Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue Killer Detects 74 items


  • This topic is locked This topic is locked
11 replies to this topic

#1 Michael Ortega

Michael Ortega

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:39 PM

Posted 22 April 2018 - 12:10 PM

Which ones do I delete?

 

  RogueKiller V12.11.7.0 (x64) [Jul 17 2017] (Free) by Adlice Software

 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Michael [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 04/22/2018 08:30:44 (Duration : 00:25:29)
 
¤¤¤ Processes : 72 ¤¤¤
[Proc.Injected] smss.exe(368) -- C:\Windows\System32\smss.exe[7] -> Found
[Proc.Injected] csrss.exe(520) -- C:\Windows\System32\csrss.exe[7] -> Found
[Proc.Injected] wininit.exe(596) -- C:\Windows\System32\wininit.exe[7] -> Found
[Proc.Injected] csrss.exe(616) -- C:\Windows\System32\csrss.exe[7] -> Found
[Proc.Injected] services.exe(652) -- C:\Windows\System32\services.exe[7] -> Found
[Proc.Injected] lsass.exe(676) -- C:\Windows\System32\lsass.exe[7] -> Found
[Proc.Injected] lsm.exe(688) -- C:\Windows\System32\lsm.exe[7] -> Found
[Proc.Injected] winlogon.exe(780) -- C:\Windows\System32\winlogon.exe[7] -> Found
[Proc.Injected] svchost.exe(844) -- C:\Windows\System32\svchost.exe[7] -> Found
[Proc.Injected] SpyShelterSrv.exe(908) -- C:\Program Files (x86)\SpyShelter Premium\SpyShelterSrv.exe[7] -> Found
[Proc.Injected] nvvsvc.exe(928) -- C:\Windows\System32\nvvsvc.exe[7] -> Found
[Proc.Injected] nvSCPAPISvr.exe(952) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[7] -> Found
[Proc.Injected] svchost.exe(996) -- C:\Windows\System32\svchost.exe[7] -> Found
[Proc.Injected] svchost.exe(456) -- C:\Windows\System32\svchost.exe[7] -> Found
[Proc.Injected] svchost.exe(536) -- C:\Windows\System32\svchost.exe[7] -> Found
[Proc.Injected] svchost.exe(744) -- C:\Windows\System32\svchost.exe[7] -> Found
[Proc.Injected] svchost.exe(1140) -- C:\Windows\System32\svchost.exe[7] -> Found
[Proc.Injected] svchost.exe(1232) -- C:\Windows\System32\svchost.exe[7] -> Found
[Proc.Injected] svchost.exe(1384) -- C:\Windows\System32\svchost.exe[7] -> Found
[Proc.Injected] nvxdsync.exe(1416) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7] -> Found
[Proc.Injected] nvvsvc.exe(1428) -- C:\Windows\System32\nvvsvc.exe[7] -> Found
[Proc.Injected] spoolsv.exe(1692) -- C:\Windows\System32\spoolsv.exe[7] -> Found
[Proc.Injected] armsvc.exe(1804) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[7] -> Found
[Proc.Injected] svchost.exe(1828) -- C:\Windows\System32\svchost.exe[7] -> Found
[Proc.Injected] AppleMobileDeviceService.exe(1892) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[7] -> Found
[Proc.Injected] mDNSResponder.exe(1940) -- C:\Program Files\Bonjour\mDNSResponder.exe[7] -> Found
[Proc.Injected] CISVC.EXE(1972) -- C:\Windows\System32\CISVC.EXE[7] -> Found
[Proc.Injected] svchost.exe(2000) -- C:\Windows\System32\svchost.exe[7] -> Found
[Proc.Injected] dragon_updater.exe(2036) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe[7] -> Found
[Proc.Injected] svchost.exe(492) -- C:\Windows\System32\svchost.exe[7] -> Found
[Proc.Injected] HPSupportSolutionsFrameworkService.exe(2068) -- C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe[7] -> Found
[Proc.Injected] HeciServer.exe(2264) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe[7] -> Found
[Proc.Injected] IntelMeFWService.exe(2296) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe[7] -> Found
[Proc.Injected] Jhi_service.exe(2324) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[7] -> Found
[Proc.Injected] MSCamS64.exe(2352) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe[7] -> Found
[Proc.Injected] snmp.exe(2444) -- C:\Windows\System32\snmp.exe[7] -> Found
[Proc.Injected] svchost.exe(2520) -- C:\Windows\System32\svchost.exe[7] -> Found
[Proc.Injected] ViakaraokeSrv.exe(2644) -- C:\Windows\System32\viakaraokesrv.exe[7] -> Found
[Proc.Injected] AppSrv.exe(2728) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe[-] -> Found
[Root.Wajam|Adw.Elex|Proc.Injected] svchost.exe(2796) -- C:\Windows\System32\svchost.exe[7] -> Found
[Proc.Injected] DMAgent.exe(2968) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe[-] -> Found
[Proc.Injected] taskhost.exe(3580) -- C:\Windows\System32\taskhost.exe[7] -> Found
[Proc.Injected] taskeng.exe(3608) -- C:\Windows\System32\taskeng.exe[7] -> Found
[Proc.Injected] SpyShelter.exe(3620) -- C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe[7] -> Found
[Proc.Injected] taskeng.exe(3752) -- C:\Windows\System32\taskeng.exe[7] -> Found
[Proc.Injected] dwm.exe(3848) -- C:\Windows\System32\dwm.exe[7] -> Found
[Proc.Injected] svchost.exe(3972) -- C:\Windows\System32\svchost.exe[7] -> Found
[Proc.Injected] svchost.exe(2680) -- C:\Windows\System32\svchost.exe[7] -> Found
[Proc.Injected] rundll32.exe(3924) -- C:\Windows\System32\rundll32.exe[7] -> Found
[Proc.Injected] AmIcoSinglun64.exe(4092) -- C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[-] -> Found
[Proc.Injected] iTunesHelper.exe(2880) -- C:\Program Files\iTunes\iTunesHelper.exe[7] -> Found
[Proc.Injected] VDeck.exe(3488) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[7] -> Found
[Proc.Injected] iusb3mon.exe(3768) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[7] -> Found
[Proc.Injected] CCleaner64.exe(4104) -- C:\Program Files\CCleaner\CCleaner64.exe[7] -> Found
[Proc.Injected] nvtray.exe(4400) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7] -> Found
[Proc.Injected] iPodService.exe(4728) -- C:\Program Files\iPod\bin\iPodService.exe[7] -> Found
[Proc.Injected] wmpnetwk.exe(4792) -- C:\Program Files\Windows Media Player\wmpnetwk.exe[7] -> Found
[Proc.Injected] OSPPSVC.EXE(2708) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[7] -> Found
[Proc.Injected] LMS.exe(4884) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[7] -> Found
[Proc.Injected] UNS.exe(3504) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[7] -> Found
[Proc.Injected] dragon.exe(2672) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe[7] -> Found
[Proc.Injected] dragon.exe(4700) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe[7] -> Found
[Proc.Injected] dragon.exe(5084) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe[7] -> Found
[Proc.Injected] dragon.exe(4756) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe[7] -> Found
[Proc.Injected] dragon.exe(1652) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe[7] -> Found
[Proc.Injected] dragon.exe(1076) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe[7] -> Found
[Proc.Injected] dragon.exe(4948) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe[7] -> Found
[Proc.Injected] dragon.exe(2236) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe[7] -> Found
[Proc.Injected] dragon.exe(4676) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe[7] -> Found
[Proc.Injected] dragon.exe(2196) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe[7] -> Found
[Proc.Injected] AAM Updates Notifier.exe(4692) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[7] -> Found
[Proc.Injected] taskhost.exe(3548) -- C:\Windows\System32\taskhost.exe[7] -> Found
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 1 ¤¤¤
[PUP.Gen1][Folder] C:\Users\Michael\AppData\Local\Free YouTube Downloader -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x10000]) ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [yahoo.com] -> Found
 
¤¤¤ MBR Check : ¤¤¤
 


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:39 AM

Posted 22 April 2018 - 08:57 PM

None. These are legit files, but seems to be injected by a virus.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Michael Ortega

Michael Ortega
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:39 PM

Posted 23 April 2018 - 12:19 AM

Thanks! Here you go!
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22.04.2018 01
Ran by Michael (administrator) on MICHAEL-PC (22-04-2018 21:14:46)
Running from C:\Users\Michael\Downloads
Loaded Profiles: Michael & Scrub (Available Profiles: Michael & UpdatusUser & Scrub & Classic .NET AppPool & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: "C:\Program Files (x86)\Comodo\Dragon\dragon.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Datpol) C:\Program Files (x86)\SpyShelter Premium\SpyShelterSrv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Adobe Systems, Inc.) C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Datpol) C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Google Inc.) C:\Users\Scrub\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [373248 2012-03-28] (Alcor Micro Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-04-08] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [178848 2012-07-17] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328064 2012-09-14] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5256336 2012-07-11] (VIA)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-07] (Intel Corporation)
HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
HKU\S-1-5-21-1827762118-2228905662-1016877455-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
HKU\S-1-5-21-1827762118-2228905662-1016877455-1004\...\Run: [Google Update] => C:\Users\Scrub\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-16] (Google Inc.)
HKU\S-1-5-21-1827762118-2228905662-1016877455-1004\...\Run: [AdobeBridge] => C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe [12008296 2011-03-02] (Adobe Systems, Inc.)
HKU\S-1-5-21-1827762118-2228905662-1016877455-1004\...\Run: [Windows Media Center] => RunDLL32.exe C:\Windows\ehome\ehuihlp.dll,BootMediaCenter
BootExecute: autocheck autochk /r \??\E:autocheck autochk * 
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{61E47C75-AC17-423F-A637-DBA446C93C16}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.yahoo.com/?fr=fp-comodo&type=19_25050030005_63.0.3239.108_i_hp_sp
HKU\S-1-5-21-1827762118-2228905662-1016877455-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000 -> {0526109F-9D89-42C1-BBDE-94BE0850259F} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=19_25050030005_63.0.3239.108_i_ds_sp&p={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1827762118-2228905662-1016877455-1004 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\syswow64\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\syswow64\urlmon.dll [2015-12-10] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\jge0jr5t.default-1466782873907 [2018-04-22]
FF NewTabOverride: Mozilla\Firefox\Profiles\jge0jr5t.default-1466782873907 -> Disabled: {f8bc456c-0fb4-4d5d-a85f-dfeb25459e76}
FF Extension: (Nimbus Screen Capture) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\jge0jr5t.default-1466782873907\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2017-09-07]
FF Extension: (Shortly URL Shortner) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\jge0jr5t.default-1466782873907\Extensions\shortly@aloshbennett.in.xpi [2016-06-27] [Legacy]
FF Extension: (YouTube High Definition) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\jge0jr5t.default-1466782873907\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2018-02-01]
FF Extension: (MyPrivateSearch) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\jge0jr5t.default-1466782873907\Extensions\{f8bc456c-0fb4-4d5d-a85f-dfeb25459e76}.xpi [2017-11-15]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-10-27] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-10-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-10-07] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-10] (NVIDIA Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-1827762118-2228905662-1016877455-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Michael\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1411300-0-npoctoshape.dll [2014-11-30] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-1827762118-2228905662-1016877455-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1827762118-2228905662-1016877455-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1827762118-2228905662-1016877455-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-11-17] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1827762118-2228905662-1016877455-1004: @tools.google.com/Google Update;version=3 -> C:\Users\Scrub\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1827762118-2228905662-1016877455-1004: @tools.google.com/Google Update;version=9 -> C:\Users\Scrub\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Michael\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-06-24] (Octoshape ApS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> mail.ru/cnt/11956636?rciguc__PARAM__
CHR StartupUrls: Default -> "hxxps://us.yahoo.com/?fr=fpc-comodo&type=19_25050030006_63.0.3239.108_i_hp_sp"
CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=19_25050030006_63.0.3239.108_i_ds_sp&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default [2018-04-21]
CHR Extension: (Slides) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-22]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-22]
CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-22]
CHR Extension: (Adobe Acrobat) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-12]
CHR Extension: (EarthViewer) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\emgifojgfignanpkhcigcbfjlfndkmkb [2016-06-30]
CHR Extension: (Google Sheets) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-11]
CHR Extension: (Google Docs Offline) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-24]
CHR Extension: (goo.gl URL Shortener (Unofficial)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2017-07-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-26]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-10]
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\System Profile [2018-04-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.ZRFUKBGQPRMBRKHCRSIOZD64ZY - C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-04-13] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc.)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [498688 2011-06-14] (Red Bend Ltd.) [File not signed]
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2272520 2018-02-23] (Comodo)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2014-11-21] (Microsoft Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
R2 SpyShelterSrv; C:\Program Files (x86)\SpyShelter Premium\SpyShelterSrv.exe [61136 2018-04-10] (Datpol)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [6245744 2010-03-08] (Wacom Technology, Corp.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-07-06] (VIA Technologies, Inc.)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [986112 2011-06-14] (Intel® Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
S3 BEHRINGER_2902; C:\Windows\System32\Drivers\BUSB2902.sys [460864 2009-10-30] (BEHRINGER)
S3 BUSB_AUDIO_WDM; C:\Windows\System32\drivers\busbwdm.sys [49728 2009-10-30] (BEHRINGER)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Spyshelter; C:\Program Files (x86)\SpyShelter Premium\SpyShelter.sys [1857832 2018-04-10] (SpyShelter)
R1 SpyshelterKb; C:\Program Files (x86)\SpyShelter Premium\SpyshelterKb.sys [877352 2018-04-10] (SpyShelter)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-04-22] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-16] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 WacHidRouterPro; system32\DRIVERS\wachidrouter.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-22 21:13 - 2018-04-22 21:13 - 002404864 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2018-04-21 22:35 - 2018-04-21 22:35 - 000001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-04-21 22:35 - 2018-04-21 22:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-04-21 22:35 - 2018-04-21 22:35 - 000000000 ____D C:\Program Files\iPod
2018-04-21 22:33 - 2018-04-21 22:35 - 000000000 ____D C:\Program Files\iTunes
2018-04-21 22:29 - 2018-04-21 22:29 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2018-04-21 11:38 - 2018-04-21 11:39 - 004929384 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-21 09:51 - 2018-04-21 09:51 - 000098136 _____ C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-20 12:00 - 2018-04-20 12:00 - 000045228 _____ C:\Users\Michael\Downloads\KAREN ORTEGA_health-summary-04102017(2).pdf
2018-04-20 11:59 - 2018-04-20 11:59 - 000046584 _____ C:\Users\Michael\Downloads\KAREN ORTEGA_health-summary-06072017(1).pdf
2018-04-20 11:59 - 2018-04-20 11:59 - 000045725 _____ C:\Users\Michael\Downloads\KAREN ORTEGA_health-summary-06012017(1).pdf
2018-04-20 11:58 - 2018-04-20 11:58 - 000048582 _____ C:\Users\Michael\Downloads\KAREN ORTEGA_health-summary-06212017.pdf
2018-04-20 11:58 - 2018-04-20 11:58 - 000042642 _____ C:\Users\Michael\Downloads\KAREN ORTEGA_health-summary-06142017(1).pdf
2018-04-20 11:57 - 2018-04-20 11:58 - 000048927 _____ C:\Users\Michael\Downloads\KAREN ORTEGA_health-summary-09272017.pdf
2018-04-20 11:57 - 2018-04-20 11:57 - 000055145 _____ C:\Users\Michael\Downloads\KAREN ORTEGA_health-summary-11022017.pdf
2018-04-20 11:57 - 2018-04-20 11:57 - 000045737 _____ C:\Users\Michael\Downloads\KAREN ORTEGA_health-summary-02212018.pdf
2018-04-19 16:40 - 2018-04-19 16:40 - 000000000 ____D C:\Users\Scrub\AppData\Roaming\Nik Software
2018-04-15 00:28 - 2018-04-15 00:28 - 000000000 ____D C:\ProgramData\MB2Migration
2018-04-13 17:03 - 2018-04-13 17:04 - 000000000 ____D C:\Users\Scrub\AppData\Local\Free YouTube Downloader
2018-04-13 17:03 - 2018-04-13 17:03 - 000000000 __SHD C:\Users\Scrub\AppData\Local\ms-drivers
2018-04-13 17:03 - 2018-04-13 17:03 - 000000000 __SHD C:\Users\Scrub\AppData\Local\icsxml
2018-04-13 15:42 - 2018-04-13 15:42 - 000098136 _____ C:\Users\Scrub\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-12 17:08 - 2018-04-12 17:14 - 034838360 _____ (Digital Wave Ltd ) C:\Users\Michael\Downloads\FreeYouTubeDownload_4.1.74.405_o.exe
2018-04-12 17:02 - 2018-04-12 17:02 - 000000000 ____D C:\Users\Michael\AppData\Roaming\Vitzo
2018-04-12 16:56 - 2018-04-12 17:24 - 000000000 ____D C:\Users\Michael\AppData\Local\Free YouTube Downloader
2018-04-12 16:56 - 2018-04-12 16:56 - 000001256 _____ C:\Users\Public\Desktop\Free YouTube Downloader.lnk
2018-04-12 16:56 - 2018-04-12 16:56 - 000000000 __SHD C:\Users\Michael\AppData\Local\ms-drivers
2018-04-12 16:56 - 2018-04-12 16:56 - 000000000 __SHD C:\Users\Michael\AppData\Local\icsxml
2018-04-12 16:56 - 2018-04-12 16:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Downloader
2018-04-12 16:56 - 2018-04-12 16:56 - 000000000 ____D C:\Program Files (x86)\YouTube Downloader
2018-04-12 16:51 - 2018-04-12 16:55 - 017887920 _____ (HOW Inc. ) C:\Users\Michael\Downloads\YouTubeDownloaderSetup.exe
2018-04-12 16:41 - 2018-04-12 16:41 - 000000000 ____D C:\Users\Michael\AppData\Local\{0F376500-DFBE-47DE-A1F0-B86761A82BF2}
2018-04-12 16:34 - 2018-04-12 16:38 - 031319072 _____ ( ) C:\Users\Michael\Downloads\UmmyVD_setup-[ab385e73430b26804f94d9ff5e81ed05#148#yt-XfR9iY5y94s].exe
2018-04-11 19:22 - 2018-04-11 19:22 - 000072108 _____ C:\Users\Michael\Downloads\f8965.pdf
2018-04-11 19:18 - 2018-04-11 19:18 - 000315809 _____ C:\Users\Michael\Downloads\f1095b(1).pdf
2018-04-11 19:03 - 2018-04-11 19:04 - 000071374 _____ C:\Users\Michael\Downloads\f5405.pdf
2018-04-11 17:40 - 2018-04-11 17:41 - 002924100 _____ C:\Users\Michael\Downloads\JC0060020 Ortega(2).pdf
2018-04-11 16:59 - 2018-04-11 17:00 - 002924100 _____ C:\Users\Michael\Downloads\JC0060020 Ortega(1).pdf
2018-04-11 11:53 - 2018-04-11 11:53 - 000001091 _____ C:\Users\Public\Desktop\SpyShelter Premium.lnk
2018-04-11 11:53 - 2018-04-11 11:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyShelter
2018-04-11 11:47 - 2018-04-11 11:48 - 010482712 _____ (Datpol ) C:\Users\Michael\Downloads\premiumsetup (3).exe
2018-04-11 11:45 - 2018-04-11 11:46 - 010482712 _____ (Datpol ) C:\Users\Michael\Downloads\premiumsetup (2).exe
2018-04-08 14:17 - 2018-04-17 18:28 - 000000000 ____D C:\Users\Scrub\Desktop\iTunes Crash Logs
2018-04-04 14:19 - 2018-04-04 14:19 - 008222496 _____ (Malwarebytes) C:\Users\Michael\Downloads\adwcleaner_7.0.8.0.exe
2018-03-30 12:54 - 2018-03-30 12:54 - 000148617 _____ C:\Users\Michael\Downloads\document(3).pdf
2018-03-29 18:55 - 2018-03-29 18:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2018-03-29 18:55 - 2018-03-29 18:55 - 000000000 ____D C:\Program Files (x86)\Comodo
2018-03-29 18:53 - 2018-03-29 18:54 - 072990408 _____ (Comodo) C:\Users\Michael\Downloads\dragonsetup.exe
2018-03-29 14:34 - 2018-03-29 14:35 - 070332736 _____ C:\Users\Michael\Downloads\DJ3520_1315-1(1).exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-22 21:15 - 2016-08-31 09:03 - 000023649 _____ C:\Users\Michael\Downloads\FRST.txt
2018-04-22 21:15 - 2009-07-13 20:45 - 000028144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-22 21:15 - 2009-07-13 20:45 - 000028144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-22 21:14 - 2016-08-31 09:02 - 000000000 ____D C:\FRST
2018-04-22 12:07 - 2009-07-13 21:13 - 000832650 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-22 12:07 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2018-04-22 12:02 - 2014-12-11 19:04 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-22 12:02 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-22 08:30 - 2015-05-02 15:01 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-04-21 22:38 - 2014-11-27 16:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2018-04-21 22:36 - 2016-10-30 08:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-04-21 22:31 - 2016-11-19 09:06 - 000000000 ____D C:\Users\Michael\AppData\LocalLow\Mozilla
2018-04-21 22:29 - 2017-07-19 11:29 - 000000000 ____D C:\Windows\System32\Tasks\Apple
2018-04-21 22:29 - 2014-12-02 16:15 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2018-04-21 22:20 - 2018-03-07 16:42 - 000000000 ____D C:\Program Files\Tablet
2018-04-21 22:16 - 2015-04-26 14:58 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-21 22:13 - 2014-11-28 17:25 - 000000000 ____D C:\Program Files (x86)\Audacity
2018-04-21 11:58 - 2017-11-09 11:14 - 000000000 ____D C:\Users\Scrub\AppData\LocalLow\Mozilla
2018-04-21 09:54 - 2014-11-24 16:05 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-04-21 09:01 - 2017-04-19 20:23 - 000000000 ____D C:\Users\Michael\AppData\Roaming\vlc
2018-04-19 16:54 - 2015-03-25 10:51 - 000000000 ____D C:\Users\Scrub\AppData\Roaming\Adobe
2018-04-18 17:57 - 2016-04-28 17:01 - 000023040 _____ C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-04-17 18:42 - 2015-03-25 11:30 - 000000000 ____D C:\Users\Scrub\AppData\Local\CrashDumps
2018-04-15 23:17 - 2015-01-27 22:44 - 000000000 ____D C:\Users\Michael\AppData\Local\CrashDumps
2018-04-15 00:28 - 2016-05-21 15:30 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-04-15 00:24 - 2015-12-27 22:21 - 000000000 ____D C:\Users\Michael\Downloads\Security
2018-04-12 19:49 - 2014-12-13 21:04 - 000000132 _____ C:\Users\Michael\AppData\Roaming\Adobe BMP Format CS5 Prefs
2018-04-11 13:58 - 2015-05-18 18:00 - 000000132 _____ C:\Users\Michael\AppData\Roaming\Adobe PNG Format CS5 Prefs
2018-04-11 11:54 - 2015-01-27 21:21 - 000000000 ____D C:\Program Files (x86)\SpyShelter Premium
2018-04-04 14:20 - 2016-01-14 10:35 - 000000000 ____D C:\AdwCleaner
2018-03-24 14:23 - 2017-03-25 11:39 - 000002423 _____ C:\Users\Scrub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-24 14:23 - 2017-03-25 11:39 - 000002386 _____ C:\Users\Scrub\Desktop\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2014-12-13 21:04 - 2018-04-12 19:49 - 000000132 _____ () C:\Users\Michael\AppData\Roaming\Adobe BMP Format CS5 Prefs
2015-11-05 22:01 - 2015-11-05 22:01 - 000000132 _____ () C:\Users\Michael\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2015-05-18 18:00 - 2018-04-11 13:58 - 000000132 _____ () C:\Users\Michael\AppData\Roaming\Adobe PNG Format CS5 Prefs
2017-09-21 16:39 - 2017-09-21 16:39 - 000001456 _____ () C:\Users\Michael\AppData\Local\Adobe Save for Web 12.0 Prefs
2016-04-28 17:01 - 2018-04-18 17:57 - 000023040 _____ () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-09 10:43 - 2015-10-09 10:43 - 000007633 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
2015-04-22 10:56 - 2015-04-22 10:56 - 000000000 _____ () C:\Users\Michael\AppData\Local\{030BEF1C-EB57-4A72-B894-A2479E90FFEA}
 
Some files in TEMP:
====================
2018-04-21 23:41 - 2016-04-08 22:59 - 001732864 _____ (Microsoft Corporation) C:\Users\Michael\AppData\Local\Temp\dllnt_dump.dll
2018-04-21 22:18 - 2010-01-09 22:18 - 000149352 _____ (Microsoft Corporation) C:\Users\Michael\AppData\Local\Temp\ose00000.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. 
 
LastRegBack: 2018-04-18 01:50
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22.04.2018 01
Ran by Michael (22-04-2018 21:15:38)
Running from C:\Users\Michael\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-12-12 03:53:17)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1827762118-2228905662-1016877455-500 - Administrator - Disabled)
Guest (S-1-5-21-1827762118-2228905662-1016877455-501 - Limited - Disabled)
Michael (S-1-5-21-1827762118-2228905662-1016877455-1000 - Administrator - Enabled) => C:\Users\Michael
Scrub (S-1-5-21-1827762118-2228905662-1016877455-1004 - Limited - Enabled) => C:\Users\Scrub
UpdatusUser (S-1-5-21-1827762118-2228905662-1016877455-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
$APPNAME> 2.31 (HKLM-x32\...\Bytescout XLS Viewer_is1) (Version: 2.31 - Bytescout Software)
Actron Scanning Suite (HKLM-x32\...\{7572B8A1-72A2-448E-8F69-1A3506800D67}) (Version: 4.000.0025 - Actron)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Design Premium (HKLM-x32\...\{60E59A6C-7399-495A-B85C-C829F4E59602}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Production Premium (HKLM-x32\...\{F3E41C2A-3A29-476D-9685-3F8055AF696A}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Alcor Micro USB Card Reader (HKLM-x32\...\{29499A4D-0742-4B73-B982-5049775F1F66}) (Version: 3.1.142.60386 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.1.142.60386 - Alcor Micro Corp.)
Amazon Kindle (HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\...\Amazon Kindle) (Version: 1.17.0.44170 - Amazon)
Anime Studio Debut 10.1.3 (HKLM-x32\...\ASD1013_is1) (Version: 10.1.3 - Smith Micro Software, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9E005AAA-81A3-478E-8944-532D350952EE}) (Version: 11.3.1.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.13 - ASUS)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.8.8 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BEHRINGER USB AUDIO DRIVER (HKLM\...\USB_AUDIO_DEusb-audio.deBehringer2902) (Version:  - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
CLIP STUDIO PAINT (HKLM-x32\...\{E4F184C1-E62E-44F0-B142-AB6197490834}) (Version: 1.3.8 - CELSYS)
Color Efex Pro 3.0 Wacom Edition 6 (HKLM-x32\...\Color Efex Pro 3.0 Wacom Edition 6 Stand-Alone) (Version: 3.1.1.1 - Nik Software, Inc.)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 63.0.3239.108 - Comodo)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DJ3520FWUpdateAlert (HKLM-x32\...\{42812A46-01AB-466D-A5DB-03050C64AF82}) (Version: 2.00.0000 - HP) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FastStone Image Viewer 6.3 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.3 - FastStone Soft)
Google Chrome (HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Chrome (HKU\S-1-5-21-1827762118-2228905662-1016877455-1004\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
HP Deskjet 3520 series Basic Device Software (HKLM\...\{A0A03B53-927D-4454-A456-CB0A72A4912F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Help (HKLM-x32\...\{C13E1F46-84FE-4D3B-8581-0F2F624C7EEC}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Product Improvement Study (HKLM\...\{14ABDFC2-491B-4AF0-8134-CC5596D0EF57}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
Infinite HD™ App (HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5C1DA3D9-F590-4317-A4FB-274F658E504B}) (Version: 6.05.0000 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{3D8C6B05-FE24-4B9C-A57C-B8E1FA39E83D}) (Version: 12.7.4.80 - Apple Inc.)
LG Bridge (HKLM-x32\...\LG Bridge) (Version: 1.2.12 - LG Electronics)
LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.25.20150529 - LG Electronics)
LG United Mobile Drivers (HKLM-x32\...\{4DE95ED9-0A29-4C4F-8463-35857CF9BA36}) (Version: 3.14.1 - LG Electronics)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Access 2010 (HKLM-x32\...\Office14.AccessR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Power Data Recovery (HKLM-x32\...\MiniTool Power Data Recovery_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
NVIDIA 3D Vision Driver 311.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.00 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.00 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) Hidden
PxMergeModule (HKLM-x32\...\{024521CF-C07E-4F8E-8481-0D75695E03AF}) (Version: 1.00.0000 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RogueKiller version 12.11.7.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.7.0 - Adlice Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Seterra 4.04 (HKLM-x32\...\{7C7C274C-DBC8-47FE-923F-9AAD59A4F9F4}}_is1) (Version: 4.04 - Marianne Wartoft AB)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SpyShelter Premium 10.9.8 (HKLM\...\Spyshelter_is1) (Version: 10.9.8 - Datpol)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
Tracktion (HKLM-x32\...\Tracktion4) (Version:  - )
Tracktion 5 (HKLM\...\Tracktion 5) (Version: 5.0.10.0 - Tracktion Software Corp.)
Unity Web Player (HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\...\UnityWebPlayer) (Version: 4.6.4f1 - Unity Technologies ApS)
VC_CRT_x64 (HKLM\...\{54F2237F-018C-483B-8884-9FC0D88840C3}) (Version: 1.02.0000 - Intel Corporation) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Window Drive Manager (HKLM-x32\...\Window Drive Manager) (Version: 1.56 - Slideway Inc.)
Windows Driver Package - FTDI CDM Driver Package (07/12/2010 2.08.02) (HKLM\...\7A3873EEB4807FBDE9271D1C3DA50F100D5B8A7D) (Version: 07/12/2010 2.08.02 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (07/12/2010 2.08.02) (HKLM\...\C6554C9DFBD939292E343034D2836B952A9D4B66) (Version: 07/12/2010 2.08.02 - FTDI)
Windows Driver Package - SPX Service Solutions, Inc (usbser) Ports  (01/07/2010 2.0.0) (HKLM\...\BA81E6D589C849EA72D1C2CF16057B36C83BAEA8) (Version: 01/07/2010 2.0.0 - SPX Service Solutions, Inc)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.32 - ASUS)
YouTube Downloader 4.3.927 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1004_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Scrub\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1004_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Scrub\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1004_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Scrub\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1004_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Scrub\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Scrub\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => ContextMenu64.dll -> No File
ContextMenuHandlers1: [SpyshelterExt] -> {030D32F7-BF26-40a2-AB44-A34E78908701} => C:\Windows\system32\SpyShelterShellExt.dll [2017-08-29] (Datpol)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers2: [SpyshelterExt] -> {030D32F7-BF26-40a2-AB44-A34E78908701} => C:\Windows\system32\SpyShelterShellExt.dll [2017-08-29] (Datpol)
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4: [SpyshelterExt] -> {030D32F7-BF26-40a2-AB44-A34E78908701} => C:\Windows\system32\SpyShelterShellExt.dll [2017-08-29] (Datpol)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-01-10] (NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => ContextMenu64.dll -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {060DB089-6283-45CF-A71F-FF00AABD5AB3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1827762118-2228905662-1016877455-1004Core => C:\Users\Scrub\AppData\Local\Google\Update\GoogleUpdate.exe [2017-03-25] (Google Inc.)
Task: {1A2577B7-4A92-4911-96BE-3D7CBDBF528D} - System32\Tasks\Opera scheduled Autoupdate 1417738648 => C:\Program Files (x86)\Opera\launcher.exe
Task: {1A32DBAF-36A9-4A6B-86F6-4B54384A3C79} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {26A0E188-DD94-4197-A57C-BE5AC1E6746D} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {274B647E-D364-4646-90A6-6EC1F0D5C0C8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {274B647E-D364-4646-90A6-6EC1F0D5C0C8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {274B647E-D364-4646-90A6-6EC1F0D5C0C8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
Task: {2833E710-EDE5-484D-A424-91BA9901F2EF} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {2833E710-EDE5-484D-A424-91BA9901F2EF} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
Task: {3B631A38-1BE4-4E23-848D-2C86C0F50D35} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-10-18] (Piriform Ltd)
Task: {4923A4D6-3C13-426F-9BC1-D8CE3F02EC3D} - System32\Tasks\ASUS Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2012-07-10] (ASUSTeK Computer Inc.)
Task: {5428510E-4376-485E-BA18-9D265237B42D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1827762118-2228905662-1016877455-1000Core => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {557DDB83-3DD9-4EB9-9FD6-4E5DEA8B13FC} - System32\Tasks\{EA33A4ED-25CE-4B87-B878-26FF8B1E6E45} => "c:\users\michael\appdata\local\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.37.0.103/en/abandoninstall?page=tsMain
Task: {5942DBA4-B34A-473B-BB98-F878C13A5808} - System32\Tasks\{A62B2A98-1605-4FBF-A15C-D30A07D338CF} => C:\Windows\system32\pcalua.exe -a C:\Users\Michael\AppData\Local\Temp\Temp2_MEI_Intel_Win7_64_Z8031427.zip\setup.exe <==== ATTENTION
Task: {59DA36D4-7DB6-4FA4-B696-B87CCD4D61E5} - System32\Tasks\HPCustParticipation HP Deskjet 3520 series => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {60B1700B-A652-40F0-B399-193653A35ACE} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-09-14] (ASUSTek Computer Inc.)
Task: {76F7A8BB-FAD1-4109-8AE1-92FC098E690B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1827762118-2228905662-1016877455-1004UA => C:\Users\Scrub\AppData\Local\Google\Update\GoogleUpdate.exe [2017-03-25] (Google Inc.)
Task: {88E2AF89-F57A-419B-9503-5F0977704E0D} - System32\Tasks\{1339ADD2-521B-44C9-B73D-DC1119D7F109} => C:\Windows\system32\pcalua.exe -a C:\Users\Michael\AppData\Local\Temp\Temp1_Wireless_Console_3_Win7_64_Z3032.zip\Setup.exe <==== ATTENTION
Task: {950E77F2-BEC1-4898-8A5A-2C8B58B1D3ED} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1827762118-2228905662-1016877455-1000
Task: {9CFF15DC-1D4F-49C4-811E-030B992BA3BD} - System32\Tasks\{71D4116D-E43F-4549-8ACF-D3D72D5468CC} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe" -d "C:\Program Files (x86)\Belkin\Router Setup and Monitor"
Task: {A4D11582-BB2B-4282-949F-35AE6440AEE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-07] (Adobe Systems Incorporated)
Task: {B49BC6B8-750B-4988-AC61-1A4579FACF34} - System32\Tasks\{D3A8C991-0F15-43D7-82A6-81E92C4BC188} => C:\Program Files (x86)\ASUS\ASUS LifeFrame3\AutoPlayer.exe [2012-12-19] ()
Task: {C1A3C126-D2B3-4A52-A6D3-6603E82EC95B} - System32\Tasks\AdobeAAMUpdater-1.0-Michael-PC-Michael => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)
Task: {CB1640C5-FC9D-445D-902C-4B09C6ED7C03} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {CB1640C5-FC9D-445D-902C-4B09C6ED7C03} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
Task: {E2761450-E5F2-43BF-809A-7A4C141F6DBE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {E2761450-E5F2-43BF-809A-7A4C141F6DBE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
Task: {E61A9E3F-28F8-4A43-AAE3-2D34CB273EB3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1827762118-2228905662-1016877455-1000UA => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {E781EAD1-8258-4404-8BD3-E05D571D282F} - System32\Tasks\{A9F32401-B5AB-4DC7-B37B-025888A8B2EB} => C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe 
Task: {EF479796-E452-4166-8501-1FBD7F2B3ED8} - System32\Tasks\{460F8355-A3E0-4050-84CA-93495CC95168} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm.exe
Task: {F5742DB0-BB2B-4EAB-8FAA-714274951AD8} - System32\Tasks\{D60A81DC-276A-424E-8CB1-4C913A3C2C85} => C:\Windows\system32\pcalua.exe -a "C:\Users\Michael\Downloads\ezgrabbersoftware\EZ Grabber\MPEG4Codec\WMFEncoder.exe" -d "C:\Users\Michael\Downloads\ezgrabbersoftware\EZ Grabber\MPEG4Codec"
Task: {FE47A961-0519-43C2-B63E-D76D4B7C6472} - System32\Tasks\{2E2EE6A7-2456-4AEB-9313-DBAFB723ED9F} => C:\Windows\system32\pcalua.exe -a E:\Drivers\Wireless_Console_3_Win7_64_Z3032\vcredist_x86.exe -d E:\Drivers\Wireless_Console_3_Win7_64_Z3032
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-12-11 19:04 - 2013-01-10 13:36 - 000087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-03-16 15:19 - 2018-03-16 15:19 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 02:48 - 2017-12-08 02:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-11-21 12:13 - 2012-02-21 13:29 - 000128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2018-04-08 08:04 - 2018-04-08 08:04 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-04-08 08:04 - 2018-04-08 08:04 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2014-11-21 12:03 - 2012-07-11 16:51 - 000078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2014-11-21 12:03 - 2012-07-11 16:51 - 000386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2018-04-08 08:01 - 2018-04-08 08:01 - 000235832 _____ () C:\Program Files\iTunes\libxslt.dll
2011-03-02 22:34 - 2011-03-02 22:34 - 000073728 _____ () C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Symlib.dll
2011-03-02 22:34 - 2011-03-02 22:34 - 002748416 _____ () C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\LIBMYSQLD.dll
2014-11-21 12:13 - 2012-02-21 13:09 - 001198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2018-03-16 15:20 - 2018-03-16 15:20 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 02:49 - 2017-12-08 02:49 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-01-31 10:25 - 2012-01-31 10:25 - 001163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2018-03-04 23:43 - 2018-03-04 23:43 - 003149824 _____ () C:\Program Files (x86)\Comodo\Dragon\libglesv2.dll
2018-03-04 23:43 - 2018-03-04 23:43 - 000078848 _____ () C:\Program Files (x86)\Comodo\Dragon\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Michael\AppData\Local\ok2TjM28A:uSPKzKub7Tp1U7bzDWxllfrzj1i [2190]
AlternateDataStreams: C:\Users\Michael\AppData\Local\Temp:63MAdpyY1TlBggcQh5M3 [2090]
AlternateDataStreams: C:\Users\Michael\AppData\Local\Temporary Internet Files:XjdPWZUNKaGV3SPUMB4PcMh [1878]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2017-10-05 20:19 - 000000886 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\FastStone\FSIV\FSViewerWallPaper.bmp
HKU\S-1-5-21-1827762118-2228905662-1016877455-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Scrub\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 3520 series (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet 3520 series (Network).lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Google Update => C:\Users\Michael\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe
MSCONFIG\startupreg: GoogleChromeAutoLaunch_1D7305B07635F8E0A4CF4B02D1C53C4D => "C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
MSCONFIG\startupreg: HP Deskjet 3520 series (NET) => "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN26D12DRK05SY:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IntelWirelessWiMAX => "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: PCShowServer => "C:\Users\Michael\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: VX3000 => C:\Windows\vVX3000.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [{A49CB21F-1D97-48F4-B4A7-79BADAC3DFFB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1BC8C8E2-BF65-409A-AEAD-66B728082903}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{D21F061C-22EB-4019-AD98-4789FB9061D5}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{0550FF54-ABB9-47C4-9ADF-97428FC3A1E0}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{71492289-B1F0-4628-B46E-68BD00860373}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{272F3B85-75DD-47B7-BBA9-11BFED79DC69}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe
FirewallRules: [{F21853DB-D900-440C-B9A3-EC6A4CABFAB7}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{7FC37539-7DA0-4198-BB23-0030BC7379AC}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{7A48C20F-9106-4E14-811D-8BF7C39FD613}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{81EA210D-FA70-4448-B47C-DA8B17EEF0C4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B6BDAABB-7E66-4833-850F-66F378D53B5F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2DE48B6B-0DFA-4BF8-9E7C-A6C19AF881DB}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩牤癩略敳睜湩牤癩略敳攮數
FirewallRules: [{DACE6D1C-9F21-4D6B-A21D-BE3C754C9133}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩牤癩略敳睜湩牤癩略敳⹟硥e
FirewallRules: [{6977555A-8BFC-4B0F-964A-F4C6813BCFB5}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{920CD8F7-9F30-47E1-B88C-536E510A6536}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{CDC90B04-9245-4B76-B4DF-F95883CD5EFA}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{ECEB1913-C04F-4ECB-9C89-FE36B2CF178F}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{C22EFED0-5D6A-4564-8467-5EFF03981877}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{A55A67D3-F0AB-44BB-8ECE-3A44FB18F5CF}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{18FD9D20-821F-492E-A228-E14F44A2F8C0}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{26267C13-F6C9-4AD4-8FF4-13C52B13E45C}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{C1554CAA-D410-4C91-9521-C710C4636B28}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{D931543B-240E-4896-B5CE-1F40F0FD4141}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{D4715DC5-065B-42D9-8847-6993FB7B2E30}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{B85D5FA5-C902-4528-9246-9D3B9B431118}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{1264319D-979B-4A1E-8049-DE539C737BD0}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Debut 10\Anime Studio Debut Win32.exe
FirewallRules: [{EB5FB664-235C-49A8-A7D4-4CA9BCFD57AF}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Debut 10\Anime Studio Debut Win32.exe
FirewallRules: [{7CB437B9-3741-45B6-A065-35423E079482}] => (Allow) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{798E6F70-89A5-4CE1-892C-0542A14B5608}C:\users\scrub\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\scrub\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{9342C2D3-A877-4103-A4C6-FACEDF350A8E}C:\users\scrub\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\scrub\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{D0103C22-864A-4377-9DA6-54F3158F00BD}C:\users\scrub\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\scrub\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{65223792-9D5E-47A0-8C7E-854E08BCDC1E}C:\users\scrub\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\scrub\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{F4915A8D-3B6F-47C4-9496-3A06EFB716C4}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{B54C51E2-0FAC-42B1-939F-AD141C3408E9}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{68AE8BDD-352B-46CD-BEA0-AF0A5C448005}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{12204575-3888-4455-992D-4CDFBEB50E98}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C1332122-0F1D-4FCB-85F4-D03007BD9B56}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9AFE733E-5816-4C1D-9527-9CE4AD19CB2B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3E585D0-22E4-4D61-9CDE-A22F2AD2E29F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{C2F44544-90D6-4AED-8492-4964F3E93391}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 
==================== Restore Points =========================
 
21-04-2018 04:20:53 Scheduled Checkpoint
22-04-2018 03:26:58 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/22/2018 09:14:08 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <10, 0x80071a91, Failed to save Crawl Scope Manager changes: >.
 
Error: (04/22/2018 09:14:08 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <20, 0x80071a91, "">.
 
Error: (04/22/2018 09:14:01 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <10, 0x80071a91, Failed to save Crawl Scope Manager changes: >.
 
Error: (04/22/2018 09:14:01 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <20, 0x80071a91, "">.
 
Error: (04/22/2018 09:13:45 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <10, 0x80071a91, Failed to save Crawl Scope Manager changes: >.
 
Error: (04/22/2018 09:13:45 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <20, 0x80071a91, "">.
 
Error: (04/22/2018 09:11:33 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <10, 0x80071a91, Failed to save Crawl Scope Manager changes: >.
 
Error: (04/22/2018 09:11:33 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <20, 0x80071a91, "">.
 
 
System errors:
=============
Error: (04/22/2018 09:14:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 9 time(s).
 
Error: (04/22/2018 09:14:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error: 
Transaction support within the specified resource manager is not started or was shut down due to an error.
 
Error: (04/22/2018 09:14:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 8 time(s).
 
Error: (04/22/2018 09:14:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error: 
Transaction support within the specified resource manager is not started or was shut down due to an error.
 
Error: (04/22/2018 09:13:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 7 time(s).
 
Error: (04/22/2018 09:13:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error: 
Transaction support within the specified resource manager is not started or was shut down due to an error.
 
Error: (04/22/2018 09:12:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/22/2018 09:12:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
 
Windows Defender:
===================================
Date: 2018-04-13 04:59:33.631
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{195184C9-62C5-47BC-A207-01CCDCEC2D62}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
 
Date: 2017-08-09 04:07:36.097
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{48D07DCC-76E8-49F4-A5E5-76F8398D0E54}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
 
Date: 2016-11-08 04:52:53.350
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{AF49236F-222A-405A-B6C4-01CF4234C55D}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
 
Date: 2016-09-22 04:15:00.857
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{BAB66DEC-B2D6-4E4B-9699-B6DBDB385CB8}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
 
Date: 2016-09-19 03:31:52.790
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{1A8018A7-AC78-47FC-A648-D112E1D46196}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
 
Date: 2017-02-20 03:27:56.580
Description: 
%1 engine has been terminated due to an unexpected error.
Failure Type:%5
Exception code:%6
Resource:%3
 
Date: 2016-09-01 08:03:21.924
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified. 
Signature version:0.0.0.0
Engine version:0.0.0.0
 
CodeIntegrity:
===================================
 
Date: 2017-01-03 08:40:45.895
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2017-01-03 08:40:45.848
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2017-01-03 08:40:45.802
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2017-01-03 08:40:45.755
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2016-08-30 20:42:28.753
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2016-08-30 20:42:28.706
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2016-08-30 20:42:28.659
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2016-08-30 20:42:28.612
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 39%
Total physical RAM: 8151.92 MB
Available physical RAM: 4907.59 MB
Total Virtual: 16302.02 MB
Available Virtual: 12725.37 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.29 GB) (Free:651.31 GB) NTFS
 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:39 AM

Posted 23 April 2018 - 09:24 AM

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:
  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)
Let's begin... :)
  • Highlight the entire content of the quote box below.

Start::
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
Task: {5942DBA4-B34A-473B-BB98-F878C13A5808} - System32\Tasks\{A62B2A98-1605-4FBF-A15C-D30A07D338CF} => C:\Windows\system32\pcalua.exe -a C:\Users\Michael\AppData\Local\Temp\Temp2_MEI_Intel_Win7_64_Z8031427.zip\setup.exe <==== ATTENTION
Task: {88E2AF89-F57A-419B-9503-5F0977704E0D} - System32\Tasks\{1339ADD2-521B-44C9-B73D-DC1119D7F109} => C:\Windows\system32\pcalua.exe -a C:\Users\Michael\AppData\Local\Temp\Temp1_Wireless_Console_3_Win7_64_Z3032.zip\Setup.exe <==== ATTENTION
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Toolbar: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-1827762118-2228905662-1016877455-1004 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 WacHidRouterPro; system32\DRIVERS\wachidrouter.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
BootExecute: autocheck autochk /r \??\E:autocheck autochk *
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1004_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Scrub\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1004_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Scrub\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1004_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Scrub\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => ContextMenu64.dll -> No File
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => ContextMenu64.dll -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
AlternateDataStreams: C:\Users\Michael\AppData\Local\Temp:63MAdpyY1TlBggcQh5M3 [2090]
AlternateDataStreams: C:\Users\Michael\AppData\Local\Temporary Internet Files:XjdPWZUNKaGV3SPUMB4PcMh [1878]
CMD: BCDEDIT /ENUM ALL
CMD: fltmc instances
Folder: C:\Windows\System32\Drivers
Reg: Reg query "HKLM\SYSTEM\Select"
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    5ace519a6ff4a_Dashboard-firstrun.png.567
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
Temporarily disable your AntiVirus and AntiSpyware protection - instructions here.
  • Please visit the ESET Online Scanner website
  • Click the SCAN NOW button to download the esetonlinescanner_enu.exe file to the Desktop
  • Double click esetonlinescanner_enu.exe. Accept the Terms of Use
  • Select Enable detection of potentially unwanted applications
  • In Advanced Settings: make sure that Clean threats automatically is unchecked
  • And Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives, and Enable Anti-Stealth technology are all checked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.
Post the ESET log.txt report.

Don't forget to re-enable previously switched-off protection software!

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Michael Ortega

Michael Ortega
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:39 PM

Posted 23 April 2018 - 01:26 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 22.04.2018 01
Ran by Michael (23-04-2018 10:16:49) Run:1
Running from C:\Users\Michael\Downloads
Loaded Profiles: Michael (Available Profiles: Michael & UpdatusUser & Scrub & Classic .NET AppPool & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
Task: {5942DBA4-B34A-473B-BB98-F878C13A5808} - System32\Tasks\{A62B2A98-1605-4FBF-A15C-D30A07D338CF} => C:\Windows\system32\pcalua.exe -a C:\Users\Michael\AppData\Local\Temp\Temp2_MEI_Intel_Win7_64_Z8031427.zip\setup.exe <==== ATTENTION
Task: {88E2AF89-F57A-419B-9503-5F0977704E0D} - System32\Tasks\{1339ADD2-521B-44C9-B73D-DC1119D7F109} => C:\Windows\system32\pcalua.exe -a C:\Users\Michael\AppData\Local\Temp\Temp1_Wireless_Console_3_Win7_64_Z3032.zip\Setup.exe <==== ATTENTION
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Toolbar: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-1827762118-2228905662-1016877455-1004 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 WacHidRouterPro; system32\DRIVERS\wachidrouter.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
BootExecute: autocheck autochk /r \??\E:autocheck autochk *
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1004_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Scrub\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1004_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Scrub\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1004_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Scrub\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => ContextMenu64.dll -> No File
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => ContextMenu64.dll -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
AlternateDataStreams: C:\Users\Michael\AppData\Local\Temp:63MAdpyY1TlBggcQh5M3 [2090]
AlternateDataStreams: C:\Users\Michael\AppData\Local\Temporary Internet Files:XjdPWZUNKaGV3SPUMB4PcMh [1878]
CMD: BCDEDIT /ENUM ALL
CMD: fltmc instances
Folder: C:\Windows\System32\Drivers
Reg: Reg query "HKLM\SYSTEM\Select"
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:

*****************

C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
"HKLM\System\CurrentControlSet\Services\AppMgmt" => removed successfully
AppMgmt => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5942DBA4-B34A-473B-BB98-F878C13A5808}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5942DBA4-B34A-473B-BB98-F878C13A5808}" => removed successfully
C:\Windows\System32\Tasks\{A62B2A98-1605-4FBF-A15C-D30A07D338CF} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A62B2A98-1605-4FBF-A15C-D30A07D338CF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88E2AF89-F57A-419B-9503-5F0977704E0D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88E2AF89-F57A-419B-9503-5F0977704E0D}" => removed successfully
C:\Windows\System32\Tasks\{1339ADD2-521B-44C9-B73D-DC1119D7F109} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1339ADD2-521B-44C9-B73D-DC1119D7F109}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000008" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000009" => removed successfully
"HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => removed successfully
HKLM\Software\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => not found
"HKU\S-1-5-21-1827762118-2228905662-1016877455-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => not found
HKLM\Software\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => not found
"HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\System\CurrentControlSet\Services\catchme" => removed successfully
catchme => service removed successfully
"HKLM\System\CurrentControlSet\Services\WacHidRouterPro" => removed successfully
WacHidRouterPro => service removed successfully
"HKLM\System\CurrentControlSet\Services\wacommousefilter" => removed successfully
wacommousefilter => service removed successfully
"HKLM\System\CurrentControlSet\Services\wacomrouterfilter" => removed successfully
wacomrouterfilter => service removed successfully
"HKLM\System\CurrentControlSet\Services\wacomvhid" => removed successfully
wacomvhid => service removed successfully
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Error setting value.
"HKLM\Software\Wow6432Node\MozillaPlugins\wacom.com/WacomTabletPlugin" => removed successfully
"HKU\S-1-5-21-1827762118-2228905662-1016877455-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}" => removed successfully
"HKU\S-1-5-21-1827762118-2228905662-1016877455-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}" => removed successfully
"HKU\S-1-5-21-1827762118-2228905662-1016877455-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}" => removed successfully
"HKU\S-1-5-21-1827762118-2228905662-1016877455-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}" => removed successfully
"HKU\S-1-5-21-1827762118-2228905662-1016877455-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}" => removed successfully
"HKU\S-1-5-21-1827762118-2228905662-1016877455-1004_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}" => not found
"HKU\S-1-5-21-1827762118-2228905662-1016877455-1004_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}" => not found
"HKU\S-1-5-21-1827762118-2228905662-1016877455-1004_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}" => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Adobe.Acrobat.ContextMenu" => removed successfully
"HKLM\Software\Classes\CLSID\{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" => removed successfully
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MSSE" => removed successfully
HKLM\Software\Classes\CLSID\{0365FE2C-F183-4091-AC82-BFC39FB75C49} => not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files" => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Adobe.Acrobat.ContextMenu" => removed successfully
HKLM\Software\Classes\CLSID\{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files" => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
C:\Users\Michael\AppData\Local\Temp => ":63MAdpyY1TlBggcQh5M3" ADS could not remove.
C:\Users\Michael\AppData\Local\Temporary Internet Files => ":XjdPWZUNKaGV3SPUMB4PcMh" ADS could not remove.

========= BCDEDIT /ENUM ALL =========

The boot configuration data store could not be opened.
Access is denied.

========= End of CMD: =========


========= fltmc instances =========

Filter                Volume Name                              Altitude        Instance Name      Frame  VlStatus
--------------------  -------------------------------------  ------------  ---------------------  -----  --------
luafv                 C:                                      135000       luafv                    0    
Spyshelter            \Device\Mup                              84000       Spyshelter instance      0    
Spyshelter            C:                                       84000       Spyshelter instance      0    
Spyshelter            \Device\HarddiskVolume1                  84000       Spyshelter instance      0    
FileInfo              \Device\Mup                              45000       FileInfo                 0    
FileInfo              C:                                       45000       FileInfo                 0    
FileInfo              \Device\HarddiskVolume1                  45000       FileInfo                 0    

========= End of CMD: =========


========================= Folder: C:\Windows\System32\Drivers ========================

2016-03-24 06:01 - 2016-03-24 06:01 - 000192216 ____A [78488AF2AB2111D67B3C4044707A519B] (Malwarebytes) C:\Windows\System32\Drivers\04C32176.sys
2009-07-13 16:06 - 2009-07-13 16:06 - 000068096 ____A [64EDD3F59DB321947969FDF1DD747323] (Microsoft Corporation) C:\Windows\System32\Drivers\1394bus.sys
2010-11-20 19:23 - 2010-11-20 19:23 - 000229888 ____A [A87D604AEA360176311474C87A63BB88] (Microsoft Corporation) C:\Windows\System32\Drivers\1394ohci.sys
2015-05-08 16:01 - 2016-01-27 17:33 - 000192216 ____A [78488AF2AB2111D67B3C4044707A519B] (Malwarebytes) C:\Windows\System32\Drivers\187673F5.sys
2016-03-31 06:01 - 2016-03-31 06:01 - 000192216 ____A [78488AF2AB2111D67B3C4044707A519B] (Malwarebytes) C:\Windows\System32\Drivers\2ED2446B.sys
2016-03-24 06:04 - 2016-03-24 06:04 - 000192216 ____A [78488AF2AB2111D67B3C4044707A519B] (Malwarebytes) C:\Windows\System32\Drivers\322D23CF.sys
2015-04-30 00:01 - 2015-04-30 09:17 - 000136408 ____A [E9CD058C79EA15B4AA93E259FA713B07] (Malwarebytes Corporation) C:\Windows\System32\Drivers\51C42426.sys
2015-05-04 11:01 - 2015-05-04 11:01 - 000136408 ____A [E9CD058C79EA15B4AA93E259FA713B07] (Malwarebytes Corporation) C:\Windows\System32\Drivers\667955DA.sys
2016-03-30 06:01 - 2016-03-30 06:01 - 000192216 ____A [78488AF2AB2111D67B3C4044707A519B] (Malwarebytes) C:\Windows\System32\Drivers\69A07653.sys
2015-05-06 18:01 - 2015-05-07 10:23 - 000136408 ____A [E9CD058C79EA15B4AA93E259FA713B07] (Malwarebytes Corporation) C:\Windows\System32\Drivers\6B0A3393.sys
2015-04-29 11:01 - 2015-04-29 11:01 - 000136408 ____A [E9CD058C79EA15B4AA93E259FA713B07] (Malwarebytes Corporation) C:\Windows\System32\Drivers\6CB64F2D.sys
2016-04-01 06:01 - 2016-04-01 06:01 - 000192216 ____A [78488AF2AB2111D67B3C4044707A519B] (Malwarebytes) C:\Windows\System32\Drivers\6FEF1297.sys
2010-11-20 19:23 - 2010-11-20 19:23 - 000334208 ____A [D81D9E70B8A6DD14D42D7B4EFA65D5F2] (Microsoft Corporation) C:\Windows\System32\Drivers\acpi.sys
2010-11-20 19:23 - 2010-11-20 19:23 - 000012800 ____A [99F8E788246D495CE3794D7E7821D2CA] (Microsoft Corporation) C:\Windows\System32\Drivers\acpipmi.sys
2009-06-10 12:36 - 2009-07-13 17:52 - 000491088 ____A [2F6B34B83843F0C5118B63AC634F5BF4] (Adaptec, Inc.) C:\Windows\System32\Drivers\adp94xx.sys
2009-07-13 13:59 - 2009-07-13 17:52 - 000339536 ____A [597F78224EE9224EA1A13D6350CED962] (Adaptec, Inc.) C:\Windows\System32\Drivers\adpahci.sys
2009-07-13 13:59 - 2009-07-13 17:52 - 000182864 ____A [E109549C90F62FB570B9540C4B148E54] (Adaptec, Inc.) C:\Windows\System32\Drivers\adpu320.sys
2015-11-11 06:37 - 2015-10-13 08:41 - 000497664 ____A [9A4A1EEE802BF2F878EE8EAB407B21B7] (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2009-07-13 16:10 - 2009-07-13 16:10 - 000060416 ____A [7ECFF9B22276B73F43A99A15A6094E90] (Microsoft Corporation) C:\Windows\System32\Drivers\agilevpn.sys
2009-07-13 15:38 - 2009-07-13 17:52 - 000061008 ____A [608C14DBA7299D8CB6ED035A68A15799] (Microsoft Corporation) C:\Windows\System32\Drivers\AGP440.sys
2009-07-13 15:19 - 2009-07-13 17:52 - 000015440 ____A [5812713A477A3AD7363C7438CA2EE038] (Acer Laboratories Inc.) C:\Windows\System32\Drivers\aliide.sys
2009-07-13 15:19 - 2009-07-13 17:52 - 000015440 ____A [1FF8B4431C353CE385C875F194924C0C] (Microsoft Corporation) C:\Windows\System32\Drivers\amdide.sys
2009-07-13 15:19 - 2009-07-13 15:19 - 000064512 ____A [7024F087CFF1833A806193EF9D22CDA9] (Microsoft Corporation) C:\Windows\System32\Drivers\amdk8.sys
2009-07-13 15:19 - 2009-07-13 15:19 - 000060928 ____A [1E56388B3FE0D031C44144EB8C4D6217] (Microsoft Corporation) C:\Windows\System32\Drivers\amdppm.sys
2014-12-13 18:32 - 2011-03-10 22:41 - 000107904 ____A [D4121AE6D0C0E7E13AA221AA57EF2D49] (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2009-06-10 12:37 - 2009-07-13 17:52 - 000194128 ____A [F67F933E79241ED32FF46A4F29B5120B] (AMD Technologies Inc.) C:\Windows\System32\Drivers\amdsbs.sys
2014-12-13 18:32 - 2011-03-10 22:41 - 000027008 ____A [540DAF1CEA6094886D72126FD7C33048] (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2012-01-04 19:54 - 2012-01-04 19:54 - 000094808 ____A [DC40AB83D8793BCC4F051DC4258ABE17] (Alcor Micro, Corp.) C:\Windows\System32\Drivers\AmUStor.sys
2016-07-29 08:48 - 2016-04-08 21:52 - 000062464 ____A [6474F8823C7188D2DA579F01FB6CED6B] (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2009-07-13 13:59 - 2009-07-13 17:52 - 000087632 ____A [C484F8CEB1717C540242531DB7845C4E] (Adaptec, Inc.) C:\Windows\System32\Drivers\arc.sys
2009-07-13 13:59 - 2009-07-13 17:52 - 000097856 ____A [019AF6924AEFE7839F61C830227FE79C] (Adaptec, Inc.) C:\Windows\System32\Drivers\arcsas.sys
2017-11-01 21:00 - 2017-11-01 20:59 - 000084416 ____A [20C21934CE16997D3EF08BFA9EEECF90] (AVAST Software) C:\Windows\System32\Drivers\asw17ab2c7f9f37fe16.tmp
2017-11-01 21:00 - 2017-11-01 20:59 - 000587168 ____A [C35A050AAB07291396762363F93774FF] (AVAST Software) C:\Windows\System32\Drivers\asw1d1187106f12db0e.tmp
2017-11-01 21:00 - 2017-11-01 20:59 - 000110376 ____A [E5A13AE56BF6ADCA54A80E55D7B88711] (AVAST Software) C:\Windows\System32\Drivers\asw43bc826ef1c0f13c.tmp
2017-11-01 21:00 - 2017-11-01 20:59 - 000343288 ____A [469B3E0D5941B44F577F1A2AE5A674AD] (AVAST Software s.r.o.) C:\Windows\System32\Drivers\asw6fdd0f5853c1ed70.tmp
2017-11-01 21:00 - 2017-11-01 20:59 - 000363440 ____A [110EE501DA7D10263A0A712718CB99EE] (AVAST Software) C:\Windows\System32\Drivers\asw816cfc143026ebc7.tmp
2017-11-01 21:00 - 2017-11-01 20:59 - 000201352 ____A [2FED3B2A8AC1A65CBA19C85030E6DF45] (AVAST Software) C:\Windows\System32\Drivers\asw87b1f308358bcc23.tmp
2017-11-01 21:00 - 2017-11-01 21:00 - 001029872 ____A [EE1857818741C7118E54FF9A8A9BAF9E] (AVAST Software) C:\Windows\System32\Drivers\asw9edf79440126ec32.tmp
2017-11-01 21:00 - 2017-11-01 20:59 - 000198976 ____A [4B9DD082ADFE1C7BE90470F039B4D4CC] (AVAST Software s.r.o.) C:\Windows\System32\Drivers\aswb3e7235794fb5d0a.tmp
2017-11-01 21:00 - 2017-11-01 20:59 - 000321032 ____A [32364896E2CA4E707783B90509FC7510] (AVAST Software s.r.o.) C:\Windows\System32\Drivers\aswc434367983f59170.tmp
2017-11-01 21:00 - 2017-11-01 20:59 - 000057736 ____A [CC2E005D1033FC9C8FF9DD1F31AD427D] (AVAST Software s.r.o.) C:\Windows\System32\Drivers\aswdbd1f5cf340ac01a.tmp
2017-11-01 21:00 - 2017-11-01 20:59 - 000147776 ____A [110DDFFFEE3FB95CEADE885008C475EC] (AVAST Software) C:\Windows\System32\Drivers\aswe331dbc39906e0fa.tmp
2017-11-01 21:00 - 2017-11-01 20:59 - 000047008 ____A [74201FA391CD20E29F740B43EE82FAFE] (AVAST Software) C:\Windows\System32\Drivers\aswf2cdac695789add6.tmp
2017-11-01 21:00 - 2017-11-01 20:59 - 001020536 ____A [52360515894AE5624E36A07765853D04] (AVAST Software) C:\Windows\System32\Drivers\aswsnx.sys.150959884046808
2009-07-13 16:10 - 2009-07-13 16:10 - 000023040 ____A [769765CE2CC62867468CEA93969B2242] (Microsoft Corporation) C:\Windows\System32\Drivers\asyncmac.sys
2009-07-13 15:19 - 2009-07-13 17:52 - 000024128 ____A [02062C0B390B7729EDC9E69C680A6F3C] (Microsoft Corporation) C:\Windows\System32\Drivers\atapi.sys
2014-12-12 20:28 - 2013-08-04 18:25 - 000155584 ____A [059F00DEF82BF41E433B7ED465847726] (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2014-11-24 13:41 - 2011-11-23 00:13 - 002796544 ____A [7D0398396727195CC73D703001D3CFF4] (Atheros Communications, Inc.) C:\Windows\System32\Drivers\athrx.sys
2009-06-10 12:34 - 2009-06-10 12:34 - 000270848 ____A [B5ACE6968304A3900EEB1EBFD9622DF2] (Broadcom Corporation) C:\Windows\System32\Drivers\b57nd60a.sys
2009-07-13 15:31 - 2009-07-13 17:52 - 000028240 ____A [F4DE2AE7A9E1BADAC70BC71EA2C17612] (Microsoft Corporation) C:\Windows\System32\Drivers\battc.sys
2009-07-13 16:06 - 2009-07-13 16:06 - 000016000 ____A [D1CA0BE94F247D05F30F5F98AE29D4E4] (Microsoft Corporation) C:\Windows\System32\Drivers\BdaSup.sys
2009-07-13 16:00 - 2009-07-13 16:00 - 000006656 ____A [16A47CE2DECC9B099349A5F840654746] (Microsoft Corporation) C:\Windows\System32\Drivers\beep.sys
2009-07-13 15:35 - 2009-07-13 15:35 - 000045056 ____A [61583EE3C3A17003C4ACD0475646B4D3] (Microsoft Corporation) C:\Windows\System32\Drivers\blbdrive.sys
2014-12-12 19:10 - 2011-02-22 20:55 - 000090624 ____A [6C02A83164F5CC0A262F4199F0871CF5] (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2009-07-13 17:19 - 2009-06-10 12:41 - 000018432 ____A [F09EEE9EDC320B5E1501F749FDE686C8] (Brother Industries, Ltd.) C:\Windows\System32\Drivers\BrFiltLo.sys
2009-07-13 17:20 - 2009-06-10 12:41 - 000008704 ____A [B114D3098E9BDB8BEA8B053685831BE6] (Brother Industries, Ltd.) C:\Windows\System32\Drivers\BrFiltUp.sys
2009-07-13 17:05 - 2009-07-13 17:01 - 000095232 ____A [5C2F352A4E961D72518261257AAE204B] (Microsoft Corporation) C:\Windows\System32\Drivers\bridge.sys
2009-07-13 17:19 - 2009-07-13 17:19 - 000286720 ____A [43BEA8D483BF1870F018E2D02E06A5BD] (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrSerId.sys
2009-07-13 17:20 - 2009-06-10 12:41 - 000047104 ____A [A6ECA2151B08A09CACECA35C07F05B42] (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrSerWdm.sys
2009-07-13 17:20 - 2009-06-10 12:41 - 000014976 ____A [B79968002C277E869CF38BD22CD61524] (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrUsbMdm.sys
2009-07-13 17:20 - 2009-06-10 12:41 - 000014720 ____A [A87528880231C54E75EA7A44943B38BF] (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrUsbSer.sys
2009-07-13 16:06 - 2009-07-13 16:06 - 000041984 ____A [CF98190A94F62E405C8CB255018B2315] (Microsoft Corporation) C:\Windows\System32\Drivers\bthenum.sys
2009-07-13 16:06 - 2009-07-13 16:06 - 000072192 ____A [9DA669F11D1F894AB4EB69BF546A42E8] (Microsoft Corporation) C:\Windows\System32\Drivers\bthmodem.sys
2009-07-13 16:07 - 2009-07-13 16:07 - 000118784 ____A [02DD601B708DD0667E1331FA8518E9FF] (Microsoft Corporation) C:\Windows\System32\Drivers\bthpan.sys
2014-12-13 18:33 - 2012-07-06 12:07 - 000552960 ____A [738D0E9272F59EB7A1449C3EC118E6C4] (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2014-12-13 18:33 - 2011-04-27 19:54 - 000080384 ____A [F188B7394D81010767B6DF3178519A37] (Microsoft Corporation) C:\Windows\System32\Drivers\BTHUSB.SYS
2015-01-01 22:14 - 2009-10-30 13:39 - 000460864 ____A [B62ABDC39B36184B6B8B9E71A8685F52] (BEHRINGER) C:\Windows\System32\Drivers\BUSB2902.sys
2015-01-01 22:14 - 2009-10-30 13:39 - 000049728 ____A [AEC85FF9A00DD9EE7605AFC66949F228] (BEHRINGER) C:\Windows\System32\Drivers\busbwdm.sys
2009-06-10 12:34 - 2009-06-10 12:34 - 000468480 ____A [3E5B191307609F7514148C6832BB0842] (Broadcom Corporation) C:\Windows\System32\Drivers\bxvbda.sys
2009-07-13 15:19 - 2009-07-13 15:19 - 000092160 ____A [B8BD2BB284668C84865658C77574381A] (Microsoft Corporation) C:\Windows\System32\Drivers\cdfs.sys
2014-11-25 17:36 - 2009-06-23 04:00 - 000010224 ____A [7DC54D1D7B66EBFC09F1DEFCF32DFA3F] (Sonic Solutions) C:\Windows\System32\Drivers\cdr4_xp.sys
2014-11-25 17:36 - 2009-06-23 04:00 - 000010224 ____A [BF22B3F663E6D1662E6159AB8EA7D113] (Sonic Solutions) C:\Windows\System32\Drivers\cdralw2k.sys
2010-11-20 19:23 - 2010-11-20 19:23 - 000147456 ____A [F036CE71586E93D94DAB220D7BDF4416] (Microsoft Corporation) C:\Windows\System32\Drivers\cdrom.sys
2009-07-13 16:06 - 2009-07-13 16:06 - 000045568 ____A [D7CD5C4E1B71FA62050515314CFB52CF] (Microsoft Corporation) C:\Windows\System32\Drivers\circlass.sys
2010-11-20 19:24 - 2010-11-20 19:24 - 000179072 ____A [ACFAD0B512226C7A83C7CB09FD55A9AD] (Microsoft Corporation) C:\Windows\System32\Drivers\Classpnp.sys
2009-07-13 15:31 - 2009-07-13 15:31 - 000017664 ____A [0840155D0BDDF1190F84A663C284BD33] (Microsoft Corporation) C:\Windows\System32\Drivers\CmBatt.sys
2009-07-13 15:19 - 2009-07-13 17:52 - 000017488 ____A [E19D3F095812725D88F9001985B94EDD] (CMD Technology, Inc.) C:\Windows\System32\Drivers\cmdide.sys
2016-07-29 08:50 - 2016-05-12 05:05 - 000459640 ____A [3323F76352B0AF14B2CDC4DFBF3E980A] (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2009-07-13 15:31 - 2009-07-13 17:52 - 000021584 ____A [102DE219C3F61415F964C88E9085AD14] (Microsoft Corporation) C:\Windows\System32\Drivers\compbatt.sys
2010-11-20 19:23 - 2010-11-20 19:23 - 000038912 ____A [03EDB043586CCEBA243D689BDDA370A8] (Microsoft Corporation) C:\Windows\System32\Drivers\CompositeBus.sys
2009-07-13 16:01 - 2009-07-13 17:47 - 000039504 ____A [3E588B60EC061686BA05D33574A344C6] (Microsoft Corporation) C:\Windows\System32\Drivers\crashdmp.sys
2009-07-13 16:01 - 2009-07-13 17:47 - 000024144 ____A [1C827878A998C18847245FE1F34EE597] (Microsoft Corporation) C:\Windows\System32\Drivers\crcdisk.sys
2016-01-14 17:42 - 2009-12-14 13:44 - 000085048 ____A [AB1201F8DE199E764DA9A32ABF71049C] (Infowatch) C:\Windows\System32\Drivers\CSCrySec.sys
2016-01-14 17:43 - 2009-12-14 13:44 - 000066104 ____A [A6EED705BB510FA6B0F9F097165A3395] (Infowatch) C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys
2010-11-20 19:24 - 2010-11-20 19:24 - 000102400 ____A [9BB2EF44EAA163B29C4A4587887A0FE4] (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys
2009-07-13 15:37 - 2009-07-13 15:37 - 000040448 ____A [13096B05847EC78F0977F2C0F79E9AB3] (Microsoft Corporation) C:\Windows\System32\Drivers\discache.sys
2016-04-13 06:00 - 2016-01-20 16:51 - 000073664 ____A [616387BBD83372220B09DE95F4E67BBC] (Microsoft Corporation) C:\Windows\System32\Drivers\disk.sys
2014-12-12 19:14 - 2014-02-03 18:35 - 000027584 ____A [B3222734D80013D2C73841B0C549FA63] (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2016-01-13 06:44 - 2015-12-08 10:54 - 000116736 ____A [C51B07394A087DA666A410DBFD26663A] (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2016-01-13 06:44 - 2015-12-08 10:11 - 000005632 ____A [26FE888505E5A945B0536AF9A2A27A6F] (Microsoft Corporation) C:\Windows\System32\Drivers\drmkaud.sys
2009-07-13 15:19 - 2009-07-13 17:47 - 000028736 ____A [839B5FE3D48E9F35B22C21A3D5103F6C] (Microsoft Corporation) C:\Windows\System32\Drivers\Dumpata.sys
2009-07-13 15:21 - 2009-07-13 17:43 - 000055128 ____A [814DB88F2641691575A455CF25354098] (Microsoft Corporation) C:\Windows\System32\Drivers\dumpfve.sys
2009-07-13 15:38 - 2009-07-13 15:38 - 000016896 ____A [BF24D6F2ED97FE830BFD52B246F98E67] (Microsoft Corporation) C:\Windows\System32\Drivers\dxapi.sys
2009-07-13 15:38 - 2009-07-13 15:38 - 000098816 ____A [FEDE0629ECB23650D48989517D4914DA] (Microsoft Corporation) C:\Windows\System32\Drivers\dxg.sys
2016-07-29 08:50 - 2016-04-08 23:01 - 000986344 ____A [3A9D7D464BDB3B70D7ECF689ADABBD4D] (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2016-07-29 08:50 - 2016-04-08 23:01 - 000264936 ____A [4371705697BBB2CAA7C7523058109CE9] (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2009-06-10 12:36 - 2009-07-13 17:47 - 000530496 ____A [0E5DA5369A0FCAEA12456DD852545184] (Emulex) C:\Windows\System32\Drivers\elxstor.sys
2009-06-19 16:36 - 2009-06-19 16:36 - 000673272 ____A [1E1786E15F91183BE26732E89ADC1817] (eMPIA Technology, Inc.) C:\Windows\System32\Drivers\emBDA64.sys
2009-06-19 16:36 - 2009-06-19 16:36 - 000754808 ____A [E97F0E00ADBC1BCEF691C71DBEE77041] (eMPIA Technology, Inc.) C:\Windows\System32\Drivers\emOEM64.sys
2009-07-13 15:31 - 2009-07-13 15:31 - 000009728 ____A [34A3C54752046E79A126E15C51DB409B] (Microsoft Corporation) C:\Windows\System32\Drivers\errdev.sys
2009-06-10 12:34 - 2009-06-10 12:34 - 003286016 ____A [DC5D737F51BE844D8C82C695EB17372F] (Broadcom Corporation) C:\Windows\System32\Drivers\evbda.sys
2009-07-13 15:23 - 2009-07-13 15:23 - 000195072 ____A [A510C654EC00C1E9BDD91EEB3A59823B] (Microsoft Corporation) C:\Windows\System32\Drivers\exfat.sys
2009-07-13 15:23 - 2009-07-13 15:23 - 000204800 ____A [0ADC83218B66A6DB380C330836F3E36D] (Microsoft Corporation) C:\Windows\System32\Drivers\fastfat.sys
2009-07-13 16:00 - 2009-07-13 16:00 - 000029696 ____A [D765D19CD8EF61F650C384F62FAC00AB] (Microsoft Corporation) C:\Windows\System32\Drivers\fdc.sys
2009-07-13 15:34 - 2009-07-13 17:47 - 000070224 ____A [655661BE46B5F5F3FD454E2C3095B930] (Microsoft Corporation) C:\Windows\System32\Drivers\fileinfo.sys
2009-07-13 15:25 - 2009-07-13 15:25 - 000034304 ____A [5F671AB5BC87EEA04EC38A6CD5962A47] (Microsoft Corporation) C:\Windows\System32\Drivers\filetrace.sys
2009-07-13 16:00 - 2009-07-13 16:00 - 000024576 ____A [C172A0F53008EAEB8EA33FE10E177AF5] (Microsoft Corporation) C:\Windows\System32\Drivers\flpydisk.sys
2010-11-20 19:24 - 2010-11-20 19:24 - 000289664 ____A [DA6B67270FD9DB3697B20FCE94950741] (Microsoft Corporation) C:\Windows\System32\Drivers\fltMgr.sys
2014-12-12 23:10 - 2012-02-29 22:46 - 000023408 ____A [6BD9295CC032DD3077C671FCCF579A7B] (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2009-07-13 15:26 - 2009-07-13 17:47 - 000055376 ____A [D43703496149971890703B4B1B723EAC] (Microsoft Corporation) C:\Windows\System32\Drivers\fsdepends.sys
2012-04-25 08:58 - 2012-04-25 08:58 - 000072648 ____A [ED07200CFF78FACFB66EBB0B89F503A4] (FTDI Ltd.) C:\Windows\System32\Drivers\ftdibus.sys
2014-12-12 19:12 - 2013-01-23 22:01 - 000223752 ____A [8F6322049018354F45F05A2FD2D4E5E0] (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2014-12-12 20:31 - 2014-04-04 18:47 - 000288192 ____A [17F685B67C74B8F7BFED4308790B71DE] (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2009-07-13 15:38 - 2009-07-13 17:47 - 000065088 ____A [8C778D335C9D272CFD3298AB02ABE3B6] (Microsoft Corporation) C:\Windows\System32\Drivers\GAGP30KX.SYS
2014-12-02 16:17 - 2012-10-03 17:14 - 000033240 ____A [8E98D21EE06192492A5671A6144D092F] (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2009-06-10 12:30 - 2009-06-10 12:30 - 003440660 ____A [7F29903CB8F5590D52DB0C9F97049A25] () C:\Windows\System32\Drivers\gm.dls
2009-07-13 14:13 - 2009-06-10 12:30 - 000000646 ____A [7111BFA692A22E4B3C07F1E6C6FF6F72] () C:\Windows\System32\Drivers\gmreadme.txt
2017-07-22 08:56 - 2015-05-28 20:30 - 000008657 ____A [22C7579BB03241829184D21EF69668AB] () C:\Windows\System32\Drivers\gwdrv.cat
2017-07-22 08:56 - 2015-05-28 20:15 - 000003102 ____A [61F60C794F0B40A68BAC6B61A5145311] () C:\Windows\System32\Drivers\gwdrv.inf
2017-07-22 08:56 - 2015-05-28 20:15 - 000033248 ____A [3CF2C2F026B06D3F6B9A402DD50D5C9B] (SecureMix LLC) C:\Windows\System32\Drivers\gwdrv.sys
2009-07-13 14:53 - 2009-06-10 12:31 - 000031232 ____A [F2523EF6460FC42405B12248338AB2F0] (Hauppauge Computer Works, Inc.) C:\Windows\System32\Drivers\hcw85cir.sys
2010-11-20 19:23 - 2010-11-20 19:23 - 000122368 ____A [97BFED39B6B79EB12CDDBFEED51F56BB] (Microsoft Corporation) C:\Windows\System32\Drivers\hdaudbus.sys
2014-11-21 12:13 - 2011-11-10 02:04 - 000060184 ____A [6B01B7414A105B9E51652089A03027CF] (Intel Corporation) C:\Windows\System32\Drivers\HECIx64.sys
2009-07-13 15:31 - 2009-07-13 15:31 - 000026624 ____A [78E86380454A7B10A5EB255DC44A355F] (Microsoft Corporation) C:\Windows\System32\Drivers\hidbatt.sys
2009-07-13 16:06 - 2009-07-13 16:06 - 000100864 ____A [7FD2A313F7AFE5C4DAB14798C48DD104] (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
2014-12-12 20:26 - 2013-07-02 20:05 - 000076800 ____A [597C3699384E53CC59587ED50CCE5CA2] (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2009-07-13 16:06 - 2009-07-13 16:06 - 000046592 ____A [0A77D29F311B88CFAE3B13F9C1A73825] (Microsoft Corporation) C:\Windows\System32\Drivers\hidir.sys
2016-09-14 14:17 - 2016-03-02 15:05 - 000013776 ____A [436646F307122622978338DE503FCB13] (Windows ® Win 7 DDK provider) C:\Windows\System32\Drivers\hidkmdf.sys
2014-12-12 20:26 - 2013-07-02 20:05 - 000032896 ____A [856E76B3641746ABBC2946BED1372098] (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2010-11-20 19:23 - 2010-11-20 19:23 - 000030208 ____A [9592090A7E2B61CD582B612B6DF70536] (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2010-11-20 19:23 - 2010-11-20 19:23 - 000078720 ____A [39D2ABCD392F3D8A6DCE7B60AE7B8EFC] (Hewlett-Packard Company) C:\Windows\System32\Drivers\HpSAMD.sys
2015-04-15 17:07 - 2015-02-24 19:18 - 000754688 ____A [F61634BEC53F73702A10DE69F6DCAF57] (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2010-11-20 19:24 - 2010-11-20 19:24 - 000014720 ____A [A5462BD6884960C9DC85ED49D34FF392] (Microsoft Corporation) C:\Windows\System32\Drivers\hwpolicy.sys
2009-07-13 15:19 - 2009-07-13 15:19 - 000105472 ____A [FA55C73D4AFFA7EE23AC4BE53B4592D3] (Microsoft Corporation) C:\Windows\System32\Drivers\i8042prt.sys
2014-12-13 18:32 - 2011-03-10 22:41 - 000410496 ____A [AAAF44DB3BD0B9D1FB6969B23ECC8366] (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2009-07-13 13:59 - 2009-07-13 17:48 - 000044112 ____A [5C18831C61933628F5BB0EA2675B9D21] (Intel Corp./ICP vortex GmbH) C:\Windows\System32\Drivers\iirsp.sys
2009-07-13 15:19 - 2009-07-13 17:48 - 000016960 ____A [F00F20E70C6EC3AA366910083A0518AA] (Microsoft Corporation) C:\Windows\System32\Drivers\intelide.sys
2014-11-21 12:13 - 2012-02-21 13:10 - 000015128 ____A [218490329DCB35D866E642BBC09D3A5A] () C:\Windows\System32\Drivers\IntelMEFWVer.dll
2009-07-13 15:19 - 2009-07-13 15:19 - 000062464 ____A [ADA036632C664CAA754079041CF1F8C1] (Microsoft Corporation) C:\Windows\System32\Drivers\intelppm.sys
2010-11-20 19:24 - 2010-11-20 19:24 - 000082944 ____A [C9F0E1BD74365A8771590E9008D22AB6] (Microsoft Corporation) C:\Windows\System32\Drivers\ipfltdrv.sys
2010-11-20 19:23 - 2010-11-20 19:23 - 000078848 ____A [0FC1AEA580957AA8817B8F305D18CA3A] (Microsoft Corporation) C:\Windows\System32\Drivers\IPMIDrv.sys
2009-07-13 16:10 - 2009-07-13 16:10 - 000116224 ____A [AF9B39A7E7B6CAA203B3862582E9F2D0] (Microsoft Corporation) C:\Windows\System32\Drivers\ipnat.sys
2009-07-13 16:09 - 2009-07-13 16:09 - 000120320 ____A [05360B1EA5A2ABF620D1D96EBD8BD8F1] (Microsoft Corporation) C:\Windows\System32\Drivers\irda.sys
2009-07-13 16:08 - 2009-07-13 16:08 - 000017920 ____A [3ABF5E7213EB28966D55D58B515D5CE9] (Microsoft Corporation) C:\Windows\System32\Drivers\irenum.sys
2009-07-13 15:31 - 2009-07-13 17:48 - 000020544 ____A [2F7B28DC3E1183E5EB418DF55C204F38] (Microsoft Corporation) C:\Windows\System32\Drivers\isapnp.sys
2012-02-07 13:12 - 2012-02-07 13:12 - 000016152 ____A [6BCEF45131C8B8E1C558BE540B190B3C] (Intel Corporation) C:\Windows\System32\Drivers\iusb3hcs.sys
2012-02-07 13:12 - 2012-02-07 13:12 - 000356120 ____A [F080EADA8715F811B58BD35BB774F2F9] (Intel Corporation) C:\Windows\System32\Drivers\iusb3hub.sys
2012-02-07 13:12 - 2012-02-07 13:12 - 000787736 ____A [0F1756D9396740F053221FA6260FCE66] (Intel Corporation) C:\Windows\System32\Drivers\iusb3xhc.sys
2009-07-13 15:19 - 2009-07-13 17:48 - 000050768 ____A [BC02336F1CBA7DCC7D1213BB588A68A5] (Microsoft Corporation) C:\Windows\System32\Drivers\kbdclass.sys
2010-11-20 19:23 - 2010-11-20 19:23 - 000033280 ____A [0705EFF5B42A9DB58548EEC3B26BB484] (Microsoft Corporation) C:\Windows\System32\Drivers\kbdhid.sys
2010-11-20 19:24 - 2010-11-20 19:24 - 000243712 ____A [24FBF5CC5C04150073C315A7C83521EE] (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
2016-08-10 07:33 - 2016-07-08 07:37 - 000095464 ____A [CFBA6BCBBDC7E33813D92FFB3460FA07] (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2016-08-10 07:33 - 2016-07-08 07:37 - 000154856 ____A [CE66825289EE8326CB52C4E9E785ACB0] (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2009-07-13 16:00 - 2009-07-13 16:00 - 000020992 ____A [6869281E78CB31A43E969F06B57347C4] (Microsoft Corporation) C:\Windows\System32\Drivers\ksthunk.sys
2011-09-19 16:54 - 2011-09-19 16:54 - 000108656 ____A [FC010C7814DDAC17389A7D87EA2EBB39] (Atheros Communications, Inc.) C:\Windows\System32\Drivers\L1C62x64.sys
2009-07-13 16:08 - 2009-07-13 16:08 - 000060928 ____A [1538831CF8AD2979A04C423779465827] (Microsoft Corporation) C:\Windows\System32\Drivers\lltdio.sys
2009-07-13 13:59 - 2009-07-13 17:48 - 000114752 ____A [1A93E54EB0ECE102495A51266DCDB6A6] (LSI Corporation) C:\Windows\System32\Drivers\lsi_fc.sys
2009-07-13 13:59 - 2009-07-13 17:48 - 000106560 ____A [1047184A9FDC8BDBFF857175875EE810] (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas.sys
2009-07-13 13:59 - 2009-07-13 17:48 - 000065600 ____A [30F5C0DE1EE8B5BC9306C1F0E4A75F93] (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas2.sys
2009-07-13 13:59 - 2009-07-13 17:48 - 000115776 ____A [0504EACAFF0D3C8AED161C4B0D369D4A] (LSI Corporation) C:\Windows\System32\Drivers\lsi_scsi.sys
2009-07-13 15:26 - 2009-07-13 15:26 - 000113152 ____A [43D0F98E1D56CCDDB0D5254CFF7B356E] (Microsoft Corporation) C:\Windows\System32\Drivers\luafv.sys
2009-07-13 16:01 - 2009-07-13 16:01 - 000022016 ____A [3C9F072F9DCA856B9FB7A20CBD4281AC] (Microsoft Corporation) C:\Windows\System32\Drivers\mcd.sys
2009-06-10 12:37 - 2009-07-13 17:48 - 000035392 ____A [A55805F747C6EDB6A9080D7C633BD0F4] (LSI Corporation) C:\Windows\System32\Drivers\megasas.sys
2009-07-13 13:59 - 2009-07-13 17:48 - 000284736 ____A [BAF74CE0072480C3B6B7C13B2A94D6B3] (LSI Corporation, Inc.) C:\Windows\System32\Drivers\MegaSR.sys
2006-11-10 04:50 - 2006-11-10 04:50 - 000016382 ____A [647D818C6FC82F385EBFBBD4FB2DEF6D] () C:\Windows\System32\Drivers\merlinC.rom
2009-07-13 16:10 - 2009-07-13 16:10 - 000040448 ____A [800BA92F7010378B09F9ED9270F07137] (Microsoft Corporation) C:\Windows\System32\Drivers\modem.sys
2009-07-13 15:38 - 2009-07-13 15:38 - 000030208 ____A [B03D591DC7DA45ECE20B3B467E6AADAA] (Microsoft Corporation) C:\Windows\System32\Drivers\monitor.sys
2009-07-13 15:19 - 2009-07-13 17:48 - 000049216 ____A [7D27EA49F3C1F687D357E77A470AEA99] (Microsoft Corporation) C:\Windows\System32\Drivers\mouclass.sys
2009-07-13 16:00 - 2009-07-13 16:00 - 000031232 ____A [D3BF052C40B0C4166D9FD86A4288C1E6] (Microsoft Corporation) C:\Windows\System32\Drivers\mouhid.sys
2015-08-26 10:40 - 2015-07-15 10:15 - 000094656 ____A [67050452C0118BAF2883928E6FCCFE47] (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys
2010-11-20 19:23 - 2010-11-20 19:23 - 000155008 ____A [A44B420D30BD56E145D6A2BC8768EC58] (Microsoft Corporation) C:\Windows\System32\Drivers\mpio.sys
2009-07-13 16:08 - 2009-07-13 16:08 - 000077312 ____A [6C38C9E45AE0EA2FA5E551F2ED5E978F] (Microsoft Corporation) C:\Windows\System32\Drivers\mpsdrv.sys
2016-02-10 06:36 - 2016-01-07 09:42 - 000141312 ____A [D7ADC2B83CA0B0381F75A98351F72CEE] (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2016-08-10 07:33 - 2016-07-08 06:57 - 000159744 ____A [B7FADA5E1E55BB63F90EB9F8F016113B] (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2016-08-10 07:33 - 2016-07-08 06:56 - 000291328 ____A [34AFF1849B3EC042C40C5EEC9D78562A] (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2016-08-10 07:33 - 2016-07-08 06:56 - 000129536 ____A [058CE7A55E140EB0C72FBA6FD2FA72DE] (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2010-11-20 19:23 - 2010-11-20 19:23 - 000031104 ____A [C25F0BAFA182CBCA2DD3C851C2E75796] (Microsoft Corporation) C:\Windows\System32\Drivers\msahci.sys
2010-11-20 19:23 - 2010-11-20 19:23 - 000140672 ____A [DB801A638D011B9633829EB6F663C900] (Microsoft Corporation) C:\Windows\System32\Drivers\msdsm.sys
2009-07-13 15:19 - 2009-07-13 15:19 - 000026112 ____A [AA3FB40E17CE1388FA1BEDAB50EA8F96] (Microsoft Corporation) C:\Windows\System32\Drivers\msfs.sys
2014-11-21 12:19 - 2014-11-21 12:19 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_Kernel_bpenum_01007.Wdf
2014-12-11 19:02 - 2014-12-11 19:02 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2016-09-14 14:19 - 2016-09-14 14:19 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_Kernel_wachidrouter_01009.Wdf
2017-09-20 18:47 - 2017-09-20 18:47 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_Kernel_wachidrouter_01011.Wdf
2016-09-14 14:19 - 2016-09-14 14:19 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_Kernel_wacomrouterfilter_01009.Wdf
2014-11-20 14:24 - 2014-11-20 14:24 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-12-12 20:34 - 2012-11-28 14:56 - 000000003 ____A [933222B19FF3E7EA5F65517EA1F7D57E] () C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2014-12-12 23:16 - 2012-06-02 06:57 - 000000003 ____A [933222B19FF3E7EA5F65517EA1F7D57E] () C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2009-07-13 16:06 - 2009-07-13 16:06 - 000008192 ____A [F9D215A46A8B9753F61767FA72A20326] (Microsoft Corporation) C:\Windows\System32\Drivers\mshidkmdf.sys
2009-07-13 15:19 - 2009-07-13 17:48 - 000015424 ____A [D916874BBD4F8B07BFB7FA9B3CCAE29D] (Microsoft Corporation) C:\Windows\System32\Drivers\msisadrv.sys
2014-12-12 19:14 - 2014-02-03 18:35 - 000274880 ____A [96BB922A0981BC7432C8CF52B5410FE6] (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2009-07-13 16:00 - 2009-07-13 16:00 - 000011136 ____A [49CCF2C4FEA34FFAD8B1B59D49439366] (Microsoft Corporation) C:\Windows\System32\Drivers\mskssrv.sys
2009-07-13 16:00 - 2009-07-13 16:00 - 000007168 ____A [BDD71ACE35A232104DDD349EE70E1AB3] (Microsoft Corporation) C:\Windows\System32\Drivers\mspclock.sys
2009-07-13 16:00 - 2009-07-13 16:00 - 000006784 ____A [4ED981241DB27C3383D72092B618A1D0] (Microsoft Corporation) C:\Windows\System32\Drivers\mspqm.sys
2010-11-20 19:24 - 2010-11-20 19:24 - 000366976 ____A [759A9EEB0FA9ED79DA1FB7D4EF78866D] (Microsoft Corporation) C:\Windows\System32\Drivers\msrpc.sys
2009-07-13 15:31 - 2009-07-13 17:48 - 000032320 ____A [0EED230E37515A0EAEE3C2E1BC97B288] (Microsoft Corporation) C:\Windows\System32\Drivers\mssmbios.sys
2009-07-13 16:00 - 2009-07-13 16:00 - 000008064 ____A [2E66F9ECB30B4221A318C92AC2250779] (Microsoft Corporation) C:\Windows\System32\Drivers\mstee.sys
2009-07-13 16:02 - 2009-07-13 16:02 - 000015360 ____A [7EA404308934E675BFFDE8EDF0757BCD] (Microsoft Corporation) C:\Windows\System32\Drivers\MTConfig.sys
2009-07-13 15:23 - 2009-07-13 17:48 - 000060496 ____A [F9A18612FD3526FE473C1BDA678D61C8] (Microsoft Corporation) C:\Windows\System32\Drivers\mup.sys
2015-11-11 06:37 - 2015-10-12 20:57 - 000950720 ____A [F7309F42555F8AAB7144A51A1F2585B0] (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2009-07-13 16:08 - 2009-07-13 16:08 - 000035328 ____A [9F9A1F53AAD7DA4D6FEF5BB73AB811AC] (Microsoft Corporation) C:\Windows\System32\Drivers\ndiscap.sys
2009-07-13 16:10 - 2009-07-13 16:10 - 000024064 ____A [30639C932D9FEF22B31268FE25A1B6E5] (Microsoft Corporation) C:\Windows\System32\Drivers\ndistapi.sys
2010-11-20 19:24 - 2010-11-20 19:24 - 000056832 ____A [136185F9FB2CC61E573E676AA5402356] (Microsoft Corporation) C:\Windows\System32\Drivers\ndisuio.sys
2010-11-20 19:24 - 2010-11-20 19:24 - 000164352 ____A [53F7305169863F0A2BDDC49E116C2E11] (Microsoft Corporation) C:\Windows\System32\Drivers\ndiswan.sys
2010-11-20 19:24 - 2010-11-20 19:24 - 000057856 ____A [015C0D8E0E0421B4CFD48CFFE2825879] (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2009-07-13 16:09 - 2009-07-13 16:09 - 000044544 ____A [86743D9F5D2B1048062B14B1D84501C4] (Microsoft Corporation) C:\Windows\System32\Drivers\netbios.sys
2016-07-29 08:50 - 2016-05-11 06:58 - 000262144 ____A [E47D571FEC2C76E867935109AB2A770C] (Microsoft Corporation) C:\Windows\System32\Drivers\netbt.sys
2014-12-12 20:31 - 2013-11-26 03:40 - 000376768 ____A [3555BA97171CD153118F73FDCCC8BFDE] (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2009-07-13 13:59 - 2009-07-13 17:48 - 000051264 ____A [77889813BE4D166CDAB78DDBA990DA92] (IBM Corporation) C:\Windows\System32\Drivers\nfrd960.sys
2009-07-13 15:19 - 2009-07-13 15:19 - 000044032 ____A [1E4C4AB5C9B8DD13179BBDC75A2A01F7] (Microsoft Corporation) C:\Windows\System32\Drivers\npfs.sys
2009-07-13 15:21 - 2009-07-13 15:21 - 000024576 ____A [E7F5AE18AF4168178A642A9247C63001] (Microsoft Corporation) C:\Windows\System32\Drivers\nsiproxy.sys
2016-03-09 06:41 - 2016-01-11 11:11 - 001684416 ____A [47B2D0B31BDC3EBE6090228E2BA3764D] (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2009-07-13 15:19 - 2009-07-13 15:19 - 000006144 ____A [9899284589F75FA8724FF3D16AED75C1] (Microsoft Corporation) C:\Windows\System32\Drivers\null.sys
2009-07-13 15:38 - 2009-07-13 17:48 - 000122960 ____A [270D7CD42D6E3979F6DD0146650F0E05] (Microsoft Corporation) C:\Windows\System32\Drivers\NV_AGP.SYS
2014-11-21 12:58 - 2012-07-03 08:25 - 000189288 ____A [1F07B814C0BB5AABA703ABFF1F31F2E8] (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2014-11-21 12:58 - 2013-01-10 17:15 - 011009312 ____A [993D73A8090C957230DE4E14AA9C5DFF] (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2014-12-13 18:32 - 2011-03-10 22:41 - 000148352 ____A [0A92CB65770442ED0DC44834632F66AD] (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2014-12-13 18:32 - 2011-03-10 22:41 - 000166272 ____A [DAB0E87525C10052BF65F06152F37E4A] (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2009-07-13 16:07 - 2009-07-13 16:07 - 000318976 ____A [1EA3749C4114DB3E3161156FFFFA6B33] (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys
2009-07-13 16:06 - 2009-07-13 16:06 - 000072832 ____A [3589478E4B22CE21B41FA1BFC0B8B8A0] (Microsoft Corporation) C:\Windows\System32\Drivers\ohci1394.sys
2010-11-20 19:24 - 2010-11-20 19:24 - 000131584 ____A [0557CF5A2556BD58E26384169D72438D] (Microsoft Corporation) C:\Windows\System32\Drivers\pacer.sys
2009-07-13 16:00 - 2009-07-13 16:00 - 000097280 ____A [0086431C29C35BE1DBC43F52CC273887] (Microsoft Corporation) C:\Windows\System32\Drivers\parport.sys
2014-12-12 19:15 - 2012-03-16 23:58 - 000075120 ____A [E9766131EEADE40A27DC27D2D68FBA9C] (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2010-11-20 19:23 - 2010-11-20 19:23 - 000184704 ____A [94575C0571D1462A0F70BDE6BD6EE6B3] (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys
2009-07-13 15:19 - 2009-07-13 17:45 - 000012352 ____A [B5B8B5EF2E5CB34DF8DCF8831E3534FA] (Microsoft Corporation) C:\Windows\System32\Drivers\pciide.sys
2009-07-13 15:19 - 2009-07-13 17:45 - 000048720 ____A [144497DAA145BA0F7BE896064146C058] (Microsoft Corporation) C:\Windows\System32\Drivers\pciidex.sys
2009-07-13 15:31 - 2009-07-13 17:45 - 000220752 ____A [B2E81D4E87CE48589F98CB8C05B01F2F] (Microsoft Corporation) C:\Windows\System32\Drivers\pcmcia.sys
2009-07-13 15:19 - 2009-07-13 17:45 - 000050768 ____A [D6B9C2E1A11A3A4B26A182FFEF18F603] (Microsoft Corporation) C:\Windows\System32\Drivers\pcw.sys
2015-03-10 13:44 - 2015-02-02 19:19 - 000663552 ____A [ED6E75158D28D33A2E2A020AC5B2B59D] (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2016-01-13 06:44 - 2015-12-08 10:12 - 000230400 ____A [647599CAE8CA0EF2FB09C4B150BC97FF] (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2009-07-13 15:19 - 2009-07-13 15:19 - 000060416 ____A [0D922E23C041EFB1C3FAC2A6F943C9BF] (Microsoft Corporation) C:\Windows\System32\Drivers\processr.sys
2014-11-25 17:36 - 2009-07-09 04:00 - 000055280 ____A [4712CC14E720ECCCC0AA16949D18AAF1] (Sonic Solutions) C:\Windows\System32\Drivers\PxHlpa64.sys
2009-06-10 12:37 - 2009-07-13 17:45 - 001524816 ____A [A53A15A11EBFD21077463EE2C7AFEEF0] (QLogic Corporation) C:\Windows\System32\Drivers\ql2300.sys
2009-07-13 13:59 - 2009-07-13 17:45 - 000128592 ____A [4F6D12B51DE1AAEFF7DC58C4D75423C8] (QLogic Corporation) C:\Windows\System32\Drivers\ql40xx.sys
2009-07-13 16:09 - 2009-07-13 16:09 - 000046592 ____A [76707BB36430888D9CE9D705398ADB6C] (Microsoft Corporation) C:\Windows\System32\Drivers\qwavedrv.sys
2009-07-13 16:10 - 2009-07-13 16:10 - 000014848 ____A [5A0DA8AD5762FA2D91678A8A01311704] (Microsoft Corporation) C:\Windows\System32\Drivers\rasacd.sys
2010-11-20 19:24 - 2010-11-20 19:24 - 000129536 ____A [471815800AE33E6F1C32FB1B97C490CA] (Microsoft Corporation) C:\Windows\System32\Drivers\rasl2tp.sys
2009-07-13 16:10 - 2009-07-13 16:10 - 000092672 ____A [855C9B1CD4756C5E9A2AA58A15F58C25] (Microsoft Corporation) C:\Windows\System32\Drivers\raspppoe.sys
2010-11-20 19:24 - 2010-11-20 19:24 - 000111104 ____A [F92A2C41117A11A00BE01CA01A7FCDE9] (Microsoft Corporation) C:\Windows\System32\Drivers\raspptp.sys
2009-07-13 16:10 - 2009-07-13 16:10 - 000083968 ____A [E8B1E447B008D07FF47D016C2B0EEECB] (Microsoft Corporation) C:\Windows\System32\Drivers\rassstp.sys
2010-11-20 19:24 - 2010-11-20 19:24 - 000309248 ____A [77F665941019A1594D887A74F301FA2F] (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2009-07-13 16:17 - 2009-07-13 16:17 - 000024064 ____A [302DA2A0539F2CF54D7C6CC30C1F2D8D] (Microsoft Corporation) C:\Windows\System32\Drivers\rdpbus.sys
2009-07-13 16:16 - 2009-07-13 16:16 - 000007680 ____A [CEA6CC257FC9B7715F1C2B4849286D24] (Microsoft Corporation) C:\Windows\System32\Drivers\RDPCDD.sys
2009-07-13 16:16 - 2009-07-13 16:16 - 000007680 ____A [BB5971A4F00659529A5C44831AF22365] (Microsoft Corporation) C:\Windows\System32\Drivers\RDPENCDD.sys
2009-07-13 16:16 - 2009-07-13 16:16 - 000008192 ____A [216F3FA57533D98E1F74DED70113177A] (Microsoft Corporation) C:\Windows\System32\Drivers\RDPREFMP.sys
2014-12-12 19:12 - 2014-07-16 17:21 - 000212480 ____A [FE571E088C2D83619D2D48D4E961BF41] (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2010-11-20 19:24 - 2010-11-20 19:24 - 000213888 ____A [34ED295FA0121C241BFEF24764FC4520] (Microsoft Corporation) C:\Windows\System32\Drivers\rdyboost.sys
2009-07-13 16:06 - 2009-07-13 16:06 - 000158720 ____A [3DD798846E2C28102B922C56E71B7932] (Microsoft Corporation) C:\Windows\System32\Drivers\rfcomm.sys
2015-12-09 06:34 - 2015-11-05 01:53 - 000146944 ____A [5BD6B1EC997FF3DD779D62E05D2079A8] (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys
2014-12-12 20:27 - 2012-07-04 12:26 - 000041472 ____A [0E01641D96889BDEB22DE12D30575B08] (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2009-07-13 16:10 - 2009-07-13 16:10 - 000011264 ____A [388D3DD1A6457280F3BADBA9F3ACD6B1] (Microsoft Corporation) C:\Windows\System32\Drivers\rootmdm.sys
2009-07-13 16:08 - 2009-07-13 16:08 - 000076800 ____A [DDC86E4F8E7456261E637E3552E804FF] (Microsoft Corporation) C:\Windows\System32\Drivers\rspndr.sys
2010-09-29 07:01 - 2010-09-29 07:01 - 000695400 ____A [A332DB1DAC07E95667A57AAEEC236C37] (Realtek Semiconductor Corporation ) C:\Windows\System32\Drivers\RTL8192su.sys
2010-11-20 19:23 - 2010-11-20 19:23 - 000103808 ____A [AC03AF3329579FFFB455AA2DAABBE22B] (Microsoft Corporation) C:\Windows\System32\Drivers\sbp2port.sys
2010-11-20 19:24 - 2010-11-20 19:24 - 000029696 ____A [253F38D0D7074C02FF8DEB9836C97D2B] (Microsoft Corporation) C:\Windows\System32\Drivers\scfilter.sys
2010-11-20 19:24 - 2010-11-20 19:24 - 000171392 ____A [1B1E264203D4EF9D3DA1987AD70355AB] (Microsoft Corporation) C:\Windows\System32\Drivers\scsiport.sys
2009-07-13 18:36 - 2009-06-10 12:37 - 000023040 ____A [3EA8A16169C26AFBEB544E0E48421186] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\System32\Drivers\secdrv.sys
2009-07-13 16:00 - 2009-07-13 16:00 - 000023552 ____A [CB624C0035412AF0DEBEC78C41F5CA1B] (Microsoft Corporation) C:\Windows\System32\Drivers\serenum.sys
2009-07-13 16:00 - 2009-07-13 16:00 - 000094208 ____A [C1D8E28B2C2ADFAEC4BA89E9FDA69BD6] (Brother Industries Ltd.) C:\Windows\System32\Drivers\serial.sys
2009-07-13 16:00 - 2009-07-13 16:00 - 000026624 ____A [1C545A7D0691CC4A027396535691C3E3] (Microsoft Corporation) C:\Windows\System32\Drivers\sermouse.sys
2009-07-13 16:35 - 2009-07-13 16:35 - 000012288 ____A [DECACB6921DED1A38642642685D77DAC] (Microsoft Corporation) C:\Windows\System32\Drivers\serscan.sys
2009-07-13 16:01 - 2009-07-13 16:01 - 000014336 ____A [A554811BCD09279536440C964AE35BBF] (Microsoft Corporation) C:\Windows\System32\Drivers\sffdisk.sys
2009-07-13 16:01 - 2009-07-13 16:01 - 000013824 ____A [FF414F0BAEFEBA59BC6C04B3DB0B87BF] (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_mmc.sys
2010-11-20 19:23 - 2010-11-20 19:23 - 000014336 ____A [DD85B78243A19B59F0637DCF284DA63C] (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_sd.sys
2009-07-13 16:01 - 2009-07-13 16:01 - 000016896 ____A [A9D601643A1647211A1EE2EC4E433FF4] (Microsoft Corporation) C:\Windows\System32\Drivers\sfloppy.sys
2009-06-10 12:37 - 2009-07-13 17:45 - 000043584 ____A [843CAF1E5FDE1FFD5FF768F23A51E2E1] (Silicon Integrated Systems Corp.) C:\Windows\System32\Drivers\sisraid2.sys
2009-07-13 13:59 - 2009-07-13 17:45 - 000080464 ____A [6A6C106D42E9FFFF8B9FCB4F754F6DA4] (Silicon Integrated Systems) C:\Windows\System32\Drivers\sisraid4.sys
2009-07-13 16:09 - 2009-07-13 16:09 - 000093184 ____A [548260A7B8654E024DC30BF8A7C5BAA4] (Microsoft Corporation) C:\Windows\System32\Drivers\smb.sys
2009-07-13 16:00 - 2009-07-13 16:00 - 000020992 ____A [A80348BA03E96C70852959655CA3E084] (Microsoft Corporation) C:\Windows\System32\Drivers\smclib.sys
2009-07-13 12:27 - 2009-07-13 17:45 - 000019008 ____A [B9E31E5CACDFE584F34F730A677803F9] (Microsoft Corporation) C:\Windows\System32\Drivers\spldr.sys
2009-06-10 12:48 - 2009-06-10 12:48 - 000426496 ____A [FFF95479C7AB1550F0750A5D01744211] (Microsoft Corporation) C:\Windows\System32\Drivers\spsys.sys
2016-07-29 08:50 - 2016-05-12 06:58 - 000464896 ____A [F2F4B895296EE3ECCE781CC2A296A5D1] (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2016-07-29 08:50 - 2016-05-12 06:58 - 000405504 ____A [FD0008BEDD2723170CCA7D61837DFD52] (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2016-07-29 08:50 - 2016-05-12 06:58 - 000168960 ____A [63B5845D9379262083655D5C6AB8DFC5] (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2009-07-13 13:59 - 2009-07-13 17:45 - 000024656 ____A [F3817967ED533D08327DC73BC4D5542A] (Promise Technology) C:\Windows\System32\Drivers\stexstor.sys
2014-12-12 19:14 - 2014-02-03 18:35 - 000190912 ____A [A3F0BC5897F9D3786A3CB695B163633A] (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2015-06-10 03:52 - 2015-04-10 19:19 - 000069888 ____A [36E0DDD19038C92B7C7709BFA03F813F] (Microsoft Corporation) C:\Windows\System32\Drivers\stream.sys
2009-07-13 16:00 - 2009-07-13 17:45 - 000012496 ____A [D01EC09B6711A5F8E7E6564A4D0FBC90] (Microsoft Corporation) C:\Windows\System32\Drivers\swenum.sys
2017-08-30 18:20 - 2017-08-30 18:20 - 000027136 ____A [134B275751051C5D03F9ACCDC4F8CAAB] (The OpenVPN Project) C:\Windows\System32\Drivers\tap0901.sys
2009-07-13 16:01 - 2009-07-13 16:01 - 000029184 ____A [6E316C01CBA8B785FE495F5CC4F48C6F] (Microsoft Corporation) C:\Windows\System32\Drivers\tape.sys
2014-12-12 20:31 - 2014-04-04 18:47 - 001903552 ____A [04ADD18EE5CC9FBEDAEC1DD1CD0CB45E] (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2014-12-12 20:34 - 2012-10-03 08:07 - 000045568 ____A [1B16D0BD9841794A6E0CDE0CEF744ABC] (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2010-11-20 19:24 - 2010-11-20 19:24 - 000026624 ____A [6F020A220388ECA0AB6062DC27BD16B6] (Microsoft Corporation) C:\Windows\System32\Drivers\tdi.sys
2009-07-13 16:16 - 2009-07-13 16:16 - 000015872 ____A [3371D21011695B16333A3934340C4E7C] (Microsoft Corporation) C:\Windows\System32\Drivers\tdpipe.sys
2014-12-11 19:57 - 2012-02-16 20:57 - 000023552 ____A [51C5ECEB1CDEE2468A1748BE550CFBC8] (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2015-11-11 06:37 - 2015-10-13 08:40 - 000118272 ____A [AA77EB517D2F07A947294F260E3ACA83] (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys
2010-11-20 19:23 - 2010-11-20 19:23 - 000063360 ____A [561E7E1F06895D78DE991E01DD0FB6E5] (Microsoft Corporation) C:\Windows\System32\Drivers\termdd.sys
2015-05-02 15:01 - 2018-04-22 08:30 - 000028272 ____A [0D5A09B08568760AE85A801FCBC0F83D] () C:\Windows\System32\Drivers\TrueSight.sys
2014-12-12 19:12 - 2014-07-16 17:21 - 000039936 ____A [E232A3B43A894BB327FC161529BD9ED1] (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2010-11-20 19:24 - 2010-11-20 19:24 - 000059392 ____A [D11C783E3EF9A3C52C0EBE83CC5000E9] (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2010-11-20 19:23 - 2010-11-20 19:23 - 000031232 ____A [9CC2CCAE8A84820EAECB886D477CBCB8] (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys
2010-11-20 19:24 - 2010-11-20 19:24 - 000125440 ____A [3566A8DAAFA27AF944F5D705EAA64894] (Microsoft Corporation) C:\Windows\System32\Drivers\tunnel.sys
2009-07-13 15:38 - 2009-07-13 17:45 - 000064080 ____A [B4DD609BD7E282BFC683CEC7EAAAAD67] (Microsoft Corporation) C:\Windows\System32\Drivers\UAGP35.SYS
2010-11-20 19:23 - 2010-11-20 19:23 - 000328192 ____A [FF4232A1A64012BAA1FD97C7B67DF593] (Microsoft Corporation) C:\Windows\System32\Drivers\udfs.sys
2009-07-13 15:38 - 2009-07-13 17:45 - 000064592 ____A [4BFE1BC28391222894CBF1E7D0E42320] (Microsoft Corporation) C:\Windows\System32\Drivers\ULIAGPKX.SYS
2010-11-20 19:23 - 2010-11-20 19:23 - 000048640 ____A [DC54A574663A895C8763AF0FA1FF7561] (Microsoft Corporation) C:\Windows\System32\Drivers\umbus.sys
2009-07-13 16:06 - 2009-07-13 16:06 - 000009728 ____A [B2E8E8CB557B156DA5493BBDDCC1474D] (Microsoft Corporation) C:\Windows\System32\Drivers\umpass.sys
2014-11-24 13:03 - 2012-02-07 13:12 - 000041984 ____A [B420192A178C6D7E5773685B3F8C8BF8] (Intel Corporation) C:\Windows\System32\Drivers\USB3Ver.dll
2014-12-12 20:34 - 2013-02-11 20:12 - 000019968 ____A [92B3172E8C14C1444682F510843A9988] (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2014-08-16 00:35 - 2014-08-16 00:35 - 000054784 ____A [5C3BE22E485B9BF11FCEFDC676C728D0] (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl64.sys
2014-12-12 20:34 - 2013-07-12 02:40 - 000109824 ____A [B0435098C81D04CAFFF80DDB746CD3A2] (Microsoft Corporation) C:\Windows\System32\Drivers\USBAUDIO.sys
2010-11-20 19:24 - 2010-11-20 19:24 - 000032896 ____A [292A8E03B3FCE04E39B5BE9B14132030] (Microsoft Corporation) C:\Windows\System32\Drivers\USBCAMD2.sys
2014-12-12 20:27 - 2013-11-26 17:41 - 000099840 ____A [DCA68B0943D6FA415F0C56C92158A83A] (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2014-12-12 20:34 - 2013-07-12 02:41 - 000100864 ____A [80B0F7D5CCF86CEB5D402EAAF61FEC31] (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2014-12-12 20:27 - 2013-11-26 17:41 - 000007808 ____A [FFA06EF43987ED0DD42AD59B260C0C78] (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2014-12-12 20:27 - 2013-11-26 17:41 - 000053248 ____A [18A85013A3E0F7E1755365D287443965] (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2014-12-12 20:27 - 2013-11-26 17:41 - 000343040 ____A [8D1196CFBB223621F2C67D45710F25BA] (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2009-07-13 16:06 - 2009-07-13 16:06 - 000025600 ____A [58E546BBAF87664FC57E0F6081E4F609] (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2014-12-12 20:27 - 2013-11-26 17:41 - 000325120 ____A [12FEB33791920678F8433701C822BCFD] (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2009-07-13 16:38 - 2009-07-13 16:38 - 000025088 ____A [73188F58FB384E75C4063D29413CEE3D] (Microsoft Corporation) C:\Windows\System32\Drivers\usbprint.sys
2010-11-20 19:24 - 2010-11-20 19:24 - 000031744 ____A [C3EC945DEC43C00E2AD4C98DDDD064C7] (Microsoft Corporation) C:\Windows\System32\Drivers\usbrpm.sys
2016-03-09 06:41 - 2016-02-03 10:07 - 000091648 ____A [D029DD09E22EB24318A8FC3D8138BA43] (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2009-07-13 16:06 - 2009-07-13 16:06 - 000030720 ____A [81FB2216D3A60D1284455D511797DB3D] (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2014-12-12 20:34 - 2013-07-12 02:41 - 000185344 ____A [1F775DA4CF1A3A1834207E975A72E9D7] (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2009-07-13 16:01 - 2009-07-13 17:45 - 000036432 ____A [C5C876CCFC083FF3B128F933823E87BD] (Microsoft Corporation) C:\Windows\System32\Drivers\vdrvroot.sys
2009-07-13 15:38 - 2009-07-13 15:38 - 000029184 ____A [53E92A310193CB3C03BEA963DE7D9CFC] (Microsoft Corporation) C:\Windows\System32\Drivers\vga.sys
2009-07-13 15:38 - 2009-07-13 15:38 - 000029184 ____A [DA4DA3F5E02943C2DC8C6ED875DE68DD] (Microsoft Corporation) C:\Windows\System32\Drivers\vgapnp.sys
2010-11-20 19:23 - 2010-11-20 19:23 - 000215936 ____A [2CE2DF28C83AEAF30084E1B1EB253CBB] (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys
2014-11-21 12:03 - 2012-07-06 21:47 - 002201744 ____A [9A58A8185FE11D13A99725E9151F92D1] (VIA Technologies, Inc.) C:\Windows\System32\Drivers\viahduaa.sys
2009-07-13 15:19 - 2009-07-13 17:45 - 000017488 ____A [E5689D93FFE4E5D66C0178761240DD54] (VIA Technologies, Inc.) C:\Windows\System32\Drivers\viaide.sys
2009-07-13 15:38 - 2009-07-13 15:38 - 000129024 ____A [E7353D59C9842BC7299FAEB7E7E09340] (Microsoft Corporation) C:\Windows\System32\Drivers\videoprt.sys
2010-11-20 19:23 - 2010-11-20 19:23 - 000071552 ____A [D2AAFD421940F640B407AEFAAEBD91B0] (Microsoft Corporation) C:\Windows\System32\Drivers\volmgr.sys
2010-11-20 19:24 - 2010-11-20 19:24 - 000363392 ____A [A255814907C89BE58B79EF2F189B843B] (Microsoft Corporation) C:\Windows\System32\Drivers\volmgrx.sys
2010-11-20 19:23 - 2010-11-20 19:23 - 000295808 ____A [0D08D2F3B3FF84E433346669B5E0F639] (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2009-06-10 12:37 - 2009-07-13 17:45 - 000161872 ____A [5E2016EA6EBACA03C04FEAC5F330D997] (VIA Technologies Inc.,Ltd) C:\Windows\System32\Drivers\vsmraid.sys
2009-07-13 16:07 - 2009-07-13 16:07 - 000024576 ____A [36D4720B72B5C5D9CB2B9C29E9DF67A1] (Microsoft Corporation) C:\Windows\System32\Drivers\vwifibus.sys
2009-07-13 16:07 - 2009-07-13 16:07 - 000059904 ____A [6A3D66263414FF0D6FA754C646612F3F] (Microsoft Corporation) C:\Windows\System32\Drivers\vwififlt.sys
2009-07-13 16:07 - 2009-07-13 16:07 - 000017920 ____A [6A638FC4BFDDC4D9B186C28C91BD1A01] (Microsoft Corporation) C:\Windows\System32\Drivers\vwifimp.sys
2010-05-20 15:26 - 2010-05-20 15:26 - 002060144 ____A [C366AE91D2CC2C1C25380061D235C36B] (Microsoft Corporation) C:\Windows\System32\Drivers\VX3000.sys
2009-07-13 16:02 - 2009-07-13 16:02 - 000027776 ____A [4E9440F4F152A7B944CB1663D3935A3E] (Microsoft Corporation) C:\Windows\System32\Drivers\wacompen.sys
2010-11-20 19:24 - 2010-11-20 19:24 - 000088576 ____A [356AFD78A6ED4457169241AC3965230C] (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2009-07-13 15:37 - 2009-07-13 15:37 - 000042496 ____A [FC438D1430B28618E2D0C7C332A710AD] (Microsoft Corporation) C:\Windows\System32\Drivers\watchdog.sys
2009-07-13 15:19 - 2009-07-13 17:45 - 000021056 ____A [72889E16FF12BA0F235467D6091B17DC] (Microsoft Corporation) C:\Windows\System32\Drivers\wd.sys
2008-05-06 17:06 - 2008-05-06 17:06 - 000014464 ____A [A3D04EBF5227886029B4532F20D026F7] (Western Digital Technologies) C:\Windows\System32\Drivers\wdcsam64.sys
2014-12-12 20:34 - 2013-06-25 14:55 - 000785624 ____A [E2C933EDBC389386EBE6D2BA953F43D8] (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2016-09-14 14:17 - 2012-12-11 14:12 - 001721576 ____A [4DA5DA193E0E4F86F6F8FD43EF25329A] (Microsoft Corporation) C:\Windows\System32\Drivers\wdfcoinstaller01009.dll
2014-12-12 20:34 - 2012-11-28 14:56 - 000054376 ____A [AEA0A67275CFBA0E463E00C6E9A1DDAE] (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2009-07-13 16:09 - 2009-07-13 16:09 - 000012800 ____A [611B23304BF067451A9FDEE01FBDD725] (Microsoft Corporation) C:\Windows\System32\Drivers\wfplwf.sys
2009-07-13 15:29 - 2009-07-13 17:45 - 000022096 ____A [05ECAEC3E4529A7153B3136CEB49F0EC] (Microsoft Corporation) C:\Windows\System32\Drivers\wimmount.sys
2009-07-13 15:31 - 2009-07-13 15:31 - 000014336 ____A [F6FF8944478594D0E414D3F048F0D778] (Microsoft Corporation) C:\Windows\System32\Drivers\wmiacpi.sys
2009-07-13 15:19 - 2009-07-13 17:45 - 000016464 ____A [FC146F46872D4C5B529B89A5131FD1E6] (Microsoft Corporation) C:\Windows\System32\Drivers\wmilib.sys
2009-07-13 16:10 - 2009-07-13 16:10 - 000021504 ____A [6BCC1D7D2FD2453957C5479A32364E52] (Microsoft Corporation) C:\Windows\System32\Drivers\ws2ifsl.sys
2009-07-13 16:39 - 2009-07-13 16:39 - 000023040 ____A [8D918B1DB190A4D9B1753A66FA8C96E8] (Microsoft Corporation) C:\Windows\System32\Drivers\WSDPrint.sys
2009-07-13 16:35 - 2009-07-13 16:35 - 000025088 ____A [4A2A5C50DD1A63577D3ACA94269FBC7F] (Microsoft Corporation) C:\Windows\System32\Drivers\WSDScan.sys
2014-12-12 23:17 - 2012-07-25 18:26 - 000087040 ____A [AB886378EEB55C6C75B4F2D14B6C869F] (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2014-12-12 23:17 - 2012-07-25 18:26 - 000198656 ____A [DDA4CAF29D8C0A297F886BFE561E6659] (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2011-04-12 00:17 - 2016-04-13 12:35 - 000000000 ____D [00000000000000000000000000000000] () C:\Windows\System32\Drivers\en-US
2011-04-12 00:17 - 2011-04-12 00:17 - 000011776 ____A [54DB21D20958E3D690BCC9F85E760354] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\1394ohci.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000009216 ____A [32022C811A44B86FF45D20ACAB6D9BF6] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\acpi.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000014848 ____A [E6A5E6AD9C6F4F30061068F321C0EC5A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\afd.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000002560 ____A [112E5E0E93886F5F4662F8AB16A41953] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\AGP440.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000002048 ____A [431EEF89634DC46CCADD489A5E242D96] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\amdide.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000014336 ____A [5A407CCC623EF4748FCFD65D8BF36E53] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\amdk8.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000014336 ____A [02EF6091D3B2E3DD52148D69B084CC6A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\amdppm.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000003072 ____A [0AB55BC2F5C3B1F6DD41C4A8F2C598AE] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ataport.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000003072 ____A [2990593CBE18904D5EC0D8D012F56BE0] (ATI Technologies Inc.) C:\Windows\System32\Drivers\en-US\atikmdag.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000007168 ____A [39C77D306B5BC4EE5B84F257BD8C11D4] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\battc.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000025600 ____A [D33E31F95C553085F8F008269716AE3C] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bfe.dll.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000002560 ____A [19772EAF65F4DC67D258A0204BDF53BB] (Brother Industries Ltd.) C:\Windows\System32\Drivers\en-US\BrParwdm.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000010240 ____A [E2D40298D837850BE3D3ED553D557916] (Brother Industries Ltd.) C:\Windows\System32\Drivers\en-US\BrSerIb.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000010240 ____A [FFFAE2F485EE4846D3926D8143DC52D0] (Brother Industries Ltd.) C:\Windows\System32\Drivers\en-US\BrSerId.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000002048 ____A [996AD950DC5511CAC3E23887F36D00CE] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bthenum.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000004608 ____A [9F6C0ED8C73E45B8B39E93C4F19EC51D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bthpan.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000007680 ____A [E811F270074C90EFFB62E26419C5A478] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bthport.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000002560 ____A [427AFD042BF91F651AAAF2F8333946D3] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\BTHUSB.SYS.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000002048 ____A [E4AD0963F2B4C256C9B752809FF5A17D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\cdrom.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000002048 ____A [E113E3358247C4399ACAA9394A13CAC1] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\disk.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000002560 ____A [4DF602FA4237A02CFBA5443807ACE756] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\Dot4usb.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000005120 ____A [9F29D656CAA5CB37DC988FC1B0899728] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\fltmgr.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000014336 ____A [F376F1DB8D6B5C7D4AACA77016547269] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\fvevol.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000002560 ____A [F800E677010DCCC1D1F3DD80C1208ADD] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\GAGP30KX.SYS.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000004096 ____A [CF9ED88D2707FB6175D56A8EEF56AE2A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\hdaudbus.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000003072 ____A [C9AFAE18805C92774E55D85C34687D98] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\HdAudio.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000003072 ____A [6289F615503FABB5721E885F76C21094] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\hidbth.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000032256 ____A [E7385B794486432C74CA8CBEAE1E957C] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\http.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000010240 ____A [7932917F9F40083310D3C597CA89138A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\i8042prt.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000014336 ____A [A9DAE67F67C8736EAB89BE629A100134] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\intelppm.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000006144 ____A [32E82AD8C30775AF16F8FCB6B233768E] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\IPMIDrv.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000003584 ____A [13121C32919056A572109E59591E3DD1] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ipnat.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000003584 ____A [095EE8818E7CFEEFCA144737D5EE7EC5] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\isapnp.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000004608 ____A [07E46CC39BDC4296D798560E248C4C8F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\kbdclass.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000002560 ____A [7776875C8810B7995B7F8935A73C5675] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\kbdhid.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000006144 ____A [09654F384E8F48403AFEED23EC29D98A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\luafv.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000003584 ____A [B9D5D5C08D86E45933607821949F64A3] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\modem.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000004096 ____A [586AF4C75447643EA998E7AFE717F6B3] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mouclass.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000002560 ____A [A15D1C07F7CF3AF5F8595187D7B2D7BA] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mouhid.sys.mui
2015-08-26 10:40 - 2015-07-15 10:02 - 000002560 ____A [DCB0BF8BEDF446B36EE1A77C0D86F31F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mountmgr.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000026624 ____A [5824985855E951FD7081EDA73014159F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mpio.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000005632 ____A [21DDE99325EE591D56E838F65372FCDC] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\msdsm.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000003072 ____A [21AD775A1C84C086E630D3C8BEE807FF] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mssmbios.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000002560 ____A [CD483881C9EEAA0A092BADB0E9E31D44] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\MTConfig.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000035328 ____A [C3DB52AAA8F7FBE7BB48BBE1552FD9D4] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ndis.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000005632 ____A [0E5C3B2A88938BFA39A3660525EED627] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ndiscap.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000003072 ____A [82364E6C73DE7B0D9A14ED696663691D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ndisuio.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000059904 ____A [826CC149F7AE403090D8EE13421907D3] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ntfs.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000002560 ____A [402C5F373E3348172A21E2C4E47FE9A5] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\NV_AGP.SYS.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000013824 ____A [4A911620A8D4A92B4829088313262C65] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\nwifi.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000011776 ____A [FCF1928FC42F3FF495AABBF531925912] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ohci1394.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000015360 ____A [FE8EE46359CCA5797116E999AC9027E8] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pacer.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000003584 ____A [1897DD879E564636B62C7438BEDD7ED8] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\parport.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000002560 ____A [5B7B4A639557BCCBF6CFB19D01CED6F6] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\partmgr.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000008192 ____A [852A0E7E335D7403456C5493C3602DFA] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pci.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000004096 ____A [C4179FB59F7C58207724DD200A50A623] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pcmcia.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000002560 ____A [A32BF5D2ABCE0A52AC08759883100FA1] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pnpmem.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000003584 ____A [FD3DC59E253F1588CFDC984A08D5AB06] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\portcls.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000014336 ____A [12EE9100FC4EE882DC9D807518EA456F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\processr.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000003584 ____A [9AE150B07FBB235F7DD98B016B728245] (SCM Microsystems, Inc.) C:\Windows\System32\Drivers\en-US\pscr.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000002560 ____A [EBF10A20E41E54D35E24BB1477B3790A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\qwavedrv.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000004608 ____A [836EC1DA853C3CC5AFA72FF1C56FECC1] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rdbss.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000002560 ____A [6289416B950764322B45E9C55A5645B4] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rdpwd.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000003072 ____A [0A86155D9CF13C36C1C11097895B7D23] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\RNDISMP.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000003072 ____A [69A5BEFB6D15DB21FEA9ACC7E514B29E] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rndismp6.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000003072 ____A [0A86155D9CF13C36C1C11097895B7D23] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rndismpx.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000002560 ____A [68A170329824FD91839D15DA6CB616C8] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\scfilter.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000003072 ____A [67BDCDBBB8FB81865DCDB07142471C81] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\scsiport.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000010240 ____A [28FDCD5276E588B1C82E8390C331A672] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\serial.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000005120 ____A [EC3DB882F53F67457701F2674E16A255] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\sermouse.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000002560 ____A [531E4F70FCD5D5A278EAB6E2D1849847] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\serscan.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000002560 ____A [8B900D6E6253E72975747D40F0B4CE4D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\srv.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000044032 ____A [147A70680DFE10726938C932C529C500] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tcpip.sys.mui
2016-04-13 06:00 - 2016-02-05 10:53 - 000008192 ____A [132547D30ECBC0DEE0E52A4B1F19D085] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tpm.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000003072 ____A [21F72D8267B7CADE3A734212E5B6B8B4] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tsusbflt.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000007680 ____A [00D0ADEB9470F4E73C675F4271579AEE] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tunnel.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000002560 ____A [258EE691A306B61FD78F6EA2AE68EC4D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\UAGP35.SYS.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000002560 ____A [0603331E5CCDC80476C869C22AB49CEC] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ULIAGPKX.SYS.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000003072 ____A [B1EF6396D59394A839242635B193C19D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\umbus.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000011776 ____A [293E4A13C5D84CC4AF49EF3DC1CF1EA2] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbhub.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000024576 ____A [DC9385D41849D0D7E357B34E3C157B52] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbport.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000002048 ____A [A477495EDAB1FC652C3E7F48D9879E61] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\usbrpm.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000003584 ____A [B6CBD22F79E099E7B9C7AD30B0EB3E33] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\vdrvroot.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000003584 ____A [9EA0366724437C0448BC242C90D073BF] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\vhdmp.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000002560 ____A [8B43588430EBA0E1C4C6B2909B3FA616] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\volmgrx.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000023552 ____A [308E04CFA8407B0C7099C9D40BC19023] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\volsnap.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000002048 ____A [AC0CDAA74A6DF9FA99D39BA5E3E32852] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\vwifibus.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000004096 ____A [4820660F8636CA590F6DDE44037C240A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wacompen.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000002048 ____A [29F6CD4D49286520658A9F8257DB95ED] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wd.sys.mui
2014-12-12 23:35 - 2012-07-25 20:47 - 000002560 ____A [986A09DC5E1645ED4733065547DCC5DD] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wdf01000.sys.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000002048 ____A [FA13EB401D8A26D185C6D0B2AA1427E5] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ws2ifsl.sys.mui
2009-07-13 19:20 - 2016-09-01 07:56 - 000000000 ____D [00000000000000000000000000000000] () C:\Windows\System32\Drivers\etc
2009-07-13 18:34 - 2017-10-05 20:19 - 000000886 ____A [F54FF40965EF31D9A25CEB1970016FE1] () C:\Windows\System32\Drivers\etc\hosts
2009-07-13 18:34 - 2015-12-31 23:58 - 000000031 ____A [84C0CB49CC90E97E8A6AA68066E7C302] () C:\Windows\System32\Drivers\etc\hosts_bak_7
2015-11-11 14:49 - 2016-01-14 17:33 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\etc\lmhosts
2009-07-13 18:35 - 2009-06-10 13:00 - 000003683 ____A [18413B90E1B291EC3E777A845C37CFEE] () C:\Windows\System32\Drivers\etc\lmhosts.sam
2009-07-13 18:34 - 2009-06-10 13:00 - 000000407 ____A [B65A1232FB4B35827CE7C5E2F8EC8947] () C:\Windows\System32\Drivers\etc\networks
2009-07-13 18:34 - 2009-06-10 13:00 - 000001358 ____A [7700D22FA108234E623D65FA72D9E29C] () C:\Windows\System32\Drivers\etc\protocol
2009-07-13 18:34 - 2009-06-10 13:00 - 000017463 ____A [D9E1A01B480D961B7CF0509D597A92D6] () C:\Windows\System32\Drivers\etc\services
2009-07-13 19:20 - 2015-04-26 14:33 - 000000000 ____D [00000000000000000000000000000000] () C:\Windows\System32\Drivers\UMDF
2009-07-13 16:21 - 2009-07-13 17:41 - 000299520 ____A [91D6F0AB79AA36FFB932157865206F35] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\WpdFs.dll
2011-04-12 00:17 - 2011-04-12 00:17 - 000000000 ____D [00000000000000000000000000000000] () C:\Windows\System32\Drivers\UMDF\en-US
2011-04-12 00:17 - 2011-04-12 00:17 - 000002560 ____A [5D15B0705E707F02D71B9547007D2727] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\WpdMtpDr.dll.mui
2011-04-12 00:17 - 2011-04-12 00:17 - 000006144 ____A [930D103D5C3BE0F6074C67C0F3296602] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\WUDFUsbccidDriver.dll.mui

====== End of Folder: ======


========= Reg query "HKLM\SYSTEM\Select" =========


HKEY_LOCAL_MACHINE\SYSTEM\Select
    Current    REG_DWORD    0x1
    Default    REG_DWORD    0x1
    Failed    REG_DWORD    0x0
    LastKnownGood    REG_DWORD    0x2



========= End of Reg: =========

Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

========= RemoveProxy: =========

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh advfirewall reset =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003
Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003
Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset C:\resettcpip.txt =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

Failed to clear log DebugChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.

========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{4D903AE9-425C-46AE-85F4-F6F084EBE7F4} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11248242 B
Java, Flash, Steam htmlcache => 716 B
Windows/system/drivers => 686010 B
Edge => 0 B
Chrome => 23598355 B
Firefox => 20814571 B
Opera => 182272 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 1058 B
systemprofile32 => 33056 B
LocalService => 66563 B
NetworkService => 33058 B
Michael => 22825057 B
UpdatusUser => 0 B
Scrub => 531797674 B
Classic .NET AppPool => 0 B
DefaultAppPool => 33058 B

RecycleBin => 0 B
EmptyTemp: => 591 MB temporary data Removed.

================================
 



#6 Michael Ortega

Michael Ortega
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:39 PM

Posted 23 April 2018 - 01:33 PM

# -------------------------------
# Malwarebytes AdwCleaner 7.1.0.0
# -------------------------------
# Build:    04-12-2018
# Database: 2018-04-11.1
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-23-2018
# Duration: 00:00:03
# OS:       Windows 7 Ultimate
# Cleaned:  12
# Failed:   1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted       C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free YouTube Downloader.lnk
Deleted       C:\Users\Public\Desktop\Free YouTube Downloader.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

Deleted       FromDocToPDF
Deleted       ????? Mail.Ru
Deleted       ???????? ???????? Mail.Ru
Deleted       ?????????? ???????? Mail.Ru
Deleted       ????? Mail.Ru
Deleted       ???????? ???????? Mail.Ru

***** [ Chromium URLs ] *****

Deleted       Ask
Deleted       Ask
Deleted       AOL
Deleted       AOL

***** [ Firefox (and derivatives) ] *****

Not Deleted   MyPrivateSearch

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************


########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 



#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:39 AM

Posted 23 April 2018 - 02:01 PM

Were you successful running ESET online scanner?

Edited by JSntgRvr, 23 April 2018 - 02:06 PM.
typo

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 Michael Ortega

Michael Ortega
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:39 PM

Posted 23 April 2018 - 02:48 PM

running the eset right now



#9 Michael Ortega

Michael Ortega
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:39 PM

Posted 23 April 2018 - 04:09 PM

ESET results

 

C:\Users\Michael\Downloads\ccsetup528.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    
C:\Users\Michael\Downloads\ccsetup536.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    
C:\Users\Michael\Downloads\Desktop\Security\ccsetup530.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    
Autostart locations    Win32/Bundled.Toolbar.Google.D potentially unsafe application  



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:39 AM

Posted 23 April 2018 - 05:30 PM

Those are false positives. Run RogueKiller and post its report to confirm.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:39 AM

Posted 26 April 2018 - 08:51 AM

Are you still with us?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:39 AM

Posted 02 May 2018 - 01:43 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users