Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit has rewritten MBR corrupted Win operating system


  • This topic is locked This topic is locked
27 replies to this topic

#1 Rootkiller

Rootkiller

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 29 April 2018 - 09:32 AM

I have embedded rootkit who has rewritten the MBR. Not able to do a new install since it controls the computer!! Tried to repair the MBR and was not able as it stopped me.
 
X:\windows\system32>Bootrec /fixmbr
X:\windows\system32>Bootrec /fixboot
X:\windows\system32>bcdedit export c:\bcdbackup
 
I got a error message stating file not found!! The system cannot find the file specified. Would not let me continue 
this is why I think my master boot record has been tempered with!! It also has corrupted the Windows operating system, it's in control.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23.04.2018
Ran by Walt (administrator) on WALT-PC (26-04-2018 10:46:18)
Running from C:\Users\Walt\Downloads
Loaded Profiles: Walt (Available Profiles: Walt)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(INCA Internet Co., Ltd.) C:\Program Files\INCAInternet\nProtect MBR Guard\nPMBRSvc.exe
(INCA Internet Co., Ltd.) C:\Program Files\INCAInternet\nProtect MBR Guard\nPMBRGuard.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [nPMBRGuard] => C:\Program Files\INCAInternet\nProtect MBR Guard\nPMBRGuard.exe [616752 2013-03-28] (INCA Internet Co., Ltd.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-25] (AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{C1970AC4-C7DB-4BE3-9949-5098FC23783E}: [DhcpNameServer] 71.10.216.1 71.10.216.2
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1390778279-201454918-2172237936-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-04-25] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2018-04-25] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2018-04-25] (Google Inc.)
 
FireFox:
========
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-04-25] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-04-25] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Walt\AppData\Local\Google\Chrome\User Data\Default [2018-04-26]
CHR Extension: (Slides) - C:\Users\Walt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-25]
CHR Extension: (Docs) - C:\Users\Walt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-25]
CHR Extension: (Google Drive) - C:\Users\Walt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-25]
CHR Extension: (YouTube) - C:\Users\Walt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-25]
CHR Extension: (Sheets) - C:\Users\Walt\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-25]
CHR Extension: (Google Docs Offline) - C:\Users\Walt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Walt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-25]
CHR Extension: (Gmail) - C:\Users\Walt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-25]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5947256 2018-04-25] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-25] (AVAST Software)
R2 MBRGuardSvc; C:\Program Files\INCAInternet\nProtect MBR Guard\nPMBRSvc.exe [211248 2013-03-20] (INCA Internet Co., Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S3 FBQVOB; C:\Users\Walt\AppData\Local\Temp\FBQVOB.exe [X] <==== ATTENTION
S3 XGUJ; C:\Users\Walt\AppData\Local\Temp\XGUJ.exe [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167040 2018-04-25] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [185432 2018-04-25] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [157368 2018-04-25] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [276688 2018-04-25] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [50336 2018-04-25] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [180984 2018-04-25] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-04-25] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [124392 2018-04-25] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr.sys [70576 2018-04-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [70816 2018-04-25] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783600 2018-04-25] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [391856 2018-04-25] (AVAST Software)
S3 aswStmXP; C:\Windows\System32\drivers\aswStmXP.sys [205352 2018-04-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-04-25] (AVAST Software)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [62496 2010-03-08] (ITE Tech. Inc. )
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [280096 2009-03-08] (Creative Technology Ltd.)
R1 TKDac; C:\Windows\system32\tkdacxp.sys [144496 2013-07-16] (INCA Internet Co., Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 catchme; \??\C:\Users\Walt\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\drivers\acpi.sys FCB8C7210F0135E24C6580F7F649C73C
C:\Windows\system32\drivers\adp94xx.sys 04F0FCAC69C7C71A3AC4EB97FAFC8303
C:\Windows\system32\drivers\adpahci.sys 60505E0041F7751BDBB80F88BF45C2CE
C:\Windows\system32\drivers\adpu160m.sys 8A42779B02AEC986EAB64ECFC98F8BD7
C:\Windows\system32\drivers\adpu320.sys 241C9E37F8CE45EF51C3DE27515CA4E5
C:\Windows\system32\drivers\afd.sys 48EB99503533C27AC6135648E5474457
C:\Windows\system32\drivers\agp440.sys 13F9E33747E6B41A3FF305C37DB0D360
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys 9EAEF5FC9B8E351AFA7E78A6FAE91F91
C:\Windows\system32\drivers\amdagp.sys C47344BC706E5F0B9DCE369516661578
C:\Windows\system32\drivers\amdide.sys 9B78A39A4C173FDBC1321E0DD659B34C
C:\Windows\system32\drivers\amdk7.sys 18F29B49AD23ECEE3D2A826C725C8D48
C:\Windows\system32\drivers\amdk8.sys 93AE7F7DD54AB986A6F1A1B37BE7442D
C:\Windows\system32\drivers\arc.sys 5D2888182FB46632511ACEE92FDAD522
C:\Windows\system32\drivers\arcsas.sys 5E2A321BD7C8B3624E41FDEC3E244945
C:\Windows\System32\drivers\aswArPot.sys 7B57D5B48E423E5C8041F3832F96970D
C:\Windows\System32\drivers\aswbidsdriverx.sys 16E60D96CB0E11B73997DDA210FC4FB8
C:\Windows\System32\drivers\aswbidshx.sys E52E0E9726F8088062B18E0CE844515E
C:\Windows\System32\drivers\aswblogx.sys FD1562BA6BCDF9B325D93CF473B67964
C:\Windows\System32\drivers\aswbunivx.sys 113E9BB40A08C00731A48BC8C486920A
C:\Windows\System32\drivers\aswHdsKe.sys 5998C6DCB45F11723D8B734F47B7C439
C:\Windows\System32\drivers\aswHwid.sys D71E938750DB65232F4627C567CD3558
C:\Windows\System32\drivers\aswMonFlt.sys F24A2F4991AEB5BE6F37B5B45DB2CC96
C:\Windows\System32\drivers\aswRdr.sys E555DC6049FD4EC3F08AAF73DBC11629
C:\Windows\System32\drivers\aswRvrt.sys 0FCC656DEBCB9A1E8A15A4E079A7E715
C:\Windows\System32\drivers\aswSnx.sys C4E71D0C0A458EE02ACF83F0E276DBC5
C:\Windows\System32\drivers\aswSP.sys 3CA1F217418AC2C550C522BE87074530
C:\Windows\System32\drivers\aswStmXP.sys C16AE4603C7F9D1A6220EF56DC35947B
C:\Windows\System32\drivers\aswVmm.sys 816C82EC821BEE17C3F973D74487D094
C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1
C:\Windows\System32\drivers\atapi.sys 2D9C903DC76A66813D350A562DE40ED9
C:\Windows\System32\DRIVERS\atikmdag.sys 47DCF5D78C395159D72C65C25129FC44
C:\Windows\system32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6
C:\Windows\system32\drivers\blbdrive.sys D4DF28447741FD3D953526E33A617397
C:\Windows\System32\DRIVERS\bowser.sys 8153396D5551276227FA146900F734E6
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A
C:\Windows\System32\DRIVERS\cdrom.sys 1EC25CEA0DE6AC4718BF89F9E1778B57
C:\Windows\System32\DRIVERS\circlass.sys E5D4133F37219DBCFE102BC61072589D
C:\Windows\System32\CLFS.sys 465745561C832B29F7C48B488AAB3842
C:\Windows\System32\DRIVERS\CmBatt.sys 99AFC3795B58CC478FBBBCDC658FCB56
C:\Windows\system32\drivers\cmdide.sys 0CA25E686A4928484E9FDABD168AB629
C:\Windows\System32\DRIVERS\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A
C:\Windows\System32\drivers\crcdisk.sys 741E9DFF4F42D2D8477D0FC1DC0DF871
C:\Windows\system32\drivers\crusoe.sys 1F07BECDCA750766A96CDA811BA86410
C:\Windows\System32\Drivers\dfsc.sys A3E9FA213F443AC77C7746119D13FEEC
C:\Windows\System32\drivers\disk.sys 64109E623ABD6955C8FB110B592E68B7
C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80
C:\Windows\System32\drivers\dxgkrnl.sys 85F33880B8CFB554BD3D9CCDB486845A
C:\Windows\System32\DRIVERS\E1G60I32.sys 5425F74AC0C1DBD96A1E04F17D63F94C
C:\Windows\System32\drivers\ecache.sys DD2CD259D83D8B72C02C5F2331FF9D68
C:\Windows\system32\drivers\elxstor.sys 23B62471681A124889978F6295B3F4C6
C:\Windows\system32\drivers\errdev.sys 3DB974F3935483555D7148663F726C61
C:\Windows\system32\Drivers\exfat.sys 0D858EB20589A34EFB25695ACAA6AA2D
C:\Windows\system32\Drivers\fastfat.sys 3C489390C2E2064563727752AF8EAB9E
C:\Windows\System32\DRIVERS\fdc.sys AFE1E8B9782A0DD7FB46BBD88E43F89A
C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F
C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE
C:\Windows\System32\DRIVERS\flpydisk.sys 85B7CF99D532820495D68D747FDA9EBD
C:\Windows\System32\drivers\fltmgr.sys 05EA53AFE985443011E36DAB07343B46
C:\Windows\system32\Drivers\Fs_Rec.sys 65EA8B77B5851854F0C55C43FA51A198
C:\Windows\system32\drivers\gagp30kx.sys 34582A6E6573D54A07ECE5FE24A126B5
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys C87B1EE051C0464491C1A7B03FA0BC99
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidir.sys D8DF3722D5E961BAA1292AA2F12827E2
C:\Windows\System32\DRIVERS\hidusb.sys 854CA287AB7FAF949617A788306D967E
C:\Windows\system32\drivers\hpcisss.sys 16EE7B23A009E00D835CDB79574A91A6
C:\Windows\System32\drivers\HTTP.sys 96E241624C71211A79C84F50A8E71CAB
C:\Windows\system32\drivers\i2omp.sys C6B032D69650985468160FC9937CF5B4
C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\system32\drivers\iastorv.sys 54155EA1B0DF185878E0FC9EC3AC3A14
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys 83AA759F3189E6370C30DE5DC5590718
C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF
C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3
C:\Windows\system32\drivers\ipmidrv.sys B25AAF203552B7B3491139D582B39AD1
C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68
C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9
C:\Windows\system32\drivers\isapnp.sys 6C70698A3E5C4376C6AB5C7C17FB0614
C:\Windows\System32\DRIVERS\msiscsi.sys F247EEC28317F6C739C16DE420097301
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\itecir.sys 20425664E2E196D339CA877E0387C023
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E
C:\Windows\System32\DRIVERS\kbdhid.sys 18247836959BA67E3511B62846B9C2E0
C:\Windows\System32\Drivers\ksecdd.sys 7A0CF7908B6824D6A2A1D313E5AE3DCA
C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6
C:\Windows\system32\drivers\lsi_fc.sys C7E15E82879BF3235B559563D4185365
C:\Windows\system32\drivers\lsi_sas.sys EE01EBAE8C9BF0FA072E0FF68718920A
C:\Windows\system32\drivers\lsi_scsi.sys 912A04696E9CA30146A62AFA1463DD5C
C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC
C:\Windows\system32\drivers\megasas.sys 0001CE609D66632FA17B84705F658879
C:\Windows\system32\drivers\megasr.sys C252F32CD9A49DBFC25ECF26EBD51A99
C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA
C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8
C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263
C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F
C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600
C:\Windows\system32\drivers\mpio.sys 511D011289755DD9F9A7579FB0B064E6
C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3DE84536B6799D2267443CEC8EDBB9
C:\Windows\System32\DRIVERS\mrxsmb.sys 5734A0F2BE7E495F7D3ED6EFD4B9F5A1
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6B5FA5ADFACAC9DBBE0991F4566D7D55
C:\Windows\System32\DRIVERS\mrxsmb20.sys 5C80D8159181C7ABF1B14BA703B01E0B
C:\Windows\System32\drivers\msahci.sys 28023E86F17001F7CD9B15A5BC9AE07D
C:\Windows\system32\drivers\msdsm.sys 4468B0F385A86ECDDAF8D3CA662EC0E7
C:\Windows\system32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515
C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62
C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07
C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E
C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B
C:\Windows\system32\Drivers\MsRPC.sys B5614AECB05A9340AA0FB55BF561CC63
C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C
C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A
C:\Windows\System32\Drivers\mup.sys 6DFD1D322DE55B0B7DB7D21B90BEC49C
C:\Windows\System32\DRIVERS\nwifi.sys 3C21CE48FF529BB73DADB98770B54025
C:\Windows\System32\drivers\ndis.sys 9BDC71790FA08F0A0B5F10462B1BD0B1
C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61
C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389
C:\Windows\System32\DRIVERS\ndiswan.sys 3D14C3B3496F88890D431E8AA022A411
C:\Windows\system32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3
C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78
C:\Windows\System32\DRIVERS\netbt.sys 7C5FEE5B1C5728507CD96FB4A13E7A02
C:\Windows\System32\DRIVERS\NETw5v32.sys 0B214C6A4728F085FB64A29ED9C4DE94
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Npfs.sys ECB5003F484F9ED6C608D6D6C7886CBB
C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF
C:\Windows\system32\Drivers\Ntfs.sys B4EFFE29EB4F15538FD8A9681108492D
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\system32\drivers\nvraid.sys 2EDF9E7751554B42CBB60116DE727101
C:\Windows\system32\drivers\nvstor.sys ABED0C09758D1D97DB0042DBB2688177
C:\Windows\system32\drivers\nv_agp.sys 18BBDF913916B71BD54575BDB6EEAC0B
C:\Windows\System32\DRIVERS\OA001Ufd.sys 2CF21D5F8F1B74BB1922135AC2B12DDB
C:\Windows\System32\DRIVERS\OA001Vid.sys 4075063D25AF9DA64101769854B83787
C:\Windows\System32\DRIVERS\ohci1394.sys 790E27C3DB53410B40FF9EF2FD10A1D9
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3B38467E7C3DAED009DFE359E17F139F
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 01B94418DEB235DFF777CC80076354B4
C:\Windows\system32\drivers\pciide.sys FC175F5DDAB666D7F4D17449A547626F
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1
C:\Windows\system32\drivers\processr.sys 2027293619DD0F047C584CF2E7DF4FFD
C:\Windows\System32\DRIVERS\pacer.sys BFEF604508A0ED1EAE2A73E872555FFB
C:\Windows\system32\drivers\ql2300.sys 0A6DB55AFB7820C99AA1F3A1D270F4F6
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7
C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3
C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0
C:\Windows\System32\DRIVERS\raspppoe.sys 3E9D9B048107B40D87B97DF2E48E0744
C:\Windows\System32\DRIVERS\rassstp.sys A7D141684E9500AC928A772ED8E6B671
C:\Windows\System32\DRIVERS\rdbss.sys 6E1C5D0457622F9EE35F683110E93D14
C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899
C:\Windows\system32\drivers\rdpdr.sys FBC0BACD9C3D7F6956853F64A66E252D
C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C
C:\Windows\system32\Drivers\RDPWD.sys E1C18F4097A5ABCEC941DC4B2F99DB7E
C:\Windows\System32\DRIVERS\rimmptsk.sys C2EF513BBE069F0D4EE0938A76F975D3
C:\Windows\System32\DRIVERS\rimsptsk.sys C398BCA91216755B098679A8DA8A2300
C:\Windows\System32\DRIVERS\rixdptsk.sys 2A2554CB24506E0A0508FC395C4A1B42
C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 126EA89BCC413EE45E3004FB0764888F
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624
C:\Windows\system32\drivers\sffdisk.sys 3EFA810BDCA87F6ECC24F9832243FE86
C:\Windows\system32\drivers\sffp_mmc.sys E95D451F7EA3E583AEC75F3B3EE42DC5
C:\Windows\system32\drivers\sffp_sd.sys 3D0EA348784B7AC9EA9BD9F317980979
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys 1D76624A09A054F682D746B924E2DBC3
C:\Windows\system32\drivers\sisraid2.sys 43CB7AA756C7DB280D01DA9B676CFDE2
C:\Windows\system32\drivers\sisraid4.sys A99C6C8B0BAA970D8AA59DDC50B57F94
C:\Windows\System32\DRIVERS\smb.sys 031E6BCD53C9B2B9ACE111EAFEC347B6
C:\Windows\system32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF
C:\Windows\System32\DRIVERS\srv.sys 2252AEF839B1093D16761189F45AF885
C:\Windows\System32\DRIVERS\srv2.sys B7FF59408034119476B00A81BB53D5D1
C:\Windows\System32\DRIVERS\srvnet.sys 2ACCC9B12AF02030F531E6CCA6F8B76E
C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 782568AB6A43160A159B6215B70BCCE9
C:\Windows\System32\DRIVERS\tcpip.sys 782568AB6A43160A159B6215B70BCCE9
C:\Windows\System32\drivers\tcpipreg.sys D4A2E4A4B011F3A883AF77315A5AE76B
C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56
C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021
C:\Windows\System32\DRIVERS\tdx.sys D09276B1FAB033CE1D40DCBDF303D10F
C:\Windows\System32\DRIVERS\termdd.sys A048056F5E1A96A9BF3071B91741A5AA
C:\Windows\system32\tkdacxp.sys CC651BEBBD4A5070D3161B7C687D7FE8
C:\Windows\System32\DRIVERS\tssecsrv.sys DCF0F056A2E4F52287264F5AB29CF206
C:\Windows\System32\DRIVERS\tunnel.sys 6042505FF6FA9AC1EF7684D0E03B6940
C:\Windows\system32\drivers\uagp35.sys 7D33C4DB2CE363C8518D2DFCF533941F
C:\Windows\System32\DRIVERS\udfs.sys 8B5088058FA1D1CD897A2113CCFF6C58
C:\Windows\system32\drivers\uliagpkx.sys B0ACFDC9E4AF279E9116C03E014B2B27
C:\Windows\system32\drivers\uliahci.sys 9224BB254F591DE4CA8D572A5F0D635C
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2
C:\Windows\System32\DRIVERS\usbccgp.sys CAF811AE4C147FFCD5B51750C7F09142
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys CEBE90821810E76320155BEBA722FCF9
C:\Windows\System32\DRIVERS\usbhub.sys CC6B28E4CE39951357963119CE47B143
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS 87BA6B83C5D19B69160968D07D6E2982
C:\Windows\System32\DRIVERS\usbuhci.sys 814D653EFC4D48BE3B04A307ECEFF56F
C:\Windows\System32\Drivers\usbvideo.sys E67998E8F14CB0627A769F6530BCB352
C:\Windows\System32\DRIVERS\vgapnp.sys 87B06E1F30B749A114F74622D013F8D4
C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C
C:\Windows\system32\drivers\viaagp.sys 5D7159DEF58A800D5781BA3A879627BC
C:\Windows\system32\drivers\viac7.sys C4F3A691B5BAD343E6249BD8C2D45DEE
C:\Windows\system32\drivers\viaide.sys AADF5587A4063F52C2C3FED7887426FC
C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43
C:\Windows\System32\drivers\volmgrx.sys 98F5FFE6316BD74E9E2C97206C190196
C:\Windows\System32\drivers\volsnap.sys D8B4A53DD2769F226B3EB374374987C9
C:\Windows\system32\drivers\vsmraid.sys 587253E09325E6BF226B299774B728A9
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\system32\drivers\wd.sys 78FE9542363F297B18C027B2D7E7C07F
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wmiacpi.sys 2E7255D172DF0B8283CDFB7B433B864E
C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C
C:\Windows\System32\DRIVERS\WUDFRd.sys AC13CB789D93412106B0FB6C7EB2BCB6
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-26 09:29 - 2018-04-26 09:29 - 000013015 _____ C:\ComboFix.txt
2018-04-26 09:18 - 2011-06-25 23:45 - 000256000 _____ C:\Windows\PEV.exe
2018-04-26 09:18 - 2010-11-07 10:20 - 000208896 _____ C:\Windows\MBR.exe
2018-04-26 09:18 - 2009-04-19 21:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2018-04-26 09:18 - 2000-08-30 17:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2018-04-26 09:18 - 2000-08-30 17:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2018-04-26 09:18 - 2000-08-30 17:00 - 000098816 _____ C:\Windows\sed.exe
2018-04-26 09:18 - 2000-08-30 17:00 - 000080412 _____ C:\Windows\grep.exe
2018-04-26 09:18 - 2000-08-30 17:00 - 000068096 _____ C:\Windows\zip.exe
2018-04-26 09:13 - 2018-04-26 09:14 - 000002380 _____ C:\Users\Walt\Desktop\Rkill.txt
2018-04-26 08:59 - 2018-04-26 09:15 - 000025676 _____ C:\Users\Walt\Downloads\Addition.txt
2018-04-26 08:58 - 2018-04-26 10:46 - 000025532 _____ C:\Users\Walt\Downloads\FRST.txt
2018-04-26 08:58 - 2018-04-26 10:46 - 000000000 ____D C:\FRST
2018-04-26 08:18 - 2018-04-26 08:18 - 000037096 _____ C:\Users\Walt\Downloads\Mole02Decryptor.zip
2018-04-26 08:17 - 2018-04-26 08:17 - 002066432 _____ (Farbar) C:\Users\Walt\Downloads\FRST.exe
2018-04-26 08:16 - 2018-04-26 08:16 - 005659794 ____R (Swearware) C:\Users\Walt\Downloads\ComboFix.exe
2018-04-26 08:16 - 2018-04-26 08:16 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Walt\Downloads\rkill.exe
2018-04-26 08:15 - 2018-04-26 08:15 - 001790024 _____ (Malwarebytes) C:\Users\Walt\Downloads\JRT.exe
2018-04-26 08:14 - 2018-04-26 08:14 - 004198400 _____ C:\Users\Walt\Downloads\CybereasonRansomFree.msi
2018-04-25 18:43 - 2008-05-26 22:21 - 001582592 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-04-25 18:43 - 2008-05-26 22:21 - 001418240 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000439808 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2018-04-25 18:43 - 2008-05-26 22:18 - 000350208 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000231936 _____ (Microsoft Corporation) C:\Windows\system32\msshsq.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000203776 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000184832 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2018-04-25 18:43 - 2008-05-26 22:18 - 000136704 _____ (Microsoft Corporation) C:\Windows\system32\nlhtml.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\propdefs.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\xmlfilter.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\msstrc.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\mimefilt.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000038400 _____ (Microsoft Corporation) C:\Windows\system32\rtffilt.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000029184 _____ (Microsoft Corporation) C:\Windows\system32\wsepno.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 006103040 _____ (Microsoft Corporation) C:\Windows\system32\chtbrkr.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 001671680 _____ (Microsoft Corporation) C:\Windows\system32\chsbrkr.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000754176 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000313344 _____ (Microsoft Corporation) C:\Windows\system32\thawbrkr.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000301568 _____ (Microsoft Corporation) C:\Windows\system32\srchadmin.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000194560 _____ (Microsoft Corporation) C:\Windows\system32\offfilt.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000143872 _____ (Microsoft Corporation) C:\Windows\system32\korwbrkr.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2018-04-25 18:43 - 2008-05-26 22:17 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\msscb.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000011776 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2018-04-25 18:43 - 2008-05-26 21:59 - 000106605 _____ C:\Windows\system32\StructuredQuerySchema.bin
2018-04-25 18:43 - 2008-05-26 21:59 - 000018904 _____ C:\Windows\system32\StructuredQuerySchemaTrivial.bin
2018-04-25 18:43 - 2007-11-08 02:04 - 011967524 _____ C:\Windows\system32\korwbrkr.lex
2018-04-25 18:37 - 2010-04-14 10:47 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2018-04-25 18:37 - 2010-04-14 10:47 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2018-04-25 18:37 - 2010-04-14 10:46 - 000080896 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2018-04-25 18:37 - 2008-04-22 21:41 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2018-04-25 18:17 - 2010-02-20 16:39 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\nshhttp.dll
2018-04-25 18:17 - 2010-02-20 16:37 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\httpapi.dll
2018-04-25 18:17 - 2010-02-20 14:18 - 000411136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-04-25 18:14 - 2009-10-09 14:56 - 001181696 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2018-04-25 18:14 - 2009-10-09 14:56 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2018-04-25 18:14 - 2009-10-09 14:56 - 000241152 _____ (Microsoft Corporation) C:\Windows\system32\winrscmd.dll
2018-04-25 18:14 - 2009-10-09 14:56 - 000214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2018-04-25 18:14 - 2009-10-09 14:56 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2018-04-25 18:14 - 2009-10-09 14:56 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\pwrshplugin.dll
2018-04-25 18:14 - 2009-10-09 14:56 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\winrs.exe
2018-04-25 18:14 - 2009-10-09 14:56 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\winrshost.exe
2018-04-25 18:14 - 2009-10-09 14:56 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2018-04-25 18:14 - 2009-10-09 14:56 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2018-04-25 18:14 - 2009-10-09 14:56 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\winrssrv.dll
2018-04-25 18:14 - 2009-10-09 14:56 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\winrsmgr.dll
2018-04-25 18:14 - 2009-10-09 14:55 - 000252416 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2018-04-25 18:14 - 2009-10-09 14:55 - 000146944 _____ (Microsoft Corporation) C:\Windows\system32\wecsvc.dll
2018-04-25 18:14 - 2009-10-09 14:55 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\wevtfwd.dll
2018-04-25 18:14 - 2009-10-09 14:55 - 000079872 _____ (Microsoft Corporation) C:\Windows\system32\wecutil.exe
2018-04-25 18:14 - 2009-10-09 14:55 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\wecapi.dll
2018-04-25 18:14 - 2009-10-09 14:55 - 000054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2018-04-25 18:14 - 2009-07-31 23:27 - 000201184 _____ C:\Windows\system32\winrm.vbs
2018-04-25 18:14 - 2009-07-16 10:30 - 000004675 _____ C:\Windows\system32\wsmanconfig_schema.xml
2018-04-25 18:14 - 2009-07-16 10:30 - 000002426 _____ C:\Windows\system32\WsmTxt.xsl
2018-04-25 18:06 - 2011-07-06 07:56 - 000213504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-04-25 18:06 - 2011-04-29 05:49 - 000105984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-04-25 18:06 - 2011-04-29 05:49 - 000079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-04-25 18:06 - 2011-02-22 05:51 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2018-04-25 18:06 - 2011-02-16 08:29 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-04-25 18:06 - 2011-02-16 06:24 - 000292864 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-04-25 18:06 - 2010-08-26 09:07 - 000157184 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-04-25 18:06 - 2010-06-28 09:15 - 001315840 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-04-25 18:06 - 2010-06-16 08:12 - 000072704 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-04-25 18:06 - 2010-04-05 09:08 - 000317952 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2018-04-25 18:06 - 2010-02-18 07:11 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2018-04-25 18:06 - 2010-02-18 04:52 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2018-04-25 18:06 - 2009-12-28 05:35 - 000011776 _____ (Microsoft Corporation) C:\Windows\system32\tsbyuv.dll
2018-04-25 18:06 - 2009-12-28 05:32 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\msvfw32.dll
2018-04-25 18:06 - 2009-12-28 05:32 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\msvidc32.dll
2018-04-25 18:06 - 2009-12-28 05:32 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\msyuv.dll
2018-04-25 18:06 - 2009-12-28 05:32 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\msrle32.dll
2018-04-25 18:06 - 2009-12-28 05:31 - 000082944 _____ (Microsoft Corporation) C:\Windows\system32\mciavi32.dll
2018-04-25 18:06 - 2009-12-28 05:31 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\iyuv_32.dll
2018-04-25 18:06 - 2009-12-28 05:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\avifil32.dll
2018-04-25 18:06 - 2009-12-28 05:28 - 000065024 _____ (Microsoft Corporation) C:\Windows\system32\avicap32.dll
2018-04-25 18:06 - 2009-08-10 06:05 - 000351232 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2018-04-25 18:06 - 2009-07-10 05:21 - 000247808 _____ (Microsoft Corporation) C:\Windows\system32\shsvcs.dll
2018-04-25 18:06 - 2009-06-15 08:20 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-04-25 18:06 - 2009-03-02 21:39 - 000551424 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-04-25 18:06 - 2009-03-02 21:39 - 000183296 _____ (Microsoft Corporation) C:\Windows\system32\sdohlp.dll
2018-04-25 18:06 - 2009-03-02 21:39 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll
2018-04-25 18:06 - 2009-03-02 21:37 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll
2018-04-25 18:06 - 2009-03-02 21:37 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\iasads.dll
2018-04-25 18:06 - 2009-03-02 21:37 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\iasdatastore.dll
2018-04-25 18:06 - 2009-03-02 20:04 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
2018-04-25 18:06 - 2009-03-02 19:38 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\iashost.exe
2018-04-25 18:05 - 2011-04-20 07:47 - 000375808 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-04-25 18:05 - 2011-04-20 07:44 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-04-25 18:05 - 2010-10-28 05:56 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-04-25 18:05 - 2010-08-20 08:21 - 000866816 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2018-04-25 18:05 - 2010-06-18 09:43 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll
2018-04-25 18:05 - 2010-01-21 08:59 - 000062464 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codeca.acm
2018-04-25 18:05 - 2010-01-14 17:04 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll
2018-04-25 18:05 - 2009-10-07 05:41 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\raschap.dll
2018-04-25 18:05 - 2009-10-07 05:41 - 000244224 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2018-04-25 18:05 - 2009-06-10 05:12 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2018-04-25 18:05 - 2008-10-20 22:25 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-04-25 18:05 - 2008-06-25 18:45 - 012240896 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0007.dll
2018-04-25 18:05 - 2008-06-25 18:45 - 002644480 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0009.dll
2018-04-25 18:04 - 2010-01-25 05:48 - 000472576 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2018-04-25 18:04 - 2010-01-25 05:48 - 000472064 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2018-04-25 18:04 - 2010-01-25 05:48 - 000151040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2018-04-25 18:04 - 2010-01-25 05:48 - 000151040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2018-04-25 18:04 - 2010-01-25 05:45 - 000329216 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2018-04-25 18:04 - 2010-01-25 01:35 - 000523776 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2018-04-25 18:04 - 2010-01-25 01:35 - 000346624 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2018-04-25 18:04 - 2010-01-25 01:34 - 000511488 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2018-04-25 18:04 - 2010-01-25 01:34 - 000347136 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2018-04-25 18:04 - 2009-08-14 09:29 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\netiohlp.dll
2018-04-25 18:04 - 2009-08-14 09:29 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2018-04-25 18:04 - 2009-08-14 07:16 - 000027136 _____ (Microsoft Corporation) C:\Windows\system32\NETSTAT.EXE
2018-04-25 18:04 - 2009-08-14 07:16 - 000019968 _____ (Microsoft Corporation) C:\Windows\system32\ARP.EXE
2018-04-25 18:04 - 2009-08-14 07:16 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\ROUTE.EXE
2018-04-25 18:04 - 2009-08-14 07:16 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\MRINFO.EXE
2018-04-25 18:04 - 2009-08-14 07:16 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\finger.exe
2018-04-25 18:04 - 2009-08-14 07:16 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\TCPSVCS.EXE
2018-04-25 18:04 - 2009-08-14 07:16 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\HOSTNAME.EXE
2018-04-25 18:04 - 2009-07-11 12:32 - 000513024 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2018-04-25 18:04 - 2009-07-11 12:32 - 000302592 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2018-04-25 18:04 - 2009-07-11 12:32 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2018-04-25 18:04 - 2009-07-11 12:29 - 000127488 _____ (Microsoft Corporation) C:\Windows\system32\L2SecHC.dll
2018-04-25 18:04 - 2009-07-11 10:18 - 002501921 _____ C:\Windows\system32\wlan.tmf
2018-04-25 18:04 - 2008-06-25 20:29 - 000801280 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll
2018-04-25 18:03 - 2011-03-03 07:56 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\Apphlpdm.dll
2018-04-25 18:03 - 2011-03-03 06:01 - 004240384 _____ (Microsoft) C:\Windows\system32\GameUXLegacyGDFs.dll
2018-04-25 18:03 - 2010-09-10 11:18 - 010626560 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-04-25 18:03 - 2010-09-10 09:37 - 008147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2018-04-25 18:03 - 2009-07-14 06:00 - 000313344 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll
2018-04-25 18:03 - 2009-07-14 05:59 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2018-04-25 18:03 - 2009-07-14 05:59 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2018-04-25 18:03 - 2009-07-14 05:58 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2018-04-25 18:03 - 2009-07-14 01:30 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.tlb
2018-04-25 18:03 - 2009-07-14 01:30 - 000018432 _____ (Microsoft Corporation) C:\Windows\system32\amcompat.tlb
2018-04-25 18:03 - 2008-03-07 21:21 - 001695744 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2018-04-25 18:03 - 2008-02-29 00:14 - 000019000 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2018-04-25 18:03 - 2008-02-29 00:11 - 000988216 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-04-25 18:03 - 2008-02-29 00:11 - 000927288 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2018-04-25 18:03 - 2008-02-28 23:53 - 000378368 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-04-25 18:03 - 2008-02-28 23:53 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-04-25 18:03 - 2008-02-28 23:53 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-04-25 18:03 - 2008-02-28 23:35 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\kbd106n.dll
2018-04-25 18:03 - 2008-02-28 21:12 - 000318464 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-04-25 18:03 - 2008-02-28 21:12 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\srdelayed.exe
2018-04-25 18:03 - 2008-02-21 22:05 - 000615992 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2018-04-25 18:02 - 2018-04-25 18:02 - 000000000 ____D C:\ProgramData\Google
2018-04-25 18:02 - 2011-04-14 07:24 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-04-25 18:02 - 2011-02-16 08:35 - 000430080 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-04-25 18:02 - 2011-02-16 08:32 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-04-25 18:02 - 2011-01-21 08:46 - 011582464 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-04-25 18:02 - 2011-01-21 08:46 - 000351744 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2018-04-25 18:02 - 2010-12-17 09:43 - 002067456 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2018-04-25 18:02 - 2010-12-17 08:06 - 000677888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2018-04-25 18:02 - 2010-10-15 07:08 - 003600272 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-04-25 18:02 - 2010-10-15 07:08 - 003548048 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-04-25 18:02 - 2010-10-15 06:48 - 001205080 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-04-25 18:02 - 2010-08-31 08:40 - 000531968 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2018-04-25 18:02 - 2009-04-23 05:42 - 000636928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2018-04-25 18:01 - 2010-04-16 09:10 - 000501760 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2018-04-25 17:58 - 2010-12-28 07:57 - 000409600 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll
2018-04-25 17:58 - 2008-10-21 20:57 - 000241152 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2018-04-25 17:58 - 2008-06-18 20:31 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2018-04-25 17:57 - 2011-03-10 09:12 - 001161728 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2018-04-25 17:57 - 2011-03-10 09:12 - 001136640 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2018-04-25 17:57 - 2011-03-02 07:49 - 000167936 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2018-04-25 17:57 - 2011-03-02 07:49 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2018-04-25 17:57 - 2011-02-18 06:31 - 000304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-04-25 17:57 - 2010-05-27 12:16 - 000081920 _____ (Radius Inc.) C:\Windows\system32\iccvid.dll
2018-04-25 17:57 - 2009-09-10 10:30 - 000213504 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-04-25 17:57 - 2009-08-10 04:01 - 001399296 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-04-25 17:57 - 2009-06-10 05:11 - 002868224 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2018-04-25 17:57 - 2009-06-10 05:11 - 002386944 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2018-04-25 17:57 - 2009-05-04 03:11 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2018-04-25 17:57 - 2008-04-04 20:34 - 000015360 _____ (Microsoft Corporation) C:\Windows\system32\pacerprf.dll
2018-04-25 17:57 - 2008-04-04 18:21 - 000072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2018-04-25 17:56 - 2010-08-17 06:32 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2018-04-25 17:56 - 2010-04-05 09:07 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2018-04-25 17:56 - 2009-07-17 07:35 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\atl.dll
2018-04-25 17:56 - 2008-12-05 21:42 - 000376832 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2018-04-25 17:55 - 2011-06-02 05:59 - 002042368 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-04-25 17:55 - 2011-04-29 05:49 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-04-25 17:55 - 2011-04-29 05:49 - 000102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-04-25 17:55 - 2011-04-21 06:16 - 000273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2018-04-25 17:55 - 2010-12-14 08:49 - 001169408 _____ (Microsoft Corporation) C:\Windows\system32\sdclt.exe
2018-04-25 17:55 - 2009-10-23 10:42 - 000714240 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2018-04-25 17:55 - 2008-06-25 20:29 - 000303616 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll
2018-04-25 17:55 - 2008-06-05 20:27 - 000562176 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll
2018-04-25 17:55 - 2008-06-05 20:27 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\xolehlp.dll
2018-04-25 17:55 - 2008-04-17 22:48 - 000269312 _____ (Microsoft Corporation) C:\Windows\system32\es.dll
2018-04-25 17:54 - 2010-12-20 08:39 - 000563200 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2018-04-25 17:54 - 2010-08-31 08:41 - 000954752 _____ (Microsoft Corporation) C:\Windows\system32\mfc40.dll
2018-04-25 17:54 - 2010-08-31 08:41 - 000954288 _____ (Microsoft Corporation) C:\Windows\system32\mfc40u.dll
2018-04-25 17:54 - 2008-10-15 21:47 - 000466944 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2018-04-25 17:53 - 2008-10-28 23:29 - 002927104 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2018-04-25 17:48 - 2010-12-29 10:41 - 000429056 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2018-04-25 17:48 - 2010-12-29 10:41 - 000323072 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2018-04-25 17:48 - 2010-12-29 10:41 - 000153088 _____ (Microsoft Corporation) C:\Windows\system32\sbeio.dll
2018-04-25 17:48 - 2010-12-29 10:39 - 000177664 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2018-04-25 17:48 - 2009-12-23 05:43 - 000171520 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2018-04-25 17:48 - 2009-06-15 11:20 - 000439896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-04-25 17:48 - 2009-06-15 08:24 - 000175104 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-04-25 17:48 - 2009-06-15 08:24 - 000072704 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-04-25 17:48 - 2009-06-15 08:23 - 001256448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-04-25 17:48 - 2009-06-15 08:21 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-04-25 17:48 - 2009-06-15 05:57 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-04-25 17:47 - 2011-05-02 08:58 - 000738816 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-04-25 17:47 - 2010-11-06 04:10 - 000357376 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2018-04-25 17:47 - 2010-11-06 04:10 - 000345088 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll
2018-04-25 17:47 - 2010-11-06 04:10 - 000270336 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2018-04-25 17:47 - 2010-11-06 04:09 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-04-25 17:47 - 2010-11-04 17:53 - 000171520 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2018-04-25 17:47 - 2010-10-18 07:01 - 000081920 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-04-25 17:47 - 2010-06-11 08:30 - 001257472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-04-25 17:47 - 2010-04-16 09:10 - 001314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2018-04-25 17:47 - 2009-03-16 20:38 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\amxread.dll
2018-04-25 17:47 - 2009-03-16 20:38 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\apilogen.dll
2018-04-25 17:47 - 2008-09-17 21:56 - 000147456 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2018-04-25 17:47 - 2008-09-17 21:56 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2018-04-25 17:47 - 2008-08-27 20:40 - 000712704 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2018-04-25 17:47 - 2008-08-27 20:40 - 000425472 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2018-04-25 17:47 - 2008-08-27 20:40 - 000347136 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2018-04-25 17:47 - 2008-08-11 20:39 - 000443392 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2018-04-25 17:47 - 2008-08-01 20:26 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2018-04-25 17:47 - 2008-08-01 18:01 - 000625152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-04-25 17:47 - 2008-06-25 20:29 - 000565248 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2018-04-25 17:47 - 2008-06-25 20:29 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\dataclen.dll
2018-04-25 17:47 - 2008-05-19 19:07 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2018-04-25 17:47 - 2008-05-09 18:33 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2018-04-25 17:46 - 2008-06-22 18:59 - 000996352 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
2018-04-25 17:46 - 2008-06-22 18:58 - 000094720 _____ (Microsoft Corporation) C:\Windows\system32\logagent.exe
2018-04-25 17:46 - 2008-05-08 14:59 - 000180224 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2018-04-25 17:46 - 2008-05-08 14:59 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2018-04-25 17:46 - 2008-05-08 14:59 - 000155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2018-04-25 17:46 - 2008-05-08 14:59 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\wshext.dll
2018-04-25 17:46 - 2008-05-08 14:58 - 000135168 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2018-04-25 17:46 - 2008-05-08 14:58 - 000135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2018-04-25 17:45 - 2011-04-12 07:53 - 000890368 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-04-25 17:45 - 2009-09-04 05:24 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\msasn1.dll
2018-04-25 17:45 - 2009-04-23 05:43 - 000784896 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-04-25 17:44 - 2011-04-29 07:54 - 000276992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-04-25 17:44 - 2010-06-16 08:59 - 000898952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-04-25 17:44 - 2008-10-20 22:25 - 001645568 _____ (Microsoft Corporation) C:\Windows\system32\connect.dll
2018-04-25 11:56 - 2018-04-25 11:56 - 000000000 ____D C:\Users\Walt\AppData\Roaming\AVAST Software
2018-04-25 11:56 - 2018-04-25 11:56 - 000000000 ____D C:\Users\Walt\AppData\Local\CEF
2018-04-25 11:56 - 2009-07-14 10:45 - 000445008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2018-04-25 11:56 - 2009-07-14 10:45 - 000038480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2018-04-25 11:56 - 2009-07-14 10:45 - 000000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
2018-04-25 11:55 - 2018-04-25 11:55 - 000001829 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-04-25 11:55 - 2018-04-25 11:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2018-04-25 11:53 - 2018-04-25 11:53 - 000391856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-04-25 11:53 - 2018-04-25 11:53 - 000310784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-04-25 11:53 - 2018-04-25 11:53 - 000205352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2018-04-25 11:53 - 2018-04-25 11:53 - 000167040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-04-25 11:53 - 2018-04-25 11:53 - 000124392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-04-25 11:53 - 2018-04-25 11:53 - 000070816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-04-25 11:53 - 2018-04-25 11:53 - 000070576 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2018-04-25 11:53 - 2018-04-25 11:53 - 000042808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-04-25 11:53 - 2018-04-25 11:53 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-04-25 11:53 - 2018-04-25 11:52 - 001142072 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2018-04-25 11:53 - 2018-04-25 11:52 - 000783600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-04-25 11:53 - 2018-04-25 11:52 - 000320728 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-04-25 11:53 - 2018-04-25 11:52 - 000276688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblogx.sys
2018-04-25 11:53 - 2018-04-25 11:52 - 000185432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2018-04-25 11:53 - 2018-04-25 11:52 - 000180984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-04-25 11:53 - 2018-04-25 11:52 - 000157368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidshx.sys
2018-04-25 11:53 - 2018-04-25 11:52 - 000050336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbunivx.sys
2018-04-25 11:48 - 2018-04-25 11:48 - 000000000 ____D C:\Program Files\AVAST Software
2018-04-25 11:47 - 2009-04-02 05:37 - 000604672 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2018-04-25 11:39 - 2018-04-25 11:39 - 000001983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-04-25 11:39 - 2018-04-25 11:39 - 000001971 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-04-25 11:39 - 2018-04-25 11:39 - 000000000 ____D C:\Users\Walt\AppData\Local\Google
2018-04-25 11:38 - 2018-04-25 19:27 - 000000000 ____D C:\ProgramData\AVAST Software
2018-04-25 11:38 - 2018-04-25 18:02 - 000000000 ____D C:\Program Files\Google
2018-04-25 11:34 - 2018-04-25 11:34 - 000000000 ____D C:\Users\Walt\AppData\Roaming\ATI
2018-04-25 11:34 - 2018-04-25 11:34 - 000000000 ____D C:\Users\Walt\AppData\Local\ATI
2018-04-25 11:34 - 2018-04-25 11:34 - 000000000 ____D C:\ProgramData\ATI
2018-04-25 11:33 - 2018-04-25 11:33 - 000008192 ___RS C:\BOOTSECT.BAK
2018-04-25 11:33 - 2018-04-25 10:40 - 000000000 ____D C:\Windows\Panther
2018-04-25 11:33 - 2008-02-14 10:44 - 000000024 ___RH C:\Windows\dell_version
2018-04-25 11:33 - 2008-01-20 19:24 - 000333203 __RSH C:\bootmgr
2018-04-25 11:29 - 2018-04-25 11:29 - 000000000 _____ C:\Windows\ativpsrm.bin
2018-04-25 11:20 - 2018-04-25 11:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2018-04-25 11:17 - 2018-04-25 11:20 - 000000000 ____D C:\Program Files\ATI Technologies
2018-04-25 11:17 - 2018-04-25 11:17 - 000000000 ____D C:\Program Files\ATI
2018-04-25 11:16 - 2008-07-04 02:35 - 003847168 _____ (ATI Technologies Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2018-04-25 11:16 - 2008-07-03 23:37 - 000421888 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIDEMGX.dll
2018-04-25 11:16 - 2008-07-03 23:37 - 000331776 _____ (ATI Technologies, Inc.) C:\Windows\system32\atipdlxx.dll
2018-04-25 11:16 - 2008-07-03 23:37 - 000266240 _____ (ATI Technologies, Inc.) C:\Windows\system32\Oemdspif.dll
2018-04-25 11:16 - 2008-07-03 23:37 - 000159744 _____ () C:\Windows\system32\atitmmxx.dll
2018-04-25 11:16 - 2008-07-03 23:36 - 000270336 _____ (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.dll
2018-04-25 11:16 - 2008-07-03 23:36 - 000043520 _____ (ATI Technologies, Inc.) C:\Windows\system32\ati2edxx.dll
2018-04-25 11:16 - 2008-07-03 23:35 - 000692224 _____ (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
2018-04-25 11:16 - 2008-07-03 23:27 - 001626624 _____ (ATI Technologies Inc. ) C:\Windows\system32\atidxx32.dll
2018-04-25 11:16 - 2008-07-03 23:21 - 003691008 _____ (ATI Technologies Inc. ) C:\Windows\system32\atiumdag.dll
2018-04-25 11:16 - 2008-07-03 23:03 - 004427264 _____ (ATI Technologies Inc. ) C:\Windows\system32\atiumdva.dll
2018-04-25 11:16 - 2008-07-03 23:02 - 003107788 _____ C:\Windows\system32\atiumdva.dat
2018-04-25 11:16 - 2008-07-03 22:52 - 009306112 _____ (ATI Technologies Inc.) C:\Windows\system32\atioglxx.dll
2018-04-25 11:16 - 2008-07-03 22:50 - 000050688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom32.dll
2018-04-25 11:16 - 2008-07-03 22:50 - 000042496 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2018-04-25 11:16 - 2008-07-03 22:33 - 000053248 _____ (ATI Technologies Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2018-04-25 11:16 - 2008-06-10 17:50 - 000174819 _____ C:\Windows\system32\atiicdxx.dat
2018-04-25 11:16 - 2008-05-13 08:10 - 000013052 _____ C:\Windows\atiogl.xml
2018-04-25 11:16 - 2008-03-05 20:38 - 000090112 _____ C:\Windows\system32\atibrtmon.exe
2018-04-25 11:16 - 2007-09-08 22:37 - 000052400 _____ C:\Windows\system32\Drivers\ativvpxx.vp
2018-04-25 11:16 - 2007-08-21 17:51 - 000081920 _____ C:\Windows\system32\ATIODE.exe
2018-04-25 11:16 - 2007-08-21 15:36 - 000040960 _____ C:\Windows\system32\ATIODCLI.exe
2018-04-25 11:16 - 2007-05-30 11:37 - 000002096 _____ C:\Windows\system32\Drivers\ativpkxx.vp
2018-04-25 11:16 - 2007-05-30 11:37 - 000002096 _____ C:\Windows\system32\Drivers\ativokxx.vp
2018-04-25 11:16 - 2007-04-18 08:19 - 000002096 _____ C:\Windows\system32\Drivers\ativdkxx.vp
2018-04-25 11:16 - 2006-08-23 17:26 - 000328162 _____ C:\Windows\system32\Drivers\ativcaxx.cpa
2018-04-25 11:16 - 2006-08-23 17:26 - 000000929 _____ C:\Windows\system32\Drivers\ativcaxx.vp
2018-04-25 11:14 - 2018-04-25 11:14 - 000000000 ____D C:\Program Files\Intel
2018-04-25 11:13 - 2018-04-25 11:16 - 000320422 _____ C:\Windows\iProInstLog.txt
2018-04-25 11:05 - 2018-04-25 11:05 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2018-04-25 11:05 - 2008-02-15 18:01 - 000046592 _____ (REDC) C:\Windows\system32\Drivers\rimmptsk.sys
2018-04-25 11:05 - 2007-07-30 11:54 - 000038400 _____ (REDC) C:\Windows\system32\Drivers\rixdptsk.sys
2018-04-25 11:05 - 2007-07-30 10:42 - 000043008 _____ (REDC) C:\Windows\system32\Drivers\rimsptsk.sys
2018-04-25 11:05 - 2007-07-25 12:48 - 000172032 _____ (Ricoh Company,Ltd) C:\Windows\system32\rixdicon.dll
2018-04-25 11:05 - 2004-09-04 03:00 - 000090112 _____ (Sony Corporation) C:\Windows\system32\snymsico.dll
2018-04-25 11:01 - 2018-04-25 11:01 - 000000000 ____D C:\dell
2018-04-25 11:00 - 2018-04-25 11:00 - 000000000 ____D C:\Windows\system32\vmm32
2018-04-25 11:00 - 2018-04-25 11:00 - 000000000 ____D C:\Program Files\Dell
2018-04-25 10:53 - 2018-04-26 09:30 - 000000000 ____D C:\Qoobox
2018-04-25 10:52 - 2018-04-26 09:28 - 000000000 ____D C:\Windows\erdnt
2018-04-25 10:50 - 2018-03-06 19:14 - 001472131 _____ C:\Users\Walt\Documents\vba32arkit.zip
2018-04-25 10:50 - 2017-01-26 16:07 - 007380704 _____ C:\Users\Walt\Documents\WMCodecPack.exe
2018-04-25 10:50 - 2017-01-19 07:14 - 030659457 _____ C:\Users\Walt\Documents\Windows6.1-KB3172605-x64.msu
2018-04-25 10:50 - 2016-06-30 14:07 - 000548376 _____ (Microsoft Corporation) C:\Users\Walt\Documents\VS90sp1-KB945140-ENU.exe
2018-04-25 10:50 - 2015-02-02 21:21 - 001132106 _____ (Huntersoft ) C:\Users\Walt\Documents\UnknownDeviceIdentifier.exe
2018-04-25 10:50 - 2015-02-02 19:14 - 301812736 _____ C:\Users\Walt\Documents\Windows_Win7SP1.7601.17514.101119-1850.AMD64FRE.Symbols.msi
2018-04-25 10:50 - 2015-02-02 15:54 - 001766152 _____ C:\Users\Walt\Documents\wrar520.exe
2018-04-25 10:50 - 2013-12-10 21:44 - 002585872 _____ (Microsoft Corporation) C:\Users\Walt\Documents\WindowsInstaller-KB893803-v2-x86.exe
2018-04-25 10:50 - 2005-10-14 16:12 - 001014477 _____ C:\Users\Walt\Documents\wrar351.exe
2018-04-25 10:50 - 2005-09-12 17:10 - 000983202 _____ C:\Users\Walt\Documents\wrar35b4.exe
2018-04-25 10:49 - 2018-04-11 19:28 - 433547968 _____ (Microsoft Corporation) C:\Users\Walt\Documents\SQLServer2014SP2-KB3171021-x86-ENU.exe
2018-04-25 10:48 - 2018-04-12 15:22 - 003168728 _____ (Remo Software ) C:\Users\Walt\Documents\remo-recover.exe
2018-04-25 10:48 - 2018-04-11 19:26 - 714585792 _____ (Microsoft Corporation) C:\Users\Walt\Documents\SQLServer2014SP2-KB3171021-x64-ENU.exe
2018-04-25 10:48 - 2018-04-06 16:09 - 000967800 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Walt\Documents\rufus-2.18.exe
2018-04-25 10:48 - 2018-04-06 15:54 - 002804968 _____ C:\Users\Walt\Documents\R302080.exe
2018-04-25 10:48 - 2018-01-30 13:36 - 006229392 _____ (Trend Micro, Inc. ) C:\Users\Walt\Documents\RUBottedSetup.exe
2018-04-25 10:48 - 2018-01-23 12:45 - 008656400 _____ (Trend Micro Inc.) C:\Users\Walt\Documents\RootkitBuster_v5_1061.exe
2018-04-25 10:48 - 2017-11-02 19:28 - 003039640 _____ C:\Users\Walt\Documents\R301250.exe
2018-04-25 10:48 - 2017-09-20 12:55 - 000231390 _____ C:\Users\Walt\Documents\RootkitRevealer.zip
2018-04-25 10:48 - 2016-09-27 07:52 - 041743488 _____ (Skype Technologies S.A.) C:\Users\Walt\Documents\SkypeSetupFull.exe
2018-04-25 10:48 - 2016-06-28 19:04 - 000464200 _____ (Bleeping Computer, LLC) C:\Users\Walt\Documents\sc-cleaner.exe
2018-04-25 10:48 - 2016-06-27 08:31 - 046525608 _____ (Safer-Networking Ltd. ) C:\Users\Walt\Documents\spybot-2.4.exe
2018-04-25 10:48 - 2015-02-02 11:44 - 064677992 _____ C:\Users\Walt\Documents\R273821.exe
2018-04-25 10:48 - 2015-02-02 11:44 - 011497152 _____ C:\Users\Walt\Documents\R255962.exe
2018-04-25 10:48 - 2015-01-26 16:47 - 030858816 _____ C:\Users\Walt\Documents\R255591(1).exe
2018-04-25 10:48 - 2015-01-26 16:39 - 049680560 _____ C:\Users\Walt\Documents\R278714.exe
2018-04-25 10:48 - 2015-01-25 21:12 - 011496904 _____ C:\Users\Walt\Documents\R255501(1).exe
2018-04-25 10:48 - 2015-01-25 21:10 - 062410840 _____ C:\Users\Walt\Documents\R273580.exe
2018-04-25 10:48 - 2015-01-25 21:10 - 004884240 _____ C:\Users\Walt\Documents\R255590.exe
2018-04-25 10:48 - 2015-01-25 21:10 - 002669496 _____ C:\Users\Walt\Documents\R304507.exe
2018-04-25 10:48 - 2015-01-25 21:10 - 001987936 _____ C:\Users\Walt\Documents\R304505.exe
2018-04-25 10:48 - 2015-01-25 21:09 - 049941256 _____ C:\Users\Walt\Documents\R259343.exe
2018-04-25 10:48 - 2015-01-25 21:07 - 007781752 _____ C:\Users\Walt\Documents\R255854.exe
2018-04-25 10:48 - 2015-01-25 21:07 - 003194904 _____ C:\Users\Walt\Documents\R255588.exe
2018-04-25 10:48 - 2015-01-25 21:06 - 083633504 _____ C:\Users\Walt\Documents\R272187.exe
2018-04-25 10:48 - 2015-01-25 21:06 - 002608120 _____ C:\Users\Walt\Documents\R255577.exe
2018-04-25 10:48 - 2015-01-25 21:05 - 005853328 _____ C:\Users\Walt\Documents\R285030.exe
2018-04-25 10:47 - 2015-02-02 11:45 - 085261368 _____ C:\Users\Walt\Documents\R252542.exe
2018-04-25 10:47 - 2015-02-02 11:45 - 085256608 _____ C:\Users\Walt\Documents\R252536.exe
2018-04-25 10:47 - 2015-02-02 11:44 - 064888904 _____ C:\Users\Walt\Documents\R228330.exe
2018-04-25 10:47 - 2015-02-02 11:43 - 044680536 _____ C:\Users\Walt\Documents\R252287.exe
2018-04-25 10:47 - 2015-01-26 16:48 - 144109622 _____ C:\Users\Walt\Documents\R241392.zip
2018-04-25 10:47 - 2015-01-25 21:13 - 085261200 _____ C:\Users\Walt\Documents\R252544.exe
2018-04-25 10:47 - 2015-01-25 21:13 - 085256536 _____ C:\Users\Walt\Documents\R252537.exe
2018-04-25 10:47 - 2015-01-25 21:11 - 064910792 _____ C:\Users\Walt\Documents\R226746.exe
2018-04-25 10:47 - 2013-07-21 18:06 - 101606880 _____ C:\Users\Walt\Documents\R205222.exe
2018-04-25 10:47 - 2011-03-14 14:21 - 001239944 _____ C:\Users\Walt\Documents\R227772.exe
2018-04-25 10:46 - 2018-04-25 10:46 - 000000000 ____D C:\Users\Walt\Documents\vba32arkit
2018-04-25 10:46 - 2018-04-25 10:46 - 000000000 ____D C:\Users\Walt\Documents\TMRBLog
2018-04-25 10:46 - 2018-04-25 10:46 - 000000000 ____D C:\Users\Walt\Documents\RootRepeal
2018-04-25 10:46 - 2018-04-25 10:46 - 000000000 ____D C:\Users\Walt\Documents\RootkitRevealer
2018-04-25 10:46 - 2018-04-25 10:46 - 000000000 ____D C:\Users\Walt\Documents\LAN_Atheros_2.1.0.13_W7x64
2018-04-25 10:46 - 2018-04-25 10:46 - 000000000 ____D C:\Users\Walt\Documents\Ad-Aware SE Personal
2018-04-25 10:46 - 2018-04-15 10:32 - 037993920 _____ (EaseUS ) C:\Users\Walt\Documents\epm.exe
2018-04-25 10:46 - 2018-04-15 09:16 - 041719176 _____ (EASEUS) C:\Users\Walt\Documents\EASEUS_Disk_Copy.exe
2018-04-25 10:46 - 2018-04-14 18:52 - 015800840 _____ (Dell Inc.) C:\Users\Walt\Documents\dell-usb-recovery-tool_jndt2_win_2.1.2025.0_a00.exe
2018-04-25 10:46 - 2018-04-13 08:25 - 039012928 _____ (EaseUS ) C:\Users\Walt\Documents\epm_fusion.exe
2018-04-25 10:46 - 2018-04-11 19:31 - 002959376 _____ (Microsoft Corporation) C:\Users\Walt\Documents\dotnetfx35setup.exe
2018-04-25 10:46 - 2018-04-11 17:43 - 000679696 _____ (PC Drivers HeadQuarters LP) C:\Users\Walt\Documents\DriverSupport.exe
2018-04-25 10:46 - 2018-04-10 10:30 - 000000000 ____D C:\Users\Walt\Documents\log
2018-04-25 10:46 - 2018-04-06 15:55 - 009078096 _____ C:\Users\Walt\Documents\E6530A20.exe
2018-04-25 10:46 - 2018-04-03 17:33 - 018617536 _____ (Microsoft Corporation) C:\Users\Walt\Documents\MediaCreationTool (1).exe
2018-04-25 10:46 - 2018-03-06 19:03 - 029819149 _____ (SecureMix LLC) C:\Users\Walt\Documents\glasswire-setup-2.0.3087.exe
2018-04-25 10:46 - 2018-02-23 12:37 - 001129816 _____ (Google Inc.) C:\Users\Walt\Documents\ChromeSetup.exe
2018-04-25 10:46 - 2018-02-19 08:41 - 028866136 _____ (IObit ) C:\Users\Walt\Documents\advanced-systemcare-setup.exe
2018-04-25 10:46 - 2018-01-30 16:35 - 001137360 _____ (F-Secure Corporation) C:\Users\Walt\Documents\fsbl.exe
2018-04-25 10:46 - 2018-01-23 14:56 - 001020640 _____ C:\Users\Walt\Documents\antirootkit.exe
2018-04-25 10:46 - 2018-01-23 12:40 - 011599632 _____ (SurfRight B.V.) C:\Users\Walt\Documents\HitmanPro_x64.exe
2018-04-25 10:46 - 2018-01-20 11:31 - 077342496 _____ (Malwarebytes ) C:\Users\Walt\Documents\arw-setup-consumer-0.9.18.807-1.1.129.exe
2018-04-25 10:46 - 2018-01-10 17:36 - 006654960 _____ (AVAST Software) C:\Users\Walt\Documents\avast_free_antivirus_setup_online_cnet2.exe
2018-04-25 10:46 - 2017-03-15 05:52 - 001318648 _____ C:\Users\Walt\Documents\BatteryBarSetup-3.6.6.exe
2018-04-25 10:46 - 2017-02-03 14:30 - 006389072 _____ C:\Users\Walt\Documents\8400fvst6410231a_64en.exe
2018-04-25 10:46 - 2017-01-19 06:43 - 000422480 _____ (Secure By Design Inc.) C:\Users\Walt\Documents\Ninite_7Zip_Air_CDBurnerXP_Chrome_Essentials_Installer.exe
2018-04-25 10:46 - 2016-08-22 08:54 - 045964136 _____ (IObit ) C:\Users\Walt\Documents\advanced-systemcare-setup(1).exe
2018-04-25 10:46 - 2016-08-16 15:31 - 014194869 _____ C:\Users\Walt\Documents\CopyTransManagerv1.111_DLC.zip
2018-04-25 10:46 - 2016-06-28 19:48 - 003719928 _____ (Zemana Ltd. ) C:\Users\Walt\Documents\AntiLoggerFree_Setup.exe
2018-04-25 10:46 - 2016-06-28 19:26 - 000457632 _____ (Bleeping Computer, LLC) C:\Users\Walt\Documents\FixExec.exe
2018-04-25 10:46 - 2016-06-28 17:30 - 005198336 _____ (AVAST Software) C:\Users\Walt\Documents\aswMBR.exe
2018-04-25 10:46 - 2016-06-28 16:10 - 037457368 _____ (Malwarebytes ) C:\Users\Walt\Documents\MBARW_Setup.exe
2018-04-25 10:46 - 2016-06-26 21:09 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Walt\Documents\mbar-1.09.3.1001(1).exe
2018-04-25 10:46 - 2016-06-17 16:43 - 010451640 _____ (SurfRight B.V.) C:\Users\Walt\Documents\hitmanpro.exe
2018-04-25 10:46 - 2016-06-08 08:00 - 002085168 _____ C:\Users\Walt\Documents\Adaware_Installer.exe
2018-04-25 10:46 - 2015-10-30 21:01 - 011302536 _____ (CCCP Project ) C:\Users\Walt\Documents\Combined-Community-Codec-Pack-64bit-2015-10-18(1).exe
2018-04-25 10:46 - 2014-06-08 10:03 - 000845768 _____ (INCA Internet) C:\Users\Walt\Documents\nPMBRGuardSetup.exe
2018-04-25 10:46 - 2013-12-10 21:19 - 082356552 _____ C:\Users\Walt\Documents\R155386.EXE
2018-04-25 10:46 - 2013-12-10 21:17 - 028134504 _____ (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) C:\Users\Walt\Documents\R112482.EXE
2018-04-25 10:46 - 2013-12-10 21:17 - 006131912 _____ (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) C:\Users\Walt\Documents\R111827.EXE
2018-04-25 10:46 - 2013-12-10 21:17 - 004640840 _____ (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) C:\Users\Walt\Documents\R128346.EXE
2018-04-25 10:46 - 2013-12-10 21:16 - 004675584 _____ (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) C:\Users\Walt\Documents\R99254.EXE
2018-04-25 10:46 - 2012-07-09 02:46 - 009161136 _____ (COMODO) C:\Users\Walt\Documents\KillSwitch.exe
2018-04-25 10:46 - 2011-11-15 10:26 - 000510824 _____ C:\Users\Walt\Documents\BootSuite Wizard.exe
2018-04-25 10:46 - 2010-06-23 08:01 - 012124624 _____ (Adobe Systems Inc.) C:\Users\Walt\Documents\AdobeAIRInstaller.exe
2018-04-25 10:45 - 2018-04-25 10:45 - 000001115 _____ C:\Users\Walt\Desktop\nProtect MBR Guard.lnk
2018-04-25 10:45 - 2018-04-25 10:45 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_00_00.Wdf
2018-04-25 10:45 - 2018-04-25 10:45 - 000000000 ____D C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\nProtect MBR Guard
2018-04-25 10:45 - 2018-04-25 10:45 - 000000000 ____D C:\Program Files\INCAInternet
2018-04-25 10:44 - 2018-04-25 20:20 - 000049168 _____ C:\Users\Walt\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-25 10:44 - 2018-04-25 11:20 - 000000000 ____D C:\Users\Walt
2018-04-25 10:44 - 2018-04-25 10:44 - 000000949 _____ C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-04-25 10:44 - 2018-04-25 10:44 - 000000944 _____ C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-04-25 10:44 - 2018-04-25 10:44 - 000000915 _____ C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2018-04-25 10:44 - 2018-04-25 10:44 - 000000680 _____ C:\Users\Walt\AppData\Local\d3d9caps.dat
2018-04-25 10:44 - 2018-04-25 10:44 - 000000020 ___SH C:\Users\Walt\ntuser.ini
2018-04-25 10:44 - 2018-04-25 10:44 - 000000000 ____D C:\Users\Walt\AppData\Local\VirtualStore
2018-04-25 10:44 - 2006-11-02 05:37 - 000000000 ____D C:\Users\Walt\AppData\Roaming\Media Center Programs
 
==================== Three Months Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-26 10:44 - 2006-11-02 04:18 - 000000000 ____D C:\Windows\rescache
2018-04-26 10:40 - 2006-11-02 06:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-26 10:40 - 2006-11-02 05:47 - 000003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-26 10:40 - 2006-11-02 05:47 - 000003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-26 10:18 - 2006-11-02 06:01 - 000006362 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-04-26 09:27 - 2006-11-02 03:23 - 000000215 _____ C:\Windows\system.ini
2018-04-26 07:40 - 2006-11-02 04:18 - 000000000 ____D C:\Windows\inf
2018-04-26 07:40 - 2006-11-02 03:33 - 000690960 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-25 20:12 - 2006-11-02 05:47 - 000228176 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-25 19:48 - 2006-11-02 05:37 - 000000000 ____D C:\Program Files\Movie Maker
2018-04-25 19:48 - 2006-11-02 04:18 - 000000000 ____D C:\Windows\system32\manifeststore
2018-04-25 19:48 - 2006-11-02 04:18 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-04-25 11:33 - 2006-11-02 05:37 - 000262144 _____ C:\Windows\system32\config\BCD-Template
2018-04-25 11:18 - 2006-11-02 04:18 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
 
==================== Files in the root of some directories =======
 
2018-04-25 10:44 - 2018-04-25 10:44 - 000000680 _____ () C:\Users\Walt\AppData\Local\d3d9caps.dat
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Microsoft Windows Vista
locale                  en-US
inherit                 {bootloadersettings}
osdevice                partition=C:
systemroot              \Windows
resumeobject            {28d62d1b-48b7-11e8-8463-86b7714ca8b0}
nx                      OptIn
 
Resume from Hibernate
---------------------
identifier              {28d62d1b-48b7-11e8-8463-86b7714ca8b0}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  partition=C:
path                    \ntldr
description             Earlier Version of Windows
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
 
LastRegBack: 2018-04-26 10:44

Edited by hamluis, 29 April 2018 - 09:56 AM.
Moved from Vista to Malware Removal Logs, closed dupe - Hamluis.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 PM

Posted 04 May 2018 - 09:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/676595 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Rootkiller

Rootkiller
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 04 May 2018 - 11:12 PM

Hi this is a infected Dell E5520 it had a Dell recovery partition the rootkit deleted it. It also deleted the drivers It runs but I'm not able to get on the Internet and also it saying the copy of windows is counterfeit. Thank you Walt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.05.2018
Ran by User (administrator) on USER-PC (04-05-2018 19:39:40)
Running from E:\
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)   Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\dbrsync.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2015-01-09] (Alps Electric Co., Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-944171395-3959990803-3949582925-1000\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2014-09-19] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.20.1
Tcpip\..\Interfaces\{2E6D6B80-67AE-4E10-907F-90238D9643D0}: [DhcpNameServer] 192.168.20.1
Tcpip\..\Interfaces\{D4052CC6-177F-49B7-816B-63544AA79A26}: [DhcpNameServer] 192.168.20.1
 
Internet Explorer:
==================
HKU\S-1-5-21-944171395-3959990803-3949582925-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-944171395-3959990803-3949582925-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-29] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-19] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2018-04-14]
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-19]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-19]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-19]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-19]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-19]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-14]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-19]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-14]


#4 Rootkiller

Rootkiller
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 09 May 2018 - 11:39 AM

Hi have I been sent to the Start for some reason?? As a new Member?? Is the problem that I have not fixable?? I just got a email from bleepingcomputers saying that I'm a new member and to try Lynex ! Please help me load Lynex!! I had a friend burn me a ISO Lynex Ubuntu it will not start installing!!goes to windows failed to start "start windows normally"

 In other words it will not let me install!!!

File: \Windows\system32\ntkrnlpa.exe

Status:: Ox0000221

Info:Windows failed to load because the kernel is missing or corrupt.

Please Help me install Lynex I would be Happy

What ever I have on my computers it's in control of everything I do, I have just the minimal programs installed on my only still working computer!!! I installed Kaspersky an me ISO Dban eraser will not load ether. It will not let me run Rootkit reveal. Thank you 



#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:49 PM

Posted 10 May 2018 - 12:33 PM

Hi, and welcome.

 

BleepingComputer.com will not send you emails requesting the installation of Linux.

 

The logs above are incomplete. Are you able to boot in Normal Mode?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 Rootkiller

Rootkiller
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 11 May 2018 - 11:12 AM

Hi and thank you for triyng to Help!!! So you know where I'm coming from I have 5 Dell computers that are infected by a Rootkit. 2 Dell 1737 1 Dell 7010 and 1 Latitude E6530 and a Dewll E 5520 both 6530 and 5520 computers have the Dell restore partition in tect! The 1737 is limpinbg but able to use it. The other 1737 not able to install win get error massages operating system missing ! The 7010 also will not let me install windows Vista or 7 upgrade. BootMGR missing, when I try to install win 7
The 1 E6530 has the restore partitions, but not able restore or repair. The 2nd one it just got infected and I stopped using it so not to get it more infected also it deleted Internet driver not able get on !!! I was installing a program when a popup came on stating that I need to load a very important Microsft update file not thinking anything of it I pressed install,  right after I had a pop saying not turn computer off I was infected to call Microsoft Tech support and they will help remove the Virus I turned off the computer so it wood stop the infection.Then I got a call from Dell tech support saying that the computer is infected and that they would help remove the virus and tried to get me to install some programs that would remove the virus. I refused. Anyway here a are the FRST log on the 1737 and the E 5520.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.05.2018
Ran by User (administrator) on USER-PC (11-05-2018 06:45:13)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\dbrsync.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2015-01-09] (Alps Electric Co., Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-944171395-3959990803-3949582925-1000\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2014-09-19] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.20.1
Tcpip\..\Interfaces\{2E6D6B80-67AE-4E10-907F-90238D9643D0}: [DhcpNameServer] 192.168.20.1
Tcpip\..\Interfaces\{D4052CC6-177F-49B7-816B-63544AA79A26}: [DhcpNameServer] 192.168.20.1
 
Internet Explorer:
==================
HKU\S-1-5-21-944171395-3959990803-3949582925-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-944171395-3959990803-3949582925-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-29] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-19] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2018-04-14]
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-19]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-19]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-19]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-19]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-19]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-14]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-19]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-14]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-12-29] (Foxit Software Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2065808 2016-01-04] (SoftThinks SAS) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-03-25] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-19] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-19] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-19] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2018-05-11] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-04] (Synaptics Incorporated)
R3 ST_Accel; C:\Windows\System32\DRIVERS\ST_Accel.sys [89312 2015-01-09] (STMicroelectronics)
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\DRIVERS\1394ohci.sys E96ECC2315E4F7B42973CEAADC727C18
C:\Windows\System32\drivers\ACPI.sys 6ECB3791368947C1E3588062325CCBD8
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 6621364405B22FB2C642CDB6B6DE751C
C:\Windows\system32\drivers\agp440.sys 2823C845E4108CD74EC035E8ADB32A2B
C:\Windows\system32\drivers\aliide.sys 56F1EA3065D386173EA976E7C8403E07
C:\Windows\system32\drivers\amdide.sys 9B66BA4D578B18A3A02607A49A46ED15
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 60216B0E704584DE6D5A9F59E9C34C47
C:\Windows\System32\DRIVERS\atikmpag.sys 6B4E9261B613B047A9A145F328889968
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys AA8663311D3E7B711710AFAEE1825A2F
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 0B5BFDCF705BF9F462B151FC5BE428B8
C:\Windows\System32\DRIVERS\Apfiltr.sys 8F67421782B5D818247AA559718D664B
C:\Windows\system32\drivers\appid.sys B84DDCCB03A9CEDC1E90A88EDA5306DB
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys C8AA50005E6461D5C2C247DBABBF2008
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys B688235B47E8AC299B346692F736A562
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ABA3984C822E4D3F889699912D85D6C5
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthEnum.sys 6E2F20D3FC663AF6BB096BDF5E5BFA4F
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys D526806F3B2DA6A11B3BE1BED11A793A
C:\Windows\System32\Drivers\BTHport.sys E66CF8DE3059557F7AE7110C45AFF8B6
C:\Windows\System32\Drivers\BTHUSB.sys 3D6246355415F914CDC3AFA0D8DA9EE0
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys 7200A15FCDDECA736E97D2815A32A54F
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 3D67C27DD17B254D7915FA16A5AE3573
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys 4B47BBF1744551C2BE1469DAA66C1038
C:\Windows\System32\Drivers\cng.sys A98CED39AD91B445E2E442A9BD67E8B4
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cvusbdrv.sys 919E6201D1163C1E5A2331C60C18AD51
C:\Windows\System32\Drivers\dfsc.sys 9B38580063D281A99E68EF5813022A5F
C:\Windows\System32\drivers\discache.sys 3322A9E3CD6CD76729CBD1D96C1C3103
C:\Windows\System32\drivers\disk.sys 97659D0CEBCF0DB9C265D3DE1B116ECF
C:\Windows\system32\drivers\drmkaud.sys A1A42D99C70331B86B7B574598BDCA3A
C:\Windows\System32\drivers\dxgkrnl.sys 3A9D7D464BDB3B70D7ECF689ADABBD4D
C:\Windows\System32\DRIVERS\e1c62x64.sys BA01A130D2B850CA87483CE6AC1A2BBA
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys 7D8430241B482BC2BC8EACFD056C5F14
C:\Windows\system32\drivers\mbae64.sys 4D7F3114147C31390262F19F74E5BF07
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys 1010630ABAA94551C88EF3F111E5DB76
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys EC4F611CEB6B65672EEF06928C2CEB8C
C:\Windows\System32\DRIVERS\fvevol.sys 21B39456D89EE661F20F08082292DC9F
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 345AC81C44BC37685725D78CB641F28F
C:\Windows\System32\DRIVERS\HDAudBus.sys 45DAAFD1056B8942C5038EFFD285658D
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys 387C19A65ECADEB9D27E80F27D882FCF
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys D150C09088401493980E7A80CFA091FE
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys 059D2AFA7C79FFDE302A4A440E9B8E55
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys 55CCD3E5E4DA18FCF0598F42249D47DF
C:\Windows\system32\drivers\iaStorV.sys 58A8CCA18210A9096B626B08EACC0B28
C:\Windows\System32\DRIVERS\igdkmd64.sys 0143C860F0D09B8465AE803FDDB47BE9
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys 74D9B6BDA6F9CDAF7E19F5A33B63EBC9
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys 63C9FB04EECFA385BC092D9B41E85990
C:\Windows\System32\drivers\ipnat.sys 9774AA4661A30E0ADCEA48B5A1B9F4B7
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys E3DBCD75AA78937303E54E0946669959
C:\Windows\system32\drivers\msiscsi.sys 7A9C4A7DAE277FC177D60E4C75164763
C:\Windows\System32\DRIVERS\k57nd60a.sys 12E27942DBB7C91880163634B0D8A776
C:\Windows\System32\DRIVERS\kbdclass.sys C3CEAAF93C02A205B0712DEF98BAE544
C:\Windows\system32\drivers\kbdhid.sys 73DD773AC3F96B229AF7C6BB0D9009FE
C:\Windows\System32\Drivers\ksecdd.sys 3AAA10BAF3F194F7CD34F4C78F8222EE
C:\Windows\System32\Drivers\ksecpkg.sys 7B7C28D4E71E4A4365F2B7528DA619F8
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\MBAMChameleon.sys 3BEC6134F1E45AEF5E971F69F0D38510
C:\Windows\system32\drivers\farflt.sys F3960CA85778E5D7611EE0F501972340
C:\Windows\system32\drivers\mbam.sys 88BD122C3A35DE63D75D382DF75554CE
C:\Windows\system32\drivers\MBAMSwissArmy.sys ABB371D9AEF728B0489B0E6872B4A1C0
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys DFDA7308112839CE14D5F2C92B62607A
C:\Windows\System32\DRIVERS\monitor.sys 419D67778CA8B7DFFB39DF3FCE3EE351
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 8ADB5445B29941CB41AF2846FD5C93C7
C:\Windows\System32\DRIVERS\MpFilter.sys 3665AB2F67F4024F5F3F80335ED5322A
C:\Windows\system32\drivers\mpio.sys AE8932E3B623A75B547F8CB71D70C469
C:\Windows\System32\drivers\mpsdrv.sys 5F46B69809CE21701289300B6B668684
C:\Windows\system32\drivers\mrxdav.sys 98DB1790F0A584E0A2528B92B052417F
C:\Windows\System32\DRIVERS\mrxsmb.sys 819426D736BCBD31CC7CA27221954E04
C:\Windows\System32\DRIVERS\mrxsmb10.sys 85CB449B319AF69A3538BB1B97EEA2E5
C:\Windows\System32\DRIVERS\mrxsmb20.sys C0B2DC34587FE163997055AA38EB883A
C:\Windows\System32\drivers\msahci.sys 0C7033B1EF362F6C1F74E3E41B2306B8
C:\Windows\system32\drivers\msdsm.sys A75ADF411CF22D1C57AE40773BE51CDC
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys 5BDBD4F3C00E887B7FA8E416CD146855
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys AEF3CB71F17CB9D8C6A3B49D3CDE5E22
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ADF51F0215E71361B35FA2C5D3F49D66
C:\Windows\System32\DRIVERS\nwifi.sys FC380F5585171EE88045247D12F21242
C:\Windows\System32\drivers\ndis.sys 8664770EC3CF87492AD1CDDA424FD3CB
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys 8196473CCF244832109BE0F5BEFD7C4D
C:\Windows\System32\DRIVERS\ndisuio.sys A17CC85238E2D08E0C44A8FE3DC3B192
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys 357C6186EBE2B4065080A06F740DCB34
C:\Windows\System32\DRIVERS\netbios.sys 7FA2D0AC5EA6E10013AC4B7D300BD906
C:\Windows\System32\DRIVERS\netbt.sys E47D571FEC2C76E867935109AB2A770C
C:\Windows\System32\DRIVERS\NETwsw00.sys 51406D51951442C2656BEC9C30FEBBAD
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys CE5F6E635FE4506AE6F2D6EB87425128
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys 7D00B92D4803354BC6616A293A24C119
C:\Windows\System32\Drivers\Ntfs.sys DF54A465B6C6AA7A306D03B9B1D2B61E
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys C58189F39002E5E483C0B8BF728E8343
C:\Windows\system32\drivers\nvstor.sys 77497B64AEAC221A081D2EE7C80B1CF4
C:\Windows\system32\drivers\nv_agp.sys 1317382EDFDF491DA4CB3BACFF058A52
C:\Windows\System32\DRIVERS\O2MDFw7x64.sys 6172DB160FC566CF24307941C0E94D8E
C:\Windows\system32\drivers\ohci1394.sys C1E10246E2F0436D0AFD147E8F28391F
C:\Windows\System32\DRIVERS\parport.sys 0E75370C05A7AB23E3B05840BA9E1935
C:\Windows\System32\drivers\partmgr.sys B38E9BF9A0A43B0E84731CE83541D710
C:\Windows\System32\drivers\pci.sys E8EDD0D68FB3D1FD1B1EB410DC8E87BC
C:\Windows\system32\drivers\pciide.sys 7D7E0DC331C675B35627B9E2C4ED1B4B
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys EA4D67448BE493D543F1730D6CD04694
C:\Windows\System32\DRIVERS\raspptp.sys 0E13F3D32ED2C76B3485294E43040738
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys FCBC6E55B7EAFEE6E26B5AF77441DD2A
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys 64908FACD0C3EAE09E4FDF251A4B2792
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys 7FC7357E1FA467EB68F405B1B5FEE365
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 79062C89658D3E71097E0CB7A85B7E46
C:\Windows\System32\drivers\rdyboost.sys 53E15480838EB8550D80A8796982C7EE
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys 53CE84F6E4FABFC5AB47375546E1303D
C:\Windows\System32\DRIVERS\sdbus.sys 41C99EBC203B0215B9C0E3D0A4DE361C
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys 38B4E056D31DF16EC0EB5884F65B1979
C:\Windows\System32\DRIVERS\serial.sys F9DF63C7E70CBAC77EB07E454B35AB2A
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys 5E332126E8DBAB045A21D623EA5A0488
C:\Windows\system32\drivers\sffp_mmc.sys C7CF5601AEBC0AFD053C065998E312B1
C:\Windows\system32\drivers\sffp_sd.sys 4530300DB74296B77FCC9E549E0C3752
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys 243C39A9174A7A921FAFC6C518CD57CC
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys EB15C46477EB84B6B520871ED5936CCF
C:\Windows\System32\DRIVERS\srv2.sys 7F4FDC9528BCE6FB919615B6A77D5724
C:\Windows\System32\DRIVERS\srvnet.sys 3F20CD2A11872284BD667DAD6D4801CC
C:\Windows\System32\DRIVERS\stdcfltn.sys E4EA2412FB1B8AEE33667A9CC6D456A4
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ST_Accel.sys 4732444B7A815E8ECD66E9D1FC82DDC8
C:\Windows\system32\drivers\swenum.sys 5485470D82D50777757AF985776474BD
C:\Windows\System32\drivers\tcpip.sys B2875D7ABB82867DC3AA03D991940201
C:\Windows\System32\DRIVERS\tcpip.sys B2875D7ABB82867DC3AA03D991940201
C:\Windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF
C:\Windows\System32\drivers\tdpipe.sys 5FB705F7D93059B059900F2C6F7DE76B
C:\Windows\System32\drivers\tdtcp.sys CEB11D6BB417E3E26CD0FEFDCAD5A052
C:\Windows\System32\DRIVERS\tdx.sys 106269AB8623435C130A33DCA499A7EF
C:\Windows\system32\drivers\termdd.sys DF87E778D5EDC3F8959C6AB05A9C4E39
C:\Windows\System32\drivers\tpm.sys 2454A527BCC5611D61A090E3455109A5
C:\Windows\System32\DRIVERS\tssecsrv.sys 9E5A819FA3016108CED020FE621CB0AE
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys 06BC523D39A2E6A9FBAED812C7A5ED6B
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys 8DE87C94A4938BF4C21C310077DB22BD
C:\Windows\system32\drivers\uliagpkx.sys F76C937416EE9A617FF5519370EEA1A1
C:\Windows\system32\drivers\umbus.sys C77B614D818386596EC5540E318AE034
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 28B81917A195B67617AF7DCF4DFE5736
C:\Windows\system32\drivers\usbcir.sys 710EE0EEDFF1DB5089397CCBBBD80C58
C:\Windows\System32\DRIVERS\usbehci.sys B626F048318DAE65A3317F0592BE592C
C:\Windows\System32\DRIVERS\usbhub.sys 390109E8E05BA00375DCB1ED64DC60AF
C:\Windows\system32\drivers\usbohci.sys B4DF0F4C1D9D25DFE1DAD1D8670F1D4F
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS 18C50A2277BCB1509A27F91A07377263
C:\Windows\system32\drivers\usbuhci.sys CFEAAF96E666E3DCBD8F6DFF516784AE
C:\Windows\System32\Drivers\usbvideo.sys F8C3A8F142473F8F66C105730756658D
C:\Windows\System32\drivers\vdrvroot.sys DB25700CE057D426102AB5A2259F275B
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys FF0E9994E61F7D9778DB1C4E6F3F25F5
C:\Windows\system32\drivers\viaide.sys 2B6E179E984F5A11521F8FE1EA6BAE83
C:\Windows\System32\drivers\volmgr.sys 95B852EC9A799A1FDAD33A8F8FDE8818
C:\Windows\System32\drivers\volmgrx.sys 758824D06738A437E56304FC1D400F7F
C:\Windows\System32\drivers\volsnap.sys B52F1F5F55CD773BA89E5739B82E9C34
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys BFCBFD74A7D673AF8311F236AA15D0AF
C:\Windows\System32\DRIVERS\vwififlt.sys 97B4B3EB0CCEA0D020CC26A308921B9E
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 7AF9F1F2BAF52266096501BBBEEE62A9
C:\Windows\System32\DRIVERS\wanarp.sys 7AF9F1F2BAF52266096501BBBEEE62A9
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 37CE6867FC4A6827009A713A9737262C
C:\Windows\System32\DRIVERS\wfplwf.sys 7575DC87DF112AC0C6E95A0F87915CDC
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUSB.sys 6F96FDED5AFAC6151E94430F2C1EA833
C:\Windows\System32\DRIVERS\wmiacpi.sys 241A2D103E5F63A69B130D7C344A228D
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-11 06:45 - 2018-05-11 06:45 - 000026316 _____ C:\Users\User\Desktop\FRST.txt
2018-05-11 06:42 - 2018-05-04 20:34 - 002405376 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2018-05-04 23:42 - 2018-05-04 23:42 - 000000000 ____D C:\Users\User\Desktop\RootkitRevealer
2018-05-04 23:36 - 2018-05-11 06:45 - 000000000 ____D C:\FRST
2018-05-04 23:33 - 2018-05-03 12:37 - 025099507 _____ C:\Users\User\Desktop\SysinternalsSuite.zip
2018-04-15 10:49 - 2018-05-11 06:44 - 000000000 ____D C:\ProgramData\softthinks
2018-04-15 10:48 - 2018-04-15 10:48 - 000000000 ____D C:\Users\User\Documents\Scanned Documents
2018-04-15 10:48 - 2018-04-15 10:48 - 000000000 ____D C:\Users\User\Documents\RootkitRevealer
2018-04-15 10:48 - 2018-04-15 10:48 - 000000000 ____D C:\Users\User\Documents\LAN_Atheros_2.1.0.13_W7x64
2018-04-15 10:48 - 2018-04-15 10:48 - 000000000 ____D C:\Users\User\Documents\Fax
2018-04-15 10:48 - 2018-04-15 10:48 - 000000000 ____D C:\Qoobox
2018-04-15 10:48 - 2018-04-15 10:48 - 000000000 ____D C:\20180415093339_BACKUP
2018-04-15 10:48 - 2018-04-15 10:48 - 000000000 ____D C:\20180415075647_BACKUP
2018-04-15 10:48 - 2018-04-15 10:48 - 000000000 ____D C:\20180414074740_BACKUP
2018-04-15 10:47 - 2018-04-15 10:48 - 000000000 ____D C:\Users\User\Documents\Audacity
2018-04-15 10:47 - 2018-04-15 10:47 - 000000000 ____D C:\Users\User\Documents\Ad-Aware SE Personal
2018-04-15 10:26 - 2018-04-15 10:49 - 000000000 ____D C:\20180415102611_BACKUP
2018-04-14 16:52 - 2018-04-14 16:52 - 000007700 _____ C:\ComboFix.txt
2018-04-14 12:21 - 2018-04-14 12:21 - 000000000 __SHD C:\System Recovery
2018-04-14 07:33 - 2018-04-14 07:33 - 000001868 _____ C:\Users\User\Desktop\sc-cleaner.txt
2018-04-14 07:21 - 2018-04-14 07:30 - 000000561 _____ C:\Users\User\Desktop\JRT.txt
2018-04-13 20:26 - 2017-10-07 20:38 - 000029086 _____ C:\Users\User\Documents\Show-Hidden.txt
 
==================== Three Months Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-11 06:43 - 2017-03-15 10:01 - 000000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2018-05-11 06:40 - 2009-07-14 01:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-11 06:40 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-05-11 06:36 - 2017-01-19 10:55 - 000250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2018-05-11 06:36 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-10 10:12 - 2009-07-14 00:45 - 000022544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-05-10 10:12 - 2009-07-14 00:45 - 000022544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-05-04 23:48 - 2017-01-19 10:46 - 000000000 ____D C:\Users\User\AppData\Roaming\Notepad++
2018-05-04 23:38 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
 
Some files in TEMP:
====================
2018-05-04 23:43 - 2018-05-04 23:43 - 000551808 _____ (Sysinternals - www.sysinternals.com) C:\Users\User\AppData\Local\Temp\IUPNSMUI.exe
2017-03-15 10:02 - 2017-03-15 10:02 - 000000000 _____ () C:\Users\User\AppData\Local\Temp\nhbyy5ej.dll
2018-05-04 23:21 - 2018-05-04 23:21 - 000000000 _____ () C:\Users\User\AppData\Local\Temp\ok113cmo.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {5bad89f6-ddd9-11e6-8af5-a4b10e013f22}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {5bad89f8-ddd9-11e6-8af5-a4b10e013f22}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {5bad89f6-ddd9-11e6-8af5-a4b10e013f22}
nx                      OptIn
bootstatuspolicy        IgnoreShutdownFailures
 
Windows Boot Loader
-------------------
identifier              {5bad89f8-ddd9-11e6-8af5-a4b10e013f22}
device                  ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\winre.wim,{5bad89f9-ddd9-11e6-8af5-a4b10e013f22}
path                    \windows\system32\boot\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\winre.wim,{5bad89f9-ddd9-11e6-8af5-a4b10e013f22}
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {5bad89f6-ddd9-11e6-8af5-a4b10e013f22}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {5bad89f9-ddd9-11e6-8af5-a4b10e013f22}
description             Ramdisk Options
ramdisksdidevice        partition=\Device\HarddiskVolume2
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
LastRegBack: 2017-01-18 18:07
 
==================== End of FRST.txt ==
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03.05.2018
Ran by User (11-05-2018 06:45:54)
Running from C:\Users\User\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2017-01-18 21:02:53)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-944171395-3959990803-3949582925-500 - Administrator - Disabled)
Guest (S-1-5-21-944171395-3959990803-3949582925-501 - Limited - Disabled)
User (S-1-5-21-944171395-3959990803-3949582925-1000 - Administrator - Enabled) => C:\Users\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
BatteryBar (remove only) (HKLM\...\BatteryBar) (Version:  - )
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6499 - CDBurnerXP)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.9.2.8 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.134 - ALPS ELECTRIC CO., LTD.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.2.0.2051 - Foxit Software Inc.)
Google Chrome (HKLM\...\{83F2CE66-1F17-38DE-83BD-1BAD39009FB6}) (Version: 55.0.2883.87 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.1 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3517 - Intel Corporation)
K-Lite Codec Pack 12.8.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.8.0 - KLCP)
LibreOffice 5.2.4.2 (HKLM\...\{9605A3AD-153B-4FF5-8D2C-D08846891B9D}) (Version: 5.2.4.2 - The Document Foundation)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.1 - Notepad++ Team)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2015-12-07] (SoftThinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2015-12-07] (SoftThinks SAS)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-01-16] ()
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2016-12-23] (Foxit Software Inc.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2016-12-14] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-01-02] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2016-12-23] (Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2016-12-14] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {3146AD31-9849-4E70-BC58-EE5700D400BA} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {50328A74-B078-4D8E-B28B-20711F1B2F6E} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-01-13] ()
Task: {6FBC0895-99C2-42CD-AD2B-71A018B88C3C} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {79636567-20BB-45B3-8E18-7293A7D63044} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-19] (Google Inc.)
Task: {DA3E69A8-A784-4342-8C6A-853D3D975877} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-19] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-01-19 10:55 - 2016-12-14 13:55 - 002259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-16 21:30 - 2017-01-16 21:30 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-03-09 09:23 - 2015-01-02 19:21 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-03-15 10:01 - 2015-12-18 17:52 - 001607920 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2017-03-15 10:01 - 2012-11-25 22:19 - 001153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2017-03-15 10:01 - 2014-02-18 14:12 - 000117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-944171395-3959990803-3949582925-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{348C7BF0-76C6-462C-80C1-9846C899B126}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
14-04-2018 16:45:16 ComboFix created restore point
15-04-2018 11:46:17 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Mass Storage Controller
Description: Mass Storage Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Network Controller
Description: Network Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/11/2018 06:37:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/10/2018 10:12:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/04/2018 08:01:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/04/2018 07:55:24 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070002
6.1.7601.23403
 
Error: (05/04/2018 07:55:22 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070002
6.1.7601.23403
 
Error: (05/04/2018 07:55:22 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070002
6.1.7601.23403
 
Error: (05/04/2018 07:55:18 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.
 
Error: (05/04/2018 07:55:17 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0xC0000022
 
 
System errors:
=============
Error: (05/11/2018 06:36:32 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 116.86.0.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: Network Inspection System
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 2.1.12706.0
 
Error code: 0x80072ee7
 
Error description: The server name or address could not be resolved
 
Error: (05/11/2018 06:36:32 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.237.1219.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: AntiSpyware
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 1.1.13504.0
 
Error code: 0x80072ee7
 
Error description: The server name or address could not be resolved
 
Error: (05/11/2018 06:36:32 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.237.1219.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 1.1.13504.0
 
Error code: 0x80072ee7
 
Error description: The server name or address could not be resolved
 
Error: (05/11/2018 06:36:32 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.237.1219.0
 
Update Source: Microsoft Update Server
 
Update Stage: Search
 
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: 
 
Previous Engine Version: 1.1.13504.0
 
Error code: 0x8024402c
 
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
 
Error: (05/10/2018 10:12:37 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
 
Error: (05/10/2018 10:11:33 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 116.86.0.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: Network Inspection System
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 2.1.12706.0
 
Error code: 0x80072ee7
 
Error description: The server name or address could not be resolved
 
Error: (05/10/2018 10:11:33 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.237.1219.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: AntiSpyware
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 1.1.13504.0
 
Error code: 0x80072ee7
 
Error description: The server name or address could not be resolved
 
Error: (05/10/2018 10:11:33 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.237.1219.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 1.1.13504.0
 
Error code: 0x80072ee7
 
Error description: The server name or address could not be resolved
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 21%
Total physical RAM: 6040.93 MB
Available physical RAM: 4712.86 MB
Total Virtual: 12080.05 MB
Available Virtual: 10725.44 MB
 
==================== Drives ================================
 
Drive c: (New Volume) (Fixed) (Total:456.52 GB) (Free:411.72 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: () (Removable) (Total:29.09 GB) (Free:29.06 GB) FAT32
Drive y: (Winretools) (Fixed) (Total:9.24 GB) (Free:0.52 GB) NTFS
 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 70846E00)
Partition 1: (Active) - (Size=456.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9.2 GB) - (Type=27)
 
========================================================
Disk: 1 (Protective MBR) (Size: 29.1 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ==
Users shortcut scan result (x64) Version: 03.05.2018
Ran by User (11-05-2018 06:46:30)
Running from C:\Users\User\Desktop
Boot Mode: Normal
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk -> C:\Program Files\CDBurnerXP\cdbxpp.exe (Canneverbe Limited)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk -> C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++\Notepad++.lnk -> C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2\LibreOffice Base.lnk -> C:\Program Files\LibreOffice 5\program\sbase.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2\LibreOffice Calc.lnk -> C:\Program Files\LibreOffice 5\program\scalc.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2\LibreOffice Draw.lnk -> C:\Program Files\LibreOffice 5\program\sdraw.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2\LibreOffice Impress.lnk -> C:\Program Files\LibreOffice 5\program\simpress.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2\LibreOffice Math.lnk -> C:\Program Files\LibreOffice 5\program\smath.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2\LibreOffice Writer.lnk -> C:\Program Files\LibreOffice 5\program\swriter.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2\LibreOffice.lnk -> C:\Program Files\LibreOffice 5\program\soffice.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Media Player Classic.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe (MPC-HC Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudioNext (x64).lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\GraphStudioNext64.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudioNext.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\GraphStudioNext.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\MediaInfo.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\mediainfo.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk -> C:\Program Files\Microsoft Games\Chess\Chess.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FreeCell.lnk -> C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk -> C:\Windows\System32\gameux.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Hearts.lnk -> C:\Program Files\Microsoft Games\Hearts\Hearts.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Backgammon.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Checkers.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Spades.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk -> C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Minesweeper.lnk -> C:\Program Files\Microsoft Games\Minesweeper\Minesweeper.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games from Microsoft.lnk -> C:\Program Files\Microsoft Games\More Games\MoreGames.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Purble Place.lnk -> C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Solitaire.lnk -> C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Spider Solitaire.lnk -> C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader\Foxit Reader.lnk -> C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe (Foxit Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader\Uninstall Foxit Reader.lnk -> C:\Program Files (x86)\Foxit Software\Foxit Reader\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Dell Backup and Recovery.lnk -> C:\Program Files (x86)\Dell Backup and Recovery\dbr.exe (SoftThinks - Dell)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files\7-Zip\7zFM.exe (Igor Pavlov)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\CDBurnerXP.lnk -> C:\Program Files\CDBurnerXP\cdbxpp.exe (Canneverbe Limited)
Shortcut: C:\Users\Public\Desktop\Foxit Reader.lnk -> C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe (Foxit Software Inc.)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\LibreOffice 5.2.lnk -> C:\Program Files\LibreOffice 5\program\soffice.exe (The Document Foundation)
Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\Media Player Classic.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe (MPC-HC Team)
Shortcut: C:\Users\Public\Desktop\Microsoft Security Essentials.lnk -> C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Notepad++.lnk -> C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
Shortcut: C:\Users\User\Links\Desktop.lnk -> C:\Users\User\Desktop ()
Shortcut: C:\Users\User\Links\Downloads.lnk -> C:\Users\User\Downloads ()
Shortcut: C:\Users\User\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk -> C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe (Foxit Software Inc.)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\DirectVobSub64\vsfilter.dll",DirectVobSub
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder (x64).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow64\ffdshow.ax",configureAudio
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax",configureAudio
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder (x64).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow64\ffdshow.ax",configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax",configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Audio.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavaudio.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Splitter.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavsplitter.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Video.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavvideo.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
 
 
InternetURL: C:\Users\User\Favorites\Windows Live\Get Windows Live.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\User\Favorites\Windows Live\Windows Live Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\User\Favorites\Windows Live\Windows Live Mail.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\User\Favorites\Windows Live\Windows Live Spaces.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\User\Favorites\MSN Websites\MSN Autos.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\User\Favorites\MSN Websites\MSN Entertainment.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\User\Favorites\MSN Websites\MSN Money.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\User\Favorites\MSN Websites\MSN Sports.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\User\Favorites\MSN Websites\MSN.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\User\Favorites\MSN Websites\MSNBC News.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\User\Favorites\Microsoft Websites\IE Add-on site.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\User\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\User\Favorites\Microsoft Websites\Microsoft At Home.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\User\Favorites\Microsoft Websites\Microsoft At Work.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\User\Favorites\Microsoft Websites\Microsoft Store.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\User\Favorites\Links for United States\GobiernoUSA.gov.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\User\Favorites\Links for United States\USA.gov.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\User\Favorites\Links\Suggested Sites.url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\User\Favorites\Links\Web Slice Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315
 
==================== End of Shortcut.txt ==
Users shortcut scan result (x64) Version: 03.05.2018
Ran by User (11-05-2018 06:46:30)
Running from C:\Users\User\Desktop
Boot Mode: Normal
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk -> C:\Program Files\CDBurnerXP\cdbxpp.exe (Canneverbe Limited)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk -> C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++\Notepad++.lnk -> C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2\LibreOffice Base.lnk -> C:\Program Files\LibreOffice 5\program\sbase.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2\LibreOffice Calc.lnk -> C:\Program Files\LibreOffice 5\program\scalc.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2\LibreOffice Draw.lnk -> C:\Program Files\LibreOffice 5\program\sdraw.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2\LibreOffice Impress.lnk -> C:\Program Files\LibreOffice 5\program\simpress.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2\LibreOffice Math.lnk -> C:\Program Files\LibreOffice 5\program\smath.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2\LibreOffice Writer.lnk -> C:\Program Files\LibreOffice 5\program\swriter.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2\LibreOffice.lnk -> C:\Program Files\LibreOffice 5\program\soffice.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Media Player Classic.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe (MPC-HC Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudioNext (x64).lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\GraphStudioNext64.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudioNext.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\GraphStudioNext.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\MediaInfo.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\Tools\mediainfo.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk -> C:\Program Files\Microsoft Games\Chess\Chess.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FreeCell.lnk -> C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk -> C:\Windows\System32\gameux.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Hearts.lnk -> C:\Program Files\Microsoft Games\Hearts\Hearts.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Backgammon.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Checkers.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Spades.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk -> C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Minesweeper.lnk -> C:\Program Files\Microsoft Games\Minesweeper\Minesweeper.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games from Microsoft.lnk -> C:\Program Files\Microsoft Games\More Games\MoreGames.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Purble Place.lnk -> C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Solitaire.lnk -> C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Spider Solitaire.lnk -> C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader\Foxit Reader.lnk -> C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe (Foxit Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader\Uninstall Foxit Reader.lnk -> C:\Program Files (x86)\Foxit Software\Foxit Reader\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Dell Backup and Recovery.lnk -> C:\Program Files (x86)\Dell Backup and Recovery\dbr.exe (SoftThinks - Dell)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files\7-Zip\7zFM.exe (Igor Pavlov)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\CDBurnerXP.lnk -> C:\Program Files\CDBurnerXP\cdbxpp.exe (Canneverbe Limited)
Shortcut: C:\Users\Public\Desktop\Foxit Reader.lnk -> C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe (Foxit Software Inc.)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\LibreOffice 5.2.lnk -> C:\Program Files\LibreOffice 5\program\soffice.exe (The Document Foundation)
Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\Media Player Classic.lnk -> C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe (MPC-HC Team)
Shortcut: C:\Users\Public\Desktop\Microsoft Security Essentials.lnk -> C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Notepad++.lnk -> C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
Shortcut: C:\Users\User\Links\Desktop.lnk -> C:\Users\User\Desktop ()
Shortcut: C:\Users\User\Links\Downloads.lnk -> C:\Users\User\Downloads ()
Shortcut: C:\Users\User\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk -> C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe (Foxit Software Inc.)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\DirectVobSub64\vsfilter.dll",DirectVobSub
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder (x64).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow64\ffdshow.ax",configureAudio
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax",configureAudio
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder (x64).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow64\ffdshow.ax",configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax",configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Audio.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavaudio.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Splitter.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavsplitter.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Video.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavvideo.ax",OpenConfiguration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
 
 
InternetURL: C:\Users\User\Favorites\Windows Live\Get Windows Live.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\User\Favorites\Windows Live\Windows Live Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\User\Favorites\Windows Live\Windows Live Mail.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\User\Favorites\Windows Live\Windows Live Spaces.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\User\Favorites\MSN Websites\MSN Autos.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\User\Favorites\MSN Websites\MSN Entertainment.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\User\Favorites\MSN Websites\MSN Money.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\User\Favorites\MSN Websites\MSN Sports.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\User\Favorites\MSN Websites\MSN.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\User\Favorites\MSN Websites\MSNBC News.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\User\Favorites\Microsoft Websites\IE Add-on site.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\User\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\User\Favorites\Microsoft Websites\Microsoft At Home.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\User\Favorites\Microsoft Websites\Microsoft At Work.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\User\Favorites\Microsoft Websites\Microsoft Store.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\User\Favorites\Links for United States\GobiernoUSA.gov.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\User\Favorites\Links for United States\USA.gov.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\User\Favorites\Links\Suggested Sites.url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\User\Favorites\Links\Web Slice Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315
 
==================== End of Shortcut.txt ==
 


#7 Rootkiller

Rootkiller
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 11 May 2018 - 11:14 AM

 
1737 log
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23.04.2018
Ran by Walt (administrator) on WALT-PC (26-04-2018 10:46:18)
Running from C:\Users\Walt\Downloads
Loaded Profiles: Walt (Available Profiles: Walt)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(INCA Internet Co., Ltd.) C:\Program Files\INCAInternet\nProtect MBR Guard\nPMBRSvc.exe
(INCA Internet Co., Ltd.) C:\Program Files\INCAInternet\nProtect MBR Guard\nPMBRGuard.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [nPMBRGuard] => C:\Program Files\INCAInternet\nProtect MBR Guard\nPMBRGuard.exe [616752 2013-03-28] (INCA Internet Co., Ltd.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-25] (AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{C1970AC4-C7DB-4BE3-9949-5098FC23783E}: [DhcpNameServer] 71.10.216.1 71.10.216.2
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1390778279-201454918-2172237936-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-04-25] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2018-04-25] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2018-04-25] (Google Inc.)
 
FireFox:
========
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-04-25] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-04-25] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Walt\AppData\Local\Google\Chrome\User Data\Default [2018-04-26]
CHR Extension: (Slides) - C:\Users\Walt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-25]
CHR Extension: (Docs) - C:\Users\Walt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-25]
CHR Extension: (Google Drive) - C:\Users\Walt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-25]
CHR Extension: (YouTube) - C:\Users\Walt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-25]
CHR Extension: (Sheets) - C:\Users\Walt\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-25]
CHR Extension: (Google Docs Offline) - C:\Users\Walt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Walt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-25]
CHR Extension: (Gmail) - C:\Users\Walt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-25]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5947256 2018-04-25] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-25] (AVAST Software)
R2 MBRGuardSvc; C:\Program Files\INCAInternet\nProtect MBR Guard\nPMBRSvc.exe [211248 2013-03-20] (INCA Internet Co., Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S3 FBQVOB; C:\Users\Walt\AppData\Local\Temp\FBQVOB.exe [X] <==== ATTENTION
S3 XGUJ; C:\Users\Walt\AppData\Local\Temp\XGUJ.exe [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167040 2018-04-25] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [185432 2018-04-25] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [157368 2018-04-25] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [276688 2018-04-25] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [50336 2018-04-25] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [180984 2018-04-25] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-04-25] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [124392 2018-04-25] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr.sys [70576 2018-04-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [70816 2018-04-25] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783600 2018-04-25] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [391856 2018-04-25] (AVAST Software)
S3 aswStmXP; C:\Windows\System32\drivers\aswStmXP.sys [205352 2018-04-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-04-25] (AVAST Software)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [62496 2010-03-08] (ITE Tech. Inc. )
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [280096 2009-03-08] (Creative Technology Ltd.)
R1 TKDac; C:\Windows\system32\tkdacxp.sys [144496 2013-07-16] (INCA Internet Co., Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 catchme; \??\C:\Users\Walt\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\drivers\acpi.sys FCB8C7210F0135E24C6580F7F649C73C
C:\Windows\system32\drivers\adp94xx.sys 04F0FCAC69C7C71A3AC4EB97FAFC8303
C:\Windows\system32\drivers\adpahci.sys 60505E0041F7751BDBB80F88BF45C2CE
C:\Windows\system32\drivers\adpu160m.sys 8A42779B02AEC986EAB64ECFC98F8BD7
C:\Windows\system32\drivers\adpu320.sys 241C9E37F8CE45EF51C3DE27515CA4E5
C:\Windows\system32\drivers\afd.sys 48EB99503533C27AC6135648E5474457
C:\Windows\system32\drivers\agp440.sys 13F9E33747E6B41A3FF305C37DB0D360
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys 9EAEF5FC9B8E351AFA7E78A6FAE91F91
C:\Windows\system32\drivers\amdagp.sys C47344BC706E5F0B9DCE369516661578
C:\Windows\system32\drivers\amdide.sys 9B78A39A4C173FDBC1321E0DD659B34C
C:\Windows\system32\drivers\amdk7.sys 18F29B49AD23ECEE3D2A826C725C8D48
C:\Windows\system32\drivers\amdk8.sys 93AE7F7DD54AB986A6F1A1B37BE7442D
C:\Windows\system32\drivers\arc.sys 5D2888182FB46632511ACEE92FDAD522
C:\Windows\system32\drivers\arcsas.sys 5E2A321BD7C8B3624E41FDEC3E244945
C:\Windows\System32\drivers\aswArPot.sys 7B57D5B48E423E5C8041F3832F96970D
C:\Windows\System32\drivers\aswbidsdriverx.sys 16E60D96CB0E11B73997DDA210FC4FB8
C:\Windows\System32\drivers\aswbidshx.sys E52E0E9726F8088062B18E0CE844515E
C:\Windows\System32\drivers\aswblogx.sys FD1562BA6BCDF9B325D93CF473B67964
C:\Windows\System32\drivers\aswbunivx.sys 113E9BB40A08C00731A48BC8C486920A
C:\Windows\System32\drivers\aswHdsKe.sys 5998C6DCB45F11723D8B734F47B7C439
C:\Windows\System32\drivers\aswHwid.sys D71E938750DB65232F4627C567CD3558
C:\Windows\System32\drivers\aswMonFlt.sys F24A2F4991AEB5BE6F37B5B45DB2CC96
C:\Windows\System32\drivers\aswRdr.sys E555DC6049FD4EC3F08AAF73DBC11629
C:\Windows\System32\drivers\aswRvrt.sys 0FCC656DEBCB9A1E8A15A4E079A7E715
C:\Windows\System32\drivers\aswSnx.sys C4E71D0C0A458EE02ACF83F0E276DBC5
C:\Windows\System32\drivers\aswSP.sys 3CA1F217418AC2C550C522BE87074530
C:\Windows\System32\drivers\aswStmXP.sys C16AE4603C7F9D1A6220EF56DC35947B
C:\Windows\System32\drivers\aswVmm.sys 816C82EC821BEE17C3F973D74487D094
C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1
C:\Windows\System32\drivers\atapi.sys 2D9C903DC76A66813D350A562DE40ED9
C:\Windows\System32\DRIVERS\atikmdag.sys 47DCF5D78C395159D72C65C25129FC44
C:\Windows\system32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6
C:\Windows\system32\drivers\blbdrive.sys D4DF28447741FD3D953526E33A617397
C:\Windows\System32\DRIVERS\bowser.sys 8153396D5551276227FA146900F734E6
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A
C:\Windows\System32\DRIVERS\cdrom.sys 1EC25CEA0DE6AC4718BF89F9E1778B57
C:\Windows\System32\DRIVERS\circlass.sys E5D4133F37219DBCFE102BC61072589D
C:\Windows\System32\CLFS.sys 465745561C832B29F7C48B488AAB3842
C:\Windows\System32\DRIVERS\CmBatt.sys 99AFC3795B58CC478FBBBCDC658FCB56
C:\Windows\system32\drivers\cmdide.sys 0CA25E686A4928484E9FDABD168AB629
C:\Windows\System32\DRIVERS\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A
C:\Windows\System32\drivers\crcdisk.sys 741E9DFF4F42D2D8477D0FC1DC0DF871
C:\Windows\system32\drivers\crusoe.sys 1F07BECDCA750766A96CDA811BA86410
C:\Windows\System32\Drivers\dfsc.sys A3E9FA213F443AC77C7746119D13FEEC
C:\Windows\System32\drivers\disk.sys 64109E623ABD6955C8FB110B592E68B7
C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80
C:\Windows\System32\drivers\dxgkrnl.sys 85F33880B8CFB554BD3D9CCDB486845A
C:\Windows\System32\DRIVERS\E1G60I32.sys 5425F74AC0C1DBD96A1E04F17D63F94C
C:\Windows\System32\drivers\ecache.sys DD2CD259D83D8B72C02C5F2331FF9D68
C:\Windows\system32\drivers\elxstor.sys 23B62471681A124889978F6295B3F4C6
C:\Windows\system32\drivers\errdev.sys 3DB974F3935483555D7148663F726C61
C:\Windows\system32\Drivers\exfat.sys 0D858EB20589A34EFB25695ACAA6AA2D
C:\Windows\system32\Drivers\fastfat.sys 3C489390C2E2064563727752AF8EAB9E
C:\Windows\System32\DRIVERS\fdc.sys AFE1E8B9782A0DD7FB46BBD88E43F89A
C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F
C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE
C:\Windows\System32\DRIVERS\flpydisk.sys 85B7CF99D532820495D68D747FDA9EBD
C:\Windows\System32\drivers\fltmgr.sys 05EA53AFE985443011E36DAB07343B46
C:\Windows\system32\Drivers\Fs_Rec.sys 65EA8B77B5851854F0C55C43FA51A198
C:\Windows\system32\drivers\gagp30kx.sys 34582A6E6573D54A07ECE5FE24A126B5
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys C87B1EE051C0464491C1A7B03FA0BC99
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidir.sys D8DF3722D5E961BAA1292AA2F12827E2
C:\Windows\System32\DRIVERS\hidusb.sys 854CA287AB7FAF949617A788306D967E
C:\Windows\system32\drivers\hpcisss.sys 16EE7B23A009E00D835CDB79574A91A6
C:\Windows\System32\drivers\HTTP.sys 96E241624C71211A79C84F50A8E71CAB
C:\Windows\system32\drivers\i2omp.sys C6B032D69650985468160FC9937CF5B4
C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\system32\drivers\iastorv.sys 54155EA1B0DF185878E0FC9EC3AC3A14
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys 83AA759F3189E6370C30DE5DC5590718
C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF
C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3
C:\Windows\system32\drivers\ipmidrv.sys B25AAF203552B7B3491139D582B39AD1
C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68
C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9
C:\Windows\system32\drivers\isapnp.sys 6C70698A3E5C4376C6AB5C7C17FB0614
C:\Windows\System32\DRIVERS\msiscsi.sys F247EEC28317F6C739C16DE420097301
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\itecir.sys 20425664E2E196D339CA877E0387C023
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E
C:\Windows\System32\DRIVERS\kbdhid.sys 18247836959BA67E3511B62846B9C2E0
C:\Windows\System32\Drivers\ksecdd.sys 7A0CF7908B6824D6A2A1D313E5AE3DCA
C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6
C:\Windows\system32\drivers\lsi_fc.sys C7E15E82879BF3235B559563D4185365
C:\Windows\system32\drivers\lsi_sas.sys EE01EBAE8C9BF0FA072E0FF68718920A
C:\Windows\system32\drivers\lsi_scsi.sys 912A04696E9CA30146A62AFA1463DD5C
C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC
C:\Windows\system32\drivers\megasas.sys 0001CE609D66632FA17B84705F658879
C:\Windows\system32\drivers\megasr.sys C252F32CD9A49DBFC25ECF26EBD51A99
C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA
C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8
C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263
C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F
C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600
C:\Windows\system32\drivers\mpio.sys 511D011289755DD9F9A7579FB0B064E6
C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3DE84536B6799D2267443CEC8EDBB9
C:\Windows\System32\DRIVERS\mrxsmb.sys 5734A0F2BE7E495F7D3ED6EFD4B9F5A1
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6B5FA5ADFACAC9DBBE0991F4566D7D55
C:\Windows\System32\DRIVERS\mrxsmb20.sys 5C80D8159181C7ABF1B14BA703B01E0B
C:\Windows\System32\drivers\msahci.sys 28023E86F17001F7CD9B15A5BC9AE07D
C:\Windows\system32\drivers\msdsm.sys 4468B0F385A86ECDDAF8D3CA662EC0E7
C:\Windows\system32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515
C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62
C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07
C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E
C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B
C:\Windows\system32\Drivers\MsRPC.sys B5614AECB05A9340AA0FB55BF561CC63
C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C
C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A
C:\Windows\System32\Drivers\mup.sys 6DFD1D322DE55B0B7DB7D21B90BEC49C
C:\Windows\System32\DRIVERS\nwifi.sys 3C21CE48FF529BB73DADB98770B54025
C:\Windows\System32\drivers\ndis.sys 9BDC71790FA08F0A0B5F10462B1BD0B1
C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61
C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389
C:\Windows\System32\DRIVERS\ndiswan.sys 3D14C3B3496F88890D431E8AA022A411
C:\Windows\system32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3
C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78
C:\Windows\System32\DRIVERS\netbt.sys 7C5FEE5B1C5728507CD96FB4A13E7A02
C:\Windows\System32\DRIVERS\NETw5v32.sys 0B214C6A4728F085FB64A29ED9C4DE94
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Npfs.sys ECB5003F484F9ED6C608D6D6C7886CBB
C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF
C:\Windows\system32\Drivers\Ntfs.sys B4EFFE29EB4F15538FD8A9681108492D
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\system32\drivers\nvraid.sys 2EDF9E7751554B42CBB60116DE727101
C:\Windows\system32\drivers\nvstor.sys ABED0C09758D1D97DB0042DBB2688177
C:\Windows\system32\drivers\nv_agp.sys 18BBDF913916B71BD54575BDB6EEAC0B
C:\Windows\System32\DRIVERS\OA001Ufd.sys 2CF21D5F8F1B74BB1922135AC2B12DDB
C:\Windows\System32\DRIVERS\OA001Vid.sys 4075063D25AF9DA64101769854B83787
C:\Windows\System32\DRIVERS\ohci1394.sys 790E27C3DB53410B40FF9EF2FD10A1D9
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3B38467E7C3DAED009DFE359E17F139F
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 01B94418DEB235DFF777CC80076354B4
C:\Windows\system32\drivers\pciide.sys FC175F5DDAB666D7F4D17449A547626F
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1
C:\Windows\system32\drivers\processr.sys 2027293619DD0F047C584CF2E7DF4FFD
C:\Windows\System32\DRIVERS\pacer.sys BFEF604508A0ED1EAE2A73E872555FFB
C:\Windows\system32\drivers\ql2300.sys 0A6DB55AFB7820C99AA1F3A1D270F4F6
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7
C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3
C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0
C:\Windows\System32\DRIVERS\raspppoe.sys 3E9D9B048107B40D87B97DF2E48E0744
C:\Windows\System32\DRIVERS\rassstp.sys A7D141684E9500AC928A772ED8E6B671
C:\Windows\System32\DRIVERS\rdbss.sys 6E1C5D0457622F9EE35F683110E93D14
C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899
C:\Windows\system32\drivers\rdpdr.sys FBC0BACD9C3D7F6956853F64A66E252D
C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C
C:\Windows\system32\Drivers\RDPWD.sys E1C18F4097A5ABCEC941DC4B2F99DB7E
C:\Windows\System32\DRIVERS\rimmptsk.sys C2EF513BBE069F0D4EE0938A76F975D3
C:\Windows\System32\DRIVERS\rimsptsk.sys C398BCA91216755B098679A8DA8A2300
C:\Windows\System32\DRIVERS\rixdptsk.sys 2A2554CB24506E0A0508FC395C4A1B42
C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 126EA89BCC413EE45E3004FB0764888F
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624
C:\Windows\system32\drivers\sffdisk.sys 3EFA810BDCA87F6ECC24F9832243FE86
C:\Windows\system32\drivers\sffp_mmc.sys E95D451F7EA3E583AEC75F3B3EE42DC5
C:\Windows\system32\drivers\sffp_sd.sys 3D0EA348784B7AC9EA9BD9F317980979
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys 1D76624A09A054F682D746B924E2DBC3
C:\Windows\system32\drivers\sisraid2.sys 43CB7AA756C7DB280D01DA9B676CFDE2
C:\Windows\system32\drivers\sisraid4.sys A99C6C8B0BAA970D8AA59DDC50B57F94
C:\Windows\System32\DRIVERS\smb.sys 031E6BCD53C9B2B9ACE111EAFEC347B6
C:\Windows\system32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF
C:\Windows\System32\DRIVERS\srv.sys 2252AEF839B1093D16761189F45AF885
C:\Windows\System32\DRIVERS\srv2.sys B7FF59408034119476B00A81BB53D5D1
C:\Windows\System32\DRIVERS\srvnet.sys 2ACCC9B12AF02030F531E6CCA6F8B76E
C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 782568AB6A43160A159B6215B70BCCE9
C:\Windows\System32\DRIVERS\tcpip.sys 782568AB6A43160A159B6215B70BCCE9
C:\Windows\System32\drivers\tcpipreg.sys D4A2E4A4B011F3A883AF77315A5AE76B
C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56
C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021
C:\Windows\System32\DRIVERS\tdx.sys D09276B1FAB033CE1D40DCBDF303D10F
C:\Windows\System32\DRIVERS\termdd.sys A048056F5E1A96A9BF3071B91741A5AA
C:\Windows\system32\tkdacxp.sys CC651BEBBD4A5070D3161B7C687D7FE8
C:\Windows\System32\DRIVERS\tssecsrv.sys DCF0F056A2E4F52287264F5AB29CF206
C:\Windows\System32\DRIVERS\tunnel.sys 6042505FF6FA9AC1EF7684D0E03B6940
C:\Windows\system32\drivers\uagp35.sys 7D33C4DB2CE363C8518D2DFCF533941F
C:\Windows\System32\DRIVERS\udfs.sys 8B5088058FA1D1CD897A2113CCFF6C58
C:\Windows\system32\drivers\uliagpkx.sys B0ACFDC9E4AF279E9116C03E014B2B27
C:\Windows\system32\drivers\uliahci.sys 9224BB254F591DE4CA8D572A5F0D635C
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2
C:\Windows\System32\DRIVERS\usbccgp.sys CAF811AE4C147FFCD5B51750C7F09142
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys CEBE90821810E76320155BEBA722FCF9
C:\Windows\System32\DRIVERS\usbhub.sys CC6B28E4CE39951357963119CE47B143
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS 87BA6B83C5D19B69160968D07D6E2982
C:\Windows\System32\DRIVERS\usbuhci.sys 814D653EFC4D48BE3B04A307ECEFF56F
C:\Windows\System32\Drivers\usbvideo.sys E67998E8F14CB0627A769F6530BCB352
C:\Windows\System32\DRIVERS\vgapnp.sys 87B06E1F30B749A114F74622D013F8D4
C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C
C:\Windows\system32\drivers\viaagp.sys 5D7159DEF58A800D5781BA3A879627BC
C:\Windows\system32\drivers\viac7.sys C4F3A691B5BAD343E6249BD8C2D45DEE
C:\Windows\system32\drivers\viaide.sys AADF5587A4063F52C2C3FED7887426FC
C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43
C:\Windows\System32\drivers\volmgrx.sys 98F5FFE6316BD74E9E2C97206C190196
C:\Windows\System32\drivers\volsnap.sys D8B4A53DD2769F226B3EB374374987C9
C:\Windows\system32\drivers\vsmraid.sys 587253E09325E6BF226B299774B728A9
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\system32\drivers\wd.sys 78FE9542363F297B18C027B2D7E7C07F
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wmiacpi.sys 2E7255D172DF0B8283CDFB7B433B864E
C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C
C:\Windows\System32\DRIVERS\WUDFRd.sys AC13CB789D93412106B0FB6C7EB2BCB6
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-26 09:29 - 2018-04-26 09:29 - 000013015 _____ C:\ComboFix.txt
2018-04-26 09:18 - 2011-06-25 23:45 - 000256000 _____ C:\Windows\PEV.exe
2018-04-26 09:18 - 2010-11-07 10:20 - 000208896 _____ C:\Windows\MBR.exe
2018-04-26 09:18 - 2009-04-19 21:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2018-04-26 09:18 - 2000-08-30 17:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2018-04-26 09:18 - 2000-08-30 17:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2018-04-26 09:18 - 2000-08-30 17:00 - 000098816 _____ C:\Windows\sed.exe
2018-04-26 09:18 - 2000-08-30 17:00 - 000080412 _____ C:\Windows\grep.exe
2018-04-26 09:18 - 2000-08-30 17:00 - 000068096 _____ C:\Windows\zip.exe
2018-04-26 09:13 - 2018-04-26 09:14 - 000002380 _____ C:\Users\Walt\Desktop\Rkill.txt
2018-04-26 08:59 - 2018-04-26 09:15 - 000025676 _____ C:\Users\Walt\Downloads\Addition.txt
2018-04-26 08:58 - 2018-04-26 10:46 - 000025532 _____ C:\Users\Walt\Downloads\FRST.txt
2018-04-26 08:58 - 2018-04-26 10:46 - 000000000 ____D C:\FRST
2018-04-26 08:18 - 2018-04-26 08:18 - 000037096 _____ C:\Users\Walt\Downloads\Mole02Decryptor.zip
2018-04-26 08:17 - 2018-04-26 08:17 - 002066432 _____ (Farbar) C:\Users\Walt\Downloads\FRST.exe
2018-04-26 08:16 - 2018-04-26 08:16 - 005659794 ____R (Swearware) C:\Users\Walt\Downloads\ComboFix.exe
2018-04-26 08:16 - 2018-04-26 08:16 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Walt\Downloads\rkill.exe
2018-04-26 08:15 - 2018-04-26 08:15 - 001790024 _____ (Malwarebytes) C:\Users\Walt\Downloads\JRT.exe
2018-04-26 08:14 - 2018-04-26 08:14 - 004198400 _____ C:\Users\Walt\Downloads\CybereasonRansomFree.msi
2018-04-25 18:43 - 2008-05-26 22:21 - 001582592 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-04-25 18:43 - 2008-05-26 22:21 - 001418240 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000439808 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2018-04-25 18:43 - 2008-05-26 22:18 - 000350208 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000231936 _____ (Microsoft Corporation) C:\Windows\system32\msshsq.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000203776 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000184832 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2018-04-25 18:43 - 2008-05-26 22:18 - 000136704 _____ (Microsoft Corporation) C:\Windows\system32\nlhtml.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\propdefs.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\xmlfilter.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\msstrc.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\mimefilt.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000038400 _____ (Microsoft Corporation) C:\Windows\system32\rtffilt.dll
2018-04-25 18:43 - 2008-05-26 22:18 - 000029184 _____ (Microsoft Corporation) C:\Windows\system32\wsepno.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 006103040 _____ (Microsoft Corporation) C:\Windows\system32\chtbrkr.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 001671680 _____ (Microsoft Corporation) C:\Windows\system32\chsbrkr.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000754176 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000313344 _____ (Microsoft Corporation) C:\Windows\system32\thawbrkr.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000301568 _____ (Microsoft Corporation) C:\Windows\system32\srchadmin.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000194560 _____ (Microsoft Corporation) C:\Windows\system32\offfilt.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000143872 _____ (Microsoft Corporation) C:\Windows\system32\korwbrkr.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2018-04-25 18:43 - 2008-05-26 22:17 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\msscb.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-04-25 18:43 - 2008-05-26 22:17 - 000011776 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2018-04-25 18:43 - 2008-05-26 21:59 - 000106605 _____ C:\Windows\system32\StructuredQuerySchema.bin
2018-04-25 18:43 - 2008-05-26 21:59 - 000018904 _____ C:\Windows\system32\StructuredQuerySchemaTrivial.bin
2018-04-25 18:43 - 2007-11-08 02:04 - 011967524 _____ C:\Windows\system32\korwbrkr.lex
2018-04-25 18:37 - 2010-04-14 10:47 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2018-04-25 18:37 - 2010-04-14 10:47 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2018-04-25 18:37 - 2010-04-14 10:46 - 000080896 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2018-04-25 18:37 - 2008-04-22 21:41 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2018-04-25 18:17 - 2010-02-20 16:39 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\nshhttp.dll
2018-04-25 18:17 - 2010-02-20 16:37 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\httpapi.dll
2018-04-25 18:17 - 2010-02-20 14:18 - 000411136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-04-25 18:14 - 2009-10-09 14:56 - 001181696 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2018-04-25 18:14 - 2009-10-09 14:56 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2018-04-25 18:14 - 2009-10-09 14:56 - 000241152 _____ (Microsoft Corporation) C:\Windows\system32\winrscmd.dll
2018-04-25 18:14 - 2009-10-09 14:56 - 000214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2018-04-25 18:14 - 2009-10-09 14:56 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2018-04-25 18:14 - 2009-10-09 14:56 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\pwrshplugin.dll
2018-04-25 18:14 - 2009-10-09 14:56 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\winrs.exe
2018-04-25 18:14 - 2009-10-09 14:56 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\winrshost.exe
2018-04-25 18:14 - 2009-10-09 14:56 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2018-04-25 18:14 - 2009-10-09 14:56 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2018-04-25 18:14 - 2009-10-09 14:56 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\winrssrv.dll
2018-04-25 18:14 - 2009-10-09 14:56 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\winrsmgr.dll
2018-04-25 18:14 - 2009-10-09 14:55 - 000252416 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2018-04-25 18:14 - 2009-10-09 14:55 - 000146944 _____ (Microsoft Corporation) C:\Windows\system32\wecsvc.dll
2018-04-25 18:14 - 2009-10-09 14:55 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\wevtfwd.dll
2018-04-25 18:14 - 2009-10-09 14:55 - 000079872 _____ (Microsoft Corporation) C:\Windows\system32\wecutil.exe
2018-04-25 18:14 - 2009-10-09 14:55 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\wecapi.dll
2018-04-25 18:14 - 2009-10-09 14:55 - 000054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2018-04-25 18:14 - 2009-07-31 23:27 - 000201184 _____ C:\Windows\system32\winrm.vbs
2018-04-25 18:14 - 2009-07-16 10:30 - 000004675 _____ C:\Windows\system32\wsmanconfig_schema.xml
2018-04-25 18:14 - 2009-07-16 10:30 - 000002426 _____ C:\Windows\system32\WsmTxt.xsl
2018-04-25 18:06 - 2011-07-06 07:56 - 000213504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-04-25 18:06 - 2011-04-29 05:49 - 000105984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-04-25 18:06 - 2011-04-29 05:49 - 000079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-04-25 18:06 - 2011-02-22 05:51 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2018-04-25 18:06 - 2011-02-16 08:29 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-04-25 18:06 - 2011-02-16 06:24 - 000292864 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-04-25 18:06 - 2010-08-26 09:07 - 000157184 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-04-25 18:06 - 2010-06-28 09:15 - 001315840 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-04-25 18:06 - 2010-06-16 08:12 - 000072704 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-04-25 18:06 - 2010-04-05 09:08 - 000317952 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2018-04-25 18:06 - 2010-02-18 07:11 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2018-04-25 18:06 - 2010-02-18 04:52 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2018-04-25 18:06 - 2009-12-28 05:35 - 000011776 _____ (Microsoft Corporation) C:\Windows\system32\tsbyuv.dll
2018-04-25 18:06 - 2009-12-28 05:32 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\msvfw32.dll
2018-04-25 18:06 - 2009-12-28 05:32 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\msvidc32.dll
2018-04-25 18:06 - 2009-12-28 05:32 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\msyuv.dll
2018-04-25 18:06 - 2009-12-28 05:32 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\msrle32.dll
2018-04-25 18:06 - 2009-12-28 05:31 - 000082944 _____ (Microsoft Corporation) C:\Windows\system32\mciavi32.dll
2018-04-25 18:06 - 2009-12-28 05:31 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\iyuv_32.dll
2018-04-25 18:06 - 2009-12-28 05:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\avifil32.dll
2018-04-25 18:06 - 2009-12-28 05:28 - 000065024 _____ (Microsoft Corporation) C:\Windows\system32\avicap32.dll
2018-04-25 18:06 - 2009-08-10 06:05 - 000351232 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2018-04-25 18:06 - 2009-07-10 05:21 - 000247808 _____ (Microsoft Corporation) C:\Windows\system32\shsvcs.dll
2018-04-25 18:06 - 2009-06-15 08:20 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-04-25 18:06 - 2009-03-02 21:39 - 000551424 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-04-25 18:06 - 2009-03-02 21:39 - 000183296 _____ (Microsoft Corporation) C:\Windows\system32\sdohlp.dll
2018-04-25 18:06 - 2009-03-02 21:39 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll
2018-04-25 18:06 - 2009-03-02 21:37 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll
2018-04-25 18:06 - 2009-03-02 21:37 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\iasads.dll
2018-04-25 18:06 - 2009-03-02 21:37 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\iasdatastore.dll
2018-04-25 18:06 - 2009-03-02 20:04 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
2018-04-25 18:06 - 2009-03-02 19:38 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\iashost.exe
2018-04-25 18:05 - 2011-04-20 07:47 - 000375808 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-04-25 18:05 - 2011-04-20 07:44 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-04-25 18:05 - 2010-10-28 05:56 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-04-25 18:05 - 2010-08-20 08:21 - 000866816 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2018-04-25 18:05 - 2010-06-18 09:43 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll
2018-04-25 18:05 - 2010-01-21 08:59 - 000062464 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codeca.acm
2018-04-25 18:05 - 2010-01-14 17:04 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll
2018-04-25 18:05 - 2009-10-07 05:41 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\raschap.dll
2018-04-25 18:05 - 2009-10-07 05:41 - 000244224 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2018-04-25 18:05 - 2009-06-10 05:12 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2018-04-25 18:05 - 2008-10-20 22:25 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-04-25 18:05 - 2008-06-25 18:45 - 012240896 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0007.dll
2018-04-25 18:05 - 2008-06-25 18:45 - 002644480 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0009.dll
2018-04-25 18:04 - 2010-01-25 05:48 - 000472576 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2018-04-25 18:04 - 2010-01-25 05:48 - 000472064 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2018-04-25 18:04 - 2010-01-25 05:48 - 000151040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2018-04-25 18:04 - 2010-01-25 05:48 - 000151040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2018-04-25 18:04 - 2010-01-25 05:45 - 000329216 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2018-04-25 18:04 - 2010-01-25 01:35 - 000523776 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2018-04-25 18:04 - 2010-01-25 01:35 - 000346624 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2018-04-25 18:04 - 2010-01-25 01:34 - 000511488 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2018-04-25 18:04 - 2010-01-25 01:34 - 000347136 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2018-04-25 18:04 - 2009-08-14 09:29 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\netiohlp.dll
2018-04-25 18:04 - 2009-08-14 09:29 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2018-04-25 18:04 - 2009-08-14 07:16 - 000027136 _____ (Microsoft Corporation) C:\Windows\system32\NETSTAT.EXE
2018-04-25 18:04 - 2009-08-14 07:16 - 000019968 _____ (Microsoft Corporation) C:\Windows\system32\ARP.EXE
2018-04-25 18:04 - 2009-08-14 07:16 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\ROUTE.EXE
2018-04-25 18:04 - 2009-08-14 07:16 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\MRINFO.EXE
2018-04-25 18:04 - 2009-08-14 07:16 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\finger.exe
2018-04-25 18:04 - 2009-08-14 07:16 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\TCPSVCS.EXE
2018-04-25 18:04 - 2009-08-14 07:16 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\HOSTNAME.EXE
2018-04-25 18:04 - 2009-07-11 12:32 - 000513024 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2018-04-25 18:04 - 2009-07-11 12:32 - 000302592 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2018-04-25 18:04 - 2009-07-11 12:32 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2018-04-25 18:04 - 2009-07-11 12:29 - 000127488 _____ (Microsoft Corporation) C:\Windows\system32\L2SecHC.dll
2018-04-25 18:04 - 2009-07-11 10:18 - 002501921 _____ C:\Windows\system32\wlan.tmf
2018-04-25 18:04 - 2008-06-25 20:29 - 000801280 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll
2018-04-25 18:03 - 2011-03-03 07:56 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\Apphlpdm.dll
2018-04-25 18:03 - 2011-03-03 06:01 - 004240384 _____ (Microsoft) C:\Windows\system32\GameUXLegacyGDFs.dll
2018-04-25 18:03 - 2010-09-10 11:18 - 010626560 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-04-25 18:03 - 2010-09-10 09:37 - 008147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2018-04-25 18:03 - 2009-07-14 06:00 - 000313344 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll
2018-04-25 18:03 - 2009-07-14 05:59 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2018-04-25 18:03 - 2009-07-14 05:59 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2018-04-25 18:03 - 2009-07-14 05:58 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2018-04-25 18:03 - 2009-07-14 01:30 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.tlb
2018-04-25 18:03 - 2009-07-14 01:30 - 000018432 _____ (Microsoft Corporation) C:\Windows\system32\amcompat.tlb
2018-04-25 18:03 - 2008-03-07 21:21 - 001695744 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2018-04-25 18:03 - 2008-02-29 00:14 - 000019000 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2018-04-25 18:03 - 2008-02-29 00:11 - 000988216 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-04-25 18:03 - 2008-02-29 00:11 - 000927288 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2018-04-25 18:03 - 2008-02-28 23:53 - 000378368 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-04-25 18:03 - 2008-02-28 23:53 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-04-25 18:03 - 2008-02-28 23:53 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-04-25 18:03 - 2008-02-28 23:35 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\kbd106n.dll
2018-04-25 18:03 - 2008-02-28 21:12 - 000318464 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-04-25 18:03 - 2008-02-28 21:12 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\srdelayed.exe
2018-04-25 18:03 - 2008-02-21 22:05 - 000615992 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2018-04-25 18:02 - 2018-04-25 18:02 - 000000000 ____D C:\ProgramData\Google
2018-04-25 18:02 - 2011-04-14 07:24 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-04-25 18:02 - 2011-02-16 08:35 - 000430080 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-04-25 18:02 - 2011-02-16 08:32 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-04-25 18:02 - 2011-01-21 08:46 - 011582464 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-04-25 18:02 - 2011-01-21 08:46 - 000351744 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2018-04-25 18:02 - 2010-12-17 09:43 - 002067456 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2018-04-25 18:02 - 2010-12-17 08:06 - 000677888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2018-04-25 18:02 - 2010-10-15 07:08 - 003600272 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-04-25 18:02 - 2010-10-15 07:08 - 003548048 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-04-25 18:02 - 2010-10-15 06:48 - 001205080 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-04-25 18:02 - 2010-08-31 08:40 - 000531968 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2018-04-25 18:02 - 2009-04-23 05:42 - 000636928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2018-04-25 18:01 - 2010-04-16 09:10 - 000501760 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2018-04-25 17:58 - 2010-12-28 07:57 - 000409600 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll
2018-04-25 17:58 - 2008-10-21 20:57 - 000241152 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2018-04-25 17:58 - 2008-06-18 20:31 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2018-04-25 17:57 - 2011-03-10 09:12 - 001161728 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2018-04-25 17:57 - 2011-03-10 09:12 - 001136640 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2018-04-25 17:57 - 2011-03-02 07:49 - 000167936 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2018-04-25 17:57 - 2011-03-02 07:49 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2018-04-25 17:57 - 2011-02-18 06:31 - 000304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-04-25 17:57 - 2010-05-27 12:16 - 000081920 _____ (Radius Inc.) C:\Windows\system32\iccvid.dll
2018-04-25 17:57 - 2009-09-10 10:30 - 000213504 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-04-25 17:57 - 2009-08-10 04:01 - 001399296 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-04-25 17:57 - 2009-06-10 05:11 - 002868224 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2018-04-25 17:57 - 2009-06-10 05:11 - 002386944 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2018-04-25 17:57 - 2009-05-04 03:11 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2018-04-25 17:57 - 2008-04-04 20:34 - 000015360 _____ (Microsoft Corporation) C:\Windows\system32\pacerprf.dll
2018-04-25 17:57 - 2008-04-04 18:21 - 000072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2018-04-25 17:56 - 2010-08-17 06:32 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2018-04-25 17:56 - 2010-04-05 09:07 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2018-04-25 17:56 - 2009-07-17 07:35 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\atl.dll
2018-04-25 17:56 - 2008-12-05 21:42 - 000376832 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2018-04-25 17:55 - 2011-06-02 05:59 - 002042368 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-04-25 17:55 - 2011-04-29 05:49 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-04-25 17:55 - 2011-04-29 05:49 - 000102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-04-25 17:55 - 2011-04-21 06:16 - 000273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2018-04-25 17:55 - 2010-12-14 08:49 - 001169408 _____ (Microsoft Corporation) C:\Windows\system32\sdclt.exe
2018-04-25 17:55 - 2009-10-23 10:42 - 000714240 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2018-04-25 17:55 - 2008-06-25 20:29 - 000303616 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll
2018-04-25 17:55 - 2008-06-05 20:27 - 000562176 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll
2018-04-25 17:55 - 2008-06-05 20:27 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\xolehlp.dll
2018-04-25 17:55 - 2008-04-17 22:48 - 000269312 _____ (Microsoft Corporation) C:\Windows\system32\es.dll
2018-04-25 17:54 - 2010-12-20 08:39 - 000563200 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2018-04-25 17:54 - 2010-08-31 08:41 - 000954752 _____ (Microsoft Corporation) C:\Windows\system32\mfc40.dll
2018-04-25 17:54 - 2010-08-31 08:41 - 000954288 _____ (Microsoft Corporation) C:\Windows\system32\mfc40u.dll
2018-04-25 17:54 - 2008-10-15 21:47 - 000466944 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2018-04-25 17:53 - 2008-10-28 23:29 - 002927104 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2018-04-25 17:48 - 2010-12-29 10:41 - 000429056 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2018-04-25 17:48 - 2010-12-29 10:41 - 000323072 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2018-04-25 17:48 - 2010-12-29 10:41 - 000153088 _____ (Microsoft Corporation) C:\Windows\system32\sbeio.dll
2018-04-25 17:48 - 2010-12-29 10:39 - 000177664 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2018-04-25 17:48 - 2009-12-23 05:43 - 000171520 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2018-04-25 17:48 - 2009-06-15 11:20 - 000439896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-04-25 17:48 - 2009-06-15 08:24 - 000175104 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-04-25 17:48 - 2009-06-15 08:24 - 000072704 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-04-25 17:48 - 2009-06-15 08:23 - 001256448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-04-25 17:48 - 2009-06-15 08:21 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-04-25 17:48 - 2009-06-15 05:57 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-04-25 17:47 - 2011-05-02 08:58 - 000738816 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-04-25 17:47 - 2010-11-06 04:10 - 000357376 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2018-04-25 17:47 - 2010-11-06 04:10 - 000345088 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll
2018-04-25 17:47 - 2010-11-06 04:10 - 000270336 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2018-04-25 17:47 - 2010-11-06 04:09 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-04-25 17:47 - 2010-11-04 17:53 - 000171520 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2018-04-25 17:47 - 2010-10-18 07:01 - 000081920 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-04-25 17:47 - 2010-06-11 08:30 - 001257472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-04-25 17:47 - 2010-04-16 09:10 - 001314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2018-04-25 17:47 - 2009-03-16 20:38 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\amxread.dll
2018-04-25 17:47 - 2009-03-16 20:38 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\apilogen.dll
2018-04-25 17:47 - 2008-09-17 21:56 - 000147456 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2018-04-25 17:47 - 2008-09-17 21:56 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2018-04-25 17:47 - 2008-08-27 20:40 - 000712704 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2018-04-25 17:47 - 2008-08-27 20:40 - 000425472 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2018-04-25 17:47 - 2008-08-27 20:40 - 000347136 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2018-04-25 17:47 - 2008-08-11 20:39 - 000443392 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2018-04-25 17:47 - 2008-08-01 20:26 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2018-04-25 17:47 - 2008-08-01 18:01 - 000625152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-04-25 17:47 - 2008-06-25 20:29 - 000565248 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2018-04-25 17:47 - 2008-06-25 20:29 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\dataclen.dll
2018-04-25 17:47 - 2008-05-19 19:07 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2018-04-25 17:47 - 2008-05-09 18:33 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2018-04-25 17:46 - 2008-06-22 18:59 - 000996352 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
2018-04-25 17:46 - 2008-06-22 18:58 - 000094720 _____ (Microsoft Corporation) C:\Windows\system32\logagent.exe
2018-04-25 17:46 - 2008-05-08 14:59 - 000180224 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2018-04-25 17:46 - 2008-05-08 14:59 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2018-04-25 17:46 - 2008-05-08 14:59 - 000155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2018-04-25 17:46 - 2008-05-08 14:59 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\wshext.dll
2018-04-25 17:46 - 2008-05-08 14:58 - 000135168 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2018-04-25 17:46 - 2008-05-08 14:58 - 000135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2018-04-25 17:45 - 2011-04-12 07:53 - 000890368 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-04-25 17:45 - 2009-09-04 05:24 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\msasn1.dll
2018-04-25 17:45 - 2009-04-23 05:43 - 000784896 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-04-25 17:44 - 2011-04-29 07:54 - 000276992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-04-25 17:44 - 2010-06-16 08:59 - 000898952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-04-25 17:44 - 2008-10-20 22:25 - 001645568 _____ (Microsoft Corporation) C:\Windows\system32\connect.dll
2018-04-25 11:56 - 2018-04-25 11:56 - 000000000 ____D C:\Users\Walt\AppData\Roaming\AVAST Software
2018-04-25 11:56 - 2018-04-25 11:56 - 000000000 ____D C:\Users\Walt\AppData\Local\CEF
2018-04-25 11:56 - 2009-07-14 10:45 - 000445008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2018-04-25 11:56 - 2009-07-14 10:45 - 000038480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2018-04-25 11:56 - 2009-07-14 10:45 - 000000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
2018-04-25 11:55 - 2018-04-25 11:55 - 000001829 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-04-25 11:55 - 2018-04-25 11:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2018-04-25 11:53 - 2018-04-25 11:53 - 000391856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-04-25 11:53 - 2018-04-25 11:53 - 000310784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-04-25 11:53 - 2018-04-25 11:53 - 000205352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2018-04-25 11:53 - 2018-04-25 11:53 - 000167040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-04-25 11:53 - 2018-04-25 11:53 - 000124392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-04-25 11:53 - 2018-04-25 11:53 - 000070816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-04-25 11:53 - 2018-04-25 11:53 - 000070576 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2018-04-25 11:53 - 2018-04-25 11:53 - 000042808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-04-25 11:53 - 2018-04-25 11:53 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-04-25 11:53 - 2018-04-25 11:52 - 001142072 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2018-04-25 11:53 - 2018-04-25 11:52 - 000783600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-04-25 11:53 - 2018-04-25 11:52 - 000320728 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-04-25 11:53 - 2018-04-25 11:52 - 000276688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblogx.sys
2018-04-25 11:53 - 2018-04-25 11:52 - 000185432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2018-04-25 11:53 - 2018-04-25 11:52 - 000180984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-04-25 11:53 - 2018-04-25 11:52 - 000157368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidshx.sys
2018-04-25 11:53 - 2018-04-25 11:52 - 000050336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbunivx.sys
2018-04-25 11:48 - 2018-04-25 11:48 - 000000000 ____D C:\Program Files\AVAST Software
2018-04-25 11:47 - 2009-04-02 05:37 - 000604672 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2018-04-25 11:39 - 2018-04-25 11:39 - 000001983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-04-25 11:39 - 2018-04-25 11:39 - 000001971 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-04-25 11:39 - 2018-04-25 11:39 - 000000000 ____D C:\Users\Walt\AppData\Local\Google
2018-04-25 11:38 - 2018-04-25 19:27 - 000000000 ____D C:\ProgramData\AVAST Software
2018-04-25 11:38 - 2018-04-25 18:02 - 000000000 ____D C:\Program Files\Google
2018-04-25 11:34 - 2018-04-25 11:34 - 000000000 ____D C:\Users\Walt\AppData\Roaming\ATI
2018-04-25 11:34 - 2018-04-25 11:34 - 000000000 ____D C:\Users\Walt\AppData\Local\ATI
2018-04-25 11:34 - 2018-04-25 11:34 - 000000000 ____D C:\ProgramData\ATI
2018-04-25 11:33 - 2018-04-25 11:33 - 000008192 ___RS C:\BOOTSECT.BAK
2018-04-25 11:33 - 2018-04-25 10:40 - 000000000 ____D C:\Windows\Panther
2018-04-25 11:33 - 2008-02-14 10:44 - 000000024 ___RH C:\Windows\dell_version
2018-04-25 11:33 - 2008-01-20 19:24 - 000333203 __RSH C:\bootmgr
2018-04-25 11:29 - 2018-04-25 11:29 - 000000000 _____ C:\Windows\ativpsrm.bin
2018-04-25 11:20 - 2018-04-25 11:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2018-04-25 11:17 - 2018-04-25 11:20 - 000000000 ____D C:\Program Files\ATI Technologies
2018-04-25 11:17 - 2018-04-25 11:17 - 000000000 ____D C:\Program Files\ATI
2018-04-25 11:16 - 2008-07-04 02:35 - 003847168 _____ (ATI Technologies Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2018-04-25 11:16 - 2008-07-03 23:37 - 000421888 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIDEMGX.dll
2018-04-25 11:16 - 2008-07-03 23:37 - 000331776 _____ (ATI Technologies, Inc.) C:\Windows\system32\atipdlxx.dll
2018-04-25 11:16 - 2008-07-03 23:37 - 000266240 _____ (ATI Technologies, Inc.) C:\Windows\system32\Oemdspif.dll
2018-04-25 11:16 - 2008-07-03 23:37 - 000159744 _____ () C:\Windows\system32\atitmmxx.dll
2018-04-25 11:16 - 2008-07-03 23:36 - 000270336 _____ (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.dll
2018-04-25 11:16 - 2008-07-03 23:36 - 000043520 _____ (ATI Technologies, Inc.) C:\Windows\system32\ati2edxx.dll
2018-04-25 11:16 - 2008-07-03 23:35 - 000692224 _____ (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
2018-04-25 11:16 - 2008-07-03 23:27 - 001626624 _____ (ATI Technologies Inc. ) C:\Windows\system32\atidxx32.dll
2018-04-25 11:16 - 2008-07-03 23:21 - 003691008 _____ (ATI Technologies Inc. ) C:\Windows\system32\atiumdag.dll
2018-04-25 11:16 - 2008-07-03 23:03 - 004427264 _____ (ATI Technologies Inc. ) C:\Windows\system32\atiumdva.dll
2018-04-25 11:16 - 2008-07-03 23:02 - 003107788 _____ C:\Windows\system32\atiumdva.dat
2018-04-25 11:16 - 2008-07-03 22:52 - 009306112 _____ (ATI Technologies Inc.) C:\Windows\system32\atioglxx.dll
2018-04-25 11:16 - 2008-07-03 22:50 - 000050688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom32.dll
2018-04-25 11:16 - 2008-07-03 22:50 - 000042496 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2018-04-25 11:16 - 2008-07-03 22:33 - 000053248 _____ (ATI Technologies Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2018-04-25 11:16 - 2008-06-10 17:50 - 000174819 _____ C:\Windows\system32\atiicdxx.dat
2018-04-25 11:16 - 2008-05-13 08:10 - 000013052 _____ C:\Windows\atiogl.xml
2018-04-25 11:16 - 2008-03-05 20:38 - 000090112 _____ C:\Windows\system32\atibrtmon.exe
2018-04-25 11:16 - 2007-09-08 22:37 - 000052400 _____ C:\Windows\system32\Drivers\ativvpxx.vp
2018-04-25 11:16 - 2007-08-21 17:51 - 000081920 _____ C:\Windows\system32\ATIODE.exe
2018-04-25 11:16 - 2007-08-21 15:36 - 000040960 _____ C:\Windows\system32\ATIODCLI.exe
2018-04-25 11:16 - 2007-05-30 11:37 - 000002096 _____ C:\Windows\system32\Drivers\ativpkxx.vp
2018-04-25 11:16 - 2007-05-30 11:37 - 000002096 _____ C:\Windows\system32\Drivers\ativokxx.vp
2018-04-25 11:16 - 2007-04-18 08:19 - 000002096 _____ C:\Windows\system32\Drivers\ativdkxx.vp
2018-04-25 11:16 - 2006-08-23 17:26 - 000328162 _____ C:\Windows\system32\Drivers\ativcaxx.cpa
2018-04-25 11:16 - 2006-08-23 17:26 - 000000929 _____ C:\Windows\system32\Drivers\ativcaxx.vp
2018-04-25 11:14 - 2018-04-25 11:14 - 000000000 ____D C:\Program Files\Intel
2018-04-25 11:13 - 2018-04-25 11:16 - 000320422 _____ C:\Windows\iProInstLog.txt
2018-04-25 11:05 - 2018-04-25 11:05 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2018-04-25 11:05 - 2008-02-15 18:01 - 000046592 _____ (REDC) C:\Windows\system32\Drivers\rimmptsk.sys
2018-04-25 11:05 - 2007-07-30 11:54 - 000038400 _____ (REDC) C:\Windows\system32\Drivers\rixdptsk.sys
2018-04-25 11:05 - 2007-07-30 10:42 - 000043008 _____ (REDC) C:\Windows\system32\Drivers\rimsptsk.sys
2018-04-25 11:05 - 2007-07-25 12:48 - 000172032 _____ (Ricoh Company,Ltd) C:\Windows\system32\rixdicon.dll
2018-04-25 11:05 - 2004-09-04 03:00 - 000090112 _____ (Sony Corporation) C:\Windows\system32\snymsico.dll
2018-04-25 11:01 - 2018-04-25 11:01 - 000000000 ____D C:\dell
2018-04-25 11:00 - 2018-04-25 11:00 - 000000000 ____D C:\Windows\system32\vmm32
2018-04-25 11:00 - 2018-04-25 11:00 - 000000000 ____D C:\Program Files\Dell
2018-04-25 10:53 - 2018-04-26 09:30 - 000000000 ____D C:\Qoobox
2018-04-25 10:52 - 2018-04-26 09:28 - 000000000 ____D C:\Windows\erdnt
2018-04-25 10:50 - 2018-03-06 19:14 - 001472131 _____ C:\Users\Walt\Documents\vba32arkit.zip
2018-04-25 10:50 - 2017-01-26 16:07 - 007380704 _____ C:\Users\Walt\Documents\WMCodecPack.exe
2018-04-25 10:50 - 2017-01-19 07:14 - 030659457 _____ C:\Users\Walt\Documents\Windows6.1-KB3172605-x64.msu
2018-04-25 10:50 - 2016-06-30 14:07 - 000548376 _____ (Microsoft Corporation) C:\Users\Walt\Documents\VS90sp1-KB945140-ENU.exe
2018-04-25 10:50 - 2015-02-02 21:21 - 001132106 _____ (Huntersoft ) C:\Users\Walt\Documents\UnknownDeviceIdentifier.exe
2018-04-25 10:50 - 2015-02-02 19:14 - 301812736 _____ C:\Users\Walt\Documents\Windows_Win7SP1.7601.17514.101119-1850.AMD64FRE.Symbols.msi
2018-04-25 10:50 - 2015-02-02 15:54 - 001766152 _____ C:\Users\Walt\Documents\wrar520.exe
2018-04-25 10:50 - 2013-12-10 21:44 - 002585872 _____ (Microsoft Corporation) C:\Users\Walt\Documents\WindowsInstaller-KB893803-v2-x86.exe
2018-04-25 10:50 - 2005-10-14 16:12 - 001014477 _____ C:\Users\Walt\Documents\wrar351.exe
2018-04-25 10:50 - 2005-09-12 17:10 - 000983202 _____ C:\Users\Walt\Documents\wrar35b4.exe
2018-04-25 10:49 - 2018-04-11 19:28 - 433547968 _____ (Microsoft Corporation) C:\Users\Walt\Documents\SQLServer2014SP2-KB3171021-x86-ENU.exe
2018-04-25 10:48 - 2018-04-12 15:22 - 003168728 _____ (Remo Software ) C:\Users\Walt\Documents\remo-recover.exe
2018-04-25 10:48 - 2018-04-11 19:26 - 714585792 _____ (Microsoft Corporation) C:\Users\Walt\Documents\SQLServer2014SP2-KB3171021-x64-ENU.exe
2018-04-25 10:48 - 2018-04-06 16:09 - 000967800 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Walt\Documents\rufus-2.18.exe
2018-04-25 10:48 - 2018-04-06 15:54 - 002804968 _____ C:\Users\Walt\Documents\R302080.exe
2018-04-25 10:48 - 2018-01-30 13:36 - 006229392 _____ (Trend Micro, Inc. ) C:\Users\Walt\Documents\RUBottedSetup.exe
2018-04-25 10:48 - 2018-01-23 12:45 - 008656400 _____ (Trend Micro Inc.) C:\Users\Walt\Documents\RootkitBuster_v5_1061.exe
2018-04-25 10:48 - 2017-11-02 19:28 - 003039640 _____ C:\Users\Walt\Documents\R301250.exe
2018-04-25 10:48 - 2017-09-20 12:55 - 000231390 _____ C:\Users\Walt\Documents\RootkitRevealer.zip
2018-04-25 10:48 - 2016-09-27 07:52 - 041743488 _____ (Skype Technologies S.A.) C:\Users\Walt\Documents\SkypeSetupFull.exe
2018-04-25 10:48 - 2016-06-28 19:04 - 000464200 _____ (Bleeping Computer, LLC) C:\Users\Walt\Documents\sc-cleaner.exe
2018-04-25 10:48 - 2016-06-27 08:31 - 046525608 _____ (Safer-Networking Ltd. ) C:\Users\Walt\Documents\spybot-2.4.exe
2018-04-25 10:48 - 2015-02-02 11:44 - 064677992 _____ C:\Users\Walt\Documents\R273821.exe
2018-04-25 10:48 - 2015-02-02 11:44 - 011497152 _____ C:\Users\Walt\Documents\R255962.exe
2018-04-25 10:48 - 2015-01-26 16:47 - 030858816 _____ C:\Users\Walt\Documents\R255591(1).exe
2018-04-25 10:48 - 2015-01-26 16:39 - 049680560 _____ C:\Users\Walt\Documents\R278714.exe
2018-04-25 10:48 - 2015-01-25 21:12 - 011496904 _____ C:\Users\Walt\Documents\R255501(1).exe
2018-04-25 10:48 - 2015-01-25 21:10 - 062410840 _____ C:\Users\Walt\Documents\R273580.exe
2018-04-25 10:48 - 2015-01-25 21:10 - 004884240 _____ C:\Users\Walt\Documents\R255590.exe
2018-04-25 10:48 - 2015-01-25 21:10 - 002669496 _____ C:\Users\Walt\Documents\R304507.exe
2018-04-25 10:48 - 2015-01-25 21:10 - 001987936 _____ C:\Users\Walt\Documents\R304505.exe
2018-04-25 10:48 - 2015-01-25 21:09 - 049941256 _____ C:\Users\Walt\Documents\R259343.exe
2018-04-25 10:48 - 2015-01-25 21:07 - 007781752 _____ C:\Users\Walt\Documents\R255854.exe
2018-04-25 10:48 - 2015-01-25 21:07 - 003194904 _____ C:\Users\Walt\Documents\R255588.exe
2018-04-25 10:48 - 2015-01-25 21:06 - 083633504 _____ C:\Users\Walt\Documents\R272187.exe
2018-04-25 10:48 - 2015-01-25 21:06 - 002608120 _____ C:\Users\Walt\Documents\R255577.exe
2018-04-25 10:48 - 2015-01-25 21:05 - 005853328 _____ C:\Users\Walt\Documents\R285030.exe
2018-04-25 10:47 - 2015-02-02 11:45 - 085261368 _____ C:\Users\Walt\Documents\R252542.exe
2018-04-25 10:47 - 2015-02-02 11:45 - 085256608 _____ C:\Users\Walt\Documents\R252536.exe
2018-04-25 10:47 - 2015-02-02 11:44 - 064888904 _____ C:\Users\Walt\Documents\R228330.exe
2018-04-25 10:47 - 2015-02-02 11:43 - 044680536 _____ C:\Users\Walt\Documents\R252287.exe
2018-04-25 10:47 - 2015-01-26 16:48 - 144109622 _____ C:\Users\Walt\Documents\R241392.zip
2018-04-25 10:47 - 2015-01-25 21:13 - 085261200 _____ C:\Users\Walt\Documents\R252544.exe
2018-04-25 10:47 - 2015-01-25 21:13 - 085256536 _____ C:\Users\Walt\Documents\R252537.exe
2018-04-25 10:47 - 2015-01-25 21:11 - 064910792 _____ C:\Users\Walt\Documents\R226746.exe
2018-04-25 10:47 - 2013-07-21 18:06 - 101606880 _____ C:\Users\Walt\Documents\R205222.exe
2018-04-25 10:47 - 2011-03-14 14:21 - 001239944 _____ C:\Users\Walt\Documents\R227772.exe
2018-04-25 10:46 - 2018-04-25 10:46 - 000000000 ____D C:\Users\Walt\Documents\vba32arkit
2018-04-25 10:46 - 2018-04-25 10:46 - 000000000 ____D C:\Users\Walt\Documents\TMRBLog
2018-04-25 10:46 - 2018-04-25 10:46 - 000000000 ____D C:\Users\Walt\Documents\RootRepeal
2018-04-25 10:46 - 2018-04-25 10:46 - 000000000 ____D C:\Users\Walt\Documents\RootkitRevealer
2018-04-25 10:46 - 2018-04-25 10:46 - 000000000 ____D C:\Users\Walt\Documents\LAN_Atheros_2.1.0.13_W7x64
2018-04-25 10:46 - 2018-04-25 10:46 - 000000000 ____D C:\Users\Walt\Documents\Ad-Aware SE Personal
2018-04-25 10:46 - 2018-04-15 10:32 - 037993920 _____ (EaseUS ) C:\Users\Walt\Documents\epm.exe
2018-04-25 10:46 - 2018-04-15 09:16 - 041719176 _____ (EASEUS) C:\Users\Walt\Documents\EASEUS_Disk_Copy.exe
2018-04-25 10:46 - 2018-04-14 18:52 - 015800840 _____ (Dell Inc.) C:\Users\Walt\Documents\dell-usb-recovery-tool_jndt2_win_2.1.2025.0_a00.exe
2018-04-25 10:46 - 2018-04-13 08:25 - 039012928 _____ (EaseUS ) C:\Users\Walt\Documents\epm_fusion.exe
2018-04-25 10:46 - 2018-04-11 19:31 - 002959376 _____ (Microsoft Corporation) C:\Users\Walt\Documents\dotnetfx35setup.exe
2018-04-25 10:46 - 2018-04-11 17:43 - 000679696 _____ (PC Drivers HeadQuarters LP) C:\Users\Walt\Documents\DriverSupport.exe
2018-04-25 10:46 - 2018-04-10 10:30 - 000000000 ____D C:\Users\Walt\Documents\log
2018-04-25 10:46 - 2018-04-06 15:55 - 009078096 _____ C:\Users\Walt\Documents\E6530A20.exe
2018-04-25 10:46 - 2018-04-03 17:33 - 018617536 _____ (Microsoft Corporation) C:\Users\Walt\Documents\MediaCreationTool (1).exe
2018-04-25 10:46 - 2018-03-06 19:03 - 029819149 _____ (SecureMix LLC) C:\Users\Walt\Documents\glasswire-setup-2.0.3087.exe
2018-04-25 10:46 - 2018-02-23 12:37 - 001129816 _____ (Google Inc.) C:\Users\Walt\Documents\ChromeSetup.exe
2018-04-25 10:46 - 2018-02-19 08:41 - 028866136 _____ (IObit ) C:\Users\Walt\Documents\advanced-systemcare-setup.exe
2018-04-25 10:46 - 2018-01-30 16:35 - 001137360 _____ (F-Secure Corporation) C:\Users\Walt\Documents\fsbl.exe
2018-04-25 10:46 - 2018-01-23 14:56 - 001020640 _____ C:\Users\Walt\Documents\antirootkit.exe
2018-04-25 10:46 - 2018-01-23 12:40 - 011599632 _____ (SurfRight B.V.) C:\Users\Walt\Documents\HitmanPro_x64.exe
2018-04-25 10:46 - 2018-01-20 11:31 - 077342496 _____ (Malwarebytes ) C:\Users\Walt\Documents\arw-setup-consumer-0.9.18.807-1.1.129.exe
2018-04-25 10:46 - 2018-01-10 17:36 - 006654960 _____ (AVAST Software) C:\Users\Walt\Documents\avast_free_antivirus_setup_online_cnet2.exe
2018-04-25 10:46 - 2017-03-15 05:52 - 001318648 _____ C:\Users\Walt\Documents\BatteryBarSetup-3.6.6.exe
2018-04-25 10:46 - 2017-02-03 14:30 - 006389072 _____ C:\Users\Walt\Documents\8400fvst6410231a_64en.exe
2018-04-25 10:46 - 2017-01-19 06:43 - 000422480 _____ (Secure By Design Inc.) C:\Users\Walt\Documents\Ninite_7Zip_Air_CDBurnerXP_Chrome_Essentials_Installer.exe
2018-04-25 10:46 - 2016-08-22 08:54 - 045964136 _____ (IObit ) C:\Users\Walt\Documents\advanced-systemcare-setup(1).exe
2018-04-25 10:46 - 2016-08-16 15:31 - 014194869 _____ C:\Users\Walt\Documents\CopyTransManagerv1.111_DLC.zip
2018-04-25 10:46 - 2016-06-28 19:48 - 003719928 _____ (Zemana Ltd. ) C:\Users\Walt\Documents\AntiLoggerFree_Setup.exe
2018-04-25 10:46 - 2016-06-28 19:26 - 000457632 _____ (Bleeping Computer, LLC) C:\Users\Walt\Documents\FixExec.exe
2018-04-25 10:46 - 2016-06-28 17:30 - 005198336 _____ (AVAST Software) C:\Users\Walt\Documents\aswMBR.exe
2018-04-25 10:46 - 2016-06-28 16:10 - 037457368 _____ (Malwarebytes ) C:\Users\Walt\Documents\MBARW_Setup.exe
2018-04-25 10:46 - 2016-06-26 21:09 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Walt\Documents\mbar-1.09.3.1001(1).exe
2018-04-25 10:46 - 2016-06-17 16:43 - 010451640 _____ (SurfRight B.V.) C:\Users\Walt\Documents\hitmanpro.exe
2018-04-25 10:46 - 2016-06-08 08:00 - 002085168 _____ C:\Users\Walt\Documents\Adaware_Installer.exe
2018-04-25 10:46 - 2015-10-30 21:01 - 011302536 _____ (CCCP Project ) C:\Users\Walt\Documents\Combined-Community-Codec-Pack-64bit-2015-10-18(1).exe
2018-04-25 10:46 - 2014-06-08 10:03 - 000845768 _____ (INCA Internet) C:\Users\Walt\Documents\nPMBRGuardSetup.exe
2018-04-25 10:46 - 2013-12-10 21:19 - 082356552 _____ C:\Users\Walt\Documents\R155386.EXE
2018-04-25 10:46 - 2013-12-10 21:17 - 028134504 _____ (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) C:\Users\Walt\Documents\R112482.EXE
2018-04-25 10:46 - 2013-12-10 21:17 - 006131912 _____ (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) C:\Users\Walt\Documents\R111827.EXE
2018-04-25 10:46 - 2013-12-10 21:17 - 004640840 _____ (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) C:\Users\Walt\Documents\R128346.EXE
2018-04-25 10:46 - 2013-12-10 21:16 - 004675584 _____ (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) C:\Users\Walt\Documents\R99254.EXE
2018-04-25 10:46 - 2012-07-09 02:46 - 009161136 _____ (COMODO) C:\Users\Walt\Documents\KillSwitch.exe
2018-04-25 10:46 - 2011-11-15 10:26 - 000510824 _____ C:\Users\Walt\Documents\BootSuite Wizard.exe
2018-04-25 10:46 - 2010-06-23 08:01 - 012124624 _____ (Adobe Systems Inc.) C:\Users\Walt\Documents\AdobeAIRInstaller.exe
2018-04-25 10:45 - 2018-04-25 10:45 - 000001115 _____ C:\Users\Walt\Desktop\nProtect MBR Guard.lnk
2018-04-25 10:45 - 2018-04-25 10:45 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_00_00.Wdf
2018-04-25 10:45 - 2018-04-25 10:45 - 000000000 ____D C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\nProtect MBR Guard
2018-04-25 10:45 - 2018-04-25 10:45 - 000000000 ____D C:\Program Files\INCAInternet
2018-04-25 10:44 - 2018-04-25 20:20 - 000049168 _____ C:\Users\Walt\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-25 10:44 - 2018-04-25 11:20 - 000000000 ____D C:\Users\Walt
2018-04-25 10:44 - 2018-04-25 10:44 - 000000949 _____ C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-04-25 10:44 - 2018-04-25 10:44 - 000000944 _____ C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-04-25 10:44 - 2018-04-25 10:44 - 000000915 _____ C:\Users\Walt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2018-04-25 10:44 - 2018-04-25 10:44 - 000000680 _____ C:\Users\Walt\AppData\Local\d3d9caps.dat
2018-04-25 10:44 - 2018-04-25 10:44 - 000000020 ___SH C:\Users\Walt\ntuser.ini
2018-04-25 10:44 - 2018-04-25 10:44 - 000000000 ____D C:\Users\Walt\AppData\Local\VirtualStore
2018-04-25 10:44 - 2006-11-02 05:37 - 000000000 ____D C:\Users\Walt\AppData\Roaming\Media Center Programs
 
==================== Three Months Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-26 10:44 - 2006-11-02 04:18 - 000000000 ____D C:\Windows\rescache
2018-04-26 10:40 - 2006-11-02 06:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-26 10:40 - 2006-11-02 05:47 - 000003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-26 10:40 - 2006-11-02 05:47 - 000003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-26 10:18 - 2006-11-02 06:01 - 000006362 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-04-26 09:27 - 2006-11-02 03:23 - 000000215 _____ C:\Windows\system.ini
2018-04-26 07:40 - 2006-11-02 04:18 - 000000000 ____D C:\Windows\inf
2018-04-26 07:40 - 2006-11-02 03:33 - 000690960 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-25 20:12 - 2006-11-02 05:47 - 000228176 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-25 19:48 - 2006-11-02 05:37 - 000000000 ____D C:\Program Files\Movie Maker
2018-04-25 19:48 - 2006-11-02 04:18 - 000000000 ____D C:\Windows\system32\manifeststore
2018-04-25 19:48 - 2006-11-02 04:18 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-04-25 11:33 - 2006-11-02 05:37 - 000262144 _____ C:\Windows\system32\config\BCD-Template
2018-04-25 11:18 - 2006-11-02 04:18 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
 
==================== Files in the root of some directories =======
 
2018-04-25 10:44 - 2018-04-25 10:44 - 000000680 _____ () C:\Users\Walt\AppData\Local\d3d9caps.dat
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Microsoft Windows Vista
locale                  en-US
inherit                 {bootloadersettings}
osdevice                partition=C:
systemroot              \Windows
resumeobject            {28d62d1b-48b7-11e8-8463-86b7714ca8b0}
nx                      OptIn
 
Resume from Hibernate
---------------------
identifier              {28d62d1b-48b7-11e8-8463-86b7714ca8b0}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  partition=C:
path                    \ntldr
description             Earlier Version of Windows
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
 
LastRegBack: 2018-04-26 10:44
 
==================== End of FRST.txt ==
The selected disk neccessary to the oparation of your computer, and may not be cleaned!!!!Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23.04.2018
Ran by Walt (26-04-2018 10:47:11)
Running from C:\Users\Walt\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) (2018-04-25 17:39:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1390778279-201454918-2172237936-500 - Administrator - Disabled)
Guest (S-1-5-21-1390778279-201454918-2172237936-501 - Limited - Disabled)
Walt (S-1-5-21-1390778279-201454918-2172237936-1000 - Administrator - Enabled) => C:\Users\Walt
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ATI Catalyst Install Manager (HKLM\...\{65E4B9D4-D276-B3BF-51E7-800D2ADFEB08}) (Version: 3.0.682.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.3.2333 - AVAST Software)
ccc-core-static (HKLM\...\{28C3CD30-2DF4-FEFA-3F4E-D6C1C3257FCE}) (Version: 2008.0703.2236.38526 - ATI) Hidden
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Integrated Webcam Driver (1.06.03.0309)   (HKLM\...\Creative OA001) (Version: 1.06.03.0309 - Creative Technology Ltd.)
Intel® PROSet/Wireless WiFi Driver (HKLM\...\{AFE36C05-B442-4DEA-9BFB-2D72C8A1E153}) (Version: 12.00.2000 - Intel® Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
nProtect MBR Guard (HKLM\...\nProtect MBR Guard) (Version: 4.0.1.3 - INCA Internet)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.54.05 - RICOH)
Skins (HKLM\...\{974BBAF1-048D-4230-2254-62FEA00B18E9}) (Version: 2008.0703.2236.38526 - ATI) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-04-25] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-04-25] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-04-25] (AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2008-07-02] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-04-25] (AVAST Software)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {316EE177-5B82-41AF-A7C1-03B9D8A979B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-04-25] (Google Inc.)
Task: {432717D8-12F8-4D0E-AB24-51F9ED2A7B98} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-04-25] (Google Inc.)
Task: {47F41257-A824-4B82-9D63-5F3C175FE628} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-04-25] (AVAST Software)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => %windir%\system32\rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-04-25 11:52 - 2018-04-25 11:52 - 000349912 _____ () C:\Program Files\AVAST Software\Avast\streamback_avast.dll
2018-04-25 11:52 - 2018-04-25 11:52 - 000295640 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-04-25 11:52 - 2018-04-25 11:52 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-04-25 17:52 - 2018-04-25 17:52 - 005838992 _____ () C:\Program Files\AVAST Software\Avast\defs\18042506\algo.dll
2018-04-25 11:16 - 2008-07-03 23:37 - 000159744 _____ () C:\Windows\system32\atitmmxx.dll
2018-04-25 11:52 - 2018-04-25 11:53 - 048936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-04-25 11:52 - 2018-04-25 11:52 - 000281816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2018-04-25 11:20 - 2018-04-25 11:20 - 000014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 03:23 - 2006-09-18 14:41 - 000000761 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1390778279-201454918-2172237936-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\Wallpaper\img20.jpg
DNS Servers: 71.10.216.1 - 71.10.216.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{D2505409-5E75-49FC-9608-12A3FF5FE19F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{6AF14788-68E7-4995-855A-3CDAEEAF580B}] => (Allow) LPort=80
FirewallRules: [{0A51BECB-7A53-4998-8987-E4FC67935293}] => (Allow) LPort=80
FirewallRules: [{09826579-106D-4591-A51B-82D2876B80D4}] => (Allow) LPort=80
 
==================== Restore Points =========================
 
25-04-2018 10:57:11 Installed Dell Resource CD.
25-04-2018 11:02:55 Installed RICOH R5C83x/84x Flash Media Controller Driver Ver.3.5>§„;
25-04-2018 11:05:21 Device Driver Package Install: Ricoh Company IDE ATA/ATAPI controllers
25-04-2018 11:06:53 Device Driver Package Install: Ricoh Company IDE ATA/ATAPI controllers
25-04-2018 11:08:33 Device Driver Package Install: Ricoh Company IDE ATA/ATAPI controllers
25-04-2018 11:13:14 Installed Intel® PROSet/Wireless WiFi Driver.
25-04-2018 11:18:32 Device Driver Package Install: ATI Technologies Inc. Display adapters
25-04-2018 11:54:19 Windows Update
25-04-2018 18:11:17 Windows Update
26-04-2018 07:16:17 Windows Update
26-04-2018 09:16:06 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: iPod            
Description: iPod            
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Apple   
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/26/2018 10:40:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (04/26/2018 07:34:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (04/26/2018 07:06:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (04/25/2018 08:13:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (04/25/2018 05:40:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (04/25/2018 11:38:38 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (04/25/2018 11:38:38 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (04/25/2018 11:38:38 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
 
System errors:
=============
Error: (04/26/2018 10:47:50 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
 
Error: (04/26/2018 10:43:31 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
 
Error: (04/26/2018 10:40:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (04/26/2018 10:40:31 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
 
Error: (04/26/2018 10:40:04 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: Unable to initialize the security package Kerberos for server side authentication.  The data field contains the error number.
 
Error: (04/26/2018 10:17:56 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
 
Error: (04/26/2018 10:17:17 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
 
Error: (04/26/2018 10:17:12 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
 
 
CodeIntegrity:
===================================
 
Date: 2018-04-26 10:47:00.406
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-04-26 10:47:00.328
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-04-26 10:47:00.266
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-04-26 10:47:00.188
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-04-26 10:46:45.196
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-04-26 10:46:45.102
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-04-26 10:46:45.024
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
Date: 2018-04-26 10:46:44.962
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T5800 @ 2.00GHz
Percentage of memory in use: 32%
Total physical RAM: 3035.98 MB
Available physical RAM: 2059.3 MB
Total Virtual: 6274.25 MB
Available Virtual: 5368.08 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.76 GB) (Free:436.98 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: CD706D1C)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ==
I was finally able to run Rootkit reveal and it showed that their where 90,000 discrepancies  I save it but not able to find the Log on the computer. Thank you Walt


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:49 PM

Posted 11 May 2018 - 05:45 PM

Hi, Rootkiller. :)
 
You have submitted information about two computers, one with Windows 7 and one with VISTA. Lets try to work with one at the time.
 
Lets select the one with Windows Vista first.
 
I don't see any trace of malware in this report. The computer with Windows Vista have an issue, as the BIOS seems to be corrupted. It is accessing the embedded hardware (EC) incorrectly. That will definitely give you problems. Windows Vista is no longer supported, but you can try to obtain a BIOS update at the manufacturer's site.
 
The reason you are unable to boot to the recovery environment is that you ran the bootrec.exe and BCDedit.exe commands erasing part of the Boot Configuration Data. There are no MBR rootkits.
 
Lets run some scans (only in the computer with Vista).

  • Highlight the entire content of the quote box below.

Start::  
S3 FBQVOB; C:\Users\Walt\AppData\Local\Temp\FBQVOB.exe [X] <==== ATTENTION
S3 XGUJ; C:\Users\Walt\AppData\Local\Temp\XGUJ.exe [X] <==== ATTENTION
S3 catchme; \??\C:\Users\Walt\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
FirewallRules: [{6AF14788-68E7-4995-855A-3CDAEEAF580B}] => (Allow) LPort=80
FirewallRules: [{0A51BECB-7A53-4998-8987-E4FC67935293}] => (Allow) LPort=80
FirewallRules: [{09826579-106D-4591-A51B-82D2876B80D4}] => (Allow) LPort=80
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
S3 FBQVOB; C:\Users\Walt\AppData\Local\Temp\FBQVOB.exe [X] <==== ATTENTION
S3 XGUJ; C:\Users\Walt\AppData\Local\Temp\XGUJ.exe [X] <==== ATTENTION
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => %windir%\system32\rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries <==== ATTENTION
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION
S3 FBQVOB; C:\Users\Walt\AppData\Local\Temp\FBQVOB.exe [X] <==== ATTENTION
S3 XGUJ; C:\Users\Walt\AppData\Local\Temp\XGUJ.exe [X] <==== ATTENTION
S3 catchme; \??\C:\Users\Walt\AppData\Local\Temp\catchme.sys [X]
CMD: BCDEdit /enum all /store C:\Windows\system32\config\BCD-Template
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CMD: BCDEDIT /ENUM ALL
CMD: fltmc instances
Folder: C:\Windows\System32\Drivers
Reg: Reg query "HKLM\SYSTEM\Select"
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

 

RQKuhw1.pngRogueKiller

  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    5ace519a6ff4a_Dashboard-firstrun.png.567
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

Your next reply(ies) should therefore contain:
  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log

  • Copy/pasted Fixlog.txt log


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 Rootkiller

Rootkiller
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 11 May 2018 - 08:44 PM

Hi Master Surgeon General I followed your instruction and here is what happened: When FRST opened I got this massage. " New updates found please wait "another box popes up saying Update failed "   when I close the update fail and press fix   No fix.list found. Do you still want me to run  the other programs?? Thanks Walt



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:49 PM

Posted 11 May 2018 - 10:25 PM

Download the latest FRST and retry the fix.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 Rootkiller

Rootkiller
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 11 May 2018 - 11:05 PM

Hi " No fixlist.txt found. The fixlist.txt should be in the same folder/directory the tool is located. Am I doing something wrong. I have the text high lighted when I run FRST. Am I suppose to put it in some folder??  I just ran Rootkit reveal and showed 283,000 discrepancies I tried to save the log but was not able. While I was running the scan the computer kept going to a black screen and tossing me back out to the password, had to restart every time to keep it going!!! I'm just a novice but I was told when a computer goes to a black screen it's infected. Also to let you know when I try to install XP it goes to a blue screen telling me it save my computer from being damaged. Ha Ha Thank you



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:49 PM

Posted 12 May 2018 - 02:57 PM

Download the enclosed file. [attachment=204595:Fixlist.txt] Save it next to FRST (In the same location FRST is saved). Right click on FRST and select "Run as Administrator". Once the interface is present, click on the Fix button.

 

When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from. Post it in your next reply.

 

Run the programs suggested above.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 Rootkiller

Rootkiller
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 12 May 2018 - 03:43 PM

S3 FBQVOB; C:\Users\Walt\AppData\Local\Temp\FBQVOB.exe [X] <==== ATTENTION
S3 XGUJ; C:\Users\Walt\AppData\Local\Temp\XGUJ.exe [X] <==== ATTENTION
S3 catchme; \??\C:\Users\Walt\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
FirewallRules: [{6AF14788-68E7-4995-855A-3CDAEEAF580B}] => (Allow) LPort=80
FirewallRules: [{0A51BECB-7A53-4998-8987-E4FC67935293}] => (Allow) LPort=80
FirewallRules: [{09826579-106D-4591-A51B-82D2876B80D4}] => (Allow) LPort=80
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
S3 FBQVOB; C:\Users\Walt\AppData\Local\Temp\FBQVOB.exe [X] <==== ATTENTION
S3 XGUJ; C:\Users\Walt\AppData\Local\Temp\XGUJ.exe [X] <==== ATTENTION
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => %windir%\system32\rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries <==== ATTENTION
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION
S3 FBQVOB; C:\Users\Walt\AppData\Local\Temp\FBQVOB.exe [X] <==== ATTENTION
S3 XGUJ; C:\Users\Walt\AppData\Local\Temp\XGUJ.exe [X] <==== ATTENTION
S3 catchme; \??\C:\Users\Walt\AppData\Local\Temp\catchme.sys [X]
CMD: BCDEdit /enum all /store C:\Windows\system32\config\BCD-Template
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CMD: BCDEDIT /ENUM ALL
CMD: fltmc instances
Folder: C:\Windows\System32\Drivers
Reg: Reg query "HKLM\SYSTEM\Select"
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:49 PM

Posted 12 May 2018 - 05:37 PM

What you posted was the contents of the fixlist.txt. Follow the instructions above.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 Rootkiller

Rootkiller
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 12 May 2018 - 07:48 PM

Fix result of Farbar Recovery Scan Tool (x86) Version: 10.05.2018
Ran by Walt (12-05-2018 13:15:36) Run:1
Running from C:\Users\Walt\Downloads
Loaded Profiles: Walt (Available Profiles: Walt)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
S3 FBQVOB; C:\Users\Walt\AppData\Local\Temp\FBQVOB.exe [X] <==== ATTENTION
S3 XGUJ; C:\Users\Walt\AppData\Local\Temp\XGUJ.exe [X] <==== ATTENTION
S3 catchme; \??\C:\Users\Walt\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
FirewallRules: [{6AF14788-68E7-4995-855A-3CDAEEAF580B}] => (Allow) LPort=80
FirewallRules: [{0A51BECB-7A53-4998-8987-E4FC67935293}] => (Allow) LPort=80
FirewallRules: [{09826579-106D-4591-A51B-82D2876B80D4}] => (Allow) LPort=80
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
S3 FBQVOB; C:\Users\Walt\AppData\Local\Temp\FBQVOB.exe [X] <==== ATTENTION
S3 XGUJ; C:\Users\Walt\AppData\Local\Temp\XGUJ.exe [X] <==== ATTENTION
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => %windir%\system32\rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries <==== ATTENTION
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION
S3 FBQVOB; C:\Users\Walt\AppData\Local\Temp\FBQVOB.exe [X] <==== ATTENTION
S3 XGUJ; C:\Users\Walt\AppData\Local\Temp\XGUJ.exe [X] <==== ATTENTION
S3 catchme; \??\C:\Users\Walt\AppData\Local\Temp\catchme.sys [X]
CMD: BCDEdit /enum all /store C:\Windows\system32\config\BCD-Template
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CMD: BCDEDIT /ENUM ALL
CMD: fltmc instances
Folder: C:\Windows\System32\Drivers
Reg: Reg query "HKLM\SYSTEM\Select"
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
 
*****************
 
"HKLM\System\CurrentControlSet\Services\FBQVOB" => removed successfully.
FBQVOB => service removed successfully.
"HKLM\System\CurrentControlSet\Services\XGUJ" => removed successfully.
XGUJ => service removed successfully.
"HKLM\System\CurrentControlSet\Services\catchme" => removed successfully.
catchme => service removed successfully.
"HKLM\System\CurrentControlSet\Services\IpInIp" => removed successfully.
IpInIp => service removed successfully.
"HKLM\System\CurrentControlSet\Services\NwlnkFlt" => removed successfully.
NwlnkFlt => service removed successfully.
"HKLM\System\CurrentControlSet\Services\NwlnkFwd" => removed successfully.
NwlnkFwd => service removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6AF14788-68E7-4995-855A-3CDAEEAF580B}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0A51BECB-7A53-4998-8987-E4FC67935293}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{09826579-106D-4591-A51B-82D2876B80D4}" => removed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => not found
FBQVOB => service not found.
XGUJ => service not found.
"HKLM\System\CurrentControlSet\Services\AppMgmt" => removed successfully.
AppMgmt => service removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A728AE6B-5AB8-4223-AD3E-E6341441A01C}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A728AE6B-5AB8-4223-AD3E-E6341441A01C}" => removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PLA\System\ConvertLogEntries" => removed successfully.
HKLM\Software\Classes\cmdfile\DefaultIcon\\Default => value restored successfully
FBQVOB => service not found.
XGUJ => service not found.
catchme => service not found.
 
========= BCDEdit /enum all /store C:\Windows\system32\config\BCD-Template =========
 
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {default}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {28d62d1a-48b7-11e8-8463-86b7714ca8b0}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Microsoft Windows Vista
locale                  en-US
inherit                 {bootloadersettings}
osdevice                partition=C:
systemroot              \Windows
resumeobject            {28d62d1b-48b7-11e8-8463-86b7714ca8b0}
nx                      OptIn
detecthal               Yes
 
Windows Boot Loader
-------------------
identifier              {4b7fa800-c7c0-11dc-afda-ed2be6b7d208}
device                  unknown
path                    \Windows\system32\winload.exe
description             Microsoft Windows Vista
locale                  en-US
inherit                 {bootloadersettings}
osdevice                unknown
systemroot              \Windows
resumeobject            {4b7fa801-c7c0-11dc-afda-ed2be6b7d208}
nx                      OptIn
detecthal               Yes
 
Windows Setup
-------------
identifier              {7254a080-1510-4e85-ac0f-e7fb3d444736}
locale                  en-US
inherit                 {bootloadersettings}
systemroot              \windows
nx                      OptOut
detecthal               Yes
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {c9790e33-6a6f-11db-815f-ccdb3290320a}
device                  unknown
path                    \Windows\system32\winload.exe
description             Microsoft Windows Vista
locale                  en-US
inherit                 {bootloadersettings}
osdevice                unknown
systemroot              \Windows
resumeobject            {c9790e34-6a6f-11db-815f-ccdb3290320a}
nx                      OptIn
detecthal               Yes
 
Windows Setup
-------------
identifier              {default}
locale                  en-US
inherit                 {bootloadersettings}
systemroot              \windows
nx                      OptOut
detecthal               Yes
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {0c334284-9a41-4de1-99b3-a7e87e8ff07e}
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filepath                \hiberfil.sys
 
Resume from Hibernate
---------------------
identifier              {28d62d1b-48b7-11e8-8463-86b7714ca8b0}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filepath                \hiberfil.sys
 
Resume from Hibernate
---------------------
identifier              {4b7fa801-c7c0-11dc-afda-ed2be6b7d208}
device                  unknown
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filepath                \hiberfil.sys
 
Resume from Hibernate
---------------------
identifier              {98b02a23-0674-4ce7-bdad-e0a15a8ff97b}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filepath                \hiberfil.sys
 
Resume from Hibernate
---------------------
identifier              {c9790e34-6a6f-11db-815f-ccdb3290320a}
device                  unknown
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filepath                \hiberfil.sys
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  partition=C:
path                    \ntldr
description             Earlier Version of Windows
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
========= End of CMD: =========
 
"HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}" => removed successfully.
"HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}" => removed successfully.
"HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}" => removed successfully.
"HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}" => removed successfully.
"HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}" => removed successfully.
"HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}" => removed successfully.
"HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}" => removed successfully.
"HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}" => removed successfully.
"HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}" => removed successfully.
"HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}" => removed successfully.
"HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}" => removed successfully.
"HKU\S-1-5-21-1390778279-201454918-2172237936-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}" => removed successfully.
 
========= BCDEDIT /ENUM ALL =========
 
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {default}
displayorder            {default}
                        {current}
toolsdisplayorder       {memdiag}
timeout                 3
resume                  No
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Microsoft Windows Vista
locale                  en-US
inherit                 {bootloadersettings}
osdevice                partition=C:
systemroot              \Windows
resumeobject            {28d62d1b-48b7-11e8-8463-86b7714ca8b0}
nx                      OptIn
 
Windows Setup
-------------
identifier              {default}
device                  partition=C:
path                    \$WINDOWS.~BT\Windows\system32\winload.exe
description             Windows Setup
locale                  en-US
inherit                 {bootloadersettings}
osdevice                partition=C:
systemroot              \$WINDOWS.~BT\Windows
resumeobject            {3b3e6749-4ce4-11e8-bf01-806e6f6e6963}
nx                      OptOut
detecthal               Yes
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {28d62d1b-48b7-11e8-8463-86b7714ca8b0}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
 
Resume from Hibernate
---------------------
identifier              {3b3e6749-4ce4-11e8-bf01-806e6f6e6963}
device                  partition=C:
path                    \$WINDOWS.~BT\Windows\system32\winresume.exe
description             Windows Setup
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  partition=C:
path                    \ntldr
description             Earlier Version of Windows
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
========= End of CMD: =========
 
 
========= fltmc instances =========
 
Filter                Volume Name                              Altitude        Instance Name      Frame  VlStatus
--------------------  -------------------------------------  ------------  ---------------------  -----  --------
TKDac                 \Device\Mup                             326130       AltitudeAndFlags         0    
TKDac                 C:                                      326130       AltitudeAndFlags         0    
KLIF                  \Device\Mup                             320400       KLIF                     0    
KLIF                  C:                                      320400       KLIF                     0    
luafv                 C:                                      135000       luafv                    0    
klbackupflt           C:                                      100800       klbackupflt              0    
FileInfo              \Device\Mup                              45000       FileInfo                 0    
FileInfo              C:                                       45000       FileInfo                 0    
 
========= End of CMD: =========
 
 
========================= Folder: C:\Windows\System32\Drivers ========================
 
2008-01-20 19:23 - 2008-01-20 19:23 - 000053376 ____A [0349BE02F329F4F48F1D48097FD65974] (Microsoft Corporation) C:\Windows\System32\Drivers\1394bus.sys
2018-05-02 07:58 - 2009-04-10 23:32 - 000265688 ____A [82B296AE1892FE3DBEE00C9CF92F8AC7] (Microsoft Corporation) C:\Windows\System32\Drivers\acpi.sys
2006-11-02 00:36 - 2008-01-20 19:23 - 000422968 ____A [04F0FCAC69C7C71A3AC4EB97FAFC8303] (Adaptec, Inc.) C:\Windows\System32\Drivers\adp94xx.sys
2006-11-02 00:36 - 2008-01-20 19:23 - 000300600 ____A [60505E0041F7751BDBB80F88BF45C2CE] (Adaptec, Inc.) C:\Windows\System32\Drivers\adpahci.sys
2006-11-02 00:36 - 2008-01-20 19:23 - 000101432 ____A [8A42779B02AEC986EAB64ECFC98F8BD7] (Adaptec, Inc.) C:\Windows\System32\Drivers\adpu160m.sys
2006-11-02 00:36 - 2008-01-20 19:23 - 000149560 ____A [241C9E37F8CE45EF51C3DE27515CA4E5] (Adaptec, Inc.) C:\Windows\System32\Drivers\adpu320.sys
2018-04-25 17:55 - 2011-04-21 06:58 - 000273408 ____A [3911B972B55FEA0478476B2E777B29FA] (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2006-11-02 01:35 - 2008-01-20 19:23 - 000056376 ____A [13F9E33747E6B41A3FF305C37DB0D360] (Microsoft Corporation) C:\Windows\System32\Drivers\AGP440.sys
2006-11-02 01:51 - 2008-01-20 19:23 - 000017464 ____A [9EAEF5FC9B8E351AFA7E78A6FAE91F91] (Acer Laboratories Inc.) C:\Windows\System32\Drivers\aliide.sys
2006-11-02 01:35 - 2008-01-20 19:23 - 000057400 ____A [C47344BC706E5F0B9DCE369516661578] (Microsoft Corporation) C:\Windows\System32\Drivers\AMDAGP.SYS
2006-11-02 01:51 - 2008-01-20 19:23 - 000017976 ____A [9B78A39A4C173FDBC1321E0DD659B34C] (Microsoft Corporation) C:\Windows\System32\Drivers\amdide.sys
2006-11-02 01:30 - 2008-01-20 19:23 - 000041472 ____A [18F29B49AD23ECEE3D2A826C725C8D48] (Microsoft Corporation) C:\Windows\System32\Drivers\amdk7.sys
2006-11-02 01:30 - 2008-01-20 19:23 - 000044032 ____A [93AE7F7DD54AB986A6F1A1B37BE7442D] (Microsoft Corporation) C:\Windows\System32\Drivers\amdk8.sys
2006-11-02 00:36 - 2008-01-20 19:23 - 000079416 ____A [5D2888182FB46632511ACEE92FDAD522] (Adaptec, Inc.) C:\Windows\System32\Drivers\arc.sys
2006-11-02 00:36 - 2008-01-20 19:23 - 000079928 ____A [5E2A321BD7C8B3624E41FDEC3E244945] (Adaptec, Inc.) C:\Windows\System32\Drivers\arcsas.sys
2018-04-25 11:53 - 2018-04-25 11:53 - 000042808 ____A [D71E938750DB65232F4627C567CD3558] (AVAST Software) C:\Windows\System32\Drivers\asw2228a90f31d8507a.tmp
2018-04-25 11:53 - 2018-04-25 11:52 - 000185432 ____A [16E60D96CB0E11B73997DDA210FC4FB8] (AVAST Software) C:\Windows\System32\Drivers\asw5740b0b656379d93.tmp
2018-04-25 11:53 - 2018-04-25 11:52 - 000180984 ____A [5998C6DCB45F11723D8B734F47B7C439] (AVAST Software) C:\Windows\System32\Drivers\asw5da1865f99cb74eb.tmp
2018-04-25 11:53 - 2018-04-25 11:53 - 000391856 ____A [3CA1F217418AC2C550C522BE87074530] (AVAST Software) C:\Windows\System32\Drivers\asw63bed3a780b58764.tmp
2018-04-25 11:53 - 2018-04-25 11:53 - 000205352 ____A [C16AE4603C7F9D1A6220EF56DC35947B] (AVAST Software) C:\Windows\System32\Drivers\asw6589f833dca0a782.tmp
2018-04-25 11:53 - 2018-04-25 11:53 - 000070576 ____A [E555DC6049FD4EC3F08AAF73DBC11629] (AVAST Software) C:\Windows\System32\Drivers\asw6f04d9b66bf33266.tmp
2018-04-25 11:53 - 2018-04-25 11:53 - 000167040 ____A [7B57D5B48E423E5C8041F3832F96970D] (AVAST Software) C:\Windows\System32\Drivers\asw8c69920358f9f096.tmp
2018-04-25 11:53 - 2018-04-25 11:53 - 000124392 ____A [F24A2F4991AEB5BE6F37B5B45DB2CC96] (AVAST Software) C:\Windows\System32\Drivers\asw93aa65a62a0be9bc.tmp
2018-04-25 11:53 - 2018-04-25 11:52 - 000276688 ____A [FD1562BA6BCDF9B325D93CF473B67964] (AVAST Software) C:\Windows\System32\Drivers\aswa943b6c90389f8db.tmp
2018-04-25 11:53 - 2018-04-25 11:52 - 000783600 ____A [C4E71D0C0A458EE02ACF83F0E276DBC5] (AVAST Software) C:\Windows\System32\Drivers\aswa996c58136a068b6.tmp
2018-04-25 11:53 - 2018-04-25 11:52 - 000050336 ____A [113E9BB40A08C00731A48BC8C486920A] (AVAST Software) C:\Windows\System32\Drivers\aswb5acf9105346ff33.tmp
2018-04-25 11:53 - 2018-04-25 11:53 - 000070816 ____A [0FCC656DEBCB9A1E8A15A4E079A7E715] (AVAST Software) C:\Windows\System32\Drivers\aswbf761c5c4d3a33d7.tmp
2018-04-25 11:53 - 2018-04-25 11:53 - 000310784 ____A [816C82EC821BEE17C3F973D74487D094] (AVAST Software) C:\Windows\System32\Drivers\aswd64588596b15aa80.tmp
2018-04-25 11:53 - 2018-04-25 11:52 - 000157368 ____A [E52E0E9726F8088062B18E0CE844515E] (AVAST Software) C:\Windows\System32\Drivers\aswfba9e1f6c9e8e9dc.tmp
2008-01-20 19:24 - 2008-01-20 19:24 - 000017408 ____A [53B202ABEE6455406254444303E87BE1] (Microsoft Corporation) C:\Windows\System32\Drivers\asyncmac.sys
2018-05-02 07:58 - 2009-04-10 23:32 - 000019944 ____A [1F05B78AB91C9075565A9D8A4B880BC4] (Microsoft Corporation) C:\Windows\System32\Drivers\atapi.sys
2018-05-02 07:58 - 2009-04-10 23:32 - 000109032 ____A [64B0052340B8EC28FA8A56B708AE71CC] (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2018-04-25 11:16 - 2008-07-03 22:33 - 000053248 ____A [591DE8F69BA8F632D76C880B64FB56AC] (ATI Technologies Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2018-04-25 11:16 - 2008-07-04 02:35 - 003847168 ____A [47DCF5D78C395159D72C65C25129FC44] (ATI Technologies Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2018-04-25 11:16 - 2006-08-23 17:26 - 000328162 ____A [6CDBF55FBA1089AD585D92B7D4307971] () C:\Windows\System32\Drivers\ativcaxx.cpa
2018-04-25 11:16 - 2006-08-23 17:26 - 000000929 ____A [9DE001F033C4F44246DC7ECF24E51702] () C:\Windows\System32\Drivers\ativcaxx.vp
2018-04-25 11:16 - 2007-04-18 08:19 - 000002096 ____A [28E860FB66A500412E0E0ABE74AE4C28] () C:\Windows\System32\Drivers\ativdkxx.vp
2018-04-25 11:16 - 2007-05-30 11:37 - 000002096 ____A [33A2234290EA767DA0EC9FBD5F4BBD19] () C:\Windows\System32\Drivers\ativokxx.vp
2018-04-25 11:16 - 2007-05-30 11:37 - 000002096 ____A [D9BC8AB4EE63B7F4CB5C6A70AB9D9F30] () C:\Windows\System32\Drivers\ativpkxx.vp
2018-04-25 11:16 - 2007-09-08 22:37 - 000052400 ____A [626BF1F845207F6B348AF7B0A9744A8D] () C:\Windows\System32\Drivers\ativvpxx.vp
2006-11-02 01:35 - 2008-01-20 19:23 - 000028216 ____A [2B8A5A8879238C3BA9A89A8E3AC4E45D] (Microsoft Corporation) C:\Windows\System32\Drivers\battc.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000012288 ____A [9F5F8F2318DFA3974A6F6A5602733929] (Microsoft Corporation) C:\Windows\System32\Drivers\bdasup.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000006144 ____A [67E506B75BD5326A3EC7B70BD014DFB6] (Microsoft Corporation) C:\Windows\System32\Drivers\beep.sys
2008-01-20 20:11 - 2008-01-20 19:23 - 000045568 ____A [D4DF28447741FD3D953526E33A617397] (Microsoft Corporation) C:\Windows\System32\Drivers\blbdrive.sys
2018-04-25 18:06 - 2011-02-22 06:23 - 000069632 ____A [35F376253F687BDE63976CCB3F2108CA] (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2006-11-02 02:38 - 2006-11-02 01:24 - 000013568 ____A [9F9ACC7F7CCDE8A15C282D3F88B43309] (Brother Industries, Ltd.) C:\Windows\System32\Drivers\BrFiltLo.sys
2006-11-02 02:37 - 2006-11-02 01:24 - 000005248 ____A [56801AD62213A41F6497F96DEE83755A] (Brother Industries, Ltd.) C:\Windows\System32\Drivers\BrFiltUp.sys
2018-05-02 07:57 - 2009-04-10 22:42 - 000093696 ____A [B1564976D98E91FC764D5DC28A0297DA] (Microsoft Corporation) C:\Windows\System32\Drivers\bridge.sys
2006-11-02 02:22 - 2006-11-02 01:25 - 000071808 ____A [B304E75CFF293029EDDF094246747113] (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrSerId.sys
2006-11-02 02:36 - 2006-11-02 01:24 - 000062336 ____A [203F0B1E73ADADBBB7B7B1FABD901F6B] (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrSerWdm.sys
2006-11-02 02:37 - 2006-11-02 01:24 - 000012160 ____A [BD456606156BA17E60A04E18016AE54B] (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrUsbMdm.sys
2006-11-02 02:38 - 2006-11-02 01:24 - 000011904 ____A [AF72ED54503F717A43268B3CC5FAEC2E] (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrUsbSer.sys
2006-11-02 01:55 - 2006-11-02 01:55 - 000039936 ____A [AD07C1EC6665B8B35741AB91200C6B68] (Microsoft Corporation) C:\Windows\System32\Drivers\bthmodem.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000070144 ____A [7ADD03E75BEB9E6DD102C3081D29840A] (Microsoft Corporation) C:\Windows\System32\Drivers\cdfs.sys
2018-05-02 07:57 - 2009-04-10 21:39 - 000067072 ____A [6B4BFFB9BECD728097024276430DB314] (Microsoft Corporation) C:\Windows\System32\Drivers\cdrom.sys
2006-11-02 01:55 - 2008-01-20 19:23 - 000035328 ____A [E5D4133F37219DBCFE102BC61072589D] (Microsoft Corporation) C:\Windows\System32\Drivers\circlass.sys
2018-05-02 07:58 - 2009-04-10 23:32 - 000125928 ____A [0767B09C74D935A590B4879D14463B64] (Microsoft Corporation) C:\Windows\System32\Drivers\Classpnp.sys
2016-12-26 20:27 - 2016-12-26 20:27 - 000176864 ____A [97F5C73D0DFF4220A4FAEA0EE568F4B5] (AO Kaspersky Lab) C:\Windows\System32\Drivers\cm_km.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000014208 ____A [99AFC3795B58CC478FBBBCDC658FCB56] (Microsoft Corporation) C:\Windows\System32\Drivers\CmBatt.sys
2006-11-02 01:51 - 2008-01-20 19:23 - 000019000 ____A [0CA25E686A4928484E9FDABD168AB629] (CMD Technology, Inc.) C:\Windows\System32\Drivers\cmdide.sys
2006-11-02 01:35 - 2008-01-20 19:23 - 000020792 ____A [6AFEF0B60FA25DE07C0968983EE4F60A] (Microsoft Corporation) C:\Windows\System32\Drivers\compbatt.sys
2018-05-02 07:58 - 2009-04-10 23:32 - 000035304 ____A [36975327EF03949CC378AB01E316B574] (Microsoft Corporation) C:\Windows\System32\Drivers\crashdmp.sys
2006-11-02 01:52 - 2008-01-20 19:23 - 000024632 ____A [741E9DFF4F42D2D8477D0FC1DC0DF871] (Microsoft Corporation) C:\Windows\System32\Drivers\crcdisk.sys
2006-11-02 01:30 - 2008-01-20 19:23 - 000040960 ____A [1F07BECDCA750766A96CDA811BA86410] (Microsoft Corporation) C:\Windows\System32\Drivers\crusoe.sys
2018-04-25 18:02 - 2011-04-14 07:59 - 000075264 ____A [622C41A07CA7E6DD91770F50D532CB6C] (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys
2018-05-02 07:58 - 2009-04-10 23:32 - 000053736 ____A [5D4AEFC3386920236A548271F8F1AF6A] (Microsoft Corporation) C:\Windows\System32\Drivers\disk.sys
2018-05-02 07:57 - 2009-04-10 21:39 - 000019456 ____A [494075282E23D838F43A4C9FB7143959] (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2006-11-02 00:36 - 2006-11-02 02:50 - 000071272 ____A [AE1FDF7BF7BB6C6A70F67699D880592A] (Adaptec, Inc.) C:\Windows\System32\Drivers\djsvs.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000130048 ____A [7BE5A3C671A2CB56E94403BFC2020A0D] (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000005632 ____A [97FEF831AB90BEE128C9AF390E243F80] (Microsoft Corporation) C:\Windows\System32\Drivers\drmkaud.sys
2018-05-02 07:58 - 2009-04-10 23:32 - 000027624 ____A [C67EBF9C05531C406E1E079FF669A2E6] (Microsoft Corporation) C:\Windows\System32\Drivers\Dumpata.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000013312 ____A [EAAAFEF04FBB45665C9576E525D45A12] (Microsoft Corporation) C:\Windows\System32\Drivers\dxapi.sys
2018-05-02 07:57 - 2009-04-10 21:23 - 000076288 ____A [C8D5369BFE193B5FB53337DCE77CE314] (Microsoft Corporation) C:\Windows\System32\Drivers\dxg.sys
2018-05-02 07:59 - 2009-04-10 21:23 - 000626176 ____A [FB85F7F69E9B109820409243F578CC4D] (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000118784 ____A [5425F74AC0C1DBD96A1E04F17D63F94C] (Intel Corporation) C:\Windows\System32\Drivers\E1G60I32.sys
2018-05-02 07:58 - 2009-04-10 23:32 - 000141288 ____A [7F64EA048DCFAC7ACF8B4D7B4E6FE371] (Microsoft Corporation) C:\Windows\System32\Drivers\ecache.sys
2006-11-02 00:36 - 2008-01-20 19:23 - 000342584 ____A [23B62471681A124889978F6295B3F4C6] (Emulex) C:\Windows\System32\Drivers\elxstor.sys
2008-01-20 20:13 - 2008-01-20 19:23 - 000006656 ____A [3DB974F3935483555D7148663F726C61] (Microsoft Corporation) C:\Windows\System32\Drivers\errdev.sys
2018-05-02 07:58 - 2009-04-10 21:13 - 000136704 ____A [22B408651F9123527BCEE54B4F6C5CAE] (Microsoft Corporation) C:\Windows\System32\Drivers\exfat.sys
2018-05-02 07:57 - 2009-04-10 21:13 - 000142848 ____A [1E9B9A70D332103C52995E957DC09EF8] (Microsoft Corporation) C:\Windows\System32\Drivers\fastfat.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000025088 ____A [AFE1E8B9782A0DD7FB46BBD88E43F89A] (Microsoft Corporation) C:\Windows\System32\Drivers\fdc.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000058936 ____A [A8C0139A884861E3AAE9CFE73B208A9F] (Microsoft Corporation) C:\Windows\System32\Drivers\fileinfo.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000027648 ____A [0AE429A696AECBC5970E3CF2C62635AE] (Microsoft Corporation) C:\Windows\System32\Drivers\filetrace.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000020480 ____A [85B7CF99D532820495D68D747FDA9EBD] (Microsoft Corporation) C:\Windows\System32\Drivers\flpydisk.sys
2018-05-02 07:58 - 2009-04-10 23:32 - 000190424 ____A [01334F9EA68E6877C4EF05D3EA8ABB05] (Microsoft Corporation) C:\Windows\System32\Drivers\fltMgr.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000012800 ____A [65EA8B77B5851854F0C55C43FA51A198] (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2018-05-02 07:58 - 2009-04-10 23:32 - 000099816 ____A [73594DBC99E22958150192EE99BC48CE] (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2006-11-02 01:35 - 2008-01-20 19:23 - 000061496 ____A [34582A6E6573D54A07ECE5FE24A126B5] (Microsoft Corporation) C:\Windows\System32\Drivers\GAGP30KX.SYS
2006-11-01 23:43 - 2006-09-18 14:26 - 003440660 ____A [7F29903CB8F5590D52DB0C9F97049A25] () C:\Windows\System32\Drivers\gm.dls
2006-11-01 23:43 - 2006-09-18 14:26 - 000000646 ____A [7111BFA692A22E4B3C07F1E6C6FF6F72] () C:\Windows\System32\Drivers\gmreadme.txt
2018-05-02 07:59 - 2009-04-10 21:42 - 000561152 ____A [062452B7FFD68C8C042A6261FE8DFF4A] (Microsoft Corporation) C:\Windows\System32\Drivers\hdaudbus.sys
2018-05-02 07:58 - 2009-04-10 21:43 - 000236544 ____A [3F90E001369A07243763BD5A523D8722] (Microsoft Corporation) C:\Windows\System32\Drivers\HdAudio.sys
2006-11-02 01:55 - 2006-11-02 01:55 - 000029184 ____A [1338520E78D90154ED6BE8F84DE5FCEB] (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
2018-05-02 07:57 - 2009-04-10 21:42 - 000039424 ____A [5961CADB7CAD938368D2028725EF771D] (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000021504 ____A [D8DF3722D5E961BAA1292AA2F12827E2] (Microsoft Corporation) C:\Windows\System32\Drivers\hidir.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000025472 ____A [175444D3A01CA45D0E1C5DC5F48DF7CD] (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2018-05-02 07:57 - 2009-04-10 21:42 - 000012800 ____A [CCA4B519B17E23A00B826C55716809CC] (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2006-11-02 00:36 - 2008-01-20 19:23 - 000040504 ____A [16EE7B23A009E00D835CDB79574A91A6] (Hewlett-Packard Company) C:\Windows\System32\Drivers\HpCISSs.sys
2018-04-25 18:17 - 2010-02-20 13:53 - 000411648 ____A [F870AA3E254628EBEAFE754108D664DE] (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2006-11-02 01:52 - 2008-01-20 19:23 - 000019000 ____A [95BD3EA81EBE6B8CACAFDB6CDAB3586C] (Microsoft Corporation) C:\Windows\System32\Drivers\i2omgmt.sys
2006-11-02 01:51 - 2008-01-20 19:23 - 000030264 ____A [C6B032D69650985468160FC9937CF5B4] (Microsoft Corporation) C:\Windows\System32\Drivers\i2omp.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000054784 ____A [22D56C8184586B7A1F6FA60BE5F5A2BD] (Microsoft Corporation) C:\Windows\System32\Drivers\i8042prt.sys
2006-11-02 00:36 - 2008-01-20 19:23 - 000235064 ____A [54155EA1B0DF185878E0FC9EC3AC3A14] (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2006-11-02 00:36 - 2006-11-02 02:50 - 000041576 ____A [2D077BF86E843F901D8DB709C95B49A5] (Intel Corp./ICP vortex GmbH) C:\Windows\System32\Drivers\iirsp.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000017976 ____A [83AA759F3189E6370C30DE5DC5590718] (Microsoft Corporation) C:\Windows\System32\Drivers\intelide.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000041472 ____A [224191001E78C89DFA78924C3EA595FF] (Microsoft Corporation) C:\Windows\System32\Drivers\intelppm.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000047616 ____A [62C265C38769B864CB25B4BCF62DF6C3] (Microsoft Corporation) C:\Windows\System32\Drivers\ipfltdrv.sys
2006-11-02 01:42 - 2008-01-20 19:23 - 000064512 ____A [B25AAF203552B7B3491139D582B39AD1] (Microsoft Corporation) C:\Windows\System32\Drivers\IPMIDrv.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000100864 ____A [8793643A67B42CEC66490B2A0CF92D68] (Microsoft Corporation) C:\Windows\System32\Drivers\ipnat.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000095744 ____A [E50A95179211B12946F7E035D60AF560] (Microsoft Corporation) C:\Windows\System32\Drivers\irda.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000013312 ____A [109C0DFB82C3632FBD11949B73AEEAC9] (Microsoft Corporation) C:\Windows\System32\Drivers\irenum.sys
2006-11-02 01:35 - 2008-01-20 19:23 - 000049720 ____A [6C70698A3E5C4376C6AB5C7C17FB0614] (Microsoft Corporation) C:\Windows\System32\Drivers\isapnp.sys
2006-11-02 00:36 - 2006-11-02 02:50 - 000035944 ____A [BCED60D16156E428F8DF8CF27B0DF150] (Integrated Technology Express, Inc.) C:\Windows\System32\Drivers\iteatapi.sys
2010-03-08 10:02 - 2010-03-08 10:02 - 000062496 ____A [20425664E2E196D339CA877E0387C023] (ITE Tech. Inc. ) C:\Windows\System32\Drivers\itecir.sys
2006-11-02 00:36 - 2006-11-02 02:50 - 000035944 ____A [06FA654504A498C30ADCA8BEC4E87E7E] (Integrated Technology Express, Inc.) C:\Windows\System32\Drivers\iteraid.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000035384 ____A [37605E0A8CF00CBBA538E753E4344C6E] (Microsoft Corporation) C:\Windows\System32\Drivers\kbdclass.sys
2018-05-02 07:58 - 2009-04-10 21:38 - 000017408 ____A [EDE59EC70E25C24581ADD1FBEC7325F7] (Microsoft Corporation) C:\Windows\System32\Drivers\kbdhid.sys
2016-10-01 02:26 - 2016-10-01 02:26 - 000165296 ____A [8A9A6AC80637DEB4963F6E392BA58A1F] (AO Kaspersky Lab) C:\Windows\System32\Drivers\kl1.sys
2017-12-25 08:31 - 2017-12-25 08:31 - 000062184 ____A [18B963C6E0203B45CEDCCE82B5E4332D] (AO Kaspersky Lab) C:\Windows\System32\Drivers\klbackupdisk.sys
2017-12-25 08:31 - 2018-05-06 07:32 - 000098504 ____A [D1AC3C79964FB24BA13268BE2C6367D7] (AO Kaspersky Lab) C:\Windows\System32\Drivers\klbackupflt.sys
2016-05-31 23:24 - 2016-05-31 23:24 - 000069000 ____A [6B2A3C8059FE7D14255D81701BC7C380] (AO Kaspersky Lab) C:\Windows\System32\Drivers\kldisk.sys
2018-05-02 20:12 - 2018-05-06 07:33 - 000164032 ____A [0E43546948B032DE8617B2BFE4C8C18C] (AO Kaspersky Lab) C:\Windows\System32\Drivers\klflt.sys
2017-12-25 08:31 - 2018-05-06 07:32 - 000659136 ____A [91ACB3A4F361247A602EA2F1CE93FBA7] (AO Kaspersky Lab) C:\Windows\System32\Drivers\klhk.sys
2018-05-02 20:12 - 2018-05-06 07:33 - 000835272 ____A [1E613F868D1F7EB48658A61ACC1A9B06] (AO Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys
2016-10-11 14:14 - 2018-05-06 07:33 - 000049344 ____A [CEA1D8480E272AD3A4995C821125B71E] (AO Kaspersky Lab) C:\Windows\System32\Drivers\klim6.sys
2016-12-23 09:19 - 2016-12-23 09:19 - 000050400 ____A [F9E6FED49AE59E52A60DCA8B5EA5F934] (AO Kaspersky Lab) C:\Windows\System32\Drivers\klkbdflt.sys
2016-12-07 09:38 - 2016-12-07 09:38 - 000051424 ____A [33378886837435DC9BFC1E8B24A181F7] (AO Kaspersky Lab) C:\Windows\System32\Drivers\klmouflt.sys
2017-12-25 08:31 - 2017-12-25 08:31 - 000045552 ____A [7ADA7AF3394B697474315A5E3E002D78] (AO Kaspersky Lab) C:\Windows\System32\Drivers\klpd.sys
2016-06-07 01:31 - 2016-06-07 01:31 - 000048056 ____A [F6D34D7C08D4A17A7F1293093BA857CC] (The OpenVPN Project) C:\Windows\System32\Drivers\kltap.sys
2016-12-13 16:26 - 2016-12-13 16:26 - 000086240 ____A [A1B91322531BB24AF071FA2025BDD52B] (AO Kaspersky Lab) C:\Windows\System32\Drivers\kltdf.sys
2017-12-25 08:31 - 2017-12-25 08:31 - 000075760 ____A [95C49FC14D3D3F541549D20BE15094F0] (AO Kaspersky Lab) C:\Windows\System32\Drivers\kltdi.sys
2017-12-25 08:31 - 2017-12-25 08:31 - 000165088 ____A [9B03367CB7BC8FDD67DBABB6D63670BB] (AO Kaspersky Lab) C:\Windows\System32\Drivers\kneps.sys
2018-05-02 07:58 - 2009-04-10 21:38 - 000149504 ____A [EF73C1E29FBE7B0FD0274BF4394E346A] (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
2018-04-25 17:48 - 2009-06-15 16:15 - 000439864 ____A [86165728AF9BF72D6442A894FDFB4F8B] (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000047104 ____A [D1C5883087A0C3F1344D9D55A44901F6] (Microsoft Corporation) C:\Windows\System32\Drivers\lltdio.sys
2006-11-02 00:36 - 2008-01-20 19:23 - 000096312 ____A [C7E15E82879BF3235B559563D4185365] (LSI Logic) C:\Windows\System32\Drivers\lsi_fc.sys
2006-11-02 00:36 - 2008-01-20 19:23 - 000089656 ____A [EE01EBAE8C9BF0FA072E0FF68718920A] (LSI Logic) C:\Windows\System32\Drivers\lsi_sas.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000096312 ____A [912A04696E9CA30146A62AFA1463DD5C] (LSI Logic) C:\Windows\System32\Drivers\lsi_scsi.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000084480 ____A [8F5C7426567798E62A3B3614965D62CC] (Microsoft Corporation) C:\Windows\System32\Drivers\luafv.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000018944 ____A [B271EC02E71271A2DA28B3B7BC4E4F15] (Microsoft Corporation) C:\Windows\System32\Drivers\mcd.sys
2006-11-02 00:36 - 2008-01-20 19:23 - 000031288 ____A [0001CE609D66632FA17B84705F658879] (LSI Corporation) C:\Windows\System32\Drivers\megasas.sys
2008-01-20 20:10 - 2008-01-20 19:23 - 000386616 ____A [C252F32CD9A49DBFC25ECF26EBD51A99] (LSI Corporation, Inc.) C:\Windows\System32\Drivers\MegaSR.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000031744 ____A [E13B5EA0F51BA5B1512EC671393D09BA] (Microsoft Corporation) C:\Windows\System32\Drivers\modem.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000041984 ____A [0A9BB33B56E294F686ABB7C1E4E2D8A8] (Microsoft Corporation) C:\Windows\System32\Drivers\monitor.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000034360 ____A [5BF6A1326A335C5298477754A506D263] (Microsoft Corporation) C:\Windows\System32\Drivers\mouclass.sys
2006-11-02 01:51 - 2008-01-20 19:23 - 000015872 ____A [93B8D4869E12CFBE663915502900876F] (Microsoft Corporation) C:\Windows\System32\Drivers\mouhid.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000057400 ____A [BDAFC88AA6B92F7842416EA6A48E1600] (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys
2006-11-02 01:52 - 2008-01-20 19:23 - 000105016 ____A [511D011289755DD9F9A7579FB0B064E6] (Microsoft Corporation) C:\Windows\System32\Drivers\mpio.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000064000 ____A [22241FEBA9B2DEFA669C8CB0A8DD7D2E] (Microsoft Corporation) C:\Windows\System32\Drivers\mpsdrv.sys
2006-11-02 00:36 - 2006-11-02 02:49 - 000033384 ____A [4FBBB70D30FD20EC51F80061703B001E] (LSI Logic Corporation) C:\Windows\System32\Drivers\Mraid35x.sys
2018-05-02 07:59 - 2009-04-10 21:14 - 000114688 ____A [82CEA0395524AACFEB58BA1448E8325C] (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2018-04-25 18:06 - 2011-04-29 06:24 - 000106496 ____A [1E94971C4B446AB2290DEB71D01CF0C2] (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2018-04-25 18:06 - 2011-07-06 08:31 - 000214016 ____A [4FCCB34D793B116423209C0F8B7A3B03] (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2018-04-25 18:06 - 2011-04-29 06:24 - 000079872 ____A [C3CB1B40AD4A0124D617A1199B0B9D7C] (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2018-05-02 07:58 - 2009-04-10 23:32 - 000027112 ____A [5457DCFA7C0DA43522F4D9D4049C1472] (Microsoft Corporation) C:\Windows\System32\Drivers\msahci.sys
2006-11-02 01:52 - 2008-01-20 19:23 - 000094776 ____A [4468B0F385A86ECDDAF8D3CA662EC0E7] (Microsoft Corporation) C:\Windows\System32\Drivers\msdsm.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000022528 ____A [A9927F4A46B816C92F461ACB90CF8515] (Microsoft Corporation) C:\Windows\System32\Drivers\msfs.sys
2018-04-25 10:45 - 2018-04-25 10:45 - 000000000 ___AH [D41D8CD98F00B204E9800998ECF8427E] () C:\Windows\System32\Drivers\Msft_User_WpdFs_01_00_00.Wdf
2018-04-25 11:56 - 2009-07-14 10:45 - 000000003 ____A [933222B19FF3E7EA5F65517EA1F7D57E] () C:\Windows\System32\Drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
2008-01-20 19:23 - 2008-01-20 19:23 - 000016440 ____A [0F400E306F385C56317357D6DEA56F62] (Microsoft Corporation) C:\Windows\System32\Drivers\msisadrv.sys
2018-05-02 07:58 - 2009-04-10 23:32 - 000180712 ____A [232FA340531D940AAC623B121A595034] (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000008192 ____A [D8C63D34D9C9E56C059E24EC7185CC07] (Microsoft Corporation) C:\Windows\System32\Drivers\mskssrv.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000005888 ____A [1D373C90D62DDB641D50E55B9E78D65E] (Microsoft Corporation) C:\Windows\System32\Drivers\mspclock.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000005504 ____A [B572DA05BF4E098D4BBA3A4734FB505B] (Microsoft Corporation) C:\Windows\System32\Drivers\mspqm.sys
2018-05-02 07:58 - 2009-04-10 23:32 - 000161752 ____A [B49456D70555DE905C311BCDA6EC6ADB] (Microsoft Corporation) C:\Windows\System32\Drivers\msrpc.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000031288 ____A [E384487CB84BE41D09711C30CA79646C] (Microsoft Corporation) C:\Windows\System32\Drivers\mssmbios.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000006016 ____A [7199C1EEC1E4993CAF96B8C0A26BD58A] (Microsoft Corporation) C:\Windows\System32\Drivers\mstee.sys
2018-05-02 07:58 - 2009-04-10 23:32 - 000048104 ____A [6A57B5733D4CB702C8EA4542E836B96C] (Microsoft Corporation) C:\Windows\System32\Drivers\mup.sys
2018-05-02 07:58 - 2009-04-10 23:32 - 000527848 ____A [1357274D1883F68300AEADD15D7BBB42] (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000020992 ____A [0E186E90404980569FB449BA7519AE61] (Microsoft Corporation) C:\Windows\System32\Drivers\ndistapi.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000016896 ____A [D6973AA34C4D5D76C0430B181C3CD389] (Microsoft Corporation) C:\Windows\System32\Drivers\ndisuio.sys
2018-05-02 07:57 - 2009-04-10 21:46 - 000121344 ____A [818F648618AE34F729FDB47EC68345C3] (Microsoft Corporation) C:\Windows\System32\Drivers\ndiswan.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000049664 ____A [71DAB552B41936358F3B541AE5997FB3] (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000035840 ____A [BCD093A5A6777CF626434568DC7DBA78] (Microsoft Corporation) C:\Windows\System32\Drivers\netbios.sys
2018-05-02 07:58 - 2009-04-10 21:45 - 000185856 ____A [ECD64230A59CBD93C85F1CD1CAB9F3F6] (Microsoft Corporation) C:\Windows\System32\Drivers\netbt.sys
2018-05-02 07:59 - 2009-04-10 23:32 - 000223208 ____A [063EE4D3CB88A14EAB9901875CEE98B1] (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2008-05-21 04:36 - 2008-05-21 04:36 - 003663360 ____A [0B214C6A4728F085FB64A29ED9C4DE94] (Intel Corporation) C:\Windows\System32\Drivers\NETw5v32.sys
2006-11-02 00:36 - 2006-11-02 02:50 - 000045160 ____A [2E7FB731D4790A1BC6270ACCEFACB36E] (IBM Corporation) C:\Windows\System32\Drivers\nfrd960.sys
2018-05-02 07:57 - 2009-04-10 21:14 - 000035328 ____A [D36F239D7CCE1931598E8FB90A0DBC26] (Microsoft Corporation) C:\Windows\System32\Drivers\npfs.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000016384 ____A [609773E344A97410CE4EBF74A8914FCF] (Microsoft Corporation) C:\Windows\System32\Drivers\nsiproxy.sys
2018-05-02 07:59 - 2009-04-10 23:32 - 001083880 ____A [6A4A98CEE84CF9E99564510DDA4BAA47] (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2006-11-02 00:36 - 2006-11-02 00:36 - 000020608 ____A [E875C093AEC0C978A90F30C9E0DFBB72] (N-trig Innovative Technologies) C:\Windows\System32\Drivers\ntrigdigi.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000004608 ____A [C5DBBCDA07D780BDA9B685DF333BB41E] (Microsoft Corporation) C:\Windows\System32\Drivers\null.sys
2006-11-02 01:35 - 2008-01-20 19:23 - 000109112 ____A [18BBDF913916B71BD54575BDB6EEAC0B] (Microsoft Corporation) C:\Windows\System32\Drivers\NV_AGP.SYS
2006-11-02 00:36 - 2008-01-20 19:23 - 000102968 ____A [2EDF9E7751554B42CBB60116DE727101] (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2006-11-02 00:36 - 2008-01-20 19:23 - 000045112 ____A [ABED0C09758D1D97DB0042DBB2688177] (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2018-05-02 07:57 - 2009-04-10 21:43 - 000148480 ____A [85C44FDFF9CF7E72A40DCB7EC06A4416] (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys
2007-06-07 17:00 - 2007-06-07 17:00 - 000148056 ____A [EC528056B89D15755ABB624E55949E44] (Creative Technology Ltd.) C:\Windows\System32\Drivers\OA001Afx.sys
2006-09-19 05:56 - 2006-09-19 05:56 - 000057656 ____A [70863135CFCCE7CC34B2C769044B937E] () C:\Windows\System32\Drivers\OA001PC.bmp
2007-02-02 10:01 - 2007-02-02 10:01 - 000022951 ____A [D58075C0ECCF5EE2A472FF80F5AF0916] () C:\Windows\System32\Drivers\OA001PC.jpg
2009-03-06 07:30 - 2009-03-06 07:30 - 000133632 ____A [2CF21D5F8F1B74BB1922135AC2B12DDB] (Creative Technology Ltd.) C:\Windows\System32\Drivers\OA001Ufd.sys
2009-03-08 17:06 - 2009-03-08 17:06 - 000280096 ____A [4075063D25AF9DA64101769854B83787] (Creative Technology Ltd.) C:\Windows\System32\Drivers\OA001Vid.sys
2018-05-02 07:57 - 2009-04-10 21:43 - 000062208 ____A [6F310E890D46E246E0E261A63D9B36B4] (Microsoft Corporation) C:\Windows\System32\Drivers\ohci1394.sys
2018-05-02 07:57 - 2009-04-10 21:45 - 000072192 ____A [99514FAA8DF93D34B5589187DB3AA0BA] (Microsoft Corporation) C:\Windows\System32\Drivers\pacer.sys
2006-11-02 01:51 - 2006-11-02 01:51 - 000079360 ____A [0FA9B5055484649D63C303FE404E5F4D] (Microsoft Corporation) C:\Windows\System32\Drivers\parport.sys
2018-05-02 07:58 - 2009-04-10 23:32 - 000054248 ____A [57389FA59A36D96B3EB09D0CB91E9CDC] (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2006-11-02 01:51 - 2006-11-02 01:51 - 000008704 ____A [4F9A6A8A31413180D0FCB279AD5D8112] (Microsoft Corporation) C:\Windows\System32\Drivers\parvdm.sys
2018-05-02 07:58 - 2009-04-10 23:32 - 000149480 ____A [941DC1D19E7E8620F40BBC206981EFDB] (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys
2006-11-02 01:51 - 2008-01-20 19:23 - 000016440 ____A [FC175F5DDAB666D7F4D17449A547626F] (Microsoft Corporation) C:\Windows\System32\Drivers\pciide.sys
2018-05-02 07:58 - 2009-04-10 23:32 - 000043496 ____A [6429D10C5D149AC9EB2D95052A390CFF] (Microsoft Corporation) C:\Windows\System32\Drivers\pciidex.sys
2006-11-02 01:35 - 2006-11-02 02:51 - 000167528 ____A [E6F3FB1B86AA519E7698AD05E58B04E5] (Microsoft Corporation) C:\Windows\System32\Drivers\pcmcia.sys
2006-11-02 02:04 - 2006-11-02 02:04 - 000878080 ____A [6349F6ED9C623B44B52EA3C63C831A92] (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2018-05-02 07:58 - 2009-04-10 21:42 - 000167936 ____A [218286724EC530FF252648369E05B090] (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2006-11-02 01:30 - 2008-01-20 19:23 - 000040960 ____A [2027293619DD0F047C584CF2E7DF4FFD] (Microsoft Corporation) C:\Windows\System32\Drivers\processr.sys
2006-11-02 00:36 - 2008-01-20 19:23 - 001122360 ____A [0A6DB55AFB7820C99AA1F3A1D270F4F6] (QLogic Corporation) C:\Windows\System32\Drivers\ql2300.sys
2006-11-02 00:36 - 2006-11-02 02:50 - 000106088 ____A [81A7E5C076E59995D54BC1ED3A16E60B] (QLogic Corporation) C:\Windows\System32\Drivers\ql40xx.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000031232 ____A [9F5E0E1926014D17486901C88ECA2DB7] (Microsoft Corporation) C:\Windows\System32\Drivers\qwavedrv.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000011776 ____A [147D7F9C556D259924351FEB0DE606C3] (Microsoft Corporation) C:\Windows\System32\Drivers\rasacd.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000076288 ____A [A214ADBAF4CB47DD2728859EF31F26B0] (Microsoft Corporation) C:\Windows\System32\Drivers\rasl2tp.sys
2018-05-02 07:57 - 2009-04-10 21:46 - 000041472 ____A [509A98DD18AF4375E1FC40BC175F1DEF] (Microsoft Corporation) C:\Windows\System32\Drivers\raspppoe.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000062976 ____A [ECFFFAEC0C1ECD8DBC77F39070EA1DB1] (Microsoft Corporation) C:\Windows\System32\Drivers\raspptp.sys
2018-05-02 07:57 - 2009-04-10 21:46 - 000069120 ____A [2005F4A1E05FA09389AC85840F0A9E4D] (Microsoft Corporation) C:\Windows\System32\Drivers\rassstp.sys
2018-05-02 07:59 - 2009-04-10 21:14 - 000225280 ____A [B14C9D5B9ADD2F84F70570BBBFAA7935] (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000006144 ____A [89E59BE9A564262A3FB6C4F4F1CD9899] (Microsoft Corporation) C:\Windows\System32\Drivers\RDPCDD.sys
2006-11-02 02:03 - 2008-01-20 19:23 - 000248832 ____A [FBC0BACD9C3D7F6956853F64A66E252D] (Microsoft Corporation) C:\Windows\System32\Drivers\rdpdr.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000006144 ____A [9D91FE5286F748862ECFFA05F8A0710C] (Microsoft Corporation) C:\Windows\System32\Drivers\RDPENCDD.sys
2018-05-02 07:57 - 2009-04-10 21:51 - 000180736 ____A [30BFBDFB7F95559EDE971F9DDB9A00BA] (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2018-04-25 11:05 - 2008-02-15 18:01 - 000046592 ____A [C2EF513BBE069F0D4EE0938A76F975D3] (REDC) C:\Windows\System32\Drivers\rimmptsk.sys
2018-04-25 11:05 - 2007-07-30 10:42 - 000043008 ____A [C398BCA91216755B098679A8DA8A2300] (REDC) C:\Windows\System32\Drivers\rimsptsk.sys
2018-04-25 11:05 - 2007-07-30 11:54 - 000038400 ____A [2A2554CB24506E0A0508FC395C4A1B42] (REDC) C:\Windows\System32\Drivers\rixdptsk.sys
2018-05-02 07:57 - 2009-04-10 21:45 - 000113664 ____A [EEC7EE5675294B03E88AA868540007C1] (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys
2018-05-02 07:57 - 2009-04-10 21:46 - 000033280 ____A [D9225D107E40D0FA5C5069446759C8E9] (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000008192 ____A [75E8A6BFA7374ABA833AE92BF41AE4E6] (Microsoft Corporation) C:\Windows\System32\Drivers\rootmdm.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000060416 ____A [9C508F4074A39E8B4B31D27198146FAD] (Microsoft Corporation) C:\Windows\System32\Drivers\rspndr.sys
2006-11-02 01:51 - 2006-11-02 02:50 - 000076392 ____A [3CE8F073A557E172B330109436984E30] (Microsoft Corporation) C:\Windows\System32\Drivers\sbp2port.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000142904 ____A [6F5CA34AE885645ACF8A20D564DB976C] (Microsoft Corporation) C:\Windows\System32\Drivers\scsiport.sys
2018-05-02 07:58 - 2009-04-10 21:19 - 000089088 ____A [8F36B54688C31EED4580129040C6A3D3] (Microsoft Corporation) C:\Windows\System32\Drivers\sdbus.sys
2006-11-01 23:37 - 2006-11-01 23:37 - 000020480 ____A [90A3935D05B494A5A39D37E71F09A677] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\System32\Drivers\secdrv.sys
2006-11-02 01:51 - 2006-11-02 01:51 - 000017920 ____A [68E44E331D46F0FB38F0863A84CD1A31] (Microsoft Corporation) C:\Windows\System32\Drivers\serenum.sys
2006-11-02 01:51 - 2006-11-02 01:51 - 000083456 ____A [C70D69A918B178D3C3B06339B40C2E1B] (Microsoft Corporation) C:\Windows\System32\Drivers\serial.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000019968 ____A [8AF3D28A879BF75DB53A0EE7A4289624] (Microsoft Corporation) C:\Windows\System32\Drivers\sermouse.sys
2006-11-02 01:51 - 2008-01-20 19:23 - 000013312 ____A [3EFA810BDCA87F6ECC24F9832243FE86] (Microsoft Corporation) C:\Windows\System32\Drivers\sffdisk.sys
2006-11-02 01:51 - 2008-01-20 19:23 - 000012288 ____A [E95D451F7EA3E583AEC75F3B3EE42DC5] (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_mmc.sys
2006-11-02 01:51 - 2008-01-20 19:23 - 000011776 ____A [3D0EA348784B7AC9EA9BD9F317980979] (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_sd.sys
2006-11-02 01:51 - 2006-11-02 01:51 - 000013312 ____A [46ED8E91793B2E6F848015445A0AC188] (Microsoft Corporation) C:\Windows\System32\Drivers\sfloppy.sys
2006-11-02 01:35 - 2008-01-20 19:23 - 000055864 ____A [1D76624A09A054F682D746B924E2DBC3] (Microsoft Corporation) C:\Windows\System32\Drivers\SISAGP.SYS
2006-11-02 00:36 - 2008-01-20 19:23 - 000041016 ____A [43CB7AA756C7DB280D01DA9B676CFDE2] (Microsoft Corporation) C:\Windows\System32\Drivers\sisraid2.sys
2006-11-02 00:36 - 2008-01-20 19:23 - 000074808 ____A [A99C6C8B0BAA970D8AA59DDC50B57F94] (Silicon Integrated Systems) C:\Windows\System32\Drivers\sisraid4.sys
2018-05-02 07:57 - 2009-04-10 21:45 - 000066560 ____A [7B75299A4D201D6A6533603D6914AB04] (Microsoft Corporation) C:\Windows\System32\Drivers\smb.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000017408 ____A [A7D7EA1771D2ED6F39A8063E79B6C3E8] (Microsoft Corporation) C:\Windows\System32\Drivers\smclib.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000021048 ____A [7AEBDEEF071FE28B0EEF2CDD69102BFF] (Microsoft Corporation) C:\Windows\System32\Drivers\spldr.sys
2018-05-02 08:00 - 2009-04-10 19:52 - 000684032 ____A [A7F8BAD9590ADDC425B4003E94780DFA] (Microsoft Corporation) C:\Windows\System32\Drivers\spsys.sys
2018-04-25 17:57 - 2011-02-18 07:03 - 000305152 ____A [41987F9FC0E61ADF54F581E15029AD91] (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2018-04-25 17:55 - 2011-04-29 06:25 - 000146432 ____A [FF33AFF99564B1AA534F58868CBE41EF] (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2018-04-25 17:55 - 2011-04-29 06:25 - 000102400 ____A [7605C0E1D01A08F3ECD743F38B834A44] (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2018-05-02 07:58 - 2009-04-10 23:32 - 000122344 ____A [47E55AFE1ED1D5AFF09690DB226F4A7A] (Microsoft Corporation) C:\Windows\System32\Drivers\Storport.sys
2018-05-02 07:57 - 2009-04-10 21:42 - 000052992 ____A [70A92E46A2F459CDEDE3CA558CB26B6A] (Microsoft Corporation) C:\Windows\System32\Drivers\stream.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000015288 ____A [7BA58ECF0C0A9A69D44B3DCA62BECF56] (Microsoft Corporation) C:\Windows\System32\Drivers\swenum.sys
2006-11-02 00:36 - 2006-11-02 02:49 - 000031848 ____A [8C8EB8C76736EBAF3B13B633B2E64125] (LSI Logic) C:\Windows\System32\Drivers\sym_hi.sys
2006-11-02 00:36 - 2006-11-02 02:50 - 000034920 ____A [8072AF52B5FD103BBBA387A1E49F62CB] (LSI Logic) C:\Windows\System32\Drivers\sym_u3.sys
2006-11-02 00:36 - 2006-11-02 02:50 - 000035944 ____A [192AA3AC01DF071B541094F251DEED10] (LSI Logic) C:\Windows\System32\Drivers\symc8xx.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000024576 ____A [1239FD18895040D97B7CDBC19BC2075E] (Microsoft Corporation) C:\Windows\System32\Drivers\tape.sys
2018-04-25 17:44 - 2010-06-16 09:04 - 000905088 ____A [A474879AFA4A596B3A531F3E69730DBF] (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2018-04-25 17:44 - 2009-12-08 10:26 - 000030720 ____A [608C345A255D82A6289C2D468EB41FD7] (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000020992 ____A [77937EFF009AC696B90E09F671F9D0A4] (Microsoft Corporation) C:\Windows\System32\Drivers\tdi.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000017920 ____A [5DCF5E267BE67A1AE926F2DF77FBCC56] (Microsoft Corporation) C:\Windows\System32\Drivers\tdpipe.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000029184 ____A [389C63E32B3CEFED425B61ED92D3F021] (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2018-05-02 07:57 - 2009-04-10 21:45 - 000072192 ____A [76B06EB8A01FC8624D699E7045303E54] (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys
2018-05-02 07:58 - 2009-04-10 23:32 - 000053224 ____A [3CAD38910468EAB9A6479E2F01DB43C7] (Microsoft Corporation) C:\Windows\System32\Drivers\termdd.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000023552 ____A [DCF0F056A2E4F52287264F5AB29CF206] (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000015360 ____A [CAECC0120AC49E3D2F758B9169872D38] (Microsoft Corporation) C:\Windows\System32\Drivers\TUNMP.SYS
2018-04-25 18:06 - 2010-02-18 04:28 - 000025088 ____A [300DB877AC094FEAB0BE7688C3454A9C] (Microsoft Corporation) C:\Windows\System32\Drivers\tunnel.sys
2006-11-02 01:35 - 2008-01-20 19:23 - 000059448 ____A [7D33C4DB2CE363C8518D2DFCF533941F] (Microsoft Corporation) C:\Windows\System32\Drivers\UAGP35.SYS
2018-05-02 07:57 - 2009-04-10 21:13 - 000226816 ____A [D9728AF68C4C7693CB100B8441CBDEC6] (Microsoft Corporation) C:\Windows\System32\Drivers\udfs.sys
2006-11-02 01:35 - 2008-01-20 19:23 - 000060984 ____A [B0ACFDC9E4AF279E9116C03E014B2B27] (Microsoft Corporation) C:\Windows\System32\Drivers\ULIAGPKX.SYS
2006-11-02 00:36 - 2008-01-20 19:23 - 000238648 ____A [9224BB254F591DE4CA8D572A5F0D635C] (ULi Electronics Inc.) C:\Windows\System32\Drivers\uliahci.sys
2006-11-02 00:36 - 2006-11-02 02:50 - 000098408 ____A [8514D0E5CD0534467C5FC61BE94A569F] (Promise Technology, Inc.) C:\Windows\System32\Drivers\ulsata.sys
2006-11-02 00:36 - 2008-01-20 19:23 - 000115816 ____A [38C3C6E62B157A6BC46594FADA45C62B] (Promise Technology, Inc.) C:\Windows\System32\Drivers\ulsata2.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000034816 ____A [32CFF9F809AE9AED85464492BF3E32D2] (Microsoft Corporation) C:\Windows\System32\Drivers\umbus.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000007680 ____A [88BD96A1BAEED33EE8BDF9499C07A841] (Microsoft Corporation) C:\Windows\System32\Drivers\umpass.sys
2018-05-02 07:57 - 2009-04-10 21:46 - 000015872 ____A [830D5D8456B822C1247C1E59B4C464FA] (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2018-05-02 07:58 - 2009-04-10 21:42 - 000025856 ____A [D06F193F3E9CC3B356DF97F6A43C054A] (Microsoft Corporation) C:\Windows\System32\Drivers\USBCAMD.sys
2018-05-02 07:58 - 2009-04-10 21:42 - 000025856 ____A [EAE017D3AA298374A1967B96C379C5AB] (Microsoft Corporation) C:\Windows\System32\Drivers\USBCAMD2.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000073216 ____A [CAF811AE4C147FFCD5B51750C7F09142] (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2006-11-02 01:55 - 2006-11-02 01:55 - 000068608 ____A [E9476E6C486E76BC4898074768FB7131] (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000005888 ____A [790FDAC6D0C762DF9047C3C625A6FF6C] (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2018-05-02 07:58 - 2009-04-10 21:42 - 000039936 ____A [79E96C23A97CE7B8F14D310DA2DB0C9B] (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2018-05-02 07:59 - 2009-04-10 21:43 - 000196096 ____A [4673BBCB006AF60E7ABDDBE7A130BA42] (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2006-11-02 01:55 - 2006-11-02 01:55 - 000019456 ____A [38DBC7DD6CC5A72011F187425384388B] (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2018-05-02 07:58 - 2009-04-10 21:42 - 000226304 ____A [A1C100A87D981AD0774FBC0B4B82E913] (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000018944 ____A [E75C4B5269091D15A2E7DC0B6D35F2F5] (Microsoft Corporation) C:\Windows\System32\Drivers\usbprint.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000035328 ____A [A508C9BD8724980512136B039BBA65E9] (Microsoft Corporation) C:\Windows\System32\Drivers\usbscan.sys
2018-05-02 07:59 - 2009-04-10 21:42 - 000065536 ____A [BE3DA31C191BC222D9AD503C5224F2AD] (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2008-01-20 19:23 - 2008-01-20 19:23 - 000023552 ____A [814D653EFC4D48BE3B04A307ECEFF56F] (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000134016 ____A [E67998E8F14CB0627A769F6530BCB352] (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000025088 ____A [2E93AC0A1D8C79D019DB6C51F036636C] (Microsoft Corporation) C:\Windows\System32\Drivers\vga.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000026112 ____A [87B06E1F30B749A114F74622D013F8D4] (Microsoft Corporation) C:\Windows\System32\Drivers\vgapnp.sys
2006-11-02 01:35 - 2008-01-20 19:23 - 000056888 ____A [5D7159DEF58A800D5781BA3A879627BC] (Microsoft Corporation) C:\Windows\System32\Drivers\VIAAGP.SYS
2006-11-02 01:30 - 2008-01-20 19:23 - 000041472 ____A [C4F3A691B5BAD343E6249BD8C2D45DEE] (Microsoft Corporation) C:\Windows\System32\Drivers\viac7.sys
2006-11-02 01:51 - 2008-01-20 19:23 - 000020024 ____A [AADF5587A4063F52C2C3FED7887426FC] (VIA Technologies, Inc.) C:\Windows\System32\Drivers\viaide.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000110080 ____A [C048D2C33D27441A0CDCAAE2651EB03D] (Microsoft Corporation) C:\Windows\System32\Drivers\videoprt.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000052792 ____A [69503668AC66C77C6CD7AF86FBDF8C43] (Microsoft Corporation) C:\Windows\System32\Drivers\volmgr.sys
2018-05-02 07:58 - 2009-04-10 23:33 - 000292840 ____A [23E41B834759917BFD6B9A0D625D0C28] (Microsoft Corporation) C:\Windows\System32\Drivers\volmgrx.sys
2018-05-02 07:58 - 2009-04-10 23:32 - 000226280 ____A [147281C01FCB1DF9252DE2A10D5E7093] (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2006-11-02 00:36 - 2008-01-20 19:23 - 000130616 ____A [587253E09325E6BF226B299774B728A9] (VIA Technologies Inc.,Ltd) C:\Windows\System32\Drivers\vsmraid.sys
2006-11-02 01:52 - 2006-11-02 01:52 - 000020608 ____A [48DFEE8F1AF7C8235D4E626F0C4FE031] (Microsoft Corporation) C:\Windows\System32\Drivers\wacompen.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000062464 ____A [55201897378CCA7AF8B5EFD874374A26] (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2018-05-02 07:57 - 2009-04-10 21:22 - 000033280 ____A [4A5C31E2C1646034E6A60EBA4C747FF6] (Microsoft Corporation) C:\Windows\System32\Drivers\watchdog.sys
2006-11-02 01:54 - 2008-01-20 19:23 - 000022072 ____A [78FE9542363F297B18C027B2D7E7C07F] (Microsoft Corporation) C:\Windows\System32\Drivers\wd.sys
2018-04-25 11:56 - 2009-07-14 10:45 - 000445008 ____A [9950E3D0F08141C7E89E64456AE7DC73] (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2018-04-25 11:56 - 2009-07-14 10:45 - 000038480 ____A [FE7A7675C26FE936226641EF32AE9BB5] (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2006-08-24 17:49 - 2006-08-24 17:49 - 000164180 ____A [C1C748875DDCF61999D2E4AE8352BBA4] (Jungo) C:\Windows\System32\Drivers\windrvr.sys
2006-11-02 01:35 - 2008-01-20 19:23 - 000011264 ____A [2E7255D172DF0B8283CDFB7B433B864E] (Microsoft Corporation) C:\Windows\System32\Drivers\wmiacpi.sys
2008-01-20 19:23 - 2008-01-20 19:23 - 000017976 ____A [C546864EED786304762D030FEBF6B411] (Microsoft Corporation) C:\Windows\System32\Drivers\wmilib.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000015872 ____A [E3A3CB253C0EC2494D4A61F5E43A389C] (Microsoft Corporation) C:\Windows\System32\Drivers\ws2ifsl.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000051200 ____A [13B5F255E90624A5BA0441D39CFB6BE2] (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2008-01-20 19:24 - 2008-01-20 19:24 - 000083328 ____A [AC13CB789D93412106B0FB6C7EB2BCB6] (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2006-11-02 05:42 - 2018-05-02 09:00 - 000000000 ____D [00000000000000000000000000000000] () C:\Windows\System32\Drivers\en-US
2006-11-02 05:41 - 2006-11-02 05:41 - 000009728 ____A [E9E62E8C8ACB2CAF40C169A8E55FD4E6] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\acpi.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000008704 ____A [3B69705A572F1638ED5F081437A15A55] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\afd.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000003072 ____A [A9668FE817FE5052170810E14B772BBF] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\AGP440.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000003072 ____A [8C364F661CDFD81933ACA05AA6EB040C] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\AMDAGP.SYS.mui
2006-11-02 05:40 - 2006-11-02 05:40 - 000002560 ____A [B9934EB14C2B491D02D3A03CB4E6ED88] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\amdide.sys.mui
2006-11-02 05:40 - 2006-11-02 05:40 - 000014848 ____A [EC2C3D7EF79C9A1001624B6DB90B1E60] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\amdk7.sys.mui
2006-11-02 05:40 - 2006-11-02 05:40 - 000014848 ____A [508CE20DB29E6ECCC65AB8A03D70AA32] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\amdk8.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000003072 ____A [D3DC4A8CDD14927F62625683F8492F82] (ATI Technologies Inc.) C:\Windows\System32\Drivers\en-US\ati2mpad.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000003584 ____A [B2611F1613797289E55E253DCAC31902] (ATI Technologies Inc.) C:\Windows\System32\Drivers\en-US\ati2mtag.sys.mui
2006-11-02 05:40 - 2006-11-02 05:40 - 000003072 ____A [55C717FD200F9015ECC78349416F33F8] (ATI Technologies Inc.) C:\Windows\System32\Drivers\en-US\atikmdag.sys.mui
2008-01-20 19:25 - 2008-01-20 19:25 - 000005120 ____A [EFA3C49206E3DF174AB80D63D48A72C7] (Broadcom Corporation) C:\Windows\System32\Drivers\en-US\b57nd60x.sys.mui
2006-11-02 05:40 - 2006-11-02 05:40 - 000007680 ____A [DC6CD0929D023326D3675F712C12B860] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\battc.sys.mui
2006-11-02 05:40 - 2006-11-02 05:40 - 000005120 ____A [1166F9159EC95EDF2469DCC7F65C3642] (Broadcom Corporation) C:\Windows\System32\Drivers\en-US\bcm4sbxp.sys.mui
2006-11-02 05:40 - 2006-11-02 05:40 - 000002560 ____A [36BA8A261224740E3DA053867106D475] (Brother Industries Ltd.) C:\Windows\System32\Drivers\en-US\BrParwdm.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000010240 ____A [795E1190D1D8B1CC71817CD0791DE6D5] (Brother Industries Ltd.) C:\Windows\System32\Drivers\en-US\BrSerId.sys.mui
2006-11-02 05:40 - 2006-11-02 05:40 - 000005120 ____A [6FFDE7B8A803DA7A82ACB3D6D315BF31] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bthpan.sys.mui
2018-05-02 07:57 - 2009-04-10 23:22 - 000008192 ____A [20AA4DD77918633D52C6A0FBF0278E62] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\bthport.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000003072 ____A [EC014B8B4855179607F818F12003CC34] (OMNIKEY AG) C:\Windows\System32\Drivers\en-US\cmbp0wdm.sys.mui
2006-11-02 05:40 - 2006-11-02 05:40 - 000014848 ____A [1C4B214D8C919B712D9E0FD4E0032B24] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\crusoe.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000003072 ____A [10A88B5E4EF1762D9D49EEF53254F063] (OMNIKEY) C:\Windows\System32\Drivers\en-US\cxbp0wdm.sys.mui
2006-11-02 05:40 - 2006-11-02 05:40 - 000003072 ____A [F29C7D1046BE05D07D662FBE473EAE0F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\Dot4usb.sys.mui
2006-11-02 05:40 - 2006-11-02 05:40 - 000004096 ____A [393A8004C1FD18CD0A0E037796CDFF7D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\dxgkrnl.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000005120 ____A [9D29B22F18DD1E35923DF3B7AF280E20] (Intel Corporation) C:\Windows\System32\Drivers\en-US\e100b325.sys.mui
2008-01-20 19:25 - 2008-01-20 19:25 - 000019968 ____A [3620A9917C4B44B3C06574BE824D459F] (Intel Corporation) C:\Windows\System32\Drivers\en-US\e1e6032.sys.mui
2008-01-20 19:25 - 2008-01-20 19:25 - 000016896 ____A [CA4FBE0EC53D895B287353DB7D94D628] (Intel Corporation) C:\Windows\System32\Drivers\en-US\E1G60I32.sys.mui
2006-11-02 05:40 - 2006-11-02 05:40 - 000005120 ____A [C09270B9BCC78358EAAD0C3DD1C85980] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\fltmgr.sys.mui
2006-11-02 05:40 - 2006-11-02 05:40 - 000003072 ____A [3DAB9616A0F51A7BD101BC73506E92EB] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\GAGP30KX.SYS.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000003584 ____A [F97283929282CF830F508314F29CA33D] (Gemplus) C:\Windows\System32\Drivers\en-US\gpr400.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000004096 ____A [2D9B90839D81778E5B985B728607ADE2] (Gemplus) C:\Windows\System32\Drivers\en-US\grserial.sys.mui
2018-05-02 07:57 - 2009-04-10 23:24 - 000004096 ____A [FAA824D72D362F1A46DD6478FB47126F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\hdaudbus.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000003584 ____A [64862A9658D8C32E6CF0A4119674772E] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\hidbth.sys.mui
2018-04-26 07:42 - 2009-11-03 14:46 - 000036864 ____A [D6CD249B2DDE503351DE7D1B39DFA7B9] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\http.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000010752 ____A [B3899D4652B5C8C1C7B1597296020B0C] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\i8042prt.sys.mui
2006-11-02 05:40 - 2006-11-02 05:40 - 000014848 ____A [39579F22B18FED91AECBB91E04679F6E] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\intelppm.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000006144 ____A [B30A849491697A1A46B97E9C58D0C224] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\IPMIDrv.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000004096 ____A [0087460C6981AF8AB099A742025BAB1E] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ipnat.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000004096 ____A [E5EF7D54861BA1BB4C7B5639B8502FAB] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\isapnp.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000004608 ____A [69A5D812DA82E2236BF5A00E977E3E5C] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\kbdclass.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000003072 ____A [280DB70CDCDB97009AEA5E4BD15F30B3] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\kbdhid.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000009728 ____A [36814EBB6D20888312025337BBCC27D7] (Agere Systems) C:\Windows\System32\Drivers\en-US\ltmdmnt.sys.mui
2008-01-20 19:25 - 2008-01-20 19:25 - 000006656 ____A [CA31BCEC5CC1C3748B44FDF087A2C663] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\luafv.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000004096 ____A [2D8C8195449310AACB3807A4ED3EE51D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\modem.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000004608 ____A [2F1C8FB200FF24BEE252F19AA163BB2C] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mouclass.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000003072 ____A [3E67C12B2827E1209C6AFE091938BA52] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mouhid.sys.mui
2008-01-20 19:25 - 2008-01-20 19:25 - 000020480 ____A [B5D39BED5161D33BF79B48C09FED4B43] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mpio.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000004096 ____A [532765B1A85C222D5E3F1D256199CB1B] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\msdsm.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000003584 ____A [2D97BAF5017D2D1614F69CD9C0C8971F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\mssmbios.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000065536 ____A [AA62430B2747EADEFADAB700DBFF5B65] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ntfs.sys.mui
2006-11-02 05:40 - 2006-11-02 05:40 - 000004096 ____A [7CC64E4D435996A6D5273C0E1CE5C08D] (N-trig Innovative Technologies) C:\Windows\System32\Drivers\en-US\ntrigdigi.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000003072 ____A [23695C35DD3006F2CDA891DA0397E914] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\NV_AGP.SYS.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000005120 ____A [966E4A4C7D358C0C14E7A4104EE0BA17] (NVIDIA Corporation) C:\Windows\System32\Drivers\en-US\nv4_mini.sys.mui
2006-11-02 05:40 - 2006-11-02 05:40 - 000012288 ____A [FB74FC1B198FB59C38666B2087D4273F] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ohci1394.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000003584 ____A [45E640F7DA6F51085E8CFBA1F1C1DFC6] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pacer.sys.mui
2006-11-02 05:40 - 2006-11-02 05:40 - 000004096 ____A [F9FD55DA538A99AE5B53118B9C3184BA] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\parport.sys.mui
2006-11-02 05:40 - 2006-11-02 05:40 - 000003072 ____A [F3F2FCA0497DB918922251CE19165DC9] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\parvdm.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000008704 ____A [A86EED910DF6B4652A97713834218C76] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pci.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000004608 ____A [0A4171C78F5F945BA8092D4FE9311242] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pcmcia.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000003072 ____A [82F55064E462F8D77F322B82D13E24A9] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\pnpmem.sys.mui
2006-11-02 05:40 - 2006-11-02 05:40 - 000014848 ____A [83D7BE1F3780A394667CE3C2AA6865C5] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\processr.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000004096 ____A [0855177A2C59407F1BC8B6497F0C5AD2] (SCM Microsystems, Inc.) C:\Windows\System32\Drivers\en-US\pscr.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000003072 ____A [3B60908D11C251F69FA84F1A2045F0B8] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\qwavedrv.sys.mui
2006-11-02 05:40 - 2006-11-02 05:40 - 000003584 ____A [AB6BF1A99EA43DD0FF89417E73600D8D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\RNDISMP.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000003584 ____A [AB6BF1A99EA43DD0FF89417E73600D8D] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\rndismpx.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000004096 ____A [D994250651AF9C438289BF876FA67E89] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\scmstcs.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000004096 ____A [E090204AF21DF75A226DCAD8FB4B4E0C] (SCM Microsystems) C:\Windows\System32\Drivers\en-US\SCR111.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000003584 ____A [D2B4C78E77AA688FB3421289FC8922E7] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\scsiport.sys.mui
2006-11-02 05:40 - 2006-11-02 05:40 - 000010752 ____A [53E43A4882FC7B4B21AEC1AD20E5E77A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\serial.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000005632 ____A [8E8A1E32BFAEF20B6C9B088FCB42CC16] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\sermouse.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000003072 ____A [C4BDC9970C3433AA4AD436DC271A7ADD] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\serscan.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000003072 ____A [3DCF93594A83F78EB4CED463EA8FD344] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\SISAGP.SYS.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000003072 ____A [2D2859166E625B77856C2F1A34E3B453] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\srv.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000003072 ____A [D4186CE25868AB01277D5D5184829928] (SCM Microsystems, Inc.) C:\Windows\System32\Drivers\en-US\stcusb.sys.mui
2008-01-20 19:25 - 2008-01-20 19:25 - 000005120 ____A [A83CEE7A776F925ADE156D8D42473A74] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\tpm.sys.mui
2006-11-02 05:40 - 2006-11-02 05:40 - 000003072 ____A [9FCCEF6B34DCA481048958C10C37DCDB] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\UAGP35.SYS.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000003072 ____A [452833D207B9665C9DB0D02BF10CFA67] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\ULIAGPKX.SYS.mui
2006-11-02 05:40 - 2006-11-02 05:40 - 000003584 ____A [6F4DC9B990E5A960D6AC466C61B24617] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\umbus.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000003072 ____A [5CD377907D232291F378D5617FB50168] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\VIAAGP.SYS.mui
2006-11-02 05:40 - 2006-11-02 05:40 - 000014848 ____A [46BFD6E1CC2DC455273FC45FAEFF4CCC] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\viac7.sys.mui
2008-01-20 19:25 - 2008-01-20 19:25 - 000032768 ____A [2A3DEAD70397152006B4E3CED20B41C4] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\volsnap.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000004608 ____A [DD48AD1BD9981DD26098A2462814CFE1] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wacompen.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000002560 ____A [F52B98487FD51B2197F53CB2AE1BF37A] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wd.sys.mui
2018-04-25 11:56 - 2009-07-14 10:52 - 000002560 ____A [E6B3ED1A6E64D6F127097E80F5BFD6C7] (Microsoft Corporation) C:\Windows\System32\Drivers\en-US\wdf01000.sys.mui
2006-11-02 05:41 - 2006-11-02 05:41 - 000005632 ____A [CC94C0EFBB2FD821236D4D7B872C62C6] (Marvell) C:\Windows\System32\Drivers\en-US\yk60x86.sys.mui
2006-11-02 04:18 - 2018-05-07 21:36 - 000000000 ____D [00000000000000000000000000000000] () C:\Windows\System32\Drivers\etc
2006-11-02 03:23 - 2018-05-07 21:36 - 000000027 ____A [6A4029CFF35FD4BA34C001C1ED5D9945] () C:\Windows\System32\Drivers\etc\hosts
2006-11-01 23:38 - 2006-09-18 14:41 - 000003683 ____A [18413B90E1B291EC3E777A845C37CFEE] () C:\Windows\System32\Drivers\etc\lmhosts.sam
2006-11-02 03:23 - 2006-09-18 14:41 - 000000407 ____A [B65A1232FB4B35827CE7C5E2F8EC8947] () C:\Windows\System32\Drivers\etc\networks
2006-11-02 03:23 - 2006-09-18 14:41 - 000001358 ____A [7700D22FA108234E623D65FA72D9E29C] () C:\Windows\System32\Drivers\etc\protocol
2006-11-02 03:23 - 2006-09-18 14:41 - 000017244 ____A [9F534244B7F8F55D5C0BB498D8D481E7] () C:\Windows\System32\Drivers\etc\services
2006-11-02 04:18 - 2018-05-02 10:37 - 000000000 ____D [00000000000000000000000000000000] () C:\Windows\System32\Drivers\UMDF
2008-01-20 19:23 - 2009-04-10 23:28 - 000220160 ____A [45A9B22EF9A4FADFA02D60ACCB4E8202] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\WpdFs.dll
2006-11-02 05:42 - 2006-11-02 05:42 - 000000000 ____D [00000000000000000000000000000000] () C:\Windows\System32\Drivers\UMDF\en-US
2006-11-02 05:40 - 2006-11-02 05:40 - 000006144 ____A [9A7B7A36194239E15C22D8E4B5E6202D] (Microsoft Corporation) C:\Windows\System32\Drivers\UMDF\en-US\WpdMtpDr.dll.mui
 
====== End of Folder: ======
 
 
========= Reg query "HKLM\SYSTEM\Select" =========
 
 
HKEY_LOCAL_MACHINE\SYSTEM\Select
    Current    REG_DWORD    0x1
    Default    REG_DWORD    0x1
    Failed    REG_DWORD    0x0
    LastKnownGood    REG_DWORD    0xb
 
 
 
========= End of Reg: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= RemoveProxy: =========
 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully.
"HKU\S-1-5-21-1390778279-201454918-2172237936-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully.
"HKU\S-1-5-21-1390778279-201454918-2172237936-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-21-1390778279-201454918-2172237936-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
 
 
========= End of RemoveProxy: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Reseting Echo Request, OK!
Reseting Global, OK!
Reseting Interface, OK!
A reboot is required to complete this action.
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6812259 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 633900860 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 65960 B
LocalService => 66228 B
NetworkService => 0 B
Walt => 755912 B
 
RecycleBin => 0 B
EmptyTemp: => 619.9 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 13:18:50 ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users