR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\JR\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\JR\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\JR\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\JR\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\JR\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\JR\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\JR\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\JR\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\JR\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
 
 
ShortcutWithArgument: C:\Users\JR\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\JR\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\JR\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\JR\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\JR\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\JR\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\JR\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\JR\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\JR\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\JR\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\JR\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
 
 
InternetURL: C:\Users\JR\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
 
==================== End of Shortcut.txt =============================
 
I should stress out that I made no modifications to that system except for activating the builtin Administrator account and setting a password for it.
Likewise I have not installed any software, and that MS Win10 x64 Installer DVD I used should not contain any bloatware.
 
Previous attempts using a similar install medium downloaded from Dell.com (the original OS which came with the machine, the only difference is that the drivers and some Dell security and system software is integrated in the installer) as well as a stripsealed, hologrammed Windows 10 Pro OEM System Builder DVD I purchased from a licensed retailer yielded similar results.
 
One obvious issue is that any disk partitioning made beforehand is not recognized by windows setup. I always end up with at least FOUR partitions, including one MS 16MB (MB, not GB) which I believe to contain a compressed image of the malware which then starts a Hypervisor.
 
I have, for that reason, deactivated all virtualization support in the BIOS and unprovisioned the Intel ME. Both the Intel ME firmware as well as the BIOS are protected by adequate passwords (8+). I have also deactivated the TPM as my systems go under more quickly with that activated.
 
One more thing: When one repartitions a HD, one would expect such repartitioned HD to be, well, empty. That is not the case here. As soon as the new partitions are set up, whatever tool I use for partitioning shows there"s some data on it. A few 100 MB up to 9 GB, depending on partition size. I can post screenshots if someone wants me to.
 
I also found the following files: d3d9.dll, sspisrv.dll, userenv.dll, mscvr.dll and a setup.cab which seem to indicate the presence of FinFisher r some variant of it. 
 
Thanks, Laz


#5 LazarusLong69

LazarusLong69
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 21 March 2018 - 05:21 PM

Hmm...anyone having any idea what to do about it???



#6 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:11:41 PM

Posted 13 April 2018 - 01:51 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users