Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible wininit.exe infection and multiple winhomt.exe processes


  • This topic is locked This topic is locked
13 replies to this topic

#1 nyprican

nyprican

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 01 March 2018 - 08:35 PM

I've tried every virus scanner to try and remove whatever is infecting my computer but nothing has worked sadly. I've noticed that suddenly there's always 6 processes named winhomt.exe running in task manager when they were never there before. If I try to open the file location of the process it tells me access is denied to the folder named iakrnxu which is located in C:\Users\Matt\AppData\Local.

Also there's an .exe running in task manager named iakrnxu.exe with its description being a print driver? Very desperate and frustrated at this point!

 



BC AdBot (Login to Remove)

 


#2 nyprican

nyprican
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 01 March 2018 - 08:40 PM

It's telling me that the first.txt log is too long to post even on its own so I'm gonna upload it. Here's the addition one

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28.02.2018
Ran by Matt (01-03-2018 19:20:39)
Running from E:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2018-02-07 00:44:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-850179344-2096929474-2670164669-500 - Administrator - Disabled)
Guest (S-1-5-21-850179344-2096929474-2670164669-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-850179344-2096929474-2670164669-1002 - Limited - Enabled)
Matt (S-1-5-21-850179344-2096929474-2670164669-1000 - Administrator - Enabled) => C:\Users\Matt

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.41 - NVIDIA Corporation) Hidden
BitLord 2.5 (HKLM-x32\...\BitLord) (Version: 2.4.5-323 - House of Life)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 3.56.74.1828 - BlueStack Systems, Inc.)
Call of Duty: Black Ops (HKLM-x32\...\Call of Duty: Black Ops_is1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.7.1.0341 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-850179344-2096929474-2670164669-1000\...\Discord) (Version: 0.0.300 - Discord Inc.)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 9.4.9.1 - Sentelic)
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.2.4 - The GnuPG Project)
Gpg4win (3.0.3) (HKLM-x32\...\Gpg4win) (Version: 3.0.3 - The Gpg4win Project)
Hotkey 2.34.48 (HKLM-x32\...\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}) (Version: 2.34.48 - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Kingdom Come: Deliverance (HKLM-x32\...\Kingdom Come: Deliverance_is1) (Version:  - )
Kodi (HKU\S-1-5-21-850179344-2096929474-2670164669-1000\...\Kodi) (Version:  - XBMC-Foundation)
LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.1 - Mozilla)
MSI Afterburner 4.4.2 (HKLM-x32\...\Afterburner) (Version: 4.4.2 - MSI Co., LTD)
NVIDIA 3D Vision Driver 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.41 - NVIDIA Corporation)
NVIDIA Graphics Driver 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.41 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.800.800.121813 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.27044 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.75.827.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7127 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0239 - REALTEK Semiconductor Corp.)
Registry Finder 2.22 (HKLM\...\{CC3C7E59-8611-4542-8BFD-FFC6759AD0FB}_is1) (Version: 2.22 - Sergey Filippov)
RivaTuner Statistics Server 7.0.2 (HKLM-x32\...\RTSS) (Version: 7.0.2 - Unwinder)
Sound Blaster X-Fi MB3 (HKLM-x32\...\{3689CE39-3173-4952-B7AF-F1A9D6F9A288}) (Version: 1.00.04 - Creative Technology Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1254 - SUPERAntiSpyware.com)
Total War - WARHAMMER II version 1.0 (HKLM\...\Total War - WARHAMMER II_is1) (Version: 1.0 - STEAMPUNKS)
UnHackMe 8.40 (HKLM-x32\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
Unity Web Player (HKU\S-1-5-21-850179344-2096929474-2670164669-1000\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Wise Force Deleter 1.4.6 (HKLM-x32\...\Wise Force Deleter_is1) (Version: 1.4.6 - WiseCleaner.com, Inc.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-850179344-2096929474-2670164669-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-850179344-2096929474-2670164669-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-850179344-2096929474-2670164669-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-850179344-2096929474-2670164669-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-850179344-2096929474-2670164669-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-850179344-2096929474-2670164669-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Matt\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Matt\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Matt\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Matt\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Matt\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Matt\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-03-01] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2018-01-12] (g10 Code GmbH)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Matt\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-02-12] (Disc Soft Ltd)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Matt\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-02-12] (Disc Soft Ltd)
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers3-x32: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Matt\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2018-01-12] (g10 Code GmbH)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Matt\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-08-21] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-03-01] ()
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {34CBC96C-451E-4118-B06B-8F9409BDF87F} - \ASC9_PerformanceMonitor -> No File <==== ATTENTION
Task: {4786FB7A-E17D-4EC7-8208-87C51C9E04C0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd)
Task: {5750A489-E5DB-4E77-A408-FC88D5CCA30F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd)
Task: {5CC95AA3-3F3B-46D4-9EE9-BFFB5FFCB73A} - System32\Tasks\{95C0EA54-681A-4843-91AA-54A2D06D0A89} => C:\Windows\system32\pcalua.exe -a E:\Changzhi\dnplayer2\dnuninst.exe
Task: {79F945D4-B3EE-43EA-8447-70CF286E69AF} - System32\Tasks\SUPERAntiSpyware Scheduled Task 55f33b40-16bf-4b57-af7b-70411b0f2b31 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {87F40D24-F65A-41B7-8BF6-A3F14842EEAA} - System32\Tasks\SUPERAntiSpyware Scheduled Task bfd0be96-7c53-41c2-a065-f31f6f7fb5a6 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {9ACF8DDF-E761-45B1-919F-C89B8441B3ED} - \{4BAF3C5F-711A-36E0-612F-3E2E92AD7FF4}\Telahuton -> No File <==== ATTENTION
Task: {BFEFD42F-AC2A-400F-BE98-74D3D8DB30CC} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2016-11-01] (Greatis Software)
Task: {F7D0210C-178D-4B3F-908A-AF0D03D6B518} - System32\Tasks\{B3C42A46-EC4E-4DED-9D2B-5E530AD3191C} => C:\Windows\system32\pcalua.exe -a "C:\Users\Matt\Downloads\Spybot - Search & Destroy v2.4.40 +AV [Technician Edition] Portable\Your Apps Here\Your Apps Here\App\Spybot\SDPESetup.exe" -d "C:\Users\Matt\Downloads\Spybot - Search & Destroy v2.4.40 +AV [Technician Edition] Portable\Your Apps Here\Your Apps Here\App\Spybot"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 55f33b40-16bf-4b57-af7b-70411b0f2b31.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task bfd0be96-7c53-41c2-a065-f31f6f7fb5a6.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-02-25 16:28 - 2017-08-21 17:10 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-02-06 18:51 - 2013-11-15 14:38 - 000066048 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2018-02-06 18:54 - 2013-01-25 11:08 - 000089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2018-02-06 18:54 - 2013-01-25 11:06 - 000328704 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2018-01-22 03:03 - 2018-01-22 03:03 - 000061920 _____ () C:\Program Files\CCleaner\branding.dll
2018-02-28 20:32 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-02-06 19:20 - 2018-01-08 17:52 - 001891832 _____ () C:\Users\Matt\AppData\Local\Discord\app-0.0.300\ffmpeg.dll
2018-02-06 19:20 - 2018-02-10 14:18 - 001780216 _____ () \\?\C:\Users\Matt\AppData\Roaming\discord\0.0.300\modules\discord_overlay2\discord_overlay2.node
2018-02-06 18:54 - 2013-01-25 11:04 - 000248320 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2018-02-06 18:54 - 2013-01-25 11:07 - 000074240 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2018-02-28 15:44 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2018-02-28 15:44 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2018-02-28 15:44 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2018-02-28 15:44 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2018-02-06 19:20 - 2018-01-08 17:52 - 001937912 _____ () C:\Users\Matt\AppData\Local\Discord\app-0.0.300\libglesv2.dll
2018-02-06 19:20 - 2018-01-08 17:52 - 000095736 _____ () C:\Users\Matt\AppData\Local\Discord\app-0.0.300\libegl.dll
2018-02-06 19:20 - 2018-02-06 19:21 - 009817080 _____ () \\?\C:\Users\Matt\AppData\Roaming\discord\0.0.300\modules\discord_voice\discord_voice.node
2018-02-06 19:20 - 2018-02-06 19:21 - 001508344 _____ () \\?\C:\Users\Matt\AppData\Roaming\discord\0.0.300\modules\discord_utils\discord_utils.node
2018-02-06 19:20 - 2018-02-06 19:20 - 000513016 _____ () \\?\C:\Users\Matt\AppData\Roaming\discord\0.0.300\modules\discord_erlpack\discord_erlpack.node
2018-02-06 19:20 - 2018-02-06 19:20 - 002662904 _____ () \\?\C:\Users\Matt\AppData\Roaming\discord\0.0.300\modules\discord_rpc\discord_rpc.node
2018-02-06 19:20 - 2018-02-06 19:21 - 001518072 _____ () \\?\C:\Users\Matt\AppData\Roaming\discord\0.0.300\modules\discord_game_utils\discord_game_utils.node
2018-02-06 19:21 - 2018-02-06 19:21 - 002749944 _____ () \\?\C:\Users\Matt\AppData\Roaming\discord\0.0.300\modules\discord_contact_import\discord_contact_import.node
2018-02-06 18:49 - 2018-02-05 19:28 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\WimMount:$WIMMOUNTDATA [418]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2018-02-27 09:57 - 000000988 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-850179344-2096929474-2670164669-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
HKU\S-1-5-21-850179344-2096929474-2670164669-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\MattR\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^Matt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Matt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Chromium => "c:\users\matt\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: fspuip => %ProgramFiles%\FSP\fspuip.exe
MSCONFIG\startupreg: GoogleChromeAutoLaunch_5DC805C0557595B61870599F00CD8033 => "C:\Users\Matt\AppData\Local\chromium\Application\chrome.exe" --no-startup-window /prefetch:5
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: MailRuUpdater =>
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4FF550E5-DA82-4C1E-8FFF-865320DD0C34}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{620F4C83-5DD9-4ADD-99D5-C2DD2C1F98F9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B9208A7C-6E7A-46C1-AC43-2DA3EFB774B3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6F5DEBBD-B4C0-4A14-8C87-123220A20E61}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7ABE8392-E553-42E6-96F5-6DC2825860EE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E6B66DBA-41AF-4291-A571-8DECE9F8D764}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{B7150539-75EF-4F68-AA6F-B0359B70F5C2}E:\oldsteamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) E:\oldsteamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{61B5B4A4-7852-48B5-8516-003AEA24D32A}E:\oldsteamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) E:\oldsteamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{FCE8A4EE-C601-463F-BB92-3A2711031F58}C:\program files (x86)\gnupg\bin\dirmngr.exe] => (Allow) C:\program files (x86)\gnupg\bin\dirmngr.exe
FirewallRules: [UDP Query User{41964CEE-ED37-4021-B748-302D45A9FF72}C:\program files (x86)\gnupg\bin\dirmngr.exe] => (Allow) C:\program files (x86)\gnupg\bin\dirmngr.exe
FirewallRules: [{D0D12AE1-ADF7-46AD-AA43-ABF2E15E726B}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe
FirewallRules: [{01A8AEC2-F896-4F6C-816D-D175A966BF80}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe
FirewallRules: [TCP Query User{69BE1F68-D191-4F31-9E48-C29DEA7BA143}E:\call of duty - black ops\blackops.exe] => (Allow) E:\call of duty - black ops\blackops.exe
FirewallRules: [UDP Query User{D464D612-943E-47D0-AAB1-6FC4961A0F4E}E:\call of duty - black ops\blackops.exe] => (Allow) E:\call of duty - black ops\blackops.exe
FirewallRules: [TCP Query User{50C50FF2-B12E-49E4-A167-45713F28A263}E:\call of duty - black ops\nodvd\bgamert5\bgt5launcher.exe] => (Allow) E:\call of duty - black ops\nodvd\bgamert5\bgt5launcher.exe
FirewallRules: [UDP Query User{5A3ADA67-A7E5-4C42-8E41-212F4E547515}E:\call of duty - black ops\nodvd\bgamert5\bgt5launcher.exe] => (Allow) E:\call of duty - black ops\nodvd\bgamert5\bgt5launcher.exe
FirewallRules: [TCP Query User{ADF65E69-EE2A-415C-BA1F-73EE7BF344B5}E:\call of duty - black ops\bgt5launcher.exe] => (Allow) E:\call of duty - black ops\bgt5launcher.exe
FirewallRules: [UDP Query User{5DE73BDB-FF71-4729-800C-281F9CF5AE06}E:\call of duty - black ops\bgt5launcher.exe] => (Allow) E:\call of duty - black ops\bgt5launcher.exe
FirewallRules: [TCP Query User{349F5438-0289-4D9F-855A-02742C2D5BF6}E:\call of duty - black ops\bgamert5.exe] => (Allow) E:\call of duty - black ops\bgamert5.exe
FirewallRules: [UDP Query User{DD114D18-11EF-4EC1-92B4-D30BBEB46C46}E:\call of duty - black ops\bgamert5.exe] => (Allow) E:\call of duty - black ops\bgamert5.exe
FirewallRules: [TCP Query User{5D4F8CAC-79F0-4702-AAF1-2D84BEBB5462}E:\call of duty - black ops\bgamert5mp.exe] => (Allow) E:\call of duty - black ops\bgamert5mp.exe
FirewallRules: [UDP Query User{32ADB2D0-6D7C-44F6-8CB9-8D3BF1C8905D}E:\call of duty - black ops\bgamert5mp.exe] => (Allow) E:\call of duty - black ops\bgamert5mp.exe
FirewallRules: [TCP Query User{0290C91B-D70A-43AC-9665-78E0E9E236AF}C:\program files\dnplayerext2\ldboxheadless.exe] => (Allow) C:\program files\dnplayerext2\ldboxheadless.exe
FirewallRules: [UDP Query User{E12E2DE5-C43C-4EE8-A330-FD532804F391}C:\program files\dnplayerext2\ldboxheadless.exe] => (Allow) C:\program files\dnplayerext2\ldboxheadless.exe
FirewallRules: [{E15A1C2A-4744-4CEE-8C6E-E81EE1C7E4D9}] => (Block) C:\program files\dnplayerext2\ldboxheadless.exe
FirewallRules: [{E3BE9FCD-8D05-4A43-A14F-622E2397EA6F}] => (Block) C:\program files\dnplayerext2\ldboxheadless.exe
FirewallRules: [{F265F870-1A9B-40BF-990B-EBF01FA36BBB}] => (Allow) E:\oldSteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{36BC79D5-ADE1-438A-AE01-2617504F79DA}] => (Allow) E:\oldSteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{31F6F453-35E1-4624-BA09-41E0F0683DD3}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
FirewallRules: [TCP Query User{F44372F1-9710-4FDF-A2B0-653D77A7F4C7}E:\total war - warhammer ii\warhammer2.exe] => (Allow) E:\total war - warhammer ii\warhammer2.exe
FirewallRules: [UDP Query User{66CC2052-049B-4F31-BB87-F560E8AF58F3}E:\total war - warhammer ii\warhammer2.exe] => (Allow) E:\total war - warhammer ii\warhammer2.exe
FirewallRules: [{F6502A1E-D22C-4867-AE36-2101D4224F85}] => (Block) E:\total war - warhammer ii\warhammer2.exe
FirewallRules: [{4507B61D-E995-4CF2-83DF-36D946B741F7}] => (Block) E:\total war - warhammer ii\warhammer2.exe
FirewallRules: [TCP Query User{590FD703-08E7-4FFF-AFEE-E06635217B34}E:\oldsteamlibrary\steamapps\common\prey\binaries\danielle\x64\release\prey.exe] => (Allow) E:\oldsteamlibrary\steamapps\common\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [UDP Query User{1A8579CB-D6CC-4399-844A-55FBD5302CBA}E:\oldsteamlibrary\steamapps\common\prey\binaries\danielle\x64\release\prey.exe] => (Allow) E:\oldsteamlibrary\steamapps\common\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [{8396D507-F58B-4D19-A513-8FBAC8F94783}] => (Block) E:\oldsteamlibrary\steamapps\common\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [{A5380358-C8F5-4CCD-91E6-8DF80A0F965B}] => (Block) E:\oldsteamlibrary\steamapps\common\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [{47526109-2D93-45D5-AB98-6BE0F3629B53}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{CAAF31EE-4EB0-41D3-A3E5-C9E9E3F8605D}] => (Allow) C:\Users\Matt\AppData\Local\UXTbicptyAe.exe
FirewallRules: [{09D069E2-F3FC-416C-963E-470188852B6C}] => (Allow) C:\Users\Matt\AGETOwRhWpl.exe
FirewallRules: [{CAAB00DC-5BDC-429D-B28A-6FBBB863927C}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{152CB6D3-99EA-42DD-9EF8-3CB8F7ECBF29}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [{EBE1070C-3266-434B-879C-39EB88500BC0}] => (Allow) E:\call of duty - black ops\bgamert5mp.exe
FirewallRules: [{D477EC1E-B16B-4CF4-89C3-634BA91EE041}] => (Block) E:\oldSteamLibrary\steamapps\common\Kingdom Come - Deliverance\Bin\Win64\KingdomCome.exe
FirewallRules: [{79868BCC-A9E9-4FD3-AF4A-4A5A187D040A}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe
FirewallRules: [{3883853D-0A44-426B-B3BA-50BAA34F7322}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

01-03-2018 10:22:22 Checkpoint by HitmanPro

==================== Faulty Device Manager Devices =============

Name: EgisTec_ES603
Description: EgisTec_ES603
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/01/2018 06:13:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: devicecontrol.exe, version: 0.0.0.0, time stamp: 0x5309a791
Faulting module name: ntdll.dll, version: 6.1.7601.24024, time stamp: 0x5a58e571
Exception code: 0xc0000374
Fault offset: 0x00000000000bf6b2
Faulting process id: 0x1b30
Faulting application start time: 0x01d3b1bb4d3f1a14
Faulting application path: C:\Program Files (x86)\Hotkey\devicecontrol.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 8b2eb10b-1dae-11e8-a98c-6c71d9ddf2e2

Error: (03/01/2018 06:12:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/01/2018 06:10:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/01/2018 10:46:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/01/2018 10:33:32 AM) (Source: MsiInstaller) (EventID: 11719) (User: Matt-PC)
Description: Product: ESET Security -- Error 1719. The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (03/01/2018 09:34:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/01/2018 09:21:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/28/2018 09:00:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: devicecontrol.exe, version: 0.0.0.0, time stamp: 0x5309a791
Faulting module name: ntdll.dll, version: 6.1.7601.24024, time stamp: 0x5a58e571
Exception code: 0xc0000374
Fault offset: 0x00000000000bf6b2
Faulting process id: 0x1688
Faulting application start time: 0x01d3b10974337cae
Faulting application path: C:\Program Files (x86)\Hotkey\devicecontrol.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: b27133ac-1cfc-11e8-8508-6c71d9ddf2e2


System errors:
=============
Error: (03/01/2018 07:10:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/01/2018 07:10:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/01/2018 07:10:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/01/2018 07:10:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/01/2018 07:10:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/01/2018 07:10:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/01/2018 07:10:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/01/2018 07:10:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.


CodeIntegrity:
===================================

Date: 2018-02-28 20:51:34.311
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\dnplayerext2\LdBoxDDRC.rc because the set of per-page image hashes could not be found on the system.

Date: 2018-02-28 20:51:34.278
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\dnplayerext2\LdBoxDDRC.rc because the set of per-page image hashes could not be found on the system.

Date: 2018-02-28 20:51:34.252
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\dnplayerext2\LdBoxDDRC.rc because the set of per-page image hashes could not be found on the system.

Date: 2018-02-28 20:51:34.202
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\dnplayerext2\LdBoxDDRC.rc because the set of per-page image hashes could not be found on the system.

Date: 2018-02-28 20:51:34.175
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\dnplayerext2\LdBoxDDRC.rc because the set of per-page image hashes could not be found on the system.

Date: 2018-02-28 20:51:34.147
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\dnplayerext2\LdBoxDDRC.rc because the set of per-page image hashes could not be found on the system.

Date: 2018-02-28 20:51:33.976
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\dnplayerext2\LdBoxDD2RC.rc because the set of per-page image hashes could not be found on the system.

Date: 2018-02-28 20:51:33.948
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\dnplayerext2\LdBoxDD2RC.rc because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4810MQ CPU @ 2.80GHz
Percentage of memory in use: 30%
Total physical RAM: 12238.51 MB
Available physical RAM: 8554.57 MB
Total Virtual: 24475.19 MB
Available Virtual: 20463.32 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:111.79 GB) (Free:40.39 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Storage) (Fixed) (Total:14.33 GB) (Free:13.02 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Storage) (Fixed) (Total:679.08 GB) (Free:187.09 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (New Volume) (Fixed) (Total:5.22 GB) (Free:5.13 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: EF7B039F)
Partition 1: (Active) - (Size=679.1 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=14.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=5.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: EF7B0387)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files

  • Attached File  FRST.txt   230.7KB   4 downloads


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,814 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:25 PM

Posted 01 March 2018 - 09:34 PM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)

Let's begin... :)
 
 
The computer is infected with a variant of the Smart Service Rootkit.
 
You will need another computer to download FRST64 to a USB drive, run FRST64 in the Recovery Environment, then back in Normal Mode.

Please download Farbar Recovery Scan Tool in an uninfected computer and save it to a flash drive (Pen Drive).

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.exe

Please also download the attached file and save it in the same location the FRST64 is saved in the flash drive.

Boot to the Recovery Console's Command prompt in the infected computer.

To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:

  • Restart the computer
  • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
  • Use the arrow keys to select Repair your computer, and press on Enter
  • Select your keyboard layout (US, French, etc.) and click on Next
  • Click on Command Prompt to open the command prompt
    Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.

Once in the Command Prompt:

  • Insert the USB drive containing FRST64 and the Fixlist
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • First press the Scan button. That will deactivate the rootkit, once the scan is finished, press the Fix button.
  • These actions will make two logs, a Fixlog.txt and a FRST.txt logs in the flash drive. Please copy and paste them in your reply.

Once finished in the Recovery Environment, restart the computer in Normal Mode.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

I will expect the following reports:

Frst.txt produced in the Recovery Console
Fixlog.txt produced in the Recovery Console
Frst.txt produced in Normal Mode
Addition.txt produced in Normal Mode


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 nyprican

nyprican
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 01 March 2018 - 10:18 PM

Ok here are the logs from the recovery console the frst.txt was once again too large to paste so I'll have to upload it but i'll paste the fixlog.txt

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 28.02.2018
Ran by SYSTEM (01-03-2018 21:10:05) Run:1
Running from h:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
2009-07-13 19:14 - 2009-07-13 19:14 - 000073216 ____N (Microsoft Corporation) C:\Users\Matt\AGETOwRhWpl.exe
2018-02-12 23:31 - 2018-02-12 23:31 - 000000068 _____ () C:\Users\Matt\AppData\Roaming\changzhi_leidian.data
2018-02-16 13:17 - 2018-02-16 13:17 - 000000068 _____ () C:\Users\Matt\AppData\Roaming\changzhi_mplayer.data
2009-07-13 19:14 - 2009-07-13 19:14 - 000186368 ____N (Microsoft Corporation) C:\Users\Matt\AppData\Roaming\GyRtcNyOuFT.exe
2018-02-18 00:00 - 2018-02-18 00:00 - 000000043 _____ () C:\Users\Matt\AppData\Roaming\WB.CFG
2018-02-06 18:53 - 2018-03-01 15:51 - 000421784 _____ () C:\Users\Matt\AppData\Local\BTServer.log
2018-02-23 19:51 - 2018-02-23 19:51 - 000003711 _____ () C:\Users\Matt\AppData\Local\recently-used.xbel
2009-07-13 19:14 - 2009-07-13 19:14 - 000073216 ____N (Microsoft Corporation) C:\Users\Matt\AppData\Local\UXTbicptyAe.exe
2018-02-19 15:02 - 2018-02-19 15:02 - 000000002 _____ () C:\Users\Matt\AppData\Local\WMI.ini
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
URLSearchHook: [S-1-5-21-850179344-2096929474-2670164669-1003_classes] ATTENTION => Default URLSearchHook is missing
Reg: Reg delete HKLM\SYSTEM\CurrentControlSet\Services\owksdrep /f
C:\Windows\system32\drivers\nisnqtxa.sys
R3 dgjnqt; system32\drivers\jnqtwa.sys [X]
S4 MBAMSwissArmy; System32\Drivers\mbamswissarmy.sys [X]
S3 mmpppt; system32\drivers\ggjjjm.sys [X]
C:\Users\Matt\AppData\Local\usbexaz
2018-02-22 20:07 - 2018-03-01 19:18 - 000000000 ____D C:\Users\Matt\AppData\Local\iakrnxu
2018-02-22 20:07 - 2018-02-23 15:39 - 000000000 ____D C:\Users\Matt\AppData\Roaming\1y30g3aoi2y
2018-02-22 20:07 - 2018-02-22 20:15 - 000000000 ____D C:\Users\Matt\AppData\Local\reistdw
2018-02-22 20:07 - 2018-02-22 20:09 - 000000000 ____D C:\Users\Matt\AppData\Local\78673d65c8d345b39f72c70870991717
2018-02-22 20:07 - 2018-02-22 20:09 - 000000000 ____D C:\Users\Matt\AppData\Local\51b109b9ba8940edb943dd7aa1e60008
2018-02-22 20:06 - 2018-03-01 18:12 - 002888704 _____ (TOSHIBA CORPORATION) C:\Windows\system32\serxzpwsvc.exe
2018-02-22 20:06 - 2018-03-01 10:40 - 000000000 ____D C:\Program Files (x86)\ezmsgtlqcdw
2018-02-22 20:06 - 2018-02-22 20:06 - 000000000 ____D C:\Windows\SysWOW64\sccreib
2018-02-22 20:06 - 2018-02-22 20:06 - 000000000 ____D C:\Windows\system32\sccreib
2018-02-22 20:06 - 2018-02-22 20:06 - 000000000 ____D C:\Users\Matt\AppData\Roaming\et
Task: {34CBC96C-451E-4118-B06B-8F9409BDF87F} - \ASC9_PerformanceMonitor -> No File <==== ATTENTION
Task: {9ACF8DDF-E761-45B1-919F-C89B8441B3ED} - \{4BAF3C5F-711A-36E0-612F-3E2E92AD7FF4}\Telahuton -> No File <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Matt\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Matt\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Matt\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Matt\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Matt\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Matt\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Matt\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Matt\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3-x32: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Matt\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Matt\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
Task: {34CBC96C-451E-4118-B06B-8F9409BDF87F} - \ASC9_PerformanceMonitor -> No File <==== ATTENTION
Task: {9ACF8DDF-E761-45B1-919F-C89B8441B3ED} - \{4BAF3C5F-711A-36E0-612F-3E2E92AD7FF4}\Telahuton -> No File <==== ATTENTION
Task: {F7D0210C-178D-4B3F-908A-AF0D03D6B518} - System32\Tasks\{B3C42A46-EC4E-4DED-9D2B-5E530AD3191C} => C:\Windows\system32\pcalua.exe -a "C:\Users\Matt\Downloads\Spybot - Search & Destroy v2.4.40 +AV [Technician Edition] Portable\Your Apps Here\Your Apps Here\App\Spybot\SDPESetup.exe" -d "C:\Users\Matt\Downloads\Spybot - Search & Destroy v2.4.40 +AV [Technician Edition] Portable\Your Apps Here\Your Apps Here\App\Spybot"
2018-02-06 19:20 - 2018-02-06 19:20 - 000000000 ____D C:\Users\Matt\AppData\Local\SquirrelTemp

*****************

C:\Users\Matt\AGETOwRhWpl.exe => moved successfully
C:\Users\Matt\AppData\Roaming\changzhi_leidian.data => moved successfully
C:\Users\Matt\AppData\Roaming\changzhi_mplayer.data => moved successfully
C:\Users\Matt\AppData\Roaming\GyRtcNyOuFT.exe => moved successfully
C:\Users\Matt\AppData\Roaming\WB.CFG => moved successfully
C:\Users\Matt\AppData\Local\BTServer.log => moved successfully
C:\Users\Matt\AppData\Local\recently-used.xbel => moved successfully
C:\Users\Matt\AppData\Local\UXTbicptyAe.exe => moved successfully
C:\Users\Matt\AppData\Local\WMI.ini => moved successfully
C:\Windows\System32\GroupPolicy\Machine => moved successfully
C:\Windows\System32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\System32\GroupPolicy\User => moved successfully
URLSearchHook: [S-1-5-21-850179344-2096929474-2670164669-1003_classes] ATTENTION => Default URLSearchHook is missing => Error: The entry should be fixed outside recovery mode.

========= Reg delete HKLM\SYSTEM\CurrentControlSet\Services\owksdrep /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========

"C:\Windows\system32\drivers\nisnqtxa.sys" => not found
dgjnqt => service not found.
"HKLM\System\ControlSet001\Services\MBAMSwissArmy" => removed successfully
MBAMSwissArmy => service removed successfully
mmpppt => service not found.
C:\Users\Matt\AppData\Local\usbexaz => moved successfully
C:\Users\Matt\AppData\Local\iakrnxu => moved successfully
C:\Users\Matt\AppData\Roaming\1y30g3aoi2y => moved successfully
C:\Users\Matt\AppData\Local\reistdw => moved successfully
C:\Users\Matt\AppData\Local\78673d65c8d345b39f72c70870991717 => moved successfully
C:\Users\Matt\AppData\Local\51b109b9ba8940edb943dd7aa1e60008 => moved successfully
C:\Windows\system32\serxzpwsvc.exe => moved successfully
C:\Program Files (x86)\ezmsgtlqcdw => moved successfully
C:\Windows\SysWOW64\sccreib => moved successfully
C:\Windows\system32\sccreib => moved successfully
C:\Users\Matt\AppData\Roaming\et => moved successfully
Task: {34CBC96C-451E-4118-B06B-8F9409BDF87F} - \ASC9_PerformanceMonitor -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {9ACF8DDF-E761-45B1-919F-C89B8441B3ED} - \{4BAF3C5F-711A-36E0-612F-3E2E92AD7FF4}\Telahuton -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
FF Plugin: @microsoft.com/GENUINE -> disabled [No File] => Error: The entry should be fixed outside recovery mode.
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] => Error: The entry should be fixed outside recovery mode.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
"HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}" => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
"HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}" => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
"HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}" => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
"HKLM\Software\Wow6432Node\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}" => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
"HKLM\Software\Wow6432Node\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}" => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
"HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}" => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
"HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17}" => removed successfully
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => key not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17}" => not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => key not found
Task: {34CBC96C-451E-4118-B06B-8F9409BDF87F} - \ASC9_PerformanceMonitor -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {9ACF8DDF-E761-45B1-919F-C89B8441B3ED} - \{4BAF3C5F-711A-36E0-612F-3E2E92AD7FF4}\Telahuton -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {F7D0210C-178D-4B3F-908A-AF0D03D6B518} - System32\Tasks\{B3C42A46-EC4E-4DED-9D2B-5E530AD3191C} => C:\Windows\system32\pcalua.exe -a "C:\Users\Matt\Downloads\Spybot - Search & Destroy v2.4.40 +AV [Technician Edition] Portable\Your Apps Here\Your Apps Here\App\Spybot\SDPESetup.exe" -d "C:\Users\Matt\Downloads\Spybot - Search & Destroy v2.4.40 +AV [Technician Edition] Portable\Your Apps Here\Your Apps Here\App\Spybot" => Error: The entry should be fixed outside recovery mode.
C:\Users\Matt\AppData\Local\SquirrelTemp => moved successfully

==== End of Fixlog 21:10:13 ====

Attached Files

  • Attached File  FRST.txt   218.1KB   2 downloads


#5 nyprican

nyprican
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 01 March 2018 - 10:20 PM

Here are the log files produced from normal mode once again the frst.txt is too large. I'll paste the additional.txt though.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28.02.2018
Ran by Matt (01-03-2018 21:14:55)
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) (2018-02-07 00:44:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-850179344-2096929474-2670164669-500 - Administrator - Disabled)
Guest (S-1-5-21-850179344-2096929474-2670164669-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-850179344-2096929474-2670164669-1002 - Limited - Enabled)
Matt (S-1-5-21-850179344-2096929474-2670164669-1000 - Administrator - Enabled) => C:\Users\Matt

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.41 - NVIDIA Corporation) Hidden
BitLord 2.5 (HKLM-x32\...\BitLord) (Version: 2.4.5-323 - House of Life)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 3.56.74.1828 - BlueStack Systems, Inc.)
Call of Duty: Black Ops (HKLM-x32\...\Call of Duty: Black Ops_is1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.7.1.0341 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-850179344-2096929474-2670164669-1000\...\Discord) (Version: 0.0.300 - Discord Inc.)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 9.4.9.1 - Sentelic)
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.2.4 - The GnuPG Project)
Gpg4win (3.0.3) (HKLM-x32\...\Gpg4win) (Version: 3.0.3 - The Gpg4win Project)
Hotkey 2.34.48 (HKLM-x32\...\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}) (Version: 2.34.48 - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Kingdom Come: Deliverance (HKLM-x32\...\Kingdom Come: Deliverance_is1) (Version:  - )
Kodi (HKU\S-1-5-21-850179344-2096929474-2670164669-1000\...\Kodi) (Version:  - XBMC-Foundation)
LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.1 - Mozilla)
MSI Afterburner 4.4.2 (HKLM-x32\...\Afterburner) (Version: 4.4.2 - MSI Co., LTD)
NVIDIA 3D Vision Driver 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.41 - NVIDIA Corporation)
NVIDIA Graphics Driver 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.41 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.800.800.121813 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.27044 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.75.827.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7127 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0239 - REALTEK Semiconductor Corp.)
Registry Finder 2.22 (HKLM\...\{CC3C7E59-8611-4542-8BFD-FFC6759AD0FB}_is1) (Version: 2.22 - Sergey Filippov)
RivaTuner Statistics Server 7.0.2 (HKLM-x32\...\RTSS) (Version: 7.0.2 - Unwinder)
Sound Blaster X-Fi MB3 (HKLM-x32\...\{3689CE39-3173-4952-B7AF-F1A9D6F9A288}) (Version: 1.00.04 - Creative Technology Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1254 - SUPERAntiSpyware.com)
Total War - WARHAMMER II version 1.0 (HKLM\...\Total War - WARHAMMER II_is1) (Version: 1.0 - STEAMPUNKS)
UnHackMe 8.40 (HKLM-x32\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
Unity Web Player (HKU\S-1-5-21-850179344-2096929474-2670164669-1000\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Wise Force Deleter 1.4.6 (HKLM-x32\...\Wise Force Deleter_is1) (Version: 1.4.6 - WiseCleaner.com, Inc.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-850179344-2096929474-2670164669-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-850179344-2096929474-2670164669-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-850179344-2096929474-2670164669-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-850179344-2096929474-2670164669-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-850179344-2096929474-2670164669-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-850179344-2096929474-2670164669-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-03-01] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2018-01-12] (g10 Code GmbH)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-02-12] (Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-02-12] (Disc Soft Ltd)
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2018-01-12] (g10 Code GmbH)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-08-21] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-03-01] ()
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {34CBC96C-451E-4118-B06B-8F9409BDF87F} - \ASC9_PerformanceMonitor -> No File <==== ATTENTION
Task: {4786FB7A-E17D-4EC7-8208-87C51C9E04C0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd)
Task: {5750A489-E5DB-4E77-A408-FC88D5CCA30F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd)
Task: {5CC95AA3-3F3B-46D4-9EE9-BFFB5FFCB73A} - System32\Tasks\{95C0EA54-681A-4843-91AA-54A2D06D0A89} => C:\Windows\system32\pcalua.exe -a E:\Changzhi\dnplayer2\dnuninst.exe
Task: {79F945D4-B3EE-43EA-8447-70CF286E69AF} - System32\Tasks\SUPERAntiSpyware Scheduled Task 55f33b40-16bf-4b57-af7b-70411b0f2b31 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {87F40D24-F65A-41B7-8BF6-A3F14842EEAA} - System32\Tasks\SUPERAntiSpyware Scheduled Task bfd0be96-7c53-41c2-a065-f31f6f7fb5a6 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {9ACF8DDF-E761-45B1-919F-C89B8441B3ED} - \{4BAF3C5F-711A-36E0-612F-3E2E92AD7FF4}\Telahuton -> No File <==== ATTENTION
Task: {BFEFD42F-AC2A-400F-BE98-74D3D8DB30CC} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2016-11-01] (Greatis Software)
Task: {F7D0210C-178D-4B3F-908A-AF0D03D6B518} - System32\Tasks\{B3C42A46-EC4E-4DED-9D2B-5E530AD3191C} => C:\Windows\system32\pcalua.exe -a "C:\Users\Matt\Downloads\Spybot - Search & Destroy v2.4.40 +AV [Technician Edition] Portable\Your Apps Here\Your Apps Here\App\Spybot\SDPESetup.exe" -d "C:\Users\Matt\Downloads\Spybot - Search & Destroy v2.4.40 +AV [Technician Edition] Portable\Your Apps Here\Your Apps Here\App\Spybot"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 55f33b40-16bf-4b57-af7b-70411b0f2b31.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task bfd0be96-7c53-41c2-a065-f31f6f7fb5a6.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-02-06 18:51 - 2013-11-15 14:38 - 000066048 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2018-02-06 18:54 - 2013-01-25 11:08 - 000089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2018-02-06 18:54 - 2013-01-25 11:06 - 000328704 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2018-02-06 18:51 - 2013-05-29 10:41 - 000265728 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe
2018-02-28 15:44 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2018-02-28 15:44 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2018-02-28 15:44 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2018-02-28 15:44 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2018-02-06 19:20 - 2018-01-08 17:52 - 001891832 _____ () C:\Users\Matt\AppData\Local\Discord\app-0.0.300\ffmpeg.dll
2018-02-06 19:20 - 2018-02-10 14:18 - 001780216 _____ () \\?\C:\Users\Matt\AppData\Roaming\discord\0.0.300\modules\discord_overlay2\discord_overlay2.node
2018-02-06 18:54 - 2013-01-25 11:04 - 000248320 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2018-02-06 18:54 - 2013-01-25 11:07 - 000074240 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2018-02-06 19:20 - 2018-01-08 17:52 - 001937912 _____ () C:\Users\Matt\AppData\Local\Discord\app-0.0.300\libglesv2.dll
2018-02-06 19:20 - 2018-01-08 17:52 - 000095736 _____ () C:\Users\Matt\AppData\Local\Discord\app-0.0.300\libegl.dll
2018-02-06 19:20 - 2018-02-06 19:21 - 009817080 _____ () \\?\C:\Users\Matt\AppData\Roaming\discord\0.0.300\modules\discord_voice\discord_voice.node
2018-02-06 19:20 - 2018-02-06 19:21 - 001508344 _____ () \\?\C:\Users\Matt\AppData\Roaming\discord\0.0.300\modules\discord_utils\discord_utils.node
2018-02-06 19:20 - 2018-02-06 19:20 - 000513016 _____ () \\?\C:\Users\Matt\AppData\Roaming\discord\0.0.300\modules\discord_erlpack\discord_erlpack.node
2018-02-06 19:20 - 2018-02-06 19:20 - 002662904 _____ () \\?\C:\Users\Matt\AppData\Roaming\discord\0.0.300\modules\discord_rpc\discord_rpc.node
2018-02-06 19:20 - 2018-02-06 19:21 - 001518072 _____ () \\?\C:\Users\Matt\AppData\Roaming\discord\0.0.300\modules\discord_game_utils\discord_game_utils.node
2018-02-06 19:21 - 2018-02-06 19:21 - 002749944 _____ () \\?\C:\Users\Matt\AppData\Roaming\discord\0.0.300\modules\discord_contact_import\discord_contact_import.node
2018-02-06 18:49 - 2018-02-05 19:28 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\WimMount:$WIMMOUNTDATA [418]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2018-02-27 09:57 - 000000988 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-850179344-2096929474-2670164669-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^Matt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Matt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Chromium => "c:\users\matt\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: fspuip => %ProgramFiles%\FSP\fspuip.exe
MSCONFIG\startupreg: GoogleChromeAutoLaunch_5DC805C0557595B61870599F00CD8033 => "C:\Users\Matt\AppData\Local\chromium\Application\chrome.exe" --no-startup-window /prefetch:5
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: MailRuUpdater =>
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4FF550E5-DA82-4C1E-8FFF-865320DD0C34}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{620F4C83-5DD9-4ADD-99D5-C2DD2C1F98F9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B9208A7C-6E7A-46C1-AC43-2DA3EFB774B3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6F5DEBBD-B4C0-4A14-8C87-123220A20E61}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7ABE8392-E553-42E6-96F5-6DC2825860EE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E6B66DBA-41AF-4291-A571-8DECE9F8D764}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{B7150539-75EF-4F68-AA6F-B0359B70F5C2}E:\oldsteamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) E:\oldsteamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{61B5B4A4-7852-48B5-8516-003AEA24D32A}E:\oldsteamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) E:\oldsteamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{FCE8A4EE-C601-463F-BB92-3A2711031F58}C:\program files (x86)\gnupg\bin\dirmngr.exe] => (Allow) C:\program files (x86)\gnupg\bin\dirmngr.exe
FirewallRules: [UDP Query User{41964CEE-ED37-4021-B748-302D45A9FF72}C:\program files (x86)\gnupg\bin\dirmngr.exe] => (Allow) C:\program files (x86)\gnupg\bin\dirmngr.exe
FirewallRules: [{D0D12AE1-ADF7-46AD-AA43-ABF2E15E726B}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe
FirewallRules: [{01A8AEC2-F896-4F6C-816D-D175A966BF80}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe
FirewallRules: [TCP Query User{69BE1F68-D191-4F31-9E48-C29DEA7BA143}E:\call of duty - black ops\blackops.exe] => (Allow) E:\call of duty - black ops\blackops.exe
FirewallRules: [UDP Query User{D464D612-943E-47D0-AAB1-6FC4961A0F4E}E:\call of duty - black ops\blackops.exe] => (Allow) E:\call of duty - black ops\blackops.exe
FirewallRules: [TCP Query User{50C50FF2-B12E-49E4-A167-45713F28A263}E:\call of duty - black ops\nodvd\bgamert5\bgt5launcher.exe] => (Allow) E:\call of duty - black ops\nodvd\bgamert5\bgt5launcher.exe
FirewallRules: [UDP Query User{5A3ADA67-A7E5-4C42-8E41-212F4E547515}E:\call of duty - black ops\nodvd\bgamert5\bgt5launcher.exe] => (Allow) E:\call of duty - black ops\nodvd\bgamert5\bgt5launcher.exe
FirewallRules: [TCP Query User{ADF65E69-EE2A-415C-BA1F-73EE7BF344B5}E:\call of duty - black ops\bgt5launcher.exe] => (Allow) E:\call of duty - black ops\bgt5launcher.exe
FirewallRules: [UDP Query User{5DE73BDB-FF71-4729-800C-281F9CF5AE06}E:\call of duty - black ops\bgt5launcher.exe] => (Allow) E:\call of duty - black ops\bgt5launcher.exe
FirewallRules: [TCP Query User{349F5438-0289-4D9F-855A-02742C2D5BF6}E:\call of duty - black ops\bgamert5.exe] => (Allow) E:\call of duty - black ops\bgamert5.exe
FirewallRules: [UDP Query User{DD114D18-11EF-4EC1-92B4-D30BBEB46C46}E:\call of duty - black ops\bgamert5.exe] => (Allow) E:\call of duty - black ops\bgamert5.exe
FirewallRules: [TCP Query User{5D4F8CAC-79F0-4702-AAF1-2D84BEBB5462}E:\call of duty - black ops\bgamert5mp.exe] => (Allow) E:\call of duty - black ops\bgamert5mp.exe
FirewallRules: [UDP Query User{32ADB2D0-6D7C-44F6-8CB9-8D3BF1C8905D}E:\call of duty - black ops\bgamert5mp.exe] => (Allow) E:\call of duty - black ops\bgamert5mp.exe
FirewallRules: [TCP Query User{0290C91B-D70A-43AC-9665-78E0E9E236AF}C:\program files\dnplayerext2\ldboxheadless.exe] => (Allow) C:\program files\dnplayerext2\ldboxheadless.exe
FirewallRules: [UDP Query User{E12E2DE5-C43C-4EE8-A330-FD532804F391}C:\program files\dnplayerext2\ldboxheadless.exe] => (Allow) C:\program files\dnplayerext2\ldboxheadless.exe
FirewallRules: [{E15A1C2A-4744-4CEE-8C6E-E81EE1C7E4D9}] => (Block) C:\program files\dnplayerext2\ldboxheadless.exe
FirewallRules: [{E3BE9FCD-8D05-4A43-A14F-622E2397EA6F}] => (Block) C:\program files\dnplayerext2\ldboxheadless.exe
FirewallRules: [{F265F870-1A9B-40BF-990B-EBF01FA36BBB}] => (Allow) E:\oldSteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{36BC79D5-ADE1-438A-AE01-2617504F79DA}] => (Allow) E:\oldSteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{31F6F453-35E1-4624-BA09-41E0F0683DD3}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
FirewallRules: [TCP Query User{F44372F1-9710-4FDF-A2B0-653D77A7F4C7}E:\total war - warhammer ii\warhammer2.exe] => (Allow) E:\total war - warhammer ii\warhammer2.exe
FirewallRules: [UDP Query User{66CC2052-049B-4F31-BB87-F560E8AF58F3}E:\total war - warhammer ii\warhammer2.exe] => (Allow) E:\total war - warhammer ii\warhammer2.exe
FirewallRules: [{F6502A1E-D22C-4867-AE36-2101D4224F85}] => (Block) E:\total war - warhammer ii\warhammer2.exe
FirewallRules: [{4507B61D-E995-4CF2-83DF-36D946B741F7}] => (Block) E:\total war - warhammer ii\warhammer2.exe
FirewallRules: [TCP Query User{590FD703-08E7-4FFF-AFEE-E06635217B34}E:\oldsteamlibrary\steamapps\common\prey\binaries\danielle\x64\release\prey.exe] => (Allow) E:\oldsteamlibrary\steamapps\common\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [UDP Query User{1A8579CB-D6CC-4399-844A-55FBD5302CBA}E:\oldsteamlibrary\steamapps\common\prey\binaries\danielle\x64\release\prey.exe] => (Allow) E:\oldsteamlibrary\steamapps\common\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [{8396D507-F58B-4D19-A513-8FBAC8F94783}] => (Block) E:\oldsteamlibrary\steamapps\common\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [{A5380358-C8F5-4CCD-91E6-8DF80A0F965B}] => (Block) E:\oldsteamlibrary\steamapps\common\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [{47526109-2D93-45D5-AB98-6BE0F3629B53}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{CAAF31EE-4EB0-41D3-A3E5-C9E9E3F8605D}] => (Allow) C:\Users\Matt\AppData\Local\UXTbicptyAe.exe
FirewallRules: [{09D069E2-F3FC-416C-963E-470188852B6C}] => (Allow) C:\Users\Matt\AGETOwRhWpl.exe
FirewallRules: [{CAAB00DC-5BDC-429D-B28A-6FBBB863927C}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{152CB6D3-99EA-42DD-9EF8-3CB8F7ECBF29}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [{EBE1070C-3266-434B-879C-39EB88500BC0}] => (Allow) E:\call of duty - black ops\bgamert5mp.exe
FirewallRules: [{D477EC1E-B16B-4CF4-89C3-634BA91EE041}] => (Block) E:\oldSteamLibrary\steamapps\common\Kingdom Come - Deliverance\Bin\Win64\KingdomCome.exe
FirewallRules: [{79868BCC-A9E9-4FD3-AF4A-4A5A187D040A}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe
FirewallRules: [{3883853D-0A44-426B-B3BA-50BAA34F7322}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

01-03-2018 10:22:22 Checkpoint by HitmanPro

==================== Faulty Device Manager Devices =============

Name: EgisTec_ES603
Description: EgisTec_ES603
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/01/2018 09:12:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/01/2018 06:13:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: devicecontrol.exe, version: 0.0.0.0, time stamp: 0x5309a791
Faulting module name: ntdll.dll, version: 6.1.7601.24024, time stamp: 0x5a58e571
Exception code: 0xc0000374
Fault offset: 0x00000000000bf6b2
Faulting process id: 0x1b30
Faulting application start time: 0x01d3b1bb4d3f1a14
Faulting application path: C:\Program Files (x86)\Hotkey\devicecontrol.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 8b2eb10b-1dae-11e8-a98c-6c71d9ddf2e2

Error: (03/01/2018 06:12:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/01/2018 06:10:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/01/2018 10:46:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/01/2018 10:33:32 AM) (Source: MsiInstaller) (EventID: 11719) (User: Matt-PC)
Description: Product: ESET Security -- Error 1719. The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (03/01/2018 09:34:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/01/2018 09:21:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (03/01/2018 07:10:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/01/2018 07:10:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/01/2018 07:10:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/01/2018 07:10:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/01/2018 07:10:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/01/2018 07:10:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/01/2018 07:10:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/01/2018 07:10:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.


CodeIntegrity:
===================================

Date: 2018-02-28 20:51:34.311
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\dnplayerext2\LdBoxDDRC.rc because the set of per-page image hashes could not be found on the system.

Date: 2018-02-28 20:51:34.278
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\dnplayerext2\LdBoxDDRC.rc because the set of per-page image hashes could not be found on the system.

Date: 2018-02-28 20:51:34.252
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\dnplayerext2\LdBoxDDRC.rc because the set of per-page image hashes could not be found on the system.

Date: 2018-02-28 20:51:34.202
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\dnplayerext2\LdBoxDDRC.rc because the set of per-page image hashes could not be found on the system.

Date: 2018-02-28 20:51:34.175
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\dnplayerext2\LdBoxDDRC.rc because the set of per-page image hashes could not be found on the system.

Date: 2018-02-28 20:51:34.147
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\dnplayerext2\LdBoxDDRC.rc because the set of per-page image hashes could not be found on the system.

Date: 2018-02-28 20:51:33.976
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\dnplayerext2\LdBoxDD2RC.rc because the set of per-page image hashes could not be found on the system.

Date: 2018-02-28 20:51:33.948
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\dnplayerext2\LdBoxDD2RC.rc because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4810MQ CPU @ 2.80GHz
Percentage of memory in use: 21%
Total physical RAM: 12238.51 MB
Available physical RAM: 9556.84 MB
Total Virtual: 24475.19 MB
Available Virtual: 21623.37 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:111.79 GB) (Free:40.01 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Storage) (Fixed) (Total:14.33 GB) (Free:13.02 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Storage) (Fixed) (Total:679.08 GB) (Free:187.09 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (New Volume) (Fixed) (Total:5.22 GB) (Free:5.13 GB) NTFS
Drive h: (ADATA UFD) (Removable) (Total:3.76 GB) (Free:3.67 GB) FAT32


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: EF7B039F)
Partition 1: (Active) - (Size=679.1 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=14.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=5.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: EF7B0387)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 3.8 GB) (Disk ID: 04DD5721)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0C)

==================== End of Addition.txt ============================

Attached Files

  • Attached File  FRST.txt   226.51KB   3 downloads


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,814 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:25 PM

Posted 02 March 2018 - 01:04 PM

Nice going.

  • Highlight the entire content of the quote box below.

Start::  
Task: {34CBC96C-451E-4118-B06B-8F9409BDF87F} - \ASC9_PerformanceMonitor -> No File <==== ATTENTION
Task: {9ACF8DDF-E761-45B1-919F-C89B8441B3ED} - \{4BAF3C5F-711A-36E0-612F-3E2E92AD7FF4}\Telahuton -> No File <==== ATTENTION
Task: {34CBC96C-451E-4118-B06B-8F9409BDF87F} - \ASC9_PerformanceMonitor -> No File <==== ATTENTION
Task: {9ACF8DDF-E761-45B1-919F-C89B8441B3ED} - \{4BAF3C5F-711A-36E0-612F-3E2E92AD7FF4}\Telahuton -> No File <==== ATTENTION
Task: {F7D0210C-178D-4B3F-908A-AF0D03D6B518} - System32\Tasks\{B3C42A46-EC4E-4DED-9D2B-5E530AD3191C} => C:\Windows\system32\pcalua.exe -a "C:\Users\Matt\Downloads\Spybot - Search & Destroy v2.4.40 +AV [Technician Edition] Portable\Your Apps Here\Your Apps Here\App\Spybot\SDPESetup.exe" -d "C:\Users\Matt\Downloads\Spybot - Search & Destroy v2.4.40 +AV [Technician Edition] Portable\Your Apps Here\Your Apps Here\App\Spybot"
Folder: C:\Program Files (x86)\Temp
CMD: fltmc instances
Folder: C:\Windows\System32\Drivers
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 
favicon-32x32.png Please update and perform a scan with Malwarebytes antimalware

  • Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".
  • The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.

02-malwarebytes-premium-scan-methods.jpg

  • After a scan has been executed, scan results are displayed.
  • Put a checkmark on all detected and click on "Quarantine Selected"
  • Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 nyprican

nyprican
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 02 March 2018 - 01:31 PM

Here's the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 28.02.2018
Ran by Matt (02-03-2018 12:26:08) Run:3
Running from H:\
Loaded Profiles: Matt (Available Profiles: Matt)
Boot Mode: Normal
==============================================

fixlist content:
*****************
 
Task: {34CBC96C-451E-4118-B06B-8F9409BDF87F} - \ASC9_PerformanceMonitor -> No File <==== ATTENTION
Task: {9ACF8DDF-E761-45B1-919F-C89B8441B3ED} - \{4BAF3C5F-711A-36E0-612F-3E2E92AD7FF4}\Telahuton -> No File <==== ATTENTION
Task: {34CBC96C-451E-4118-B06B-8F9409BDF87F} - \ASC9_PerformanceMonitor -> No File <==== ATTENTION
Task: {9ACF8DDF-E761-45B1-919F-C89B8441B3ED} - \{4BAF3C5F-711A-36E0-612F-3E2E92AD7FF4}\Telahuton -> No File <==== ATTENTION
Task: {F7D0210C-178D-4B3F-908A-AF0D03D6B518} - System32\Tasks\{B3C42A46-EC4E-4DED-9D2B-5E530AD3191C} => C:\Windows\system32\pcalua.exe -a "C:\Users\Matt\Downloads\Spybot - Search & Destroy v2.4.40 +AV [Technician Edition] Portable\Your Apps Here\Your Apps Here\App\Spybot\SDPESetup.exe" -d "C:\Users\Matt\Downloads\Spybot - Search & Destroy v2.4.40 +AV [Technician Edition] Portable\Your Apps Here\Your Apps Here\App\Spybot"
Folder: C:\Program Files (x86)\Temp
CMD: fltmc instances
Folder: C:\Windows\System32\Drivers
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:

*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34CBC96C-451E-4118-B06B-8F9409BDF87F} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC9_PerformanceMonitor => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9ACF8DDF-E761-45B1-919F-C89B8441B3ED} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9ACF8DDF-E761-45B1-919F-C89B8441B3ED} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4BAF3C5F-711A-36E0-612F-3E2E92AD7FF4}\Telahuton => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34CBC96C-451E-4118-B06B-8F9409BDF87F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC9_PerformanceMonitor" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9ACF8DDF-E761-45B1-919F-C89B8441B3ED}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9ACF8DDF-E761-45B1-919F-C89B8441B3ED}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4BAF3C5F-711A-36E0-612F-3E2E92AD7FF4}\Telahuton" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7D0210C-178D-4B3F-908A-AF0D03D6B518} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7D0210C-178D-4B3F-908A-AF0D03D6B518} => could not remove key. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\{B3C42A46-EC4E-4DED-9D2B-5E530AD3191C} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B3C42A46-EC4E-4DED-9D2B-5E530AD3191C} => could not remove key. ErrorCode1: 0x00000002

========================= Folder: C:\Program Files (x86)\Temp ========================


====== End of Folder: ======


========= fltmc instances =========

Filter                Volume Name                              Altitude        Instance Name      Frame  VlStatus
--------------------  -------------------------------------  ------------  ---------------------  -----  --------
luafv                 C:                                      135000       luafv                    0    
ZAM                   \Device\Mup                              80681       ZAMDefaultFilter         0    
ZAM                   E:                                       80681       ZAMDefaultFilter         0    
ZAM                   D:                                       80681       ZAMDefaultFilter         0    
ZAM                   C:                                       80681       ZAMDefaultFilter         0    
ZAM                   G:                                       80681       ZAMDefaultFilter         0    
ZAM                   \Device\HarddiskVolumeShadowCopy46       80681       ZAMDefaultFilter         0    
ZAM                   \Device\HarddiskVolumeShadowCopy52       80681       ZAMDefaultFilter         0    
ZAM                   \Device\HarddiskVolumeShadowCopy54       80681       ZAMDefaultFilter         0    
ZAM                   \Device\HarddiskVolumeShadowCopy55       80681       ZAMDefaultFilter         0    
ZAM                   \Device\HarddiskVolumeShadowCopy56       80681       ZAMDefaultFilter         0    
ZAM                   H:                                       80681       ZAMDefaultFilter         0    
FileInfo              \Device\Mup                              45000       FileInfo                 0    
FileInfo              E:                                       45000       FileInfo                 0    
FileInfo              D:                                       45000       FileInfo                 0    
FileInfo              C:                                       45000       FileInfo                 0    
FileInfo              G:                                       45000       FileInfo                 0    
FileInfo              \Device\HarddiskVolumeShadowCopy46       45000       FileInfo                 0    
FileInfo              \Device\HarddiskVolumeShadowCopy52       45000       FileInfo                 0    
FileInfo              \Device\HarddiskVolumeShadowCopy54       45000       FileInfo                 0    
FileInfo              \Device\HarddiskVolumeShadowCopy55       45000       FileInfo                 0    
FileInfo              \Device\HarddiskVolumeShadowCopy56       45000       FileInfo                 0    
FileInfo              H:                                       45000       FileInfo                 0    

========= End of CMD: =========


========================= Folder: C:\Windows\System32\Drivers ========================

2009-07-13 18:06 - 2009-07-13 18:06 - 000068096 ____A [64EDD3F59DB321947969FDF1DD747323] (Microsoft Corporation) C:\Windows\System32\Drivers\1394bus.sys
2010-11-20 21:23 - 2010-11-20 21:23 - 000229888 ____A [A87D604AEA360176311474C87A63BB88] (Microsoft Corporation) C:\Windows\System32\Drivers\1394ohci.sys
2018-02-28 20:49 - 2018-02-28 20:49 - 000255928 ____A [BDFA7A13CC73B180BBDF1ABA280E1CF7] (Malwarebytes) C:\Windows\System32\Drivers\246536FE.sys
2010-11-20 21:23 - 2010-11-20 21:23 - 000334208 ____A [D81D9E70B8A6DD14D42D7B4EFA65D5F2] (Microsoft Corporation) C:\Windows\System32\Drivers\acpi.sys
2010-11-20 21:23 - 2010-11-20 21:23 - 000012800 ____A [99F8E788246D495CE3794D7E7821D2CA] (Microsoft Corporation) C:\Windows\System32\Drivers\acpipmi.sys
2009-06-10 14:36 - 2009-07-13 19:52 - 000491088 ____A [2F6B34B83843F0C5118B63AC634F5BF4] (Adaptec, Inc.) C:\Windows\System32\Drivers\adp94xx.sys
2009-07-13 15:59 - 2009-07-13 19:52 - 000339536 ____A [597F78224EE9224EA1A13D6350CED962] (Adaptec, Inc.) C:\Windows\System32\Drivers\adpahci.sys
2009-07-13 15:59 - 2009-07-13 19:52 - 000182864 ____A [E109549C90F62FB570B9540C4B148E54] (Adaptec, Inc.) C:\Windows\System32\Drivers\adpu320.sys
2018-02-07 11:27 - 2017-04-04 08:53 - 000496128 ____A [0DC2A9882540DEA4A55B08785E09D8FC] (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2009-07-13 18:10 - 2009-07-13 18:10 - 000060416 ____A [7ECFF9B22276B73F43A99A15A6094E90] (Microsoft Corporation) C:\Windows\System32\Drivers\agilevpn.sys
2009-07-13 17:38 - 2009-07-13 19:52 - 000061008 ____A [608C14DBA7299D8CB6ED035A68A15799] (Microsoft Corporation) C:\Windows\System32\Drivers\AGP440.sys
2009-07-13 17:19 - 2009-07-13 19:52 - 000015440 ____A [5812713A477A3AD7363C7438CA2EE038] (Acer Laboratories Inc.) C:\Windows\System32\Drivers\aliide.sys
2009-07-13 17:19 - 2009-07-13 19:52 - 000015440 ____A [1FF8B4431C353CE385C875F194924C0C] (Microsoft Corporation) C:\Windows\System32\Drivers\amdide.sys
2009-07-13 17:19 - 2009-07-13 17:19 - 000064512 ____A [7024F087CFF1833A806193EF9D22CDA9] (Microsoft Corporation) C:\Windows\System32\Drivers\amdk8.sys
2009-07-13 17:19 - 2009-07-13 17:19 - 000060928 ____A [1E56388B3FE0D031C44144EB8C4D6217] (Microsoft Corporation) C:\Windows\System32\Drivers\amdppm.sys
2018-02-11 13:05 - 2011-03-11 00:41 - 000107904 ____A [D4121AE6D0C0E7E13AA221AA57EF2D49] (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2009-06-10 14:37 - 2009-07-13 19:52 - 000194128 ____A [F67F933E79241ED32FF46A4F29B5120B] (AMD Technologies Inc.) C:\Windows\System32\Drivers\amdsbs.sys
2018-02-11 13:05 - 2011-03-11 00:41 - 000027008 ____A [540DAF1CEA6094886D72126FD7C33048] (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2018-02-13 12:33 - 2018-01-12 10:11 - 000062464 ____A [EA01EDE8A8A2D6D5C21533542510D006] (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2009-07-13 15:59 - 2009-07-13 19:52 - 000087632 ____A [C484F8CEB1717C540242531DB7845C4E] (Adaptec, Inc.) C:\Windows\System32\Drivers\arc.sys
2009-07-13 15:59 - 2009-07-13 19:52 - 000097856 ____A [019AF6924AEFE7839F61C830227FE79C] (Adaptec, Inc.) C:\Windows\System32\Drivers\arcsas.sys
2009-07-13 18:10 - 2009-07-13 18:10 - 000023040 ____A [769765CE2CC62867468CEA93969B2242] (Microsoft Corporation) C:\Windows\System32\Drivers\asyncmac.sys
2009-07-13 17:19 - 2009-07-13 19:52 - 000024128 ____A [02062C0B390B7729EDC9E69C680A6F3C] (Microsoft Corporation) C:\Windows\System32\Drivers\atapi.sys
2018-02-11 13:11 - 2013-08-04 20:25 - 000155584 ____A [059F00DEF82BF41E433B7ED465847726] (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2009-06-10 14:34 - 2009-06-10 14:34 - 000270848 ____A [B5ACE6968304A3900EEB1EBFD9622DF2] (Broadcom Corporation) C:\Windows\System32\Drivers\b57nd60a.sys
2009-07-13 17:31 - 2009-07-13 19:52 - 000028240 ____A [F4DE2AE7A9E1BADAC70BC71EA2C17612] (Microsoft Corporation) C:\Windows\System32\Drivers\battc.sys
2009-07-13 18:00 - 2009-07-13 18:00 - 000006656 ____A [16A47CE2DECC9B099349A5F840654746] (Microsoft Corporation) C:\Windows\System32\Drivers\beep.sys
2009-07-13 17:35 - 2009-07-13 17:35 - 000045056 ____A [61583EE3C3A17003C4ACD0475646B4D3] (Microsoft Corporation) C:\Windows\System32\Drivers\blbdrive.sys
2018-02-07 11:27 - 2016-10-05 08:54 - 000090112 ____A [ABA3984C822E4D3F889699912D85D6C5] (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2009-07-13 19:19 - 2009-06-10 14:41 - 000018432 ____A [F09EEE9EDC320B5E1501F749FDE686C8] (Brother Industries, Ltd.) C:\Windows\System32\Drivers\BrFiltLo.sys
2009-07-13 19:20 - 2009-06-10 14:41 - 000008704 ____A [B114D3098E9BDB8BEA8B053685831BE6] (Brother Industries, Ltd.) C:\Windows\System32\Drivers\BrFiltUp.sys
2009-07-13 19:05 - 2009-07-13 19:01 - 000095232 ____A [5C2F352A4E961D72518261257AAE204B] (Microsoft Corporation) C:\Windows\System32\Drivers\bridge.sys
2009-07-13 19:19 - 2009-07-13 19:19 - 000286720 ____A [43BEA8D483BF1870F018E2D02E06A5BD] (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrSerId.sys
2009-07-13 19:20 - 2009-06-10 14:41 - 000047104 ____A [A6ECA2151B08A09CACECA35C07F05B42] (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrSerWdm.sys
2009-07-13 19:20 - 2009-06-10 14:41 - 000014976 ____A [B79968002C277E869CF38BD22CD61524] (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrUsbMdm.sys
2009-07-13 19:20 - 2009-06-10 14:41 - 000014720 ____A [A87528880231C54E75EA7A44943B38BF] (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrUsbSer.sys
2009-07-13 18:06 - 2009-07-13 18:06 - 000041984 ____A [CF98190A94F62E405C8CB255018B2315] (Microsoft Corporation) C:\Windows\System32\Drivers\bthenum.sys
2009-07-13 18:06 - 2009-07-13 18:06 - 000072192 ____A [9DA669F11D1F894AB4EB69BF546A42E8] (Microsoft Corporation) C:\Windows\System32\Drivers\bthmodem.sys
2018-02-07 11:27 - 2017-07-05 22:56 - 000119296 ____A [5A8951D195AFEF979C4AB02A129EBC37] (Microsoft Corporation) C:\Windows\System32\Drivers\bthpan.sys
2018-02-11 13:05 - 2012-07-06 14:07 - 000552960 ____A [738D0E9272F59EB7A1449C3EC118E6C4] (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2018-02-08 18:58 - 2011-04-27 21:54 - 000080384 ____A [F188B7394D81010767B6DF3178519A37] (Microsoft Corporation) C:\Windows\System32\Drivers\BTHUSB.SYS
2009-06-10 14:34 - 2009-06-10 14:34 - 000468480 ____A [3E5B191307609F7514148C6832BB0842] (Broadcom Corporation) C:\Windows\System32\Drivers\bxvbda.sys
2009-07-13 17:19 - 2009-07-13 17:19 - 000092160 ____A [B8BD2BB284668C84865658C77574381A] (Microsoft Corporation) C:\Windows\System32\Drivers\cdfs.sys
2010-11-20 21:23 - 2010-11-20 21:23 - 000147456 ____A [F036CE71586E93D94DAB220D7BDF4416] (Microsoft Corporation) C:\Windows\System32\Drivers\cdrom.sys
2009-07-13 18:06 - 2009-07-13 18:06 - 000045568 ____A [D7CD5C4E1B71FA62050515314CFB52CF] (Microsoft Corporation) C:\Windows\System32\Drivers\circlass.sys
2010-11-20 21:24 - 2010-11-20 21:24 - 000179072 ____A [ACFAD0B512226C7A83C7CB09FD55A9AD] (Microsoft Corporation) C:\Windows\System32\Drivers\Classpnp.sys
2009-07-13 17:31 - 2009-07-13 17:31 - 000017664 ____A [0840155D0BDDF1190F84A663C284BD33] (Microsoft Corporation) C:\Windows\System32\Drivers\CmBatt.sys
2009-07-13 17:19 - 2009-07-13 19:52 - 000017488 ____A [E19D3F095812725D88F9001985B94EDD] (CMD Technology, Inc.) C:\Windows\System32\Drivers\cmdide.sys
2018-02-07 11:27 - 2016-11-20 08:07 - 000467392 ____A [A98CED39AD91B445E2E442A9BD67E8B4] (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2009-07-13 17:31 - 2009-07-13 19:52 - 000021584 ____A [102DE219C3F61415F964C88E9085AD14] (Microsoft Corporation) C:\Windows\System32\Drivers\compbatt.sys
2010-11-20 21:23 - 2010-11-20 21:23 - 000038912 ____A [03EDB043586CCEBA243D689BDDA370A8] (Microsoft Corporation) C:\Windows\System32\Drivers\CompositeBus.sys
2009-07-13 18:01 - 2009-07-13 19:47 - 000039504 ____A [3E588B60EC061686BA05D33574A344C6] (Microsoft Corporation) C:\Windows\System32\Drivers\crashdmp.sys
2009-07-13 18:01 - 2009-07-13 19:47 - 000024144 ____A [1C827878A998C18847245FE1F34EE597] (Microsoft Corporation) C:\Windows\System32\Drivers\crcdisk.sys
2018-02-08 18:59 - 2017-12-31 19:41 - 000106496 ____A [7D2D2284833760A82308CF09F7618E8B] (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys
2009-07-13 17:37 - 2009-07-13 17:37 - 000040448 ____A [13096B05847EC78F0977F2C0F79E9AB3] (Microsoft Corporation) C:\Windows\System32\Drivers\discache.sys
2018-02-11 13:11 - 2016-01-20 18:51 - 000073664 ____A [616387BBD83372220B09DE95F4E67BBC] (Microsoft Corporation) C:\Windows\System32\Drivers\disk.sys
2018-02-11 13:05 - 2014-02-03 20:35 - 000027584 ____A [B3222734D80013D2C73841B0C549FA63] (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2018-02-07 11:26 - 2015-12-08 12:54 - 000116736 ____A [C51B07394A087DA666A410DBFD26663A] (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2018-02-07 11:26 - 2015-12-08 12:11 - 000005632 ____A [26FE888505E5A945B0536AF9A2A27A6F] (Microsoft Corporation) C:\Windows\System32\Drivers\drmkaud.sys
2018-02-17 23:57 - 2018-02-17 23:57 - 000030264 ____A [679FF716052109392D870F6A6C4A3535] (Disc Soft Ltd) C:\Windows\System32\Drivers\dtlitescsibus.sys
2018-02-17 23:58 - 2018-02-17 23:58 - 000047672 ____A [E23FDD696839A4790682CA66C48D3F2F] (Disc Soft Ltd) C:\Windows\System32\Drivers\dtliteusbbus.sys
2009-07-13 17:19 - 2009-07-13 19:47 - 000028736 ____A [839B5FE3D48E9F35B22C21A3D5103F6C] (Microsoft Corporation) C:\Windows\System32\Drivers\Dumpata.sys
2009-07-13 17:21 - 2009-07-13 19:43 - 000055128 ____A [814DB88F2641691575A455CF25354098] (Microsoft Corporation) C:\Windows\System32\Drivers\dumpfve.sys
2009-07-13 17:38 - 2009-07-13 17:38 - 000016896 ____A [BF24D6F2ED97FE830BFD52B246F98E67] (Microsoft Corporation) C:\Windows\System32\Drivers\dxapi.sys
2009-07-13 17:38 - 2009-07-13 17:38 - 000098816 ____A [FEDE0629ECB23650D48989517D4914DA] (Microsoft Corporation) C:\Windows\System32\Drivers\dxg.sys
2018-02-07 11:27 - 2017-05-16 09:35 - 000986856 ____A [5CEF80AE869336376F550ECAE91E424A] (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2018-02-07 11:27 - 2017-05-16 09:35 - 000265448 ____A [1792FCF97D2420514F9102C18B015B29] (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2009-06-10 14:36 - 2009-07-13 19:47 - 000530496 ____A [0E5DA5369A0FCAEA12456DD852545184] (Emulex) C:\Windows\System32\Drivers\elxstor.sys
2009-07-13 17:31 - 2009-07-13 17:31 - 000009728 ____A [34A3C54752046E79A126E15C51DB409B] (Microsoft Corporation) C:\Windows\System32\Drivers\errdev.sys
2018-03-01 10:34 - 2018-03-01 10:34 - 000170280 ____A [F037314138494EE6BD7DDC4C19C63012] (ESET) C:\Windows\System32\Drivers\ESETCleanersDriver.sys
2009-06-10 14:34 - 2009-06-10 14:34 - 003286016 ____A [DC5D737F51BE844D8C82C695EB17372F] (Broadcom Corporation) C:\Windows\System32\Drivers\evbda.sys
2018-02-07 11:27 - 2017-03-10 09:55 - 000195584 ____A [7E45F8B117419ABA3BB26579F6E70324] (Microsoft Corporation) C:\Windows\System32\Drivers\exfat.sys
2018-02-07 11:27 - 2017-03-10 09:55 - 000205312 ____A [6EDFA237D25433C03F42FBFDB16BDD24] (Microsoft Corporation) C:\Windows\System32\Drivers\fastfat.sys
2009-07-13 18:00 - 2009-07-13 18:00 - 000029696 ____A [D765D19CD8EF61F650C384F62FAC00AB] (Microsoft Corporation) C:\Windows\System32\Drivers\fdc.sys
2009-07-13 17:34 - 2009-07-13 19:47 - 000070224 ____A [655661BE46B5F5F3FD454E2C3095B930] (Microsoft Corporation) C:\Windows\System32\Drivers\fileinfo.sys
2009-07-13 17:25 - 2009-07-13 17:25 - 000034304 ____A [5F671AB5BC87EEA04EC38A6CD5962A47] (Microsoft Corporation) C:\Windows\System32\Drivers\filetrace.sys
2009-07-13 18:00 - 2009-07-13 18:00 - 000024576 ____A [C172A0F53008EAEB8EA33FE10E177AF5] (Microsoft Corporation) C:\Windows\System32\Drivers\flpydisk.sys
2018-02-08 18:59 - 2017-12-31 20:21 - 000288488 ____A [DC591A7A196E99EFB5A48D708CB989FD] (Microsoft Corporation) C:\Windows\System32\Drivers\fltMgr.sys
2018-02-08 08:48 - 2012-03-01 00:46 - 000023408 ____A [6BD9295CC032DD3077C671FCCF579A7B] (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2009-07-13 17:26 - 2009-07-13 19:47 - 000055376 ____A [D43703496149971890703B4B1B723EAC] (Microsoft Corporation) C:\Windows\System32\Drivers\fsdepends.sys
2018-02-06 23:06 - 2018-02-06 23:06 - 000199984 ____A [738C51E9030D3FE8D362C0DD9FD35D05] (Sentelic Corporation) C:\Windows\System32\Drivers\fspad_win764.sys
2018-02-11 00:59 - 2013-01-24 00:01 - 000223752 ____A [8F6322049018354F45F05A2FD2D4E5E0] (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2018-02-13 12:33 - 2018-01-12 10:44 - 000287976 ____A [3358D5C8287B18A91DC00A962E444413] (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2009-07-13 17:38 - 2009-07-13 19:47 - 000065088 ____A [8C778D335C9D272CFD3298AB02ABE3B6] (Microsoft Corporation) C:\Windows\System32\Drivers\GAGP30KX.SYS
2009-06-10 14:30 - 2009-06-10 14:30 - 003440660 ____A [7F29903CB8F5590D52DB0C9F97049A25] () C:\Windows\System32\Drivers\gm.dls
2009-07-13 16:13 - 2009-06-10 14:30 - 000000646 ____A [7111BFA692A22E4B3C07F1E6C6FF6F72] () C:\Windows\System32\Drivers\gmreadme.txt
2017-06-29 12:31 - 2017-06-29 12:31 - 000035648 ___AH [38F981F035E4B4C8881BAAF98A7A99D9] (LogMeIn, Inc.) C:\Windows\System32\Drivers\hamachi.sys
2009-07-13 16:53 - 2009-06-10 14:31 - 000031232 ____A [F2523EF6460FC42405B12248338AB2F0] (Hauppauge Computer Works, Inc.) C:\Windows\System32\Drivers\hcw85cir.sys
2010-11-20 21:23 - 2010-11-20 21:23 - 000122368 ____A [97BFED39B6B79EB12CDDBFEED51F56BB] (Microsoft Corporation) C:\Windows\System32\Drivers\hdaudbus.sys
2010-11-20 21:23 - 2010-11-20 21:23 - 000350208 ____A [975761C778E33CD22498059B91E7373A] (Microsoft Corporation) C:\Windows\System32\Drivers\HdAudio.sys
2009-07-13 17:31 - 2009-07-13 17:31 - 000026624 ____A [78E86380454A7B10A5EB255DC44A355F] (Microsoft Corporation) C:\Windows\System32\Drivers\hidbatt.sys
2009-07-13 18:06 - 2009-07-13 18:06 - 000100864 ____A [7FD2A313F7AFE5C4DAB14798C48DD104] (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
2018-02-13 12:33 - 2018-01-12 10:16 - 000076288 ____A [6B02DE33BDDCCE332984349476003421] (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2009-07-13 18:06 - 2009-07-13 18:06 - 000046592 ____A [0A77D29F311B88CFAE3B13F9C1A73825] (Microsoft Corporation) C:\Windows\System32\Drivers\hidir.sys
2018-02-13 12:33 - 2018-01-12 10:15 - 000032896 ____A [D15D2C01BF9E478DBB4A133629C6DB72] (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2018-02-13 12:33 - 2018-01-12 10:16 - 000030208 ____A [6F5E5CC271EB0C17688D892A3D4B83F6] (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2010-11-20 21:23 - 2010-11-20 21:23 - 000078720 ____A [39D2ABCD392F3D8A6DCE7B60AE7B8EFC] (Hewlett-Packard Company) C:\Windows\System32\Drivers\HpSAMD.sys
2018-02-08 18:59 - 2017-12-31 19:41 - 000754176 ____A [93C367EA831FB39DEE3BA96539A187FB] (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2010-11-20 21:24 - 2010-11-20 21:24 - 000014720 ____A [A5462BD6884960C9DC85ED49D34FF392] (Microsoft Corporation) C:\Windows\System32\Drivers\hwpolicy.sys
2009-07-13 17:19 - 2009-07-13 17:19 - 000105472 ____A [FA55C73D4AFFA7EE23AC4BE53B4592D3] (Microsoft Corporation) C:\Windows\System32\Drivers\i8042prt.sys
2018-02-06 23:07 - 2018-02-06 23:07 - 001469952 ____A [0609694A9C4D6C71319732FA82C6E5C5] (Intel Corporation) C:\Windows\System32\Drivers\iaStorA.sys
2018-02-06 23:07 - 2018-02-06 23:07 - 000031712 ____A [64F3FD16FB46170000C30E98CC8912AA] (Intel Corporation) C:\Windows\System32\Drivers\iaStorF.sys
2018-02-11 13:05 - 2011-03-11 00:41 - 000410496 ____A [AAAF44DB3BD0B9D1FB6969B23ECC8366] (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2009-07-13 15:59 - 2009-07-13 19:48 - 000044112 ____A [5C18831C61933628F5BB0EA2675B9D21] (Intel Corp./ICP vortex GmbH) C:\Windows\System32\Drivers\iirsp.sys
2009-07-13 17:19 - 2009-07-13 19:48 - 000016960 ____A [F00F20E70C6EC3AA366910083A0518AA] (Microsoft Corporation) C:\Windows\System32\Drivers\intelide.sys
2018-02-06 18:50 - 2018-02-05 19:28 - 000016344 ____A [024BBD804E467751906E5D3E3F207600] (Intel Corporation) C:\Windows\System32\Drivers\IntelMEFWVer.dll
2009-07-13 17:19 - 2009-07-13 17:19 - 000062464 ____A [ADA036632C664CAA754079041CF1F8C1] (Microsoft Corporation) C:\Windows\System32\Drivers\intelppm.sys
2010-11-20 21:24 - 2010-11-20 21:24 - 000082944 ____A [C9F0E1BD74365A8771590E9008D22AB6] (Microsoft Corporation) C:\Windows\System32\Drivers\ipfltdrv.sys
2010-11-20 21:23 - 2010-11-20 21:23 - 000078848 ____A [0FC1AEA580957AA8817B8F305D18CA3A] (Microsoft Corporation) C:\Windows\System32\Drivers\IPMIDrv.sys
2009-07-13 18:10 - 2009-07-13 18:10 - 000116224 ____A [AF9B39A7E7B6CAA203B3862582E9F2D0] (Microsoft Corporation) C:\Windows\System32\Drivers\ipnat.sys
2009-07-13 18:09 - 2009-07-13 18:09 - 000120320 ____A [05360B1EA5A2ABF620D1D96EBD8BD8F1] (Microsoft Corporation) C:\Windows\System32\Drivers\irda.sys
2009-07-13 18:08 - 2009-07-13 18:08 - 000017920 ____A [3ABF5E7213EB28966D55D58B515D5CE9] (Microsoft Corporation) C:\Windows\System32\Drivers\irenum.sys
2009-07-13 17:31 - 2009-07-13 19:48 - 000020544 ____A [2F7B28DC3E1183E5EB418DF55C204F38] (Microsoft Corporation) C:\Windows\System32\Drivers\isapnp.sys
2018-02-06 23:07 - 2018-02-06 23:07 - 000824848 ____A [FD06CEF43043BBE525A3A3259E5F8D37] (Intel Corporation) C:\Windows\System32\Drivers\iusb3xhc.sys
2009-07-13 17:19 - 2009-07-13 19:48 - 000050768 ____A [BC02336F1CBA7DCC7D1213BB588A68A5] (Microsoft Corporation) C:\Windows\System32\Drivers\kbdclass.sys
2010-11-20 21:23 - 2010-11-20 21:23 - 000033280 ____A [0705EFF5B42A9DB58548EEC3B26BB484] (Microsoft Corporation) C:\Windows\System32\Drivers\kbdhid.sys
2010-11-20 21:24 - 2010-11-20 21:24 - 000243712 ____A [24FBF5CC5C04150073C315A7C83521EE] (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
2018-02-13 12:33 - 2018-01-12 10:44 - 000095464 ____A [9707CED0085D27639F467BAB6601E4E9] (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2018-02-13 12:33 - 2018-01-12 10:44 - 000154856 ____A [0A53691F99095C1AAD0785780BE01CF5] (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2009-07-13 18:00 - 2009-07-13 18:00 - 000020992 ____A [6869281E78CB31A43E969F06B57347C4] (Microsoft Corporation) C:\Windows\System32\Drivers\ksthunk.sys
2009-07-13 18:08 - 2009-07-13 18:08 - 000060928 ____A [1538831CF8AD2979A04C423779465827] (Microsoft Corporation) C:\Windows\System32\Drivers\lltdio.sys
2009-07-13 15:59 - 2009-07-13 19:48 - 000114752 ____A [1A93E54EB0ECE102495A51266DCDB6A6] (LSI Corporation) C:\Windows\System32\Drivers\lsi_fc.sys
2009-07-13 15:59 - 2009-07-13 19:48 - 000106560 ____A [1047184A9FDC8BDBFF857175875EE810] (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas.sys
2009-07-13 15:59 - 2009-07-13 19:48 - 000065600 ____A [30F5C0DE1EE8B5BC9306C1F0E4A75F93] (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas2.sys
2009-07-13 15:59 - 2009-07-13 19:48 - 000115776 ____A [0504EACAFF0D3C8AED161C4B0D369D4A] (LSI Corporation) C:\Windows\System32\Drivers\lsi_scsi.sys
2018-02-07 11:27 - 2017-10-11 18:20 - 000113152 ____A [5416CEB2916BBE635288C4D1075B045E] (Microsoft Corporation) C:\Windows\System32\Drivers\luafv.sys
2018-02-28 20:32 - 2017-11-29 09:11 - 000077432 ____A [680AF1647150CF9B061FF40E71C7396A] () C:\Windows\System32\Drivers\mbae64.sys
2018-02-28 20:49 - 2018-02-28 20:49 - 000192952 ____A [24C3F7C13C2490BFE9CD6AC40B9EAA5E] (Malwarebytes) C:\Windows\System32\Drivers\mbamchameleon.sys
2018-02-06 18:52 - 2009-11-18 22:12 - 000032344 ____A [8FF2D95CBA49B405C5DE27039FF0BF35] (Creative Technology Ltd.) C:\Windows\System32\Drivers\MBfilt64.sys
2009-07-13 18:01 - 2009-07-13 18:01 - 000022016 ____A [3C9F072F9DCA856B9FB7A20CBD4281AC] (Microsoft Corporation) C:\Windows\System32\Drivers\mcd.sys
2018-02-18 17:12 - 2009-02-24 18:35 - 000255552 ____A [79D51E7F5926E8CE1B3EBECEBAE28CFF] (MagicISO, Inc.) C:\Windows\System32\Drivers\mcdbus.sys
2009-06-10 14:37 - 2009-07-13 19:48 - 000035392 ____A [A55805F747C6EDB6A9080D7C633BD0F4] (LSI Corporation) C:\Windows\System32\Drivers\megasas.sys
2009-07-13 15:59 - 2009-07-13 19:48 - 000284736 ____A [BAF74CE0072480C3B6B7C13B2A94D6B3] (LSI Corporation, Inc.) C:\Windows\System32\Drivers\MegaSR.sys
2009-07-13 18:10 - 2009-07-13 18:10 - 000040448 ____A [800BA92F7010378B09F9ED9270F07137] (Microsoft Corporation) C:\Windows\System32\Drivers\modem.sys
2009-07-13 17:38 - 2009-07-13 17:38 - 000030208 ____A [B03D591DC7DA45ECE20B3B467E6AADAA] (Microsoft Corporation) C:\Windows\System32\Drivers\monitor.sys
2009-07-13 17:19 - 2009-07-13 19:48 - 000049216 ____A [7D27EA49F3C1F687D357E77A470AEA99] (Microsoft Corporation) C:\Windows\System32\Drivers\mouclass.sys
2009-07-13 18:00 - 2009-07-13 18:00 - 000031232 ____A [D3BF052C40B0C4166D9FD86A4288C1E6] (Microsoft Corporation) C:\Windows\System32\Drivers\mouhid.sys
2018-02-07 11:27 - 2017-05-07 09:33 - 000094440 ____A [072D8646E23ECF8A3F5F0157017B4DB6] (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys
2010-11-20 21:23 - 2010-11-20 21:23 - 000155008 ____A [A44B420D30BD56E145D6A2BC8768EC58] (Microsoft Corporation) C:\Windows\System32\Drivers\mpio.sys
2018-02-08 18:59 - 2017-12-31 19:54 - 000077312 ____A [6D9BB8B53394B62540A3971FCE2BE8DB] (Microsoft Corporation) C:\Windows\System32\Drivers\mpsdrv.sys
2018-02-07 11:27 - 2016-09-08 08:55 - 000142336 ____A [98DB1790F0A584E0A2528B92B052417F] (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2018-02-13 12:33 - 2018-01-12 10:03 - 000159744 ____A [2C52CF0B64FFAD73DCF00EFBBB4A0238] (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2018-02-13 12:33 - 2018-01-12 10:02 - 000291328 ____A [14E322C2046C9C8DBF55F7E21B414140] (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2018-02-13 12:33 - 2018-01-12 10:02 - 000129536 ____A [F90F90CB9FA037CFF9E61A8E6B1655C7] (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2010-11-20 21:23 - 2010-11-20 21:23 - 000031104 ____A [C25F0BAFA182CBCA2DD3C851C2E75796] (Microsoft Corporation) C:\Windows\System32\Drivers\msahci.sys
2010-11-20 21:23 - 2010-11-20 21:23 - 000140672 ____A [DB801A638D011B9633829EB6F663C900] (Microsoft Corporation) C:\Windows\System32\Drivers\msdsm.sys
2009-07-13 17:19 - 2009-07-13 17:19 - 000026112 ____A [AA3FB40E17CE1388FA1BEDAB50EA8F96] (Microsoft Corporation) C:\Windows\System32\Drivers\msfs.sys
2018-02-06 23:06 - 2018-02-06 23:06 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_Kernel_fspad_win764_01009.Wdf
2018-02-06 18:47 - 2018-02-06 18:47 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_Kernel_fspad_win764_01011.Wdf
2018-02-06 23:06 - 2018-02-06 23:06 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2018-02-06 18:49 - 2018-02-06 18:49 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2018-02-22 16:28 - 2018-02-22 16:28 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2018-02-06 18:47 - 2018-02-06 18:47 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
2018-02-06 18:47 - 2012-06-02 08:35 - 000000003 ____A [933222B19FF3E7EA5F65517EA1F7D57E] () C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2018-02-11 14:23 - 2012-06-02 08:57 - 000000003 ____A [933222B19FF3E7EA5F65517EA1F7D57E] () C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2009-07-13 18:06 - 2009-07-13 18:06 - 000008192 ____A [F9D215A46A8B9753F61767FA72A20326] (Microsoft Corporation) C:\Windows\System32\Drivers\mshidkmdf.sys
2009-07-13 17:19 - 2009-07-13 19:48 - 000015424 ____A [D916874BBD4F8B07BFB7FA9B3CCAE29D] (Microsoft Corporation) C:\Windows\System32\Drivers\msisadrv.sys
2018-02-11 13:05 - 2014-02-03 20:35 - 000274880 ____A [96BB922A0981BC7432C8CF52B5410FE6] (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2009-07-13 18:00 - 2009-07-13 18:00 - 000011136 ____A [49CCF2C4FEA34FFAD8B1B59D49439366] (Microsoft Corporation) C:\Windows\System32\Drivers\mskssrv.sys
2009-07-13 18:00 - 2009-07-13 18:00 - 000007168 ____A [BDD71ACE35A232104DDD349EE70E1AB3] (Microsoft Corporation) C:\Windows\System32\Drivers\mspclock.sys
2009-07-13 18:00 - 2009-07-13 18:00 - 000006784 ____A [4ED981241DB27C3383D72092B618A1D0] (Microsoft Corporation) C:\Windows\System32\Drivers\mspqm.sys
2010-11-20 21:24 - 2010-11-20 21:24 - 000366976 ____A [759A9EEB0FA9ED79DA1FB7D4EF78866D] (Microsoft Corporation) C:\Windows\System32\Drivers\msrpc.sys
2009-07-13 17:31 - 2009-07-13 19:48 - 000032320 ____A [0EED230E37515A0EAEE3C2E1BC97B288] (Microsoft Corporation) C:\Windows\System32\Drivers\mssmbios.sys
2009-07-13 18:00 - 2009-07-13 18:00 - 000008064 ____A [2E66F9ECB30B4221A318C92AC2250779] (Microsoft Corporation) C:\Windows\System32\Drivers\mstee.sys
2009-07-13 18:02 - 2009-07-13 18:02 - 000015360 ____A [7EA404308934E675BFFDE8EDF0757BCD] (Microsoft Corporation) C:\Windows\System32\Drivers\MTConfig.sys
2009-07-13 17:23 - 2009-07-13 19:48 - 000060496 ____A [F9A18612FD3526FE473C1BDA678D61C8] (Microsoft Corporation) C:\Windows\System32\Drivers\mup.sys
2018-02-08 18:59 - 2017-12-31 20:21 - 000948968 ____A [261F27367EB6EA6478B940811F0A6F03] (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2009-07-13 18:08 - 2009-07-13 18:08 - 000035328 ____A [9F9A1F53AAD7DA4D6FEF5BB73AB811AC] (Microsoft Corporation) C:\Windows\System32\Drivers\ndiscap.sys
2018-02-08 18:59 - 2017-12-31 19:55 - 000024064 ____A [3F217F77899654833B650ED6A1372BE4] (Microsoft Corporation) C:\Windows\System32\Drivers\ndistapi.sys
2010-11-20 21:24 - 2010-11-20 21:24 - 000056832 ____A [136185F9FB2CC61E573E676AA5402356] (Microsoft Corporation) C:\Windows\System32\Drivers\ndisuio.sys
2010-11-20 21:24 - 2010-11-20 21:24 - 000164352 ____A [53F7305169863F0A2BDDC49E116C2E11] (Microsoft Corporation) C:\Windows\System32\Drivers\ndiswan.sys
2018-02-08 18:59 - 2017-12-31 19:55 - 000058368 ____A [E46AF308E96F7730F59B0F250A884CD6] (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2018-02-08 18:59 - 2017-12-31 19:55 - 000045056 ____A [2E19EB10185992AB08BC3688AACA4CE2] (Microsoft Corporation) C:\Windows\System32\Drivers\netbios.sys
2018-02-07 11:27 - 2017-08-11 00:00 - 000262656 ____A [734837208CAFD6E0959A7A0333C95C9D] (Microsoft Corporation) C:\Windows\System32\Drivers\netbt.sys
2018-02-13 12:33 - 2018-01-12 10:44 - 000377064 ____A [617EF17748C1B7B9F5A6D767340FB74F] (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2009-07-13 15:59 - 2009-07-13 19:48 - 000051264 ____A [77889813BE4D166CDAB78DDBA990DA92] (IBM Corporation) C:\Windows\System32\Drivers\nfrd960.sys
2009-07-13 17:19 - 2009-07-13 17:19 - 000044032 ____A [1E4C4AB5C9B8DD13179BBDC75A2A01F7] (Microsoft Corporation) C:\Windows\System32\Drivers\npfs.sys
2018-02-07 11:27 - 2017-08-10 23:58 - 000026112 ____A [BE313E566EEA2A4B7F9AAC9782A567D4] (Microsoft Corporation) C:\Windows\System32\Drivers\nsiproxy.sys
2018-02-08 18:59 - 2017-12-31 20:21 - 001680616 ____A [A97B92D11270695B15C3663BCCB737D3] (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2009-07-13 17:19 - 2009-07-13 17:19 - 000006144 ____A [9899284589F75FA8724FF3D16AED75C1] (Microsoft Corporation) C:\Windows\System32\Drivers\null.sys
2009-07-13 17:38 - 2009-07-13 19:48 - 000122960 ____A [270D7CD42D6E3979F6DD0146650F0E05] (Microsoft Corporation) C:\Windows\System32\Drivers\NV_AGP.SYS
2018-02-25 16:27 - 2017-08-21 18:40 - 000218712 ____A [4938CCA6E12A7FDA5324FFF0DF5DB8EC] (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2018-02-25 16:27 - 2017-08-21 18:40 - 015409088 ____A [46B849ABC3798B98AA248166B6666D8C] (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2018-02-11 13:05 - 2011-03-11 00:41 - 000148352 ____A [0A92CB65770442ED0DC44834632F66AD] (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2018-02-11 13:05 - 2011-03-11 00:41 - 000166272 ____A [DAB0E87525C10052BF65F06152F37E4A] (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2018-02-07 11:27 - 2017-09-13 09:05 - 000324608 ____A [9FB2A095B1166CB3C9A06651863B3452] (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys
2009-07-13 18:06 - 2009-07-13 18:06 - 000072832 ____A [3589478E4B22CE21B41FA1BFC0B8B8A0] (Microsoft Corporation) C:\Windows\System32\Drivers\ohci1394.sys
2018-02-08 18:59 - 2017-12-31 19:55 - 000131584 ____A [4CE827A5433451551E99C2C1D20E4A43] (Microsoft Corporation) C:\Windows\System32\Drivers\pacer.sys
2009-07-13 18:00 - 2009-07-13 18:00 - 000097280 ____A [0086431C29C35BE1DBC43F52CC273887] (Microsoft Corporation) C:\Windows\System32\Drivers\parport.sys
2018-02-07 11:26 - 2012-03-17 01:58 - 000075120 ____A [E9766131EEADE40A27DC27D2D68FBA9C] (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2010-11-20 21:23 - 2010-11-20 21:23 - 000184704 ____A [94575C0571D1462A0F70BDE6BD6EE6B3] (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys
2009-07-13 17:19 - 2009-07-13 19:45 - 000012352 ____A [B5B8B5EF2E5CB34DF8DCF8831E3534FA] (Microsoft Corporation) C:\Windows\System32\Drivers\pciide.sys
2009-07-13 17:19 - 2009-07-13 19:45 - 000048720 ____A [144497DAA145BA0F7BE896064146C058] (Microsoft Corporation) C:\Windows\System32\Drivers\pciidex.sys
2009-07-13 17:31 - 2009-07-13 19:45 - 000220752 ____A [B2E81D4E87CE48589F98CB8C05B01F2F] (Microsoft Corporation) C:\Windows\System32\Drivers\pcmcia.sys
2009-07-13 17:19 - 2009-07-13 19:45 - 000050768 ____A [D6B9C2E1A11A3A4B26A182FFEF18F603] (Microsoft Corporation) C:\Windows\System32\Drivers\pcw.sys
2018-02-07 11:27 - 2016-06-14 11:11 - 000663552 ____A [EA4D67448BE493D543F1730D6CD04694] (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2018-02-07 11:26 - 2015-12-08 12:12 - 000230400 ____A [647599CAE8CA0EF2FB09C4B150BC97FF] (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2009-07-13 17:19 - 2009-07-13 17:19 - 000060416 ____A [0D922E23C041EFB1C3FAC2A6F943C9BF] (Microsoft Corporation) C:\Windows\System32\Drivers\processr.sys
2009-06-10 14:37 - 2009-07-13 19:45 - 001524816 ____A [A53A15A11EBFD21077463EE2C7AFEEF0] (QLogic Corporation) C:\Windows\System32\Drivers\ql2300.sys
2009-07-13 15:59 - 2009-07-13 19:45 - 000128592 ____A [4F6D12B51DE1AAEFF7DC58C4D75423C8] (QLogic Corporation) C:\Windows\System32\Drivers\ql40xx.sys
2009-07-13 18:09 - 2009-07-13 18:09 - 000046592 ____A [76707BB36430888D9CE9D705398ADB6C] (Microsoft Corporation) C:\Windows\System32\Drivers\qwavedrv.sys
2009-07-13 18:10 - 2009-07-13 18:10 - 000014848 ____A [5A0DA8AD5762FA2D91678A8A01311704] (Microsoft Corporation) C:\Windows\System32\Drivers\rasacd.sys
2010-11-20 21:24 - 2010-11-20 21:24 - 000129536 ____A [471815800AE33E6F1C32FB1B97C490CA] (Microsoft Corporation) C:\Windows\System32\Drivers\rasl2tp.sys
2009-07-13 18:10 - 2009-07-13 18:10 - 000092672 ____A [855C9B1CD4756C5E9A2AA58A15F58C25] (Microsoft Corporation) C:\Windows\System32\Drivers\raspppoe.sys
2010-11-20 21:24 - 2010-11-20 21:24 - 000111104 ____A [F92A2C41117A11A00BE01CA01A7FCDE9] (Microsoft Corporation) C:\Windows\System32\Drivers\raspptp.sys
2009-07-13 18:10 - 2009-07-13 18:10 - 000083968 ____A [E8B1E447B008D07FF47D016C2B0EEECB] (Microsoft Corporation) C:\Windows\System32\Drivers\rassstp.sys
2018-02-07 11:27 - 2017-10-11 18:20 - 000317440 ____A [FB45727105E27756B3252572A138FA19] (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2009-07-13 18:17 - 2009-07-13 18:17 - 000024064 ____A [302DA2A0539F2CF54D7C6CC30C1F2D8D] (Microsoft Corporation) C:\Windows\System32\Drivers\rdpbus.sys
2009-07-13 18:16 - 2009-07-13 18:16 - 000007680 ____A [CEA6CC257FC9B7715F1C2B4849286D24] (Microsoft Corporation) C:\Windows\System32\Drivers\RDPCDD.sys
2009-07-13 18:16 - 2009-07-13 18:16 - 000007680 ____A [BB5971A4F00659529A5C44831AF22365] (Microsoft Corporation) C:\Windows\System32\Drivers\RDPENCDD.sys
2009-07-13 18:16 - 2009-07-13 18:16 - 000008192 ____A [216F3FA57533D98E1F74DED70113177A] (Microsoft Corporation) C:\Windows\System32\Drivers\RDPREFMP.sys
2018-02-25 02:39 - 2018-02-25 02:39 - 000019456 ____A [313F68E1A3E6345A4F47A36B07062F34] (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2018-02-07 11:25 - 2014-07-16 19:21 - 000212480 ____A [FE571E088C2D83619D2D48D4E961BF41] (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2018-02-08 18:59 - 2017-12-31 20:21 - 000213736 ____A [F4287A980C0AA41DE3073F053E5EA73C] (Microsoft Corporation) C:\Windows\System32\Drivers\rdyboost.sys
2009-07-13 18:06 - 2009-07-13 18:06 - 000158720 ____A [3DD798846E2C28102B922C56E71B7932] (Microsoft Corporation) C:\Windows\System32\Drivers\rfcomm.sys
2018-02-07 11:26 - 2015-11-05 03:53 - 000146944 ____A [5BD6B1EC997FF3DD779D62E05D2079A8] (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys
2018-02-11 13:11 - 2012-07-04 14:26 - 000041472 ____A [0E01641D96889BDEB22DE12D30575B08] (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2009-07-13 18:10 - 2009-07-13 18:10 - 000011264 ____A [388D3DD1A6457280F3BADBA9F3ACD6B1] (Microsoft Corporation) C:\Windows\System32\Drivers\rootmdm.sys
2009-07-13 18:08 - 2009-07-13 18:08 - 000076800 ____A [DDC86E4F8E7456261E637E3552E804FF] (Microsoft Corporation) C:\Windows\System32\Drivers\rspndr.sys
2018-02-06 23:07 - 2018-02-06 23:07 - 001077696 ____A [30DAF1EFE41A34AF1D442DDD3A6F7633] (Realtek ) C:\Windows\System32\Drivers\Rt64win7.sys
2018-02-06 18:52 - 2013-12-31 10:44 - 000710621 ____A [824F4C610521AF41EB2009211E5F04F4] () C:\Windows\System32\Drivers\RTAIODAT.DAT
2018-02-06 23:07 - 2018-02-06 23:07 - 000718080 ____A [40DD2DDE8EA1B2A251009FF1A2701A5A] (Realtek Semiconductor Corporation) C:\Windows\System32\Drivers\RtkBtfilter.sys
2018-02-06 18:52 - 2013-12-31 11:27 - 003801176 ____A [BA97BCF2138C7667FCFEF10DFF2ABECF] (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2018-02-06 23:08 - 2018-02-06 23:08 - 000040263 ____A [5EE02F82614AFDEA5BD5097202B220FD] () C:\Windows\System32\Drivers\rtldata.txt
2018-02-06 23:07 - 2018-02-06 23:07 - 000338400 ____A [F07BD0EDE5484C7FCACF09DCA8C2C5CE] (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RtsBaStor.sys
2018-02-06 23:08 - 2018-02-06 23:08 - 007577968 ____A [795803541DEA26F8911D4906BD1B6E93] (Realtek Semiconductor Corporation ) C:\Windows\System32\Drivers\rtwlane.sys
2010-11-20 21:23 - 2010-11-20 21:23 - 000103808 ____A [AC03AF3329579FFFB455AA2DAABBE22B] (Microsoft Corporation) C:\Windows\System32\Drivers\sbp2port.sys
2010-11-20 21:24 - 2010-11-20 21:24 - 000029696 ____A [253F38D0D7074C02FF8DEB9836C97D2B] (Microsoft Corporation) C:\Windows\System32\Drivers\scfilter.sys
2010-11-20 21:24 - 2010-11-20 21:24 - 000171392 ____A [1B1E264203D4EF9D3DA1987AD70355AB] (Microsoft Corporation) C:\Windows\System32\Drivers\scsiport.sys
2009-07-13 20:36 - 2009-06-10 14:37 - 000023040 ____A [3EA8A16169C26AFBEB544E0E48421186] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\System32\Drivers\secdrv.sys
2009-07-13 18:00 - 2009-07-13 18:00 - 000023552 ____A [CB624C0035412AF0DEBEC78C41F5CA1B] (Microsoft Corporation) C:\Windows\System32\Drivers\serenum.sys
2009-07-13 18:00 - 2009-07-13 18:00 - 000094208 ____A [C1D8E28B2C2ADFAEC4BA89E9FDA69BD6] (Brother Industries Ltd.) C:\Windows\System32\Drivers\serial.sys
2009-07-13 18:00 - 2009-07-13 18:00 - 000026624 ____A [1C545A7D0691CC4A027396535691C3E3] (Microsoft Corporation) C:\Windows\System32\Drivers\sermouse.sys
2009-07-13 18:01 - 2009-07-13 18:01 - 000014336 ____A [A554811BCD09279536440C964AE35BBF] (Microsoft Corporation) C:\Windows\System32\Drivers\sffdisk.sys
2009-07-13 18:01 - 2009-07-13 18:01 - 000013824 ____A [FF414F0BAEFEBA59BC6C04B3DB0B87BF] (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_mmc.sys
2010-11-20 21:23 - 2010-11-20 21:23 - 000014336 ____A [DD85B78243A19B59F0637DCF284DA63C] (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_sd.sys
2009-07-13 18:01 - 2009-07-13 18:01 - 000016896 ____A [A9D601643A1647211A1EE2EC4E433FF4] (Microsoft Corporation) C:\Windows\System32\Drivers\sfloppy.sys
2009-06-10 14:37 - 2009-07-13 19:45 - 000043584 ____A [843CAF1E5FDE1FFD5FF768F23A51E2E1] (Silicon Integrated Systems Corp.) C:\Windows\System32\Drivers\sisraid2.sys
2009-07-13 15:59 - 2009-07-13 19:45 - 000080464 ____A [6A6C106D42E9FFFF8B9FCB4F754F6DA4] (Silicon Integrated Systems) C:\Windows\System32\Drivers\sisraid4.sys
2009-07-13 18:09 - 2009-07-13 18:09 - 000093184 ____A [548260A7B8654E024DC30BF8A7C5BAA4] (Microsoft Corporation) C:\Windows\System32\Drivers\smb.sys
2018-02-06 23:06 - 2018-02-06 23:06 - 000051808 ____A [D4D4DC7B52E9C02274F3C7534BD679F9] (Synaptics Incorporated) C:\Windows\System32\Drivers\Smb_driver_Intel.sys
2009-07-13 18:00 - 2009-07-13 18:00 - 000020992 ____A [A80348BA03E96C70852959655CA3E084] (Microsoft Corporation) C:\Windows\System32\Drivers\smclib.sys
2009-07-13 14:27 - 2009-07-13 19:45 - 000019008 ____A [B9E31E5CACDFE584F34F730A677803F9] (Microsoft Corporation) C:\Windows\System32\Drivers\spldr.sys
2009-06-10 14:48 - 2009-06-10 14:48 - 000426496 ____A [FFF95479C7AB1550F0750A5D01744211] (Microsoft Corporation) C:\Windows\System32\Drivers\spsys.sys
2018-02-08 18:59 - 2017-12-31 19:42 - 000460288 ____A [8980499A526581794A20B12E2E264661] (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2018-02-08 18:59 - 2017-12-31 19:42 - 000406016 ____A [9B90A439B97EBBD2A9ABEFFBBC1EEC71] (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2018-02-08 18:59 - 2017-12-31 19:42 - 000168448 ____A [9E30361776E07AD940791927A0FC9B3A] (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2009-07-13 15:59 - 2009-07-13 19:45 - 000024656 ____A [F3817967ED533D08327DC73BC4D5542A] (Promise Technology) C:\Windows\System32\Drivers\stexstor.sys
2018-02-11 13:05 - 2014-02-03 20:35 - 000190912 ____A [A3F0BC5897F9D3786A3CB695B163633A] (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2018-02-11 13:05 - 2015-04-10 21:19 - 000069888 ____A [36E0DDD19038C92B7C7709BFA03F813F] (Microsoft Corporation) C:\Windows\System32\Drivers\stream.sys
2009-07-13 18:00 - 2009-07-13 19:45 - 000012496 ____A [D01EC09B6711A5F8E7E6564A4D0FBC90] (Microsoft Corporation) C:\Windows\System32\Drivers\swenum.sys
2009-07-13 18:01 - 2009-07-13 18:01 - 000029184 ____A [6E316C01CBA8B785FE495F5CC4F48C6F] (Microsoft Corporation) C:\Windows\System32\Drivers\tape.sys
2018-02-13 12:33 - 2018-01-12 10:44 - 001894120 ____A [8A54B9C4206FBAB2CEE3525CFD365241] (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2018-02-11 13:13 - 2016-07-07 09:08 - 000046080 ____A [7FE5586314EE7D6AA8483264A089E5AF] (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2010-11-20 21:24 - 2010-11-20 21:24 - 000026624 ____A [6F020A220388ECA0AB6062DC27BD16B6] (Microsoft Corporation) C:\Windows\System32\Drivers\tdi.sys
2009-07-13 18:16 - 2009-07-13 18:16 - 000015872 ____A [3371D21011695B16333A3934340C4E7C] (Microsoft Corporation) C:\Windows\System32\Drivers\tdpipe.sys
2018-02-06 19:17 - 2012-02-16 22:57 - 000023552 ____A [51C5ECEB1CDEE2468A1748BE550CFBC8] (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2018-02-07 11:27 - 2017-07-29 08:56 - 000117248 ____A [4DD986720F7CB7A8A5D1226793097B9A] (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys
2018-02-06 23:06 - 2018-02-06 23:06 - 000201296 ____A [FA93DB92118560BC9BC48E68DA50D7CA] (Intel Corporation) C:\Windows\System32\Drivers\TeeDriverx64.sys
2010-11-20 21:23 - 2010-11-20 21:23 - 000063360 ____A [561E7E1F06895D78DE991E01DD0FB6E5] (Microsoft Corporation) C:\Windows\System32\Drivers\termdd.sys
2018-02-11 13:11 - 2016-02-05 13:03 - 000147904 ____A [48DDEF0B921DD331536CC82C1A8FF64F] (Microsoft Corporation) C:\Windows\System32\Drivers\tpm.sys
2018-02-07 11:27 - 2017-08-13 15:45 - 000040448 ____A [2CF58216424757ED29605B4F18EC443C] (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2018-02-25 02:39 - 2018-02-25 02:39 - 000057856 ____A [17C6B51CBCCDED95B3CC14E22791F85E] (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2018-02-25 02:39 - 2018-02-25 02:39 - 000030208 ____A [AD64450A4ABE076F5CB34CC08EEACB07] (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys
2010-11-20 21:24 - 2010-11-20 21:24 - 000125440 ____A [3566A8DAAFA27AF944F5D705EAA64894] (Microsoft Corporation) C:\Windows\System32\Drivers\tunnel.sys
2009-07-13 17:38 - 2009-07-13 19:45 - 000064080 ____A [B4DD609BD7E282BFC683CEC7EAAAAD67] (Microsoft Corporation) C:\Windows\System32\Drivers\UAGP35.SYS
2010-11-20 21:23 - 2010-11-20 21:23 - 000328192 ____A [FF4232A1A64012BAA1FD97C7B67DF593] (Microsoft Corporation) C:\Windows\System32\Drivers\udfs.sys
2009-07-13 17:38 - 2009-07-13 19:45 - 000064592 ____A [4BFE1BC28391222894CBF1E7D0E42320] (Microsoft Corporation) C:\Windows\System32\Drivers\ULIAGPKX.SYS
2010-11-20 21:23 - 2010-11-20 21:23 - 000048640 ____A [DC54A574663A895C8763AF0FA1FF7561] (Microsoft Corporation) C:\Windows\System32\Drivers\umbus.sys
2009-07-13 18:06 - 2009-07-13 18:06 - 000009728 ____A [B2E8E8CB557B156DA5493BBDDCC1474D] (Microsoft Corporation) C:\Windows\System32\Drivers\umpass.sys
2018-02-07 11:26 - 2013-02-11 22:12 - 000019968 ____A [92B3172E8C14C1444682F510843A9988] (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2010-11-20 21:24 - 2010-11-20 21:24 - 000032896 ____A [292A8E03B3FCE04E39B5BE9B14132030] (Microsoft Corporation) C:\Windows\System32\Drivers\USBCAMD2.sys
2018-02-07 11:27 - 2017-10-17 20:06 - 000099840 ____A [9E68E917FB4B5C983438969643F53BEF] (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2018-02-07 11:26 - 2013-07-12 04:41 - 000100864 ____A [80B0F7D5CCF86CEB5D402EAAF61FEC31] (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2018-02-07 11:27 - 2017-10-17 20:06 - 000007808 ____A [D017EED379FFE7CCFF0F825D53AB8096] (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2018-02-07 11:27 - 2017-10-17 20:06 - 000056320 ____A [3F9D3902CE931E2A28DD8452AE915B67] (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2018-02-07 11:27 - 2017-10-17 20:06 - 000344064 ____A [86B65EEBC03B936DE8B26E5A18D98FA2] (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2009-07-13 18:06 - 2009-07-13 18:06 - 000025600 ____A [58E546BBAF87664FC57E0F6081E4F609] (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2018-02-07 11:27 - 2017-10-17 20:06 - 000327168 ____A [03BE4B07FADA1FEA51480453EA229642] (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2009-07-13 18:38 - 2009-07-13 18:38 - 000025088 ____A [73188F58FB384E75C4063D29413CEE3D] (Microsoft Corporation) C:\Windows\System32\Drivers\usbprint.sys
2010-11-20 21:24 - 2010-11-20 21:24 - 000031744 ____A [C3EC945DEC43C00E2AD4C98DDDD064C7] (Microsoft Corporation) C:\Windows\System32\Drivers\usbrpm.sys
2018-02-07 11:26 - 2016-02-03 12:07 - 000091648 ____A [D029DD09E22EB24318A8FC3D8138BA43] (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2009-07-13 18:06 - 2009-07-13 18:06 - 000030720 ____A [81FB2216D3A60D1284455D511797DB3D] (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2018-02-07 11:26 - 2013-07-12 04:41 - 000185344 ____A [1F775DA4CF1A3A1834207E975A72E9D7] (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2009-07-13 18:01 - 2009-07-13 19:45 - 000036432 ____A [C5C876CCFC083FF3B128F933823E87BD] (Microsoft Corporation) C:\Windows\System32\Drivers\vdrvroot.sys
2009-07-13 17:38 - 2009-07-13 17:38 - 000029184 ____A [53E92A310193CB3C03BEA963DE7D9CFC] (Microsoft Corporation) C:\Windows\System32\Drivers\vga.sys
2009-07-13 17:38 - 2009-07-13 17:38 - 000029184 ____A [DA4DA3F5E02943C2DC8C6ED875DE68DD] (Microsoft Corporation) C:\Windows\System32\Drivers\vgapnp.sys
2010-11-20 21:23 - 2010-11-20 21:23 - 000215936 ____A [2CE2DF28C83AEAF30084E1B1EB253CBB] (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys
2009-07-13 17:19 - 2009-07-13 19:45 - 000017488 ____A [E5689D93FFE4E5D66C0178761240DD54] (VIA Technologies, Inc.) C:\Windows\System32\Drivers\viaide.sys
2009-07-13 17:38 - 2009-07-13 17:38 - 000129024 ____A [E7353D59C9842BC7299FAEB7E7E09340] (Microsoft Corporation) C:\Windows\System32\Drivers\videoprt.sys
2010-11-20 21:23 - 2010-11-20 21:23 - 000071552 ____A [D2AAFD421940F640B407AEFAAEBD91B0] (Microsoft Corporation) C:\Windows\System32\Drivers\volmgr.sys
2018-02-07 11:27 - 2017-07-07 09:33 - 000363752 ____A [85C5468BC395819AE2A0C747334BA14C] (Microsoft Corporation) C:\Windows\System32\Drivers\volmgrx.sys
2010-11-20 21:23 - 2010-11-20 21:23 - 000295808 ____A [0D08D2F3B3FF84E433346669B5E0F639] (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2009-06-10 14:37 - 2009-07-13 19:45 - 000161872 ____A [5E2016EA6EBACA03C04FEAC5F330D997] (VIA Technologies Inc.,Ltd) C:\Windows\System32\Drivers\vsmraid.sys
2009-07-13 18:07 - 2009-07-13 18:07 - 000024576 ____A [36D4720B72B5C5D9CB2B9C29E9DF67A1] (Microsoft Corporation) C:\Windows\System32\Drivers\vwifibus.sys
2009-07-13 18:07 - 2009-07-13 18:07 - 000059904 ____A [6A3D66263414FF0D6FA754C646612F3F] (Microsoft Corporation) C:\Windows\System32\Drivers\vwififlt.sys
2009-07-13 18:07 - 2009-07-13 18:07 - 000017920 ____A [6A638FC4BFDDC4D9B186C28C91BD1A01] (Microsoft Corporation) C:\Windows\System32\Drivers\vwifimp.sys
2009-07-13 18:02 - 2009-07-13 18:02 - 000027776 ____A [4E9440F4F152A7B944CB1663D3935A3E] (Microsoft Corporation) C:\Windows\System32\Drivers\wacompen.sys
2018-02-08 18:59 - 2017-12-31 19:55 - 000088576 ____A [DC4CB3626E7423B9D83CF1B4857FDF15] (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2009-07-13 17:37 - 2009-07-13 17:37 - 000042496 ____A [FC438D1430B28618E2D0C7C332A710AD] (Microsoft Corporation) C:\Windows\System32\Drivers\watchdog.sys
2009-07-13 17:19 - 2009-07-13 19:45 - 000021056 ____A [72889E16FF12BA0F235467D6091B17DC] (Microsoft Corporation) C:\Windows\System32\Drivers\wd.sys
2018-02-07 11:26 - 2013-06-25 16:55 - 000785624 ____A [E2C933EDBC389386EBE6D2BA953F43D8] (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2018-02-06 18:47 - 2012-07-25 22:55 - 000054376 ____A [AEA0A67275CFBA0E463E00C6E9A1DDAE] (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2009-07-13 18:09 - 2009-07-13 18:09 - 000012800 ____A [611B23304BF067451A9FDEE01FBDD725] (Microsoft Corporation) C:\Windows\System32\Drivers\wfplwf.sys
2009-07-13 17:29 - 2009-07-13 19:45 - 000022096 ____A [05ECAEC3E4529A7153B3136CEB49F0EC] (Microsoft Corporation) C:\Windows\System32\Drivers\wimmount.sys
2009-07-13 17:31 - 2009-07-13 17:31 - 000014336 ____A [F6FF8944478594D0E414D3F048F0D778] (Microsoft Corporation) C:\Windows\System32\Drivers\wmiacpi.sys
2009-07-13 17:19 - 2009-07-13 19:45 - 000016464 ____A [FC146F46872D4C5B529B89A5131FD1E6] (Microsoft Corporation) C:\Windows\System32\Drivers\wmilib.sys
2009-07-13 18:10 - 2009-07-13 18:10 - 000021504 ____A [6BCC1D7D2FD2453957C5479A32364E52] (Microsoft Corporation) C:\Windows\System32\Drivers\ws2ifsl.sys
2018-02-11 14:23 - 2012-07-25 20:26 - 000087040 ____A [AB886378EEB55C6C75B4F2D14B6C869F] (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2018-02-11 14:23 - 2012-07-25 20:26 - 000198656 ____A [DDA4CAF29D8C0A297F886BFE561E6659] (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2018-03-01 10:21 - 2018-03-01 10:21 - 000203680 ____A [21E13F2CB269DEFEAE5E1D09887D47BB] (Zemana Ltd.) C:\Windows\System32\Drivers\zam64.sys
2018-03-01 10:21 - 2018-03-01 10:21 - 000203680 ____A [21E13F2CB269DEFEAE5E1D09887D47BB] (Zemana Ltd.) C:\Windows\System32\Drivers\zamguard64.sys
2010-11-21 01:06 - 2018-02-25 02:55 - 000000000 ____D [00000000000000000000000000000000] () C:\Windows\System32\Drivers\en-US
2010-11-21 01:06 - 2010-11-21 01:06 - 000011776 ____A [54DB21D20958E3D690BCC9F85E760354] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\1394ohci.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000009216 ____A [32022C811A44B86FF45D20ACAB6D9BF6] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\acpi.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000014848 ____A [E6A5E6AD9C6F4F30061068F321C0EC5A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\afd.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000002560 ____A [112E5E0E93886F5F4662F8AB16A41953] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\AGP440.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000002048 ____A [431EEF89634DC46CCADD489A5E242D96] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\amdide.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000014336 ____A [5A407CCC623EF4748FCFD65D8BF36E53] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\amdk8.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000014336 ____A [02EF6091D3B2E3DD52148D69B084CC6A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\amdppm.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000003072 ____A [0AB55BC2F5C3B1F6DD41C4A8F2C598AE] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ataport.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000003072 ____A [2990593CBE18904D5EC0D8D012F56BE0] (ATI Technologies Inc.) C:\Windows\System32\Drivers\en-US\atikmdag.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000007168 ____A [39C77D306B5BC4EE5B84F257BD8C11D4] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\battc.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000025600 ____A [D33E31F95C553085F8F008269716AE3C] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bfe.dll.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000002560 ____A [19772EAF65F4DC67D258A0204BDF53BB] (Brother Industries Ltd.) C:\Windows\System32\Drivers\en-US\BrParwdm.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000010240 ____A [E2D40298D837850BE3D3ED553D557916] (Brother Industries Ltd.) C:\Windows\System32\Drivers\en-US\BrSerIb.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000010240 ____A [FFFAE2F485EE4846D3926D8143DC52D0] (Brother Industries Ltd.) C:\Windows\System32\Drivers\en-US\BrSerId.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000002048 ____A [996AD950DC5511CAC3E23887F36D00CE] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bthenum.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000004608 ____A [9F6C0ED8C73E45B8B39E93C4F19EC51D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bthpan.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000007680 ____A [E811F270074C90EFFB62E26419C5A478] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bthport.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000002560 ____A [427AFD042BF91F651AAAF2F8333946D3] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\BTHUSB.SYS.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000002048 ____A [E4AD0963F2B4C256C9B752809FF5A17D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\cdrom.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000002048 ____A [E113E3358247C4399ACAA9394A13CAC1] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\disk.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000002560 ____A [4DF602FA4237A02CFBA5443807ACE756] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\Dot4usb.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000005120 ____A [9F29D656CAA5CB37DC988FC1B0899728] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\fltmgr.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000014336 ____A [F376F1DB8D6B5C7D4AACA77016547269] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\fvevol.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000002560 ____A [F800E677010DCCC1D1F3DD80C1208ADD] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\GAGP30KX.SYS.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000004096 ____A [CF9ED88D2707FB6175D56A8EEF56AE2A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\hdaudbus.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000003072 ____A [C9AFAE18805C92774E55D85C34687D98] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\HdAudio.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000003072 ____A [6289F615503FABB5721E885F76C21094] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\hidbth.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000032256 ____A [E7385B794486432C74CA8CBEAE1E957C] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\http.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000010240 ____A [7932917F9F40083310D3C597CA89138A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\i8042prt.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000014336 ____A [A9DAE67F67C8736EAB89BE629A100134] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\intelppm.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000006144 ____A [32E82AD8C30775AF16F8FCB6B233768E] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\IPMIDrv.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000003584 ____A [13121C32919056A572109E59591E3DD1] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ipnat.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000003584 ____A [095EE8818E7CFEEFCA144737D5EE7EC5] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\isapnp.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000004608 ____A [07E46CC39BDC4296D798560E248C4C8F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\kbdclass.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000002560 ____A [7776875C8810B7995B7F8935A73C5675] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\kbdhid.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000006144 ____A [09654F384E8F48403AFEED23EC29D98A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\luafv.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000003584 ____A [B9D5D5C08D86E45933607821949F64A3] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\modem.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000004096 ____A [586AF4C75447643EA998E7AFE717F6B3] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mouclass.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000002560 ____A [A15D1C07F7CF3AF5F8595187D7B2D7BA] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mouhid.sys.mui
2018-02-07 11:27 - 2015-07-15 12:02 - 000002560 ____A [DCB0BF8BEDF446B36EE1A77C0D86F31F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mountmgr.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000026624 ____A [5824985855E951FD7081EDA73014159F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mpio.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000005632 ____A [21DDE99325EE591D56E838F65372FCDC] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\msdsm.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000003072 ____A [21AD775A1C84C086E630D3C8BEE807FF] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mssmbios.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000002560 ____A [CD483881C9EEAA0A092BADB0E9E31D44] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\MTConfig.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000035328 ____A [C3DB52AAA8F7FBE7BB48BBE1552FD9D4] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ndis.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000005632 ____A [0E5C3B2A88938BFA39A3660525EED627] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ndiscap.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000003072 ____A [82364E6C73DE7B0D9A14ED696663691D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ndisuio.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000059904 ____A [826CC149F7AE403090D8EE13421907D3] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ntfs.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000002560 ____A [402C5F373E3348172A21E2C4E47FE9A5] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\NV_AGP.SYS.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000013824 ____A [4A911620A8D4A92B4829088313262C65] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\nwifi.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000011776 ____A [FCF1928FC42F3FF495AABBF531925912] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ohci1394.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000015360 ____A [FE8EE46359CCA5797116E999AC9027E8] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pacer.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000003584 ____A [1897DD879E564636B62C7438BEDD7ED8] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\parport.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000002560 ____A [5B7B4A639557BCCBF6CFB19D01CED6F6] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\partmgr.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000008192 ____A [852A0E7E335D7403456C5493C3602DFA] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pci.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000004096 ____A [C4179FB59F7C58207724DD200A50A623] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pcmcia.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000002560 ____A [A32BF5D2ABCE0A52AC08759883100FA1] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pnpmem.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000003584 ____A [FD3DC59E253F1588CFDC984A08D5AB06] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\portcls.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000014336 ____A [12EE9100FC4EE882DC9D807518EA456F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\processr.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000003584 ____A [9AE150B07FBB235F7DD98B016B728245] (SCM Microsystems, Inc.) C:\Windows\System32\Drivers\en-US\pscr.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000002560 ____A [EBF10A20E41E54D35E24BB1477B3790A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\qwavedrv.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000004608 ____A [836EC1DA853C3CC5AFA72FF1C56FECC1] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rdbss.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000002560 ____A [6289416B950764322B45E9C55A5645B4] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rdpwd.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000003072 ____A [0A86155D9CF13C36C1C11097895B7D23] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\RNDISMP.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000003072 ____A [69A5BEFB6D15DB21FEA9ACC7E514B29E] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rndismp6.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000003072 ____A [0A86155D9CF13C36C1C11097895B7D23] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rndismpx.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000002560 ____A [68A170329824FD91839D15DA6CB616C8] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\scfilter.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000003072 ____A [67BDCDBBB8FB81865DCDB07142471C81] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\scsiport.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000010240 ____A [28FDCD5276E588B1C82E8390C331A672] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\serial.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000005120 ____A [EC3DB882F53F67457701F2674E16A255] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\sermouse.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000002560 ____A [531E4F70FCD5D5A278EAB6E2D1849847] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\serscan.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000002560 ____A [8B900D6E6253E72975747D40F0B4CE4D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\srv.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000044032 ____A [147A70680DFE10726938C932C529C500] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tcpip.sys.mui
2018-02-11 13:11 - 2016-02-05 12:53 - 000008192 ____A [132547D30ECBC0DEE0E52A4B1F19D085] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tpm.sys.mui
2018-02-25 02:39 - 2018-02-25 02:39 - 000003072 ____A [8915CD23D1132E54C79295098C9EF2FD] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tsusbflt.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000007680 ____A [00D0ADEB9470F4E73C675F4271579AEE] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tunnel.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000002560 ____A [258EE691A306B61FD78F6EA2AE68EC4D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\UAGP35.SYS.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000002560 ____A [0603331E5CCDC80476C869C22AB49CEC] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ULIAGPKX.SYS.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000003072 ____A [B1EF6396D59394A839242635B193C19D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\umbus.sys.mui
2018-02-07 11:27 - 2017-10-17 20:29 - 000003072 ____A [5E8FE83DC4ECB24D27A864AA0AC28A61] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbehci.sys.mui
2018-02-07 11:27 - 2017-10-17 20:29 - 000011776 ____A [7727F33D6C8F04492AB36F34808B43FE] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbhub.sys.mui
2018-02-07 11:27 - 2017-10-17 20:29 - 000024576 ____A [536FFFDE85B0E5FAA180FDD206156CA6] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbport.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000002048 ____A [A477495EDAB1FC652C3E7F48D9879E61] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbrpm.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000003584 ____A [B6CBD22F79E099E7B9C7AD30B0EB3E33] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\vdrvroot.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000003584 ____A [9EA0366724437C0448BC242C90D073BF] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\vhdmp.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000002560 ____A [8B43588430EBA0E1C4C6B2909B3FA616] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\volmgrx.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000023552 ____A [308E04CFA8407B0C7099C9D40BC19023] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\volsnap.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000002048 ____A [AC0CDAA74A6DF9FA99D39BA5E3E32852] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\vwifibus.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000004096 ____A [4820660F8636CA590F6DDE44037C240A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wacompen.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000002048 ____A [29F6CD4D49286520658A9F8257DB95ED] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wd.sys.mui
2018-02-06 18:47 - 2012-07-25 22:47 - 000002560 ____A [986A09DC5E1645ED4733065547DCC5DD] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wdf01000.sys.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000002048 ____A [FA13EB401D8A26D185C6D0B2AA1427E5] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ws2ifsl.sys.mui
2009-07-13 21:20 - 2009-07-13 21:20 - 000000000 ____D [00000000000000000000000000000000] () C:\Windows\System32\Drivers\etc
2009-07-13 20:34 - 2018-02-27 09:57 - 000000988 ____A [19D4A145CBABF15DF00DEDF4EE75B29E] () C:\Windows\System32\Drivers\etc\hosts
2009-07-13 20:35 - 2009-06-10 15:00 - 000003683 ____A [18413B90E1B291EC3E777A845C37CFEE] () C:\Windows\System32\Drivers\etc\lmhosts.sam
2009-07-13 20:34 - 2009-06-10 15:00 - 000000407 ____A [B65A1232FB4B35827CE7C5E2F8EC8947] () C:\Windows\System32\Drivers\etc\networks
2009-07-13 20:34 - 2009-06-10 15:00 - 000001358 ____A [7700D22FA108234E623D65FA72D9E29C] () C:\Windows\System32\Drivers\etc\protocol
2009-07-13 20:34 - 2009-06-10 15:00 - 000017463 ____A [D9E1A01B480D961B7CF0509D597A92D6] () C:\Windows\System32\Drivers\etc\services
2018-02-20 02:01 - 2018-02-25 16:25 - 000000000 ____D [00000000000000000000000000000000] () C:\Windows\System32\Drivers\NVIDIA Corporation
2009-07-13 21:20 - 2018-02-22 16:28 - 000000000 ____D [00000000000000000000000000000000] () C:\Windows\System32\Drivers\UMDF
2009-07-13 18:21 - 2009-07-13 19:41 - 000299520 ____A [91D6F0AB79AA36FFB932157865206F35] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\WpdFs.dll
2010-11-21 01:06 - 2010-11-21 01:06 - 000000000 ____D [00000000000000000000000000000000] () C:\Windows\System32\Drivers\UMDF\en-US
2010-11-21 01:06 - 2010-11-21 01:06 - 000002560 ____A [5D15B0705E707F02D71B9547007D2727] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\WpdMtpDr.dll.mui
2010-11-21 01:06 - 2010-11-21 01:06 - 000006144 ____A [930D103D5C3BE0F6074C67C0F3296602] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\WUDFUsbccidDriver.dll.mui

====== End of Folder: ======

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-850179344-2096929474-2670164669-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully
"HKU\S-1-5-21-850179344-2096929474-2670164669-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-850179344-2096929474-2670164669-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset C:\resettcpip.txt =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Route, OK!
Reseting Subinterface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========


========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{0FDFAF98-9F2E-4B27-B83B-54D583B84033} canceled.
{943819BC-0425-4514-869F-A2FD1E05CD80} canceled.
2 out of 2 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5166441 B
Java, Flash, Steam htmlcache => 12300873 B
Windows/system/drivers => 10269 B
Edge => 0 B
Chrome => 0 B
Firefox => 25753570 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33058 B
systemprofile32 => 33125 B
LocalService => 33058 B
NetworkService => 33058 B
Matt => 5301322 B
MattR => 157682 B

RecycleBin => 0 B
EmptyTemp: => 54.6 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 02-03-2018 12:27:07)


Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34CBC96C-451E-4118-B06B-8F9409BDF87F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC9_PerformanceMonitor => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9ACF8DDF-E761-45B1-919F-C89B8441B3ED} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9ACF8DDF-E761-45B1-919F-C89B8441B3ED} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4BAF3C5F-711A-36E0-612F-3E2E92AD7FF4}\Telahuton => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7D0210C-178D-4B3F-908A-AF0D03D6B518}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7D0210C-178D-4B3F-908A-AF0D03D6B518}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B3C42A46-EC4E-4DED-9D2B-5E530AD3191C}" => removed successfully

==== End of Fixlog 12:27:07 ====


Then here's the malwarebytes scan results which detected nothing

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/2/18
Scan Time: 12:28 PM
Log File: 928ae6c1-1e47-11e8-bcca-0090f5fac7a3.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.4174
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Matt-PC\Matt

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 251476
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 0 min, 34 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)



#8 nyprican

nyprican
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 02 March 2018 - 01:33 PM

Oh I think it fixed it! Those processes are no longer running and the file has been deleted!



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,814 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:25 PM

Posted 02 March 2018 - 03:00 PM

Good! Now let's do a sweep with RogueKiller and AdwCleaner.

RQKuhw1.pngRogueKiller

  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

Your next reply(ies) should therefore contain:

  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 nyprican

nyprican
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 02 March 2018 - 03:49 PM

Ok did both scans here's the logs:

 

RogueKiller V12.12.6.0 (x64) [Feb 26 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Matt [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 03/02/2018 14:14:54 (Duration : 00:07:25)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 1 ¤¤¤
[PUP.ByteFence|PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\ByteFence -> Deleted

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[PUP.Amonetize][File] C:\Program Files\Windows NT\DZCOOWTVPP\BZDSEEBSMJ.exe -> Deleted
[Adw.Wizzcaster|Adw.HandlerExecution][File] C:\Program Files\Windows NT\DZCOOWTVPP\UMHBORGNAD.exe -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPKX-60HPJ SCSI Disk Device +++++
--- User ---
[MBR] 4ce2aea966b5302d8dc37828fa879f0f
[BSP] 17b52479793d85d08716c35f41b54c32 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 695378 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 1424136192 | Size: 14677 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1454194688 | Size: 5346 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Crucial_ CT120M500SSD3 SCSI Disk Device +++++
--- User ---
[MBR] 2f938a38ec9d40652b950ac8b049c99a
[BSP] f5726a62e2f8251fcff224d50e09cfd8 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 114471 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

 


# AdwCleaner 7.0.8.0 - Logfile created on Fri Mar 02 20:26:01 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted: C:\Users\Matt\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted: C:\Users\Matt\AppData\Roaming\IObit\Advanced SystemCare


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [7296 B] - [2018/3/1 2:56:53]
C:/AdwCleaner/AdwCleaner[S0].txt - [8597 B] - [2018/3/1 2:52:58]
C:/AdwCleaner/AdwCleaner[S1].txt - [1480 B] - [2018/3/2 20:25:22]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########



#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,814 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:25 PM

Posted 02 March 2018 - 07:24 PM

How is the computer doing?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 nyprican

nyprican
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 02 March 2018 - 08:51 PM

The computer is doing great! No more weird processes running or anything taking up my CPU. I appreciate your volunteer help a ton, I don't think I'd ever have had it fixed without your help haha. The thread can be closed now :)



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,814 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:25 PM

Posted 03 March 2018 - 09:55 AM

Congratulations.

 

Use this application to remove quarantined items and tools used.

 

Please download DelFix by Xplode and save to your Desktop.

  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)

 

Since there are no signs of infection anymore in your logs I guess we're done here.
 
Windows Updates
 
Keeping Windows up to date is one of the first steps in having a safe and secure system.


Keeping your programs up-to-date
 
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:

As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.
 
Other recommendations
 
It's your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.
Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :

Best regards. :)


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,814 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:25 PM

Posted 03 March 2018 - 09:56 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users