Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Embedded Rootkit has my computer under control!


  • This topic is locked This topic is locked
16 replies to this topic

#1 Rootkiller

Rootkiller

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 26 April 2018 - 10:47 AM

I have a Embedded Rootkit that has my computer under control! Will not let me reinstall Win Vista, I tried fixing the MBR, Flashed the Bios! I tried running rootkit programs and it stops the programs from running!! Will not let me run Rootkit reveal, stops Combo fix by saying it's out of date and so on, tried to run Partition manager to clean the drive and was unable!!When I try to reinstall Win vista it goes thru the process of installing, but will not install a new copy of Win!! It does not ask for the product key!!! I know it's still their!!! I have more then one computer that is infected, also it infected my external hard drive!! My computers are Dell and one of them has Dell recovery partition in tect!! but I'm not able to restore to factory settings!!! Are the computers TOAST?? Walt



BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 24,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:18 AM

Posted 26 April 2018 - 11:55 AM

From your post am I correct in assuming you have a Vista Disk with a key to reinstall Vista?



#3 Rootkiller

Rootkiller
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 26 April 2018 - 12:08 PM

Yes I do!!! I also tried install Win XP and it went in to saving my computer ha ha ha!! Also tried Win 10 it will not let me install, tried repairing Windows and no success!! Just tried running FRST.exe and it stopped the program. Not responding!!! it is evolving, every time I kick in the side it fixes the entry and stops the program from running! Not able to do anything in Save mode!! The scammers called me from Windows tech support , it shows you have a  Virus let us help you!! "888-623-3522" i don't know if this helps to determine what Rootkit I have on the computer. Thanks



#4 JohnC_21

JohnC_21

  • Members
  • 24,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:18 AM

Posted 26 April 2018 - 12:18 PM

FYI as you know Vista is no longer supported with Security Updates from Microsoft and therefore is vulnerable to malware attacks.

 

The following will completely wipe the disk so if you have any data back it up first. You may also need to download some drivers after install.

 

Boot the Vista Disk. When you get to the Window asking for a language press the Shift + F10 key which will open a command prompt window. Type the following commands.

 

diskpart

list disk

select disk X       Where X is the number of the drive you will be installing Vista to. Make sure you have selected the correct disk as it will be                                                 wiped. On a single disk computer this will be 0

clean all              This will zero wipe the disk and depending on the size will take some time. It finishes when you see the prompt again

convert MBR       Initializes the disk as a MBR partition table. If you get an error ignore it

exit                      exits diskpart

exit                      exits command prompt

 

Continue with the install. Select Custom Install. You will see your disk as unallocated. Click next and Windows will automatically partition and format the drive.


Edited by JohnC_21, 26 April 2018 - 12:19 PM.


#5 Rootkiller

Rootkiller
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 26 April 2018 - 01:38 PM

Yes I know I have win 7 upgrade disk but it not worth the trouble to upgrade with the Rootkit having control of the computer. Just went thru the process you asked me to perform!! at list disk all I have is disk 0, so I selected disk 0 and it says" The selected disk neccessary to the oparation of your computer, and may not be cleaned!!!! So as you can see it will not let me perform any tasks.

At comand promt. X:\sources  > diskpart > list disk > it lists disk 0   The selected disk neccessary to the oparation of your computer, and may not be cleaned!!!!      am I in the right place??? Or is it playing games with me?? I finally ran FRST.exe  ho do I send the Notpad information to and how. Sorry this the only way I know to send it to you! Thanks Walt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23.04.2018
Ran by Walt (administrator) on WALT-PC (26-04-2018 10:46:18)
Running from C:\Users\Walt\Downloads
Loaded Profiles: Walt (Available Profiles: Walt)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(INCA Internet Co., Ltd.) C:\Program Files\INCAInternet\nProtect MBR Guard\nPMBRSvc.exe
(INCA Internet Co., Ltd.) C:\Program Files\INCAInternet\nProtect MBR Guard\nPMBRGuard.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [nPMBRGuard] => C:\Program Files\INCAInternet\nProtect MBR Guard\nPMBRGuard.exe [616752 2013-03-28] (INCA Internet Co., Ltd.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-25] (AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{C1970AC4-C7DB-4BE3-9949-5098FC23783E}: [DhcpNameServer] 71.10.216.1 71.10.216.2
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1390778279-201454918-2172237936-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-04-25] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2018-04-25] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2018-04-25] (Google Inc.)
 
FireFox:
========
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-04-25] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-04-25] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Walt\AppData\Local\Google\Chrome\User Data\Default [2018-04-26]
CHR Extension: (Slides) - C:\Users\Walt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-25]
CHR Extension: (Docs) - C:\Users\Walt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-25]
CHR Extension: (Google Drive) - C:\Users\Walt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-25]
CHR Extension: (YouTube) - C:\Users\Walt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-25]
CHR Extension: (Sheets) - C:\Users\Walt\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-25]
CHR Extension: (Google Docs Offline) - C:\Users\Walt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Walt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-25]
CHR Extension: (Gmail) - C:\Users\Walt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-25]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5947256 2018-04-25] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-25] (AVAST Software)
R2 MBRGuardSvc; C:\Program Files\INCAInternet\nProtect MBR Guard\nPMBRSvc.exe [211248 2013-03-20] (INCA Internet Co., Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S3 FBQVOB; C:\Users\Walt\AppData\Local\Temp\FBQVOB.exe [X] <==== ATTENTION
S3 XGUJ; C:\Users\Walt\AppData\Local\Temp\XGUJ.exe [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167040 2018-04-25] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [185432 2018-04-25] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [157368 2018-04-25] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [276688 2018-04-25] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [50336 2018-04-25] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [180984 2018-04-25] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-04-25] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [124392 2018-04-25] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr.sys [70576 2018-04-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [70816 2018-04-25] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783600 2018-04-25] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [391856 2018-04-25] (AVAST Software)
S3 aswStmXP; C:\Windows\System32\drivers\aswStmXP.sys [205352 2018-04-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-04-25] (AVAST Software)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [62496 2010-03-08] (ITE Tech. Inc. )
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [280096 2009-03-08] (Creative Technology Ltd.)
R1 TKDac; C:\Windows\system32\tkdacxp.sys [144496 2013-07-16] (INCA Internet Co., Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 catchme; \??\C:\Users\Walt\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\drivers\acpi.sys FCB8C7210F0135E24C6580F7F649C73C
C:\Windows\system32\drivers\adp94xx.sys 04F0FCAC69C7C71A3AC4EB97FAFC8303
C:\Windows\system32\drivers\adpahci.sys 60505E0041F7751BDBB80F88BF45C2CE
C:\Windows\system32\drivers\adpu160m.sys 8A42779B02AEC986EAB64ECFC98F8BD7
C:\Windows\system32\drivers\adpu320.sys 241C9E37F8CE45EF51C3DE27515CA4E5
C:\Windows\system32\drivers\afd.sys 48EB99503533C27AC6135648E5474457
C:\Windows\system32\drivers\agp440.sys 13F9E33747E6B41A3FF305C37DB0D360
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys 9EAEF5FC9B8E351AFA7E78A6FAE91F91
C:\Windows\system32\drivers\amdagp.sys C47344BC706E5F0B9DCE369516661578
C:\Windows\system32\drivers\amdide.sys 9B78A39A4C173FDBC1321E0DD659B34C
C:\Windows\system32\drivers\amdk7.sys 18F29B49AD23ECEE3D2A826C725C8D48
C:\Windows\system32\drivers\amdk8.sys 93AE7F7DD54AB986A6F1A1B37BE7442D
C:\Windows\system32\drivers\arc.sys 5D2888182FB46632511ACEE92FDAD522
C:\Windows\system32\drivers\arcsas.sys 5E2A321BD7C8B3624E41FDEC3E244945
C:\Windows\System32\drivers\aswArPot.sys 7B57D5B48E423E5C8041F3832F96970D
C:\Windows\System32\drivers\aswbidsdriverx.sys 16E60D96CB0E11B73997DDA210FC4FB8
C:\Windows\System32\drivers\aswbidshx.sys E52E0E9726F8088062B18E0CE844515E
C:\Windows\System32\drivers\aswblogx.sys FD1562BA6BCDF9B325D93CF473B67964
C:\Windows\System32\drivers\aswbunivx.sys 113E9BB40A08C00731A48BC8C486920A
C:\Windows\System32\drivers\aswHdsKe.sys 5998C6DCB45F11723D8B734F47B7C439
C:\Windows\System32\drivers\aswHwid.sys D71E938750DB65232F4627C567CD3558
C:\Windows\System32\drivers\aswMonFlt.sys F24A2F4991AEB5BE6F37B5B45DB2CC96
C:\Windows\System32\drivers\aswRdr.sys E555DC6049FD4EC3F08AAF73DBC11629
C:\Windows\System32\drivers\aswRvrt.sys 0FCC656DEBCB9A1E8A15A4E079A7E715
C:\Windows\System32\drivers\aswSnx.sys C4E71D0C0A458EE02ACF83F0E276DBC5
C:\Windows\System32\drivers\aswSP.sys 3CA1F217418AC2C550C522BE87074530
C:\Windows\System32\drivers\aswStmXP.sys C16AE4603C7F9D1A6220EF56DC35947B
C:\Windows\System32\drivers\aswVmm.sys 816C82EC821BEE17C3F973D74487D094
C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1
C:\Windows\System32\drivers\atapi.sys 2D9C903DC76A66813D350A562DE40ED9
C:\Windows\System32\DRIVERS\atikmdag.sys 47DCF5D78C395159D72C65C25129FC44
C:\Windows\system32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6
C:\Windows\system32\drivers\blbdrive.sys D4DF28447741FD3D953526E33A617397
C:\Windows\System32\DRIVERS\bowser.sys 8153396D5551276227FA146900F734E6
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A
C:\Windows\System32\DRIVERS\cdrom.sys 1EC25CEA0DE6AC4718BF89F9E1778B57
C:\Windows\System32\DRIVERS\circlass.sys E5D4133F37219DBCFE102BC61072589D
C:\Windows\System32\CLFS.sys 465745561C832B29F7C48B488AAB3842
C:\Windows\System32\DRIVERS\CmBatt.sys 99AFC3795B58CC478FBBBCDC658FCB56
C:\Windows\system32\drivers\cmdide.sys 0CA25E686A4928484E9FDABD168AB629
C:\Windows\System32\DRIVERS\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A
C:\Windows\System32\drivers\crcdisk.sys 741E9DFF4F42D2D8477D0FC1DC0DF871
C:\Windows\system32\drivers\crusoe.sys 1F07BECDCA750766A96CDA811BA86410
C:\Windows\System32\Drivers\dfsc.sys A3E9FA213F443AC77C7746119D13FEEC
C:\Windows\System32\drivers\disk.sys 64109E623ABD6955C8FB110B592E68B7
C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80
C:\Windows\System32\drivers\dxgkrnl.sys 85F33880B8CFB554BD3D9CCDB486845A
C:\Windows\System32\DRIVERS\E1G60I32.sys 5425F74AC0C1DBD96A1E04F17D63F94C
C:\Windows\System32\drivers\ecache.sys DD2CD259D83D8B72C02C5F2331FF9D68
C:\Windows\system32\drivers\elxstor.sys 23B62471681A124889978F6295B3F4C6
C:\Windows\system32\drivers\errdev.sys 3DB974F3935483555D7148663F726C61
C:\Windows\system32\Drivers\exfat.sys 0D858EB20589A34EFB25695ACAA6AA2D
C:\Windows\system32\Drivers\fastfat.sys 3C489390C2E2064563727752AF8EAB9E
C:\Windows\System32\DRIVERS\fdc.sys AFE1E8B9782A0DD7FB46BBD88E43F89A
C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F
C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE
C:\Windows\System32\DRIVERS\flpydisk.sys 85B7CF99D532820495D68D747FDA9EBD
C:\Windows\System32\drivers\fltmgr.sys 05EA53AFE985443011E36DAB07343B46
C:\Windows\system32\Drivers\Fs_Rec.sys 65EA8B77B5851854F0C55C43FA51A198
C:\Windows\system32\drivers\gagp30kx.sys 34582A6E6573D54A07ECE5FE24A126B5
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys C87B1EE051C0464491C1A7B03FA0BC99
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidir.sys D8DF3722D5E961BAA1292AA2F12827E2
C:\Windows\System32\DRIVERS\hidusb.sys 854CA287AB7FAF949617A788306D967E
C:\Windows\system32\drivers\hpcisss.sys 16EE7B23A009E00D835CDB79574A91A6
C:\Windows\System32\drivers\HTTP.sys 96E241624C71211A79C84F50A8E71CAB
C:\Windows\system32\drivers\i2omp.sys C6B032D69650985468160FC9937CF5B4
C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\system32\drivers\iastorv.sys 54155EA1B0DF185878E0FC9EC3AC3A14
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys 83AA759F3189E6370C30DE5DC5590718
C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF
C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3
C:\Windows\system32\drivers\ipmidrv.sys B25AAF203552B7B3491139D582B39AD1
C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68
C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9
C:\Windows\system32\drivers\isapnp.sys 6C70698A3E5C4376C6AB5C7C17FB0614
C:\Windows\System32\DRIVERS\msiscsi.sys F247EEC28317F6C739C16DE420097301
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\itecir.sys 20425664E2E196D339CA877E0387C023
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E
C:\Windows\System32\DRIVERS\kbdhid.sys 18247836959BA67E3511B62846B9C2E0
C:\Windows\System32\Drivers\ksecdd.sys 7A0CF7908B6824D6A2A1D313E5AE3DCA
C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6
C:\Windows\system32\drivers\lsi_fc.sys C7E15E82879BF3235B559563D4185365
C:\Windows\system32\drivers\lsi_sas.sys EE01EBAE8C9BF0FA072E0FF68718920A
C:\Windows\system32\drivers\lsi_scsi.sys 912A04696E9CA30146A62AFA1463DD5C
C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC
C:\Windows\system32\drivers\megasas.sys 0001CE609D66632FA17B84705F658879
C:\Windows\system32\drivers\megasr.sys C252F32CD9A49DBFC25ECF26EBD51A99
C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA
C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8
C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263
C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F
C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600
C:\Windows\system32\drivers\mpio.sys 511D011289755DD9F9A7579FB0B064E6
C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3DE84536B6799D2267443CEC8EDBB9
C:\Windows\System32\DRIVERS\mrxsmb.sys 5734A0F2BE7E495F7D3ED6EFD4B9F5A1
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6B5FA5ADFACAC9DBBE0991F4566D7D55
C:\Windows\System32\DRIVERS\mrxsmb20.sys 5C80D8159181C7ABF1B14BA703B01E0B
C:\Windows\System32\drivers\msahci.sys 28023E86F17001F7CD9B15A5BC9AE07D
C:\Windows\system32\drivers\msdsm.sys 4468B0F385A86ECDDAF8D3CA662EC0E7
C:\Windows\system32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515
C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62
C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07
C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E
C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B
C:\Windows\system32\Drivers\MsRPC.sys B5614AECB05A9340AA0FB55BF561CC63
C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C
C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A
C:\Windows\System32\Drivers\mup.sys 6DFD1D322DE55B0B7DB7D21B90BEC49C
C:\Windows\System32\DRIVERS\nwifi.sys 3C21CE48FF529BB73DADB98770B54025
C:\Windows\System32\drivers\ndis.sys 9BDC71790FA08F0A0B5F10462B1BD0B1
C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61
C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389
C:\Windows\System32\DRIVERS\ndiswan.sys 3D14C3B3496F88890D431E8AA022A411
C:\Windows\system32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3
C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78
C:\Windows\System32\DRIVERS\netbt.sys 7C5FEE5B1C5728507CD96FB4A13E7A02
C:\Windows\System32\DRIVERS\NETw5v32.sys 0B214C6A4728F085FB64A29ED9C4DE94
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Npfs.sys ECB5003F484F9ED6C608D6D6C7886CBB
C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF
C:\Windows\system32\Drivers\Ntfs.sys B4EFFE29EB4F15538FD8A9681108492D
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\system32\drivers\nvraid.sys 2EDF9E7751554B42CBB60116DE727101
C:\Windows\system32\drivers\nvstor.sys ABED0C09758D1D97DB0042DBB2688177
C:\Windows\system32\drivers\nv_agp.sys 18BBDF913916B71BD54575BDB6EEAC0B
C:\Windows\System32\DRIVERS\OA001Ufd.sys 2CF21D5F8F1B74BB1922135AC2B12DDB
C:\Windows\System32\DRIVERS\OA001Vid.sys 4075063D25AF9DA64101769854B83787
C:\Windows\System32\DRIVERS\ohci1394.sys 790E27C3DB53410B40FF9EF2FD10A1D9
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3B38467E7C3DAED009DFE359E17F139F
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 01B94418DEB235DFF777CC80076354B4
C:\Windows\system32\drivers\pciide.sys FC175F5DDAB666D7F4D17449A547626F
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1
C:\Windows\system32\drivers\processr.sys 2027293619DD0F047C584CF2E7DF4FFD
C:\Windows\System32\DRIVERS\pacer.sys BFEF604508A0ED1EAE2A73E872555FFB
C:\Windows\system32\drivers\ql2300.sys 0A6DB55AFB7820C99AA1F3A1D270F4F6
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7
C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3
C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0
C:\Windows\System32\DRIVERS\raspppoe.sys 3E9D9B048107B40D87B97DF2E48E0744
C:\Windows\System32\DRIVERS\rassstp.sys A7D141684E9500AC928A772ED8E6B671
C:\Windows\System32\DRIVERS\rdbss.sys 6E1C5D0457622F9EE35F683110E93D14
C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899
C:\Windows\system32\drivers\rdpdr.sys FBC0BACD9C3D7F6956853F64A66E252D
C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C
C:\Windows\system32\Drivers\RDPWD.sys E1C18F4097A5ABCEC941DC4B2F99DB7E
C:\Windows\System32\DRIVERS\rimmptsk.sys C2EF513BBE069F0D4EE0938A76F975D3
C:\Windows\System32\DRIVERS\rimsptsk.sys C398BCA91216755B098679A8DA8A2300
C:\Windows\System32\DRIVERS\rixdptsk.sys 2A2554CB24506E0A0508FC395C4A1B42
C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 126EA89BCC413EE45E3004FB0764888F
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624
C:\Windows\system32\drivers\sffdisk.sys 3EFA810BDCA87F6ECC24F9832243FE86
C:\Windows\system32\drivers\sffp_mmc.sys E95D451F7EA3E583AEC75F3B3EE42DC5
C:\Windows\system32\drivers\sffp_sd.sys 3D0EA348784B7AC9EA9BD9F317980979
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys 1D76624A09A054F682D746B924E2DBC3
C:\Windows\system32\drivers\sisraid2.sys 43CB7AA756C7DB280D01DA9B676CFDE2
C:\Windows\system32\drivers\sisraid4.sys A99C6C8B0BAA970D8AA59DDC50B57F94
C:\Windows\System32\DRIVERS\smb.sys 031E6BCD53C9B2B9ACE111EAFEC347B6
C:\Windows\system32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF
C:\Windows\System32\DRIVERS\srv.sys 2252AEF839B1093D16761189F45AF885
C:\Windows\System32\DRIVERS\srv2.sys B7FF59408034119476B00A81BB53D5D1
C:\Windows\System32\DRIVERS\srvnet.sys 2ACCC9B12AF02030F531E6CCA6F8B76E
C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 782568AB6A43160A159B6215B70BCCE9
C:\Windows\System32\DRIVERS\tcpip.sys 782568AB6A43160A159B6215B70BCCE9
C:\Windows\System32\drivers\tcpipreg.sys D4A2E4A4B011F3A883AF77315A5AE76B
C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56
C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021
C:\Windows\System32\DRIVERS\tdx.sys D09276B1FAB033CE1D40DCBDF303D10F
C:\Windows\System32\DRIVERS\termdd.sys A048056F5E1A96A9BF3071B91741A5AA
C:\Windows\system32\tkdacxp.sys CC651BEBBD4A5070D3161B7C687D7FE8
C:\Windows\System32\DRIVERS\tssecsrv.sys DCF0F056A2E4F52287264F5AB29CF206
C:\Windows\System32\DRIVERS\tunnel.sys 6042505FF6FA9AC1EF7684D0E03B6940
C:\Windows\system32\drivers\uagp35.sys 7D33C4DB2CE363C8518D2DFCF533941F
C:\Windows\System32\DRIVERS\udfs.sys 8B5088058FA1D1CD897A2113CCFF6C58
C:\Windows\system32\drivers\uliagpkx.sys B0ACFDC9E4AF279E9116C03E014B2B27
C:\Windows\system32\drivers\uliahci.sys 9224BB254F591DE4CA8D572A5F0D635C
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2
C:\Windows\System32\DRIVERS\usbccgp.sys CAF811AE4C147FFCD5B51750C7F09142
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys CEBE90821810E76320155BEBA722FCF9
C:\Windows\System32\DRIVERS\usbhub.sys CC6B28E4CE39951357963119CE47B143
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS 87BA6B83C5D19B69160968D07D6E2982
C:\Windows\System32\DRIVERS\usbuhci.sys 814D653EFC4D48BE3B04A307ECEFF56F
C:\Windows\System32\Drivers\usbvideo.sys E67998E8F14CB0627A769F6530BCB352
C:\Windows\System32\DRIVERS\vgapnp.sys 87B06E1F30B749A114F74622D013F8D4
C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C
C:\Windows\system32\drivers\viaagp.sys 5D7159DEF58A800D5781BA3A879627BC
C:\Windows\system32\drivers\viac7.sys C4F3A691B5BAD343E6249BD8C2D45DEE
C:\Windows\system32\drivers\viaide.sys AADF5587A4063F52C2C3FED7887426FC
C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43
C:\Windows\System32\drivers\volmgrx.sys 98F5FFE6316BD74E9E2C97206C190196
C:\Windows\System32\drivers\volsnap.sys D8B4A53DD2769F226B3EB374374987C9
C:\Windows\system32\drivers\vsmraid.sys 587253E09325E6BF226B299774B728A9
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\system32\drivers\wd.sys 78FE9542363F297B18C027B2D7E7C07F
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wmiacpi.sys 2E7255D172DF0B8283CDFB7B433B864E
C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C
C:\Windows\System32\DRIVERS\WUDFRd.sys AC13CB789D93412106B0FB6C7EB2BCB6
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-26 09:29 - 2018-04-26 09:29 - 000013015 _____ C:\ComboFix.txt
2018-04-26 09:18 - 2011-06-25 23:45 - 000256000 _____ C:\Windows\PEV.exe
2018-04-26 09:18 - 2010-11-07 10:20 - 000208896 _____ C:\Windows\MBR.exe
2018-04-26 09:18 - 2009-04-19 21:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2018-04-26 09:18 - 2000-08-30 17:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2018-04-26 09:18 - 2000-08-30 17:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2018-04-26 09:18 - 2000-08-30 17:00 - 000098816 _____ C:\Windows\sed.exe
2018-04-26 09:18 - 2000-08-30 17:00 - 000080412 _____ C:\Windows\grep.exe
2018-04-26 09:18 - 2000-08-30 17:00 - 000068096 _____ C:\Windows\zip.exe
2018-04-26 09:13 - 2018-04-26 09:14 - 000002380 _____ C:\Users\Walt\Desktop\Rkill.txt
2018-04-26 08:59 - 2018-04-26 09:15 - 000025676 _____ C:\Users\Walt\Downloads\Addition.txt
2018-04-26 08:58 - 2018-04-26 10:46 - 000025532 _____ C:\Users\Walt\Downloads\FRST.txt
2018-04-26 08:58 - 2018-04-26 10:46 - 000000000 ____D C:\FRST
2018-04-26 08:18 - 2018-04-26 08:18 - 000037096 _____ C:\Users\Walt\Downloads\Mole02Decryptor.zip
2018-04-26 08:17 - 2018-04-26 08:17 - 002066432 _____ (Farbar) C:\Users\Walt\Downloads\FRST.exe
2018-04-26 08:16 - 2018-04-26 08:16 - 005659794 ____R (Swearware) C:\Users\Walt\Downloads\ComboFix.exe
2018-04-26 08:16 - 2018-04-26 08:16 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Walt\Downloads\rkill.exe
2018-04-26 08:15 - 2018-04-26 08:15 - 001790024 _____ (Malwarebytes) C:\Users\Walt\Downloads\JRT.exe
2018-04-26 08:14 - 2018-04-26 08:14 - 004198400 _____ C:\Users\Walt\Downloads\CybereasonRansomFree.msi
2018-04-25 18:43 - 2008-05-26 22:21 - 001582592 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-04-25 18:43 - 2008-05-26 22:21 - 001418240 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000439808 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2018-04-25 18:43 - 2008-05-26 22:18 - 000350208 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000231936 _____ (Microsoft Corporation) C:\Windows\system32\msshsq.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000203776 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000184832 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2018-04-25 18:43 - 2008-05-26 22:18 - 000136704 _____ (Microsoft Corporation) C:\Windows\system32\nlhtml.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\propdefs.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\xmlfilter.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\msstrc.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\mimefilt.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000038400 _____ (Microsoft Corporation) C:\Windows\system32\rtffilt.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000029184 _____ (Microsoft Corporation) C:\Windows\system32\wsepno.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 006103040 _____ (Microsoft Corporation) C:\Windows\system32\chtbrkr.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 001671680 _____ (Microsoft Corporation) C:\Windows\system32\chsbrkr.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000754176 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000313344 _____ (Microsoft Corporation) C:\Windows\system32\thawbrkr.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000301568 _____ (Microsoft Corporation) C:\Windows\system32\srchadmin.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000194560 _____ (Microsoft Corporation) C:\Windows\system32\offfilt.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000143872 _____ (Microsoft Corporation) C:\Windows\system32\korwbrkr.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2018-04-25 18:43 - 2008-05-26 22:17 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\msscb.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000011776 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2018-04-25 18:43 - 2008-05-26 21:59 - 000106605 _____ C:\Windows\system32\StructuredQuerySchema.bin
2018-04-25 18:43 - 2008-05-26 21:59 - 000018904 _____ C:\Windows\system32\StructuredQuerySchemaTrivial.bin
2018-04-25 18:43 - 2007-11-08 02:04 - 011967524 _____ C:\Windows\system32\korwbrkr.lex
2018-04-25 18:37 - 2010-04-14 10:47 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2018-04-25 18:37 - 2010-04-14 10:47 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2018-04-25 18:37 - 2010-04-14 10:46 - 000080896 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2018-04-25 18:37 - 2008-04-22 21:41 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2018-04-25 18:17 - 2010-02-20 16:39 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\nshhttp.dll
2018-04-25 18:17 - 2010-02-20 16:37 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\httpapi.dll
2018-04-25 18:17 - 2010-02-20 14:18 - 000411136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-04-25 18:14 - 2009-10-09 14:56 - 001181696 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2018-04-25 18:14 - 2009-10-09 14:56 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2018-04-25 18:14 - 2009-10-09 14:56 - 000241152 _____ (Microsoft Corporation) C:\Windows\system32\winrscmd.dll
2018-04-25 18:14 - 2009-10-09 14:56 - 000214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2018-04-25 18:14 - 2009-10-09 14:56 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2018-04-25 18:14 - 2009-10-09 14:56 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\pwrshplugin.dll
2018-04-25 18:14 - 2009-10-09 14:56 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\winrs.exe
2018-04-25 18:14 - 2009-10-09 14:56 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\winrshost.exe
2018-04-25 18:14 - 2009-10-09 14:56 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2018-04-25 18:14 - 2009-10-09 14:56 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2018-04-25 18:14 - 2009-10-09 14:56 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\winrssrv.dll
2018-04-25 18:14 - 2009-10-09 14:56 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\winrsmgr.dll
2018-04-25 18:14 - 2009-10-09 14:55 - 000252416 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2018-04-25 18:14 - 2009-10-09 14:55 - 000146944 _____ (Microsoft Corporation) C:\Windows\system32\wecsvc.dll
2018-04-25 18:14 - 2009-10-09 14:55 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\wevtfwd.dll
2018-04-25 18:14 - 2009-10-09 14:55 - 000079872 _____ (Microsoft Corporation) C:\Windows\system32\wecutil.exe
2018-04-25 18:14 - 2009-10-09 14:55 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\wecapi.dll
2018-04-25 18:14 - 2009-10-09 14:55 - 000054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2018-04-25 18:14 - 2009-07-31 23:27 - 000201184 _____ C:\Windows\system32\winrm.vbs
2018-04-25 18:14 - 2009-07-16 10:30 - 000004675 _____ C:\Windows\system32\wsmanconfig_schema.xml
2018-04-25 18:14 - 2009-07-16 10:30 - 000002426 _____ C:\Windows\system32\WsmTxt.xsl
2018-04-25 18:06 - 2011-07-06 07:56 - 000213504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-04-25 18:06 - 2011-04-29 05:49 - 000105984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-04-25 18:06 - 2011-04-29 05:49 - 000079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-04-25 18:06 - 2011-02-22 05:51 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2018-04-25 18:06 - 2011-02-16 08:29 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-04-25 18:06 - 2011-02-16 06:24 - 000292864 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-04-25 18:06 - 2010-08-26 09:07 - 000157184 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-04-25 18:06 - 2010-06-28 09:15 - 001315840 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-04-25 18:06 - 2010-06-16 08:12 - 000072704 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-04-25 18:06 - 2010-04-05 09:08 - 000317952 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2018-04-25 18:06 - 2010-02-18 07:11 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2018-04-25 18:06 - 2010-02-18 04:52 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2018-04-25 18:06 - 2009-12-28 05:35 - 000011776 _____ (Microsoft Corporation) C:\Windows\system32\tsbyuv.dll
2018-04-25 18:06 - 2009-12-28 05:32 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\msvfw32.dll
2018-04-25 18:06 - 2009-12-28 05:32 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\msvidc32.dll
2018-04-25 18:06 - 2009-12-28 05:32 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\msyuv.dll
2018-04-25 18:06 - 2009-12-28 05:32 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\msrle32.dll
2018-04-25 18:06 - 2009-12-28 05:31 - 000082944 _____ (Microsoft Corporation) C:\Windows\system32\mciavi32.dll
2018-04-25 18:06 - 2009-12-28 05:31 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\iyuv_32.dll
2018-04-25 18:06 - 2009-12-28 05:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\avifil32.dll
2018-04-25 18:06 - 2009-12-28 05:28 - 000065024 _____ (Microsoft Corporation) C:\Windows\system32\avicap32.dll
2018-04-25 18:06 - 2009-08-10 06:05 - 000351232 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2018-04-25 18:06 - 2009-07-10 05:21 - 000247808 _____ (Microsoft Corporation) C:\Windows\system32\shsvcs.dll
2018-04-25 18:06 - 2009-06-15 08:20 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-04-25 18:06 - 2009-03-02 21:39 - 000551424 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-04-25 18:06 - 2009-03-02 21:39 - 000183296 _____ (Microsoft Corporation) C:\Windows\system32\sdohlp.dll
2018-04-25 18:06 - 2009-03-02 21:39 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll
2018-04-25 18:06 - 2009-03-02 21:37 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll
2018-04-25 18:06 - 2009-03-02 21:37 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\iasads.dll
2018-04-25 18:06 - 2009-03-02 21:37 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\iasdatastore.dll
2018-04-25 18:06 - 2009-03-02 20:04 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
2018-04-25 18:06 - 2009-03-02 19:38 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\iashost.exe
2018-04-25 18:05 - 2011-04-20 07:47 - 000375808 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-04-25 18:05 - 2011-04-20 07:44 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-04-25 18:05 - 2010-10-28 05:56 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-04-25 18:05 - 2010-08-20 08:21 - 000866816 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2018-04-25 18:05 - 2010-06-18 09:43 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll
2018-04-25 18:05 - 2010-01-21 08:59 - 000062464 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codeca.acm
2018-04-25 18:05 - 2010-01-14 17:04 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll
2018-04-25 18:05 - 2009-10-07 05:41 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\raschap.dll
2018-04-25 18:05 - 2009-10-07 05:41 - 000244224 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2018-04-25 18:05 - 2009-06-10 05:12 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2018-04-25 18:05 - 2008-10-20 22:25 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-04-25 18:05 - 2008-06-25 18:45 - 012240896 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0007.dll
2018-04-25 18:05 - 2008-06-25 18:45 - 002644480 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0009.dll
2018-04-25 18:04 - 2010-01-25 05:48 - 000472576 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2018-04-25 18:04 - 2010-01-25 05:48 - 000472064 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2018-04-25 18:04 - 2010-01-25 05:48 - 000151040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2018-04-25 18:04 - 2010-01-25 05:48 - 000151040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2018-04-25 18:04 - 2010-01-25 05:45 - 000329216 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2018-04-25 18:04 - 2010-01-25 01:35 - 000523776 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2018-04-25 18:04 - 2010-01-25 01:35 - 000346624 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2018-04-25 18:04 - 2010-01-25 01:34 - 000511488 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2018-04-25 18:04 - 2010-01-25 01:34 - 000347136 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2018-04-25 18:04 - 2009-08-14 09:29 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\netiohlp.dll
2018-04-25 18:04 - 2009-08-14 09:29 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2018-04-25 18:04 - 2009-08-14 07:16 - 000027136 _____ (Microsoft Corporation) C:\Windows\system32\NETSTAT.EXE
2018-04-25 18:04 - 2009-08-14 07:16 - 000019968 _____ (Microsoft Corporation) C:\Windows\system32\ARP.EXE
2018-04-25 18:04 - 2009-08-14 07:16 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\ROUTE.EXE
2018-04-25 18:04 - 2009-08-14 07:16 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\MRINFO.EXE
2018-04-25 18:04 - 2009-08-14 07:16 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\finger.exe
2018-04-25 18:04 - 2009-08-14 07:16 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\TCPSVCS.EXE
2018-04-25 18:04 - 2009-08-14 07:16 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\HOSTNAME.EXE
2018-04-25 18:04 - 2009-07-11 12:32 - 000513024 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2018-04-25 18:04 - 2009-07-11 12:32 - 000302592 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2018-04-25 18:04 - 2009-07-11 12:32 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2018-04-25 18:04 - 2009-07-11 12:29 - 000127488 _____ (Microsoft Corporation) C:\Windows\system32\L2SecHC.dll
2018-04-25 18:04 - 2009-07-11 10:18 - 002501921 _____ C:\Windows\system32\wlan.tmf
2018-04-25 18:04 - 2008-06-25 20:29 - 000801280 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll
2018-04-25 18:03 - 2011-03-03 07:56 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\Apphlpdm.dll
2018-04-25 18:03 - 2011-03-03 06:01 - 004240384 _____ (Microsoft) C:\Windows\system32\GameUXLegacyGDFs.dll
2018-04-25 18:03 - 2010-09-10 11:18 - 010626560 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-04-25 18:03 - 2010-09-10 09:37 - 008147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2018-04-25 18:03 - 2009-07-14 06:00 - 000313344 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll
2018-04-25 18:03 - 2009-07-14 05:59 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2018-04-25 18:03 - 2009-07-14 05:59 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2018-04-25 18:03 - 2009-07-14 05:58 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2018-04-25 18:03 - 2009-07-14 01:30 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.tlb
2018-04-25 18:03 - 2009-07-14 01:30 - 000018432 _____ (Microsoft Corporation) C:\Windows\system32\amcompat.tlb
2018-04-25 18:03 - 2008-03-07 21:21 - 001695744 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2018-04-25 18:03 - 2008-02-29 00:14 - 000019000 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2018-04-25 18:03 - 2008-02-29 00:11 - 000988216 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-04-25 18:03 - 2008-02-29 00:11 - 000927288 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2018-04-25 18:03 - 2008-02-28 23:53 - 000378368 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-04-25 18:03 - 2008-02-28 23:53 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-04-25 18:03 - 2008-02-28 23:53 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-04-25 18:03 - 2008-02-28 23:35 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\kbd106n.dll
2018-04-25 18:03 - 2008-02-28 21:12 - 000318464 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-04-25 18:03 - 2008-02-28 21:12 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\srdelayed.exe
2018-04-25 18:03 - 2008-02-21 22:05 - 000615992 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2018-04-25 18:02 - 2018-04-25 18:02 - 000000000 ____D C:\ProgramData\Google
2018-04-25 18:02 - 2011-04-14 07:24 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-04-25 18:02 - 2011-02-16 08:35 - 000430080 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-04-25 18:02 - 2011-02-16 08:32 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-04-25 18:02 - 2011-01-21 08:46 - 011582464 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-04-25 18:02 - 2011-01-21 08:46 - 000351744 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2018-04-25 18:02 - 2010-12-17 09:43 - 002067456 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2018-04-25 18:02 - 2010-12-17 08:06 - 000677888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2018-04-25 18:02 - 2010-10-15 07:08 - 003600272 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-04-25 18:02 - 2010-10-15 07:08 - 003548048 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-04-25 18:02 - 2010-10-15 06:48 - 001205080 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-04-25 18:02 - 2010-08-31 08:40 - 000531968 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2018-04-25 18:02 - 2009-04-23 05:42 - 000636928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2018-04-25 18:01 - 2010-04-16 09:10 - 000501760 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2018-04-25 17:58 - 2010-12-28 07:57 - 000409600 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll
2018-04-25 17:58 - 2008-10-21 20:57 - 000241152 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2018-04-25 17:58 - 2008-06-18 20:31 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2018-04-25 17:57 - 2011-03-10 09:12 - 001161728 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2018-04-25 17:57 - 2011-03-10 09:12 - 001136640 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2018-04-25 17:57 - 2011-03-02 07:49 - 000167936 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2018-04-25 17:57 - 2011-03-02 07:49 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2018-04-25 17:57 - 2011-02-18 06:31 - 000304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-04-25 17:57 - 2010-05-27 12:16 - 000081920 _____ (Radius Inc.) C:\Windows\system32\iccvid.dll
2018-04-25 17:57 - 2009-09-10 10:30 - 000213504 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-04-25 17:57 - 2009-08-10 04:01 - 001399296 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-04-25 17:57 - 2009-06-10 05:11 - 002868224 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2018-04-25 17:57 - 2009-06-10 05:11 - 002386944 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2018-04-25 17:57 - 2009-05-04 03:11 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2018-04-25 17:57 - 2008-04-04 20:34 - 000015360 _____ (Microsoft Corporation) C:\Windows\system32\pacerprf.dll
2018-04-25 17:57 - 2008-04-04 18:21 - 000072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2018-04-25 17:56 - 2010-08-17 06:32 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2018-04-25 17:56 - 2010-04-05 09:07 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2018-04-25 17:56 - 2009-07-17 07:35 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\atl.dll
2018-04-25 17:56 - 2008-12-05 21:42 - 000376832 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2018-04-25 17:55 - 2011-06-02 05:59 - 002042368 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-04-25 17:55 - 2011-04-29 05:49 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-04-25 17:55 - 2011-04-29 05:49 - 000102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-04-25 17:55 - 2011-04-21 06:16 - 000273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2018-04-25 17:55 - 2010-12-14 08:49 - 001169408 _____ (Microsoft Corporation) C:\Windows\system32\sdclt.exe
2018-04-25 17:55 - 2009-10-23 10:42 - 000714240 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2018-04-25 17:55 - 2008-06-25 20:29 - 000303616 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll
2018-04-25 17:55 - 2008-06-05 20:27 - 000562176 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll
2018-04-25 17:55 - 2008-06-05 20:27 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\xolehlp.dll
2018-04-25 17:55 - 2008-04-17 22:48 - 000269312 _____ (Microsoft Corporation) C:\Windows\system32\es.dll
2018-04-25 17:54 - 2010-12-20 08:39 - 000563200 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2018-04-25 17:54 - 2010-08-31 08:41 - 000954752 _____ (Microsoft Corporation) C:\Windows\system32\mfc40.dll
2018-04-25 17:54 - 2010-08-31 08:41 - 000954288 _____ (Microsoft Corporation) C:\Windows\system32\mfc40u.dll
2018-04-25 17:54 - 2008-10-15 21:47 - 000466944 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2018-04-25 17:53 - 2008-10-28 23:29 - 002927104 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2018-04-25 17:48 - 2010-12-29 10:41 - 000429056 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2018-04-25 17:48 - 2010-12-29 10:41 - 000323072 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2018-04-25 17:48 - 2010-12-29 10:41 - 000153088 _____ (Microsoft Corporation) C:\Windows\system32\sbeio.dll
2018-04-25 17:48 - 2010-12-29 10:39 - 000177664 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2018-04-25 17:48 - 2009-12-23 05:43 - 000171520 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2018-04-25 17:48 - 2009-06-15 11:20 - 000439896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-04-25 17:48 - 2009-06-15 08:24 - 000175104 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-04-25 17:48 - 2009-06-15 08:24 - 000072704 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-04-25 17:48 - 2009-06-15 08:23 - 001256448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-04-25 17:48 - 2009-06-15 08:21 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-04-25 17:48 - 2009-06-15 05:57 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-04-25 17:47 - 2011-05-02 08:58 - 000738816 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-04-25 17:47 - 2010-11-06 04:10 - 000357376 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2018-04-25 17:47 - 2010-11-06 04:10 - 000345088 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll
2018-04-25 17:47 - 2010-11-06 04:10 - 000270336 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2018-04-25 17:47 - 2010-11-06 04:09 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-04-25 17:47 - 2010-11-04 17:53 - 000171520 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2018-04-25 17:47 - 2010-10-18 07:01 - 000081920 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-04-25 17:47 - 2010-06-11 08:30 - 001257472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-04-25 17:47 - 2010-04-16 09:10 - 001314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2018-04-25 17:47 - 2009-03-16 20:38 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\amxread.dll
2018-04-25 17:47 - 2009-03-16 20:38 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\apilogen.dll
2018-04-25 17:47 - 2008-09-17 21:56 - 000147456 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2018-04-25 17:47 - 2008-09-17 21:56 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2018-04-25 17:47 - 2008-08-27 20:40 - 000712704 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2018-04-25 17:47 - 2008-08-27 20:40 - 000425472 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2018-04-25 17:47 - 2008-08-27 20:40 - 000347136 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2018-04-25 17:47 - 2008-08-11 20:39 - 000443392 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2018-04-25 17:47 - 2008-08-01 20:26 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2018-04-25 17:47 - 2008-08-01 18:01 - 000625152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-04-25 17:47 - 2008-06-25 20:29 - 000565248 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2018-04-25 17:47 - 2008-06-25 20:29 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\dataclen.dll
2018-04-25 17:47 - 2008-05-19 19:07 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2018-04-25 17:47 - 2008-05-09 18:33 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2018-04-25 17:46 - 2008-06-22 18:59 - 000996352 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
2018-04-25 17:46 - 2008-06-22 18:58 - 000094720 _____ (Microsoft Corporation) C:\Windows\system32\logagent.exe
2018-04-25 17:46 - 2008-05-08 14:59 - 000180224 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2018-04-25 17:46 - 2008-05-08 14:59 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2018-04-25 17:46 - 2008-05-08 14:59 - 000155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2018-04-25 17:46 - 2008-05-08 14:59 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\wshext.dll
2018-04-25 17:46 - 2008-05-08 14:58 - 000135168 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2018-04-25 17:46 - 2008-05-08 14:58 - 000135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2018-04-25 17:45 - 2011-04-12 07:53 - 000890368 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-04-25 17:45 - 2009-09-04 05:24 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\msasn1.dll
2018-04-25 17:45 - 2009-04-23 05:43 - 000784896 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-04-25 17:44 - 2011-04-29 07:54 - 000276992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-04-25 17:44 - 2010-06-16 08:59 - 000898952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-04-25 17:44 - 2008-10-20 22:25 - 001645568 _____ (Microsoft Corporation) C:\Windows\system32\connect.dll
2018-04-25 11:56 - 2018-04-25 11:56 - 000000000 ____D C:\Users\Walt\AppData\Roaming\AVAST Software
2018-04-25 11:56 - 2018-04-25 11:56 - 000000000 ____D C:\Users\Walt\AppData\Local\CEF
2018-04-25 11:56 - 2009-07-14 10:45 - 000445008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2018-04-25 11:56 - 2009-07-14 10:45 - 000038480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2018-04-25 11:56 - 2009-07-14 10:45 - 000000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
2018-04-25 11:55 - 2018-04-25 11:55 - 000001829 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-04-25 11:55 - 2018-04-25 11:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2018-04-25 11:53 - 2018-04-25 11:53 - 000391856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-04-25 11:53 - 2018-04-25 11:53 - 000310784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-04-25 11:53 - 2018-04-25 11:53 - 000205352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2018-04-25 11:53 - 2018-04-25 11:53 - 000167040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-04-25 11:53 - 2018-04-25 11:53 - 000124392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-04-25 11:53 - 2018-04-25 11:53 - 000070816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-04-25 11:53 - 2018-04-25 11:53 - 000070576 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2018-04-25 11:53 - 2018-04-25 11:53 - 000042808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-04-25 11:53 - 2018-04-25 11:53 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-04-25 11:53 - 2018-04-25 11:52 - 001142072 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2018-04-25 11:53 - 2018-04-25 11:52 - 000783600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-04-25 11:53 - 2018-04-25 11:52 - 000320728 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-04-25 11:53 - 2018-04-25 11:52 - 000276688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblogx.sys
2018-04-25 11:53 - 2018-04-25 11:52 - 000185432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2018-04-25 11:53 - 2018-04-25 11:52 - 000180984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-04-25 11:53 - 2018-04-25 11:52 - 000157368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidshx.sys
2018-04-25 11:53 - 2018-04-25 11:52 - 000050336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbunivx.sys
2018-04-25 11:48 - 2018-04-25 11:48 - 000000000 ____D C:\Program Files\AVAST Software
2018-04-25 11:47 - 2009-04-02 05:37 - 000604672 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2018-04-25 11:39 - 2018-04-25 11:39 - 000001983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-04-25 11:39 - 2018-04-25 11:39 - 000001971 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-04-25 11:39 - 2018-04-25 11:39 - 000000000 ____D C:\Users\Walt\AppData\Local\Google
2018-04-25 11:38 - 2018-04-25 19:27 - 000000000 ____D C:\ProgramData\AVAST Software
2018-04-25 11:38 - 2018-04-25 18:02 - 000000000 ____D C:\Program Files\Google
2018-04-25 11:34 - 2018-04-25 11:34 - 000000000 ____D C:\Users\Walt\AppData\Roaming\ATI
2018-04-25 11:34 - 2018-04-25 11:34 - 000000000 ____D C:\Users\Walt\AppData\Local\ATI
2018-04-25 11:34 - 2018-04-25 11:34 - 000000000 ____D C:\ProgramData\ATI
2018-04-25 11:33 - 2018-04-25 11:33 - 000008192 ___RS C:\BOOTSECT.BAK
2018-04-25 11:33 - 2018-04-25 10:40 - 000000000 ____D C:\Windows\Panther
2018-04-25 11:33 - 2008-02-14 10:44 - 000000024 ___RH C:\Windows\dell_version
2018-04-25 11:33 - 2008-01-20 19:24 - 000333203 __RSH C:\bootmgr
2018-04-25 11:29 - 2018-04-25 11:29 - 000000000 _____ C:\Windows\ativpsrm.bin
2018-04-25 11:20 - 2018-04-25 11:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2018-04-25 11:17 - 2018-04-25 11:20 - 000000000 ____D C:\Program Files\ATI Technologies
2018-04-25 11:17 - 2018-04-25 11:17 - 000000000 ____D C:\Program Files\ATI
2018-04-25 11:16 - 2008-07-04 02:35 - 003847168 _____ (ATI Technologies Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2018-04-25 11:16 - 2008-07-03 23:37 - 000421888 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIDEMGX.dll
2018-04-25 11:16 - 2008-07-03 23:37 - 000331776 _____ (ATI Technologies, Inc.) C:\Windows\system32\atipdlxx.dll
2018-04-25 11:16 - 2008-07-03 23:37 - 000266240 _____ (ATI Technologies, Inc.) C:\Windows\system32\Oemdspif.dll
2018-04-25 11:16 - 2008-07-03 23:37 - 000159744 _____ () C:\Windows\system32\atitmmxx.dll
2018-04-25 11:16 - 2008-07-03 23:36 - 000270336 _____ (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.dll
2018-04-25 11:16 - 2008-07-03 23:36 - 000043520 _____ (ATI Technologies, Inc.) C:\Windows\system32\ati2edxx.dll
2018-04-25 11:16 - 2008-07-03 23:35 - 000692224 _____ (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
2018-04-25 11:16 - 2008-07-03 23:27 - 001626624 _____ (ATI Technologies Inc. ) C:\Windows\system32\atidxx32.dll
2018-04-25 11:16 - 2008-07-03 23:21 - 003691008 _____ (ATI Technologies Inc. ) C:\Windows\system32\atiumdag.dll
2018-04-25 11:16 - 2008-07-03 23:03 - 004427264 _____ (ATI Technologies Inc. ) C:\Windows\system32\atiumdva.dll
2018-04-25 11:16 - 2008-07-03 23:02 - 003107788 _____ C:\Windows\system32\atiumdva.dat
2018-04-25 11:16 - 2008-07-03 22:52 - 009306112 _____ (ATI Technologies Inc.) C:\Windows\system32\atioglxx.dll
2018-04-25 11:16 - 2008-07-03 22:50 - 000050688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom32.dll
2018-04-25 11:16 - 2008-07-03 22:50 - 000042496 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2018-04-25 11:16 - 2008-07-03 22:33 - 000053248 _____ (ATI Technologies Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2018-04-25 11:16 - 2008-06-10 17:50 - 000174819 _____ C:\Windows\system32\atiicdxx.dat
2018-04-25 11:16 - 2008-05-13 08:10 - 000013052 _____ C:\Windows\atiogl.xml
2018-04-25 11:16 - 2008-03-05 20:38 - 000090112 _____ C:\Windows\system32\atibrtmon.exe
2018-04-25 11:16 - 2007-09-08 22:37 - 000052400 _____ C:\Windows\system32\Drivers\ativvpxx.vp
2018-04-25 11:16 - 2007-08-21 17:51 - 000081920 _____ C:\Windows\system32\ATIODE.exe
2018-04-25 11:16 - 2007-08-21 15:36 - 000040960 _____ C:\Windows\system32\ATIODCLI.exe
2018-04-25 11:16 - 2007-05-30 11:37 - 000002096 _____ C:\Windows\system32\Drivers\ativpkxx.vp
2018-04-25 11:16 - 2007-05-30 11:37 - 000002096 _____ C:\Windows\system32\Drivers\ativokxx.vp
2018-04-25 11:16 - 2007-04-18 08:19 - 000002096 _____ C:\Windows\system32\Drivers\ativdkxx.vp
2018-04-25 11:16 - 2006-08-23 17:26 - 000328162 _____ C:\Windows\system32\Drivers\ativcaxx.cpa
2018-04-25 11:16 - 2006-08-23 17:26 - 000000929 _____ C:\Windows\system32\Drivers\ativcaxx.vp
2018-04-25 11:14 - 2018-04-25 11:14 - 000000000 ____D C:\Program Files\Intel
2018-04-25 11:13 - 2018-04-25 11:16 - 000320422 _____ C:\Windows\iProInstLog.txt
2018-04-25 11:05 - 2018-04-25 11:05 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2018-04-25 11:05 - 2008-02-15 18:01 - 000046592 _____ (REDC) C:\Windows\system32\Drivers\rimmptsk.sys
2018-04-25 11:05 - 2007-07-30 11:54 - 000038400 _____ (REDC) C:\Windows\system32\Drivers\rixdptsk.sys
2018-04-25 11:05 - 2007-07-30 10:42 - 000043008 _____ (REDC) C:\Windows\system32\Drivers\rimsptsk.sys
2018-04-25 11:05 - 2007-07-25 12:48 - 000172032 _____ (Ricoh Company,Ltd) C:\Windows\system32\rixdicon.dll
2018-04-25 11:05 - 2004-09-04 03:00 - 000090112 _____ (Sony Corporation) C:\Windows\system32\snymsico.dll
2018-04-25 11:01 - 2018-04-25 11:01 - 000000000 ____D C:\dell
2018-04-25 11:00 - 2018-04-25 11:00 - 000000000 ____D C:\Windows\system32\vmm32
2018-04-25 11:00 - 2018-04-25 11:00 - 000000000 ____D C:\Program Files\Dell
2018-04-25 10:53 - 2018-04-26 09:30 - 000000000 ____D C:\Qoobox
2018-04-25 10:52 - 2018-04-26 09:28 - 000000000 ____D C:\Windows\erdnt
2018-04-25 10:50 - 2018-03-06 19:14 - 001472131 _____ C:\Users\Walt\Documents\vba32arkit.zip
2018-04-25 10:50 - 2017-01-26 16:07 - 007380704 _____ C:\Users\Walt\Documents\WMCodecPack.exe
2018-04-25 10:50 - 2017-01-19 07:14 - 030659457 _____ C:\Users\Walt\Documents\Windows6.1-KB3172605-x64.msu
2018-04-25 10:50 - 2016-06-30 14:07 - 000548376 _____ (Microsoft Corporation) C:\Users\Walt\Documents\VS90sp1-KB945140-ENU.exe
2018-04-25 10:50 - 2015-02-02 21:21 - 001132106 _____ (Huntersoft ) C:\Users\Walt\Documents\UnknownDeviceIdentifier.exe
2018-04-25 10:50 - 2015-02-02 19:14 - 301812736 _____ C:\Users\Walt\Documents\Windows_Win7SP1.7601.17514.101119-1850.AMD64FRE.Symbols.msi
2018-04-25 10:50 - 2015-02-02 15:54 - 001766152 _____ C:\Users\Walt\Documents\wrar520.exe
2018-04-25 10:50 - 2013-12-10 21:44 - 002585872 _____ (Microsoft Corporation) C:\Users\Walt\Documents\WindowsInstaller-KB893803-v2-x86.exe
2018-04-25 10:50 - 2005-10-14 16:12 - 001014477 _____ C:\Users\Walt\Documents\wrar351.exe
2018-04-25 10:50 - 2005-09-12 17:10 - 000983202 _____ C:\Users\Walt\Documents\wrar35b4.exe
2018-04-25 10:49 - 2018-04-11 19:28 - 433547968 _____ (Microsoft Corporation) C:\Users\Walt\Documents\SQLServer2014SP2-KB3171021-x86-ENU.exe
2018-04-25 10:48 - 2018-04-12 15:22 - 003168728 _____ (Remo Software ) C:\Users\Walt\Documents\remo-recover.exe
2018-04-25 10:48 - 2018-04-11 19:26 - 714585792 _____ (Microsoft Corporation) C:\Users\Walt\Documents\SQLServer2014SP2-KB3171021-x64-ENU.exe
2018-04-25 10:48 - 2018-04-06 16:09 - 000967800 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Walt\Documents\rufus-2.18.exe
2018-04-25 10:48 - 2018-04-06 15:54 - 002804968 _____ C:\Users\Walt\Documents\R302080.exe
2018-04-25 10:48 - 2018-01-30 13:36 - 006229392 _____ (Trend Micro, Inc. ) C:\Users\Walt\Documents\RUBottedSetup.exe
2018-04-25 10:48 - 2018-01-23 12:45 - 008656400 _____ (Trend Micro Inc.) C:\Users\Walt\Documents\RootkitBuster_v5_1061.exe
2018-04-25 10:48 - 2017-11-02 19:28 - 003039640 _____ C:\Users\Walt\Documents\R301250.exe
2018-04-25 10:48 - 2017-09-20 12:55 - 000231390 _____ C:\Users\Walt\Documents\RootkitRevealer.zip
2018-04-25 10:48 - 2016-09-27 07:52 - 041743488 _____ (Skype Technologies S.A.) C:\Users\Walt\Documents\SkypeSetupFull.exe
2018-04-25 10:48 - 2016-06-28 19:04 - 000464200 _____ (Bleeping Computer, LLC) C:\Users\Walt\Documents\sc-cleaner.exe
2018-04-25 10:48 - 2016-06-27 08:31 - 046525608 _____ (Safer-Networking Ltd. ) C:\Users\Walt\Documents\spybot-2.4.exe
2018-04-25 10:48 - 2015-02-02 11:44 - 064677992 _____ C:\Users\Walt\Documents\R273821.exe
2018-04-25 10:48 - 2015-02-02 11:44 - 011497152 _____ C:\Users\Walt\Documents\R255962.exe
2018-04-25 10:48 - 2015-01-26 16:47 - 030858816 _____ C:\Users\Walt\Documents\R255591(1).exe
2018-04-25 10:48 - 2015-01-26 16:39 - 049680560 _____ C:\Users\Walt\Documents\R278714.exe
2018-04-25 10:48 - 2015-01-25 21:12 - 011496904 _____ C:\Users\Walt\Documents\R255501(1).exe
2018-04-25 10:48 - 2015-01-25 21:10 - 062410840 _____ C:\Users\Walt\Documents\R273580.exe
2018-04-25 10:48 - 2015-01-25 21:10 - 004884240 _____ C:\Users\Walt\Documents\R255590.exe
2018-04-25 10:48 - 2015-01-25 21:10 - 002669496 _____ C:\Users\Walt\Documents\R304507.exe
2018-04-25 10:48 - 2015-01-25 21:10 - 001987936 _____ C:\Users\Walt\Documents\R304505.exe
2018-04-25 10:48 - 2015-01-25 21:09 - 049941256 _____ C:\Users\Walt\Documents\R259343.exe
2018-04-25 10:48 - 2015-01-25 21:07 - 007781752 _____ C:\Users\Walt\Documents\R255854.exe
2018-04-25 10:48 - 2015-01-25 21:07 - 003194904 _____ C:\Users\Walt\Documents\R255588.exe
2018-04-25 10:48 - 2015-01-25 21:06 - 083633504 _____ C:\Users\Walt\Documents\R272187.exe
2018-04-25 10:48 - 2015-01-25 21:06 - 002608120 _____ C:\Users\Walt\Documents\R255577.exe
2018-04-25 10:48 - 2015-01-25 21:05 - 005853328 _____ C:\Users\Walt\Documents\R285030.exe
2018-04-25 10:47 - 2015-02-02 11:45 - 085261368 _____ C:\Users\Walt\Documents\R252542.exe
2018-04-25 10:47 - 2015-02-02 11:45 - 085256608 _____ C:\Users\Walt\Documents\R252536.exe
2018-04-25 10:47 - 2015-02-02 11:44 - 064888904 _____ C:\Users\Walt\Documents\R228330.exe
2018-04-25 10:47 - 2015-02-02 11:43 - 044680536 _____ C:\Users\Walt\Documents\R252287.exe
2018-04-25 10:47 - 2015-01-26 16:48 - 144109622 _____ C:\Users\Walt\Documents\R241392.zip
2018-04-25 10:47 - 2015-01-25 21:13 - 085261200 _____ C:\Users\Walt\Documents\R252544.exe
2018-04-25 10:47 - 2015-01-25 21:13 - 085256536 _____ C:\Users\Walt\Documents\R252537.exe
2018-04-25 10:47 - 2015-01-25 21:11 - 064910792 _____ C:\Users\Walt\Documents\R226746.exe
2018-04-25 10:47 - 2013-07-21 18:06 - 101606880 _____ C:\Users\Walt\Documents\R205222.exe
2018-04-25 10:47 - 2011-03-14 14:21 - 001239944 _____ C:\Users\Walt\Documents\R227772.exe
2018-04-25 10:46 - 2018-04-25 10:46 - 000000000 ____D C:\Users\Walt\Documents\vba32arkit
2018-04-25 10:46 - 2018-04-25 10:46 - 000000000 ____D C:\Users\Walt\Documents\TMRBLog
2018-04-25 10:46 - 2018-04-25 10:46 - 000000000 ____D C:\Users\Walt\Documents\RootRepeal
2018-04-25 10:46 - 2018-04-25 10:46 - 000000000 ____D C:\Users\Walt\Documents\RootkitRevealer
2018-04-25 10:46 - 2018-04-25 10:46 - 000000000 ____D C:\Users\Walt\Documents\LAN_Atheros_2.1.0.13_W7x64
2018-04-25 10:46 - 2018-04-25 10:46 - 000000000 ____D C:\Users\Walt\Documents\Ad-Aware SE Personal
2018-04-25 10:46 - 2018-04-15 10:32 - 037993920 _____ (EaseUS ) C:\Users\Walt\Documents\epm.exe
2018-04-25 10:46 - 2018-04-15 09:16 - 041719176 _____ (EASEUS) C:\Users\Walt\Documents\EASEUS_Disk_Copy.exe
2018-04-25 10:46 - 2018-04-14 18:52 - 015800840 _____ (Dell Inc.) C:\Users\Walt\Documents\dell-usb-recovery-tool_jndt2_win_2.1.2025.0_a00.exe
2018-04-25 10:46 - 2018-04-13 08:25 - 039012928 _____ (EaseUS ) C:\Users\Walt\Documents\epm_fusion.exe
2018-04-25 10:46 - 2018-04-11 19:31 - 002959376 _____ (Microsoft Corporation) C:\Users\Walt\Documents\dotnetfx35setup.exe
2018-04-25 10:46 - 2018-04-11 17:43 - 000679696 _____ (PC Drivers HeadQuarters LP) C:\Users\Walt\Documents\DriverSupport.exe
2018-04-25 10:46 - 2018-04-10 10:30 - 000000000 ____D C:\Users\Walt\Documents\log
2018-04-25 10:46 - 2018-04-06 15:55 - 009078096 _____ C:\Users\Walt\Documents\E6530A20.exe
2018-04-25 10:46 - 2018-04-03 17:33 - 018617536 _____ (Microsoft Corporation) C:\Users\Walt\Documents\MediaCreationTool (1).exe
2018-04-25 10:46 - 2018-03-06 19:03 - 029819149 _____ (SecureMix LLC) C:\Users\Walt\Documents\glasswire-setup-2.0.3087.exe
2018-04-25 10:46 - 2018-02-23 12:37 - 001129816 _____ (Google Inc.) C:\Users\Walt\Documents\ChromeSetup.exe
2018-04-25 10:46 - 2018-02-19 08:41 - 028866136 _____ (IObit ) C:\Users\Walt\Documents\advanced-systemcare-setup.exe
2018-04-25 10:46 - 2018-01-30 16:35 - 001137360 _____ (F-Secure Corporation) C:\Users\Walt\Documents\fsbl.exe
2018-04-25 10:46 - 2018-01-23 14:56 - 001020640 _____ C:\Users\Walt\Documents\antirootkit.exe
2018-04-25 10:46 - 2018-01-23 12:40 - 011599632 _____ (SurfRight B.V.) C:\Users\Walt\Documents\HitmanPro_x64.exe
2018-04-25 10:46 - 2018-01-20 11:31 - 077342496 _____ (Malwarebytes ) C:\Users\Walt\Documents\arw-setup-consumer-0.9.18.807-1.1.129.exe
2018-04-25 10:46 - 2018-01-10 17:36 - 006654960 _____ (AVAST Software) C:\Users\Walt\Documents\avast_free_antivirus_setup_online_cnet2.exe
2018-04-25 10:46 - 2017-03-15 05:52 - 001318648 _____ C:\Users\Walt\Documents\BatteryBarSetup-3.6.6.exe
2018-04-25 10:46 - 2017-02-03 14:30 - 006389072 _____ C:\Users\Walt\Documents\8400fvst6410231a_64en.exe
2018-04-25 10:46 - 2017-01-19 06:43 - 000422480 _____ (Secure By Design Inc.) C:\Users\Walt\Documents\Ninite_7Zip_Air_CDBurnerXP_Chrome_Essentials_Installer.exe
2018-04-25 10:46 - 2016-08-22 08:54 - 045964136 _____ (IObit ) C:\Users\Walt\Documents\advanced-systemcare-setup(1).exe
2018-04-25 10:46 - 2016-08-16 15:31 - 014194869 _____ C:\Users\Walt\Documents\CopyTransManagerv1.111_DLC.zip
2018-04-25 10:46 - 2016-06-28 19:48 - 003719928 _____ (Zemana Ltd. ) C:\Users\Walt\Documents\AntiLoggerFree_Setup.exe
2018-04-25 10:46 - 2016-06-28 19:26 - 000457632 _____ (Bleeping Computer, LLC) C:\Users\Walt\Documents\FixExec.exe
2018-04-25 10:46 - 2016-06-28 17:30 - 005198336 _____ (AVAST Software) C:\Users\Walt\Documents\aswMBR.exe
2018-04-25 10:46 - 2016-06-28 16:10 - 037457368 _____ (Malwarebytes ) C:\Users\Walt\Documents\MBARW_Setup.exe
2018-04-25 10:46 - 2016-06-26 21:09 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Walt\Documents\mbar-1.09.3.1001(1).exe
2018-04-25 10:46 - 2016-06-17 16:43 - 010451640 _____ (SurfRight B.V.) C:\Users\Walt\Documents\hitmanpro.exe
2018-04-25 10:46 - 2016-06-08 08:00 - 002085168 _____ C:\Users\Walt\Documents\Adaware_Installer.exe
2018-04-25 10:46 - 2015-10-30 21:01 - 011302536 _____ (CCCP Project ) C:\Users\Walt\Documents\Combined-Community-Codec-Pack-64bit-2015-10-18(1).exe
2018-04-25 10:46 - 2014-06-08 10:03 - 000845768 _____ (INCA Internet) C:\Users\Walt\Documents\nPMBRGuardSetup.exe
2018-04-25 10:46 - 2013-12-10 21:19 - 082356552 _____ C:\Users\Walt\Documents\R155386.EXE
2018-04-25 10:46 - 2013-12-10 21:17 - 028134504 _____ (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) C:\Users\Walt\Documents\R112482.EXE
2018-04-25 10:46 - 2013-12-10 21:17 - 006131912 _____ (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) C:\Users\Walt\Documents\R111827.EXE
2018-04-25 10:46 - 2013-12-10 21:17 - 004640840 _____ (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) C:\Users\Walt\Documents\R128346.EXE
2018-04-25 10:46 - 2013-12-10 21:16 - 004675584 _____ (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) C:\Users\Walt\Documents\R99254.EXE
2018-04-25 10:46 - 2012-07-09 02:46 - 009161136 _____ (COMODO) C:\Users\Walt\Documents\KillSwitch.exe
2018-04-25 10:46 - 2011-11-15 10:26 - 000510824 _____ C:\Users\Walt\Documents\BootSuite Wizard.exe
2018-04-25 10:46 - 2010-06-23 08:01 - 012124624 _____ (Adobe Systems Inc.) C:\Users\Walt\Documents\AdobeAIRInstaller.exe
2018-04-25 10:45 - 2018-04-25 10:45 - 000001115 _____ C:\Users\Walt\Desktop\nProtect MBR Guard.lnk
2018-04-25 10:45 - 2018-04-25 10:45 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_00_00.Wdf
2018-04-25 10:45 - 2018-04-25 10:45 - 000000000 ____D C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\nProtect MBR Guard
2018-04-25 10:45 - 2018-04-25 10:45 - 000000000 ____D C:\Program Files\INCAInternet
2018-04-25 10:44 - 2018-04-25 20:20 - 000049168 _____ C:\Users\Walt\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-25 10:44 - 2018-04-25 11:20 - 000000000 ____D C:\Users\Walt
2018-04-25 10:44 - 2018-04-25 10:44 - 000000949 _____ C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-04-25 10:44 - 2018-04-25 10:44 - 000000944 _____ C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-04-25 10:44 - 2018-04-25 10:44 - 000000915 _____ C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2018-04-25 10:44 - 2018-04-25 10:44 - 000000680 _____ C:\Users\Walt\AppData\Local\d3d9caps.dat
2018-04-25 10:44 - 2018-04-25 10:44 - 000000020 ___SH C:\Users\Walt\ntuser.ini
2018-04-25 10:44 - 2018-04-25 10:44 - 000000000 ____D C:\Users\Walt\AppData\Local\VirtualStore
2018-04-25 10:44 - 2006-11-02 05:37 - 000000000 ____D C:\Users\Walt\AppData\Roaming\Media Center Programs
 
==================== Three Months Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-26 10:44 - 2006-11-02 04:18 - 000000000 ____D C:\Windows\rescache
2018-04-26 10:40 - 2006-11-02 06:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-26 10:40 - 2006-11-02 05:47 - 000003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-26 10:40 - 2006-11-02 05:47 - 000003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-26 10:18 - 2006-11-02 06:01 - 000006362 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-04-26 09:27 - 2006-11-02 03:23 - 000000215 _____ C:\Windows\system.ini
2018-04-26 07:40 - 2006-11-02 04:18 - 000000000 ____D C:\Windows\inf
2018-04-26 07:40 - 2006-11-02 03:33 - 000690960 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-25 20:12 - 2006-11-02 05:47 - 000228176 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-25 19:48 - 2006-11-02 05:37 - 000000000 ____D C:\Program Files\Movie Maker
2018-04-25 19:48 - 2006-11-02 04:18 - 000000000 ____D C:\Windows\system32\manifeststore
2018-04-25 19:48 - 2006-11-02 04:18 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-04-25 11:33 - 2006-11-02 05:37 - 000262144 _____ C:\Windows\system32\config\BCD-Template
2018-04-25 11:18 - 2006-11-02 04:18 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
 
==================== Files in the root of some directories =======
 
2018-04-25 10:44 - 2018-04-25 10:44 - 000000680 _____ () C:\Users\Walt\AppData\Local\d3d9caps.dat
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Microsoft Windows Vista
locale                  en-US
inherit                 {bootloadersettings}
osdevice                partition=C:
systemroot              \Windows
resumeobject            {28d62d1b-48b7-11e8-8463-86b7714ca8b0}
nx                      OptIn
 
Resume from Hibernate
---------------------
identifier              {28d62d1b-48b7-11e8-8463-86b7714ca8b0}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  partition=C:
path                    \ntldr
description             Earlier Version of Windows
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
 
LastRegBack: 2018-04-26 10:44
 
==================== End of FRST.txt ============================


#6 JohnC_21

JohnC_21

  • Members
  • 24,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:18 AM

Posted 26 April 2018 - 01:47 PM

The selected disk neccessary to the oparation of your computer, and may not be cleaned!!!! 

 

I never ran into this before. 

 

I suggest we wipe the computer outside of Windows using a Gparted Live CD based on linux. Download the iso file and burn to a CD. Boot the disk and create a new MSDOS partition table. This should wipe the disk then create a new NTFS primary partition.  If you still get an error post it.

 

https://gparted.org/livecd.php

 

See my post showing screenshots of Gparted.

 

https://www.bleepingcomputer.com/forums/t/675513/force-formatting-a-corrupt-wd-external-hdd-which-causes-file-explorer-to-freeze/?p=4482199

 

The above was for an external drive. Your device will be labeled sda if there is only one drive in the computer.

 

Edit: if you do get an error there is a linux terminal command that will wipe the disk. Also, you can use a Windows 7 upgrade disk to do a clean install on a wiped drive. Installing Vista first is not required.

 

https://www.sevenforums.com/tutorials/31402-clean-install-upgrade-windows-7-version.html


Edited by JohnC_21, 26 April 2018 - 02:24 PM.


#7 Rootkiller

Rootkiller
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 27 April 2018 - 08:51 PM

Hi John I just formatted with Gparted and then in win at commend prompt clean all I also removed the Cmos battery for about 10 minutes. Just started the new install and guess what it's still here!!! I installed a new hard drive and it did not cure the problem eater!!! It's rewritten the operating system and it starts the install from their and never asks for the product key!!  Just got a error massage " Windows could not update registry data in the installation "Installation Canceled". How do I remove the Old install?? like I said I tried to Flash the Bios but I think id did not actually flash the Bios it just went thru the motion of doing it. Where can it be hiding???The bastard has me by the balls!! Thanks Walt



#8 JohnC_21

JohnC_21

  • Members
  • 24,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:18 AM

Posted 27 April 2018 - 09:32 PM

If you created a new partition table in Gparted and then did a clean all command to zero out the drive then it would be impossible for a rootkit to survive. I highly doubt the BIOS has been infected. That is very rare. 

 

The error regarding writing the registry seems to be a common Windows install problem.

 

https://www.google.com/search?q=Windows+could+not+update+registry+data+in+the+installation+%22Installation+Canceled&btnI

 

Edit: You can remove the old install by using the Gparted Live CD and then opening a Terminal. Make absolutely sure you are using the correct device because this will again zero out the drive or you can simply create a new partition table using Gparted. 

 

Using the terminal in Gparted you would use the linux dd command. Terminal icon will be on the Gparted desktop.

 

http://how-to.wikia.com/wiki/How_to_wipe_a_hard_drive_clean_in_Linux


Edited by JohnC_21, 27 April 2018 - 09:36 PM.


#9 Rootkiller

Rootkiller
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 28 April 2018 - 10:52 AM

Hi John, as I stated I installed a new hard drive and it did not cure the problem !!! So it's not on the hard drive, it must have rewritten the MBR!!! Surly I'm not the only one who has this bastered on their computer. I tried repairing the MBR from command prompt in CMD and I don't think I was successful at it seems. I will try to the steps again Gparted and see what happens. Thanks Walt



#10 JohnC_21

JohnC_21

  • Members
  • 24,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:18 AM

Posted 28 April 2018 - 11:04 AM

You can do a clean install of Windows 7 using an upgrade disk as I linked to in post #6. Was the error you received during the Vista or Windows 7 install? 

 

The computer originally had Vista installed on it? I never ran into a problem like this so I am running out of ideas. 



#11 Rootkiller

Rootkiller
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 28 April 2018 - 03:26 PM

Thanks Walt



#12 mike_shupp

mike_shupp

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:san francisco bay area
  • Local time:11:18 PM

Posted 28 April 2018 - 08:04 PM

What the folks at Microsoft seem to think ....

 

This isn't happening for the first time, it seems.  That error message has appeared before --- about 18000 times, according to the font of all information, Google.  (And as JohnC_21 indicated.)   So.

 

1)  At this point you are NOT being root-kitted.  You have an installation problem.

 

2) You think you have formatted the disk, or at least that you gave instructions which should have formatted the disk.

    The installation program on the DVD does not think the disk has been so formatted.

 

3) Probably you have not really formatted the disk.  Helpful hint:  Did you spend 2 hours or so playing solitare or TV watching or making out with your girlfriend or walking around the neighborhood while the computer formatted the disk?   Or did you give it two minutes and decide "That's long enough!"   Formatting is SLOW.

 

4) Double check and make sure all the connections in your machine are snug and tight.  Enter these commands again:


Edited by mike_shupp, 28 April 2018 - 08:09 PM.


#13 mike_shupp

mike_shupp

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:san francisco bay area
  • Local time:11:18 PM

Posted 28 April 2018 - 08:27 PM

        DISKPART

        LIST DISK

        SELECT DISK 0 (assuming you have just one hard drive)

        CLEAN

        CREATE PARTITION PRIMARY SIZE=102400 (for 100 GB primary, adjust as desired)

        FORMAT FS=NTFS  LABEL= "VISTA"

        ACTIVE

        EXIT

        EXIT 

 

5)  Go away.  Find things to explore in the neighborhood, or on TV, or involving your girlfriend or whatever.  For 2 hours, guy.

 

6)  It's likely you have something more complicated in mind.  You'd like four or six partitions on that disk.  You want Vista to be on the second partition, so you can install Win 10 on the first.  You want Vista to have just 50 GB.   And so on.  Well .... you are not going to accomplish marvels with a simple installation program.  Get your system up and running and browse a batch of websites which provide hardware tutorials and THEN you can get elaborate. 



#14 Rootkiller

Rootkiller
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 28 April 2018 - 09:27 PM

 
Hey Guys I'm a novice strugling to fix this Bastard!! Included is link at the end to a Video how to repair MBR very nice person. Thanks to every one who are overing suggestion and are Helping us novices!!!! The last person asking what Microsoft think of this,they could give a bleep!! they are happy to make more money from us!!!
Mike_shupp it's more complicated then you think!!! Everything I do on this computer is not performrd as asked!!!!! Since I'm in the corupted Windows operation system it's controlling what gets done!!! I tried doing the "clean all" at Comand prompt!!!! No successes!!! It's hard to type since it's redirecting me and deleting what I type, very frustrating.  Hope this will help some one who less infected.
Sart Run win 10 to repair MBR get into Advanced to get to Comand prompd: watch Video link at the end.
 
at X : follow this stepps!
X:\windows\system32>Bootrec /fixmbr
X:\windows\system32>Bootrec /fixboot
X:\windows\system32>bcdedit export c:\bcdbackup
 
I got a error message stating file not found!! The system cannot find the file specified. Would not let me contniu 
this is why I think my master boot record has been tempered with!! Files missing.
 
X:\windows\system32>atrrib c:\boot\bcd -h -r -s
X:\windows\system32>ren c:\boot\bed bcd.old
X:\windows\system32>bootrec /rebuildbcd
here is the link to Youtube Video on fixing MBR very nice explanation how TO!! 


#15 lmacri

lmacri

  • Members
  • 454 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:01:18 AM

Posted 29 April 2018 - 08:32 AM

Hi Rootkiller:

 

If you are relatively certain your problem is caused by a rootkit or some other type of malware, there is a dedicated board in this BleepingComputer forum at Virus, Trojan, Spyware, and Malware Removal Logs where you can receive free one-on-one assistance from a trained malware removal specialist [see their instructions <here> for collecting and posting Farbar Recovery Scan Tool (FRST) diagnostic logs].  I've used their services in the past and they did an excellent job.
-----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.7.3 * Norton Security Premium v22.14.0.54 * Malwarebytes Free v3.4.5






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users