Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Competitor has hacked emails [Closed]


  • This topic is locked This topic is locked

#1
wishlist1

wishlist1

    New Member

  • Member
  • Pip
  • 1 posts

Thank you for looking at my query.  I'm not the most techie person so apologies in advance :D .  Someone has put a RAT onto my system and is reading my emails and preventing me from receiving the majority of them.  He sends me a message from my own email address and replies to the comment that I sent him, gloating and stating how he likes to download my emails and how he is never going to stop until I give up on running my company.  It is just a start up and he is costing me jobs and if it continues I most probably will have to give up!

 

I've undertaken a little research my self and using netstat have identified port 135 as the likely port he has put the RAT on.  I've run Norton and downloaded Malwarebytes but it hasn't identified the Trojan.  I don't know how to remove the port and also i'm a little worried that I may have misidentified the port containing the Trojan.

 

Anyway I've copied the data as requested and once again thank you for your assistance

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-08-2016
Ran by karen (administrator) on COMPASS (19-08-2016 21:59:15)
Running from C:\Users\karen\Downloads
Loaded Profiles: karen (Available Profiles: karen)
Platform: Windows 8.1 (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\N360.exe
(Samsung Electronics Co., Ltd.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\N360.exe
(PC Drivers Headquarters) C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-09-13] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] (Qualcomm®Atheros®)
HKU\S-1-5-21-2798866812-108762286-1726297710-1001\...\Run: [Facebook Update] => C:\Users\karen\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-12-11] (Facebook Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
Startup: C:\Users\karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-08-18]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{F3ED6550-E889-41C8-B8AA-6618B59E5DBD}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-2798866812-108762286-1726297710-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP
HKU\S-1-5-21-2798866812-108762286-1726297710-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
HKU\S-1-5-21-2798866812-108762286-1726297710-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?pc=UE07&ocid=UE07DHP
SearchScopes: HKU\S-1-5-21-2798866812-108762286-1726297710-1001 -> {58244424-2F50-4914-9EEC-19710C3052A1} URL =
SearchScopes: HKU\S-1-5-21-2798866812-108762286-1726297710-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000970&geo=GB&ver=22&locale=en_GB&gct=kwd&qsrc=2869
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-2798866812-108762286-1726297710-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2798866812-108762286-1726297710-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\karen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon [2016-06-30]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\Exts\Chrome.crx [2016-06-28]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\Exts\Chrome.crx [2016-06-28]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows ® Win 7 DDK provider) [File not signed]
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-08-03] (BitRaider, LLC)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-07-26] (BitRaider, LLC)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-06] (ELAN Microelectronics Corp.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\N360.exe [289080 2016-06-17] (Symantec Corporation)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3289448 2016-05-11] (Samsung Electronics Co., Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.7.0.76\Definitions\BASHDefs\20160810.001\BHDrvx64.sys [1832176 2016-06-02] (Symantec Corporation)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2016-08-04] (BitRaider)
R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [223432 2013-09-25] (Qualcomm Atheros)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1607000.04C\ccSetx64.sys [174328 2016-06-02] (Symantec Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.7.0.76\Definitions\IPSDefs\20160818.001\IDSvia64.sys [876760 2016-07-08] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-19] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-30] (Windows ® Win 7 DDK provider)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [89096 2016-01-08] (BlackBerry Limited)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1607000.04C\SRTSP64.SYS [773368 2016-07-20] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1607000.04C\SRTSPX64.SYS [48888 2016-06-02] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1607000.04C\SYMEFASI64.SYS [1627352 2016-06-02] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1607000.04C\SymELAM.sys [24192 2016-06-02] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-06-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1607000.04C\Ironx64.SYS [291056 2016-06-02] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1607000.04C\SYMNETS.SYS [567536 2016-06-02] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.7.0.76\Definitions\SDSDefs\20160627.022\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.7.0.76\Definitions\SDSDefs\20160627.022\EX64.SYS [X]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\1394ohci.sys E1832BD9FD7E0FC2DC9FA5935DE3E8C1
C:\Windows\System32\drivers\3ware.sys AD508A1A46EC21B740AB31C28EFDFDB1
C:\Windows\System32\drivers\ACPI.sys E796AE43DDD1844281DB4D57294D17C0
C:\Windows\System32\Drivers\acpiex.sys AC8279D229398BCF05C3154ADCA86813
C:\Windows\System32\drivers\acpipagr.sys A8970D9BF23CD309E0403978A1B58F3F
C:\Windows\System32\drivers\acpipmi.sys 111A89C99C5B4F1A7BCE5F643DD86F65
C:\Windows\System32\drivers\acpitime.sys 5758387D68A20AE7D3245011B07E36E7
C:\Windows\System32\drivers\ADP80XX.SYS 7C1FDF1B48298CBA7CE4BDD4978951AD
C:\Windows\system32\drivers\afd.sys A460C3AF3755A2A79A3C8EFE72E147B5
C:\Windows\System32\drivers\agp440.sys 7DFAEBA9AD62D20102B576D5CAC45EC8
C:\Windows\System32\DRIVERS\ahcache.sys FE14D249D39368CA62D8DA6BC94AC694
C:\Windows\System32\drivers\amdk8.sys 7589DE749DB6F71A68489DCE04158729
C:\Windows\System32\drivers\amdppm.sys B46D2D89AFF8A9490FA8C98C7A5616E3
C:\Windows\System32\drivers\amdsata.sys D2BF2F94A47D332814910FD47C6BBCD2
C:\Windows\System32\drivers\amdsbs.sys A8E04943C7BBA7219AA50400272C3C6E
C:\Windows\System32\drivers\amdxata.sys CEA5F4F27CFC08E3A44D576811B35F50
C:\Windows\system32\drivers\appid.sys 415DD71628795197F7AFC176CBADC74E
C:\Windows\System32\drivers\arcsas.sys 65045784366F7EC5FB4E71BCF923187B
C:\Windows\System32\drivers\atapi.sys 74B14192CF79A72F7536B27CB8814FBD
C:\Windows\system32\DRIVERS\btath_flt.sys 8302D313DCC5536FE6BFB85165D9BB1E
C:\Windows\system32\DRIVERS\athwbx.sys 37B33DDE5490A2DF56DFB46580356E3F
C:\Windows\System32\drivers\bxvbda.sys A4A73F631FE2AA2826FBE4A399B04DEF
C:\Windows\System32\drivers\BasicDisplay.sys 8CC7F7E4AFCBA605921B137ED7992C68
C:\Windows\System32\drivers\BasicRender.sys 38A82F4EE8C416A6744B6D30381ED768
C:\Windows\System32\drivers\bcmfn2.sys C1ABB0F7E3BEA48A0417BDF6FF14AB21
C:\Windows\System32\Drivers\Beep.sys EC19013E4CF87609534165DF897274D6
C:\Program Files (x86)\Norton 360\NortonData\22.7.0.76\Definitions\BASHDefs\20160810.001\BHDrvx64.sys 4E8EF55692BDCB8BA97888877CD034AC
C:\Windows\System32\DRIVERS\bowser.sys 6B4FFFDDC618FCF64473CAA86E305697
C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys 7487B46E104303E247F68D485C12326F
C:\Windows\system32\drivers\btath_a2dp.sys 4DCAF7A846AAABA6D3565F827A917576
C:\Windows\system32\drivers\btath_avdt.sys 1D175D11CEC6B7D4C53CBA1CFFC126E8
C:\Windows\System32\drivers\btath_bus.sys C6978F7EBA6F37D626482AC6B9390630
C:\Windows\System32\drivers\btath_hcrp.sys 4AF7C20F94DAC343C01ED671C82DCB99
C:\Windows\system32\DRIVERS\btath_hid.sys 708227A370F2E9DF6D4866C9769BBB4D
C:\Windows\system32\DRIVERS\btath_lwflt.sys 785C38070043BEEE9E9D591DE4067244
C:\Windows\System32\drivers\btath_rcp.sys 859A116D748FBA603AF94C251DC5CF97
C:\Windows\system32\DRIVERS\btfilter.sys 39FFF1464DD0809B67D3E70E885485C8
C:\Windows\System32\drivers\BthAvrcpTg.sys A8F23D453A424FF4DE04989C4727ECC7
C:\Windows\System32\drivers\BthEnum.sys 1104A31260CCF4318C884E0AE6C513BF
C:\Windows\System32\drivers\bthhfenum.sys 272A62B660A48AEF366F8A1836CED19F
C:\Windows\System32\drivers\BthHFHid.sys 71FE2A48E4C93DDB9798C024880B6C07
C:\Windows\system32\DRIVERS\BthLEEnum.sys D30C67473A2E229662D21F27EAA9AAA5
C:\Windows\System32\drivers\bthmodem.sys EF4B9E7C9AD88C00C18A12B0D22D1894
C:\Windows\System32\drivers\bthpan.sys FEA8FC81431AD93F44D5FBFBBF096AA7
C:\Windows\System32\Drivers\BTHport.sys 0CC00ADC1B84C93FB46E1A0974E956E1
C:\Windows\System32\Drivers\BTHUSB.sys 08EA90955AED2D959EE67DF6EDF0E2B6
C:\Windows\system32\drivers\N360x64\1607000.04C\ccSetx64.sys 03427B8FF618BE50EB5027B4E549C0D8
C:\Windows\System32\DRIVERS\cdfs.sys 2FA6510E33F7DEFEC03658B74101A9B9
C:\Windows\System32\drivers\cdrom.sys C6796EA22B513E3457514D92DCDB1A3D
C:\Windows\System32\drivers\circlass.sys BE9936EDD3267FAAFF94A7835867F00B
C:\Windows\System32\drivers\CLFS.sys 8EB7E70C2D348FE2476A2E3F2D585E3D
C:\Windows\System32\drivers\CmBatt.sys EF6EF85DADC3184A10D8F2F7159973CB
C:\Windows\System32\Drivers\cng.sys 5CBF8B3E27D824D2AA2A34AFB406F1D0
C:\Windows\System32\drivers\CompositeBus.sys 03AAED827C36F35D70900558B8274905
C:\Windows\System32\drivers\condrv.sys A1FF7DFBFBE164CF92603C651D304DD2
C:\Windows\System32\drivers\dam.sys 389C998C64319CD97625B0550E52ECFA
C:\Windows\System32\Drivers\dfsc.sys 5408A71E47FF21E357192FD4126B3002
C:\Windows\System32\drivers\disk.sys 8B1E62881D5AC68E673CD94B136B34AC
C:\Windows\System32\drivers\dmvsc.sys EB70A894708D1BC176AFD690FF06085F
C:\Windows\system32\drivers\drmkaud.sys 00C594D5A1DBD22AD8B2902B9F6EFF94
C:\Windows\System32\drivers\dxgkrnl.sys F74B839FA0F4E6060CA1DA6B8DA17941
C:\Windows\System32\drivers\evbda.sys 114BCFDF367FF37C3F1B0A96AF542E4D
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys E5C10FCFA331D2BA13B211D0454FEA38
C:\Windows\System32\drivers\EhStorClass.sys 43531A5993380CC5113242C29D265FD9
C:\Windows\System32\drivers\EhStorTcgDrv.sys 6F8E738A9505A388B1157FDDE7B3101B
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 2BD3F1059975CE90F8D968DADD790DFF
C:\Windows\System32\drivers\errdev.sys DFFFAE1442BA4076E18EED5E406FA0D3
C:\Windows\system32\DRIVERS\ETD.sys BCB589A25505A727DFBF192271C60C9A
C:\Windows\System32\Drivers\exfat.sys 7729D294A555C7AEB281ED8E4D0E01E4
C:\Windows\System32\Drivers\fastfat.sys 7C4E0D5900B2A1D11EDD626D6DDB937B
C:\Windows\System32\drivers\fdc.sys 5D8402613E778B3BD45E687A8372710B
C:\Windows\System32\drivers\fileinfo.sys BCFD8B149B3ADF92D0DB1E909CAF0265
C:\Windows\System32\drivers\filetrace.sys A1A66C4FDAFD6B0289523232AFB7D8AF
C:\Windows\System32\drivers\flpydisk.sys BE743083CF7063C486A4398E3AEFE59A
C:\Windows\System32\drivers\fltmgr.sys C1FB505A73FA2E9019D32444AB33B75A
C:\Windows\System32\drivers\FsDepends.sys A7C31B168F371E8E6796219F23E354DB
C:\Windows\System32\Drivers\Fs_Rec.sys 09F460AFEDCA03F3BF6E07D1CCC9AC42
C:\Windows\System32\DRIVERS\fvevol.sys D4AB6EE3D715BC44C00277FD934FAACF
C:\Windows\System32\drivers\fxppm.sys 9591D0B9351ED489EAFD9D1CE52A8015
C:\Windows\System32\drivers\gagp30kx.sys FC3EF65EE20D39F8749C2218DBA681CA
C:\Windows\System32\drivers\vmgencounter.sys 0BF5CAD281E25F1418E5B8875DC5ADD1
C:\Windows\System32\Drivers\msgpioclx.sys 8DF1254093B5C354CE725EB6B9B0DE19
C:\Windows\system32\drivers\HdAudio.sys 56F69F7C25FB67C970997D7066DBC593
C:\Windows\System32\drivers\HDAudBus.sys D4B7ED39C7900384D9E5C1283F1E7926
C:\Windows\System32\drivers\HidBatt.sys 10A70BC1871CD955D85CD88372724906
C:\Windows\System32\drivers\hidbth.sys 42F88B57CAE42FC10059C887B3FCFCEA
C:\Windows\System32\drivers\hidi2c.sys C241A8BAFBBFC90176EA0F5240EACC17
C:\Windows\System32\drivers\hidir.sys 9BDDEE26255421017E161CCB9D5EDA95
C:\Windows\System32\drivers\hidusb.sys 49676FEC898AB2A11B157F848269A56E
C:\Windows\System32\drivers\HpSAMD.sys A6AACEA4C785789BDA5912AD1FEDA80D
C:\Windows\System32\drivers\HTTP.sys E87A6D3B8FECD5B93BC0CFBB48C27970
C:\Windows\System32\drivers\hwpolicy.sys 90656C0B3864804B090434EFC582404F
C:\Windows\System32\drivers\hyperkbd.sys 6D6F9E3BF0484967E52F7E846BFF1CA1
C:\Windows\system32\DRIVERS\HyperVideo.sys 907C870F8C31F8DDD6F090857B46AB25
C:\Windows\System32\drivers\i8042prt.sys 49EE0AE9E5B64FFBBD06D55C4984B598
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 5D90E32E36CE5D4C535D17CE08AEAF05
C:\Windows\System32\drivers\iaLPSSi_I2C.sys DD05E7E80F52ADE9AEB292819920F32C
C:\Windows\System32\drivers\iaStorA.sys 57CD95DEB3529181BCC931DD2DFB2341
C:\Windows\System32\drivers\iaStorAV.sys 08BFE413B0B4AA8DFA4B5684CE06D3DC
C:\Windows\System32\drivers\iaStorV.sys A2200C3033FA4EF249FC096A7A7D02A2
C:\Program Files (x86)\Norton 360\NortonData\22.7.0.76\Definitions\IPSDefs\20160818.001\IDSvia64.sys DB2B8F970C2EA337C78C92B04C2E84D1
C:\Windows\system32\DRIVERS\igdkmd64.sys 79AE3CC82CA1563A4B392207997ACE7C
C:\Windows\system32\drivers\RTKVHD64.sys 6F1B152CF0AE1B5F1AB09AF382ECF09D
C:\Windows\System32\drivers\intelide.sys 4E448FCFFD00E8D657CD9E48D3E47157
C:\Windows\System32\drivers\intelpep.sys 7AA01AB1C110916825E6E1389F1B9AF2
C:\Windows\System32\drivers\intelppm.sys 47E74A8E53C7C24DCE38311E1451C1D9
C:\Windows\System32\DRIVERS\ipfltdrv.sys 9DB76D7F9E4E53EFE5DD8C53DE837514
C:\Windows\System32\drivers\IPMIDrv.sys C800DCD904016B2BF6AB541083770A3A
C:\Windows\System32\drivers\ipnat.sys B7342B3C58E91107F6E946A93D9D4EFD
C:\Windows\System32\drivers\irenum.sys AE44C526AB5F8A487D941CEB57B10C97
C:\Windows\System32\drivers\isapnp.sys 8AFEEA3955AA43616A60F133B1D25F21
C:\Windows\System32\drivers\msiscsi.sys D90AB68D0FAC9F357F663670FDBB511E
C:\Windows\System32\drivers\kbdclass.sys 5917AFE4A3F695A54B99C1849C8207FE
C:\Windows\System32\drivers\kbdhid.sys 8CD840A062F6BDF41DDE3ACB96164B72
C:\Windows\system32\DRIVERS\kdnic.sys 813871C7D402A05F2E3A7075F9584A05
C:\Windows\System32\Drivers\ksecdd.sys 4E829B18D5BAEC29893792A3C671A847
C:\Windows\System32\Drivers\ksecpkg.sys 3D4AE520CD6F6FFE549DD195C1F515BE
C:\Windows\system32\drivers\ksthunk.sys 11AFB527AA370B1DAFD5C36F35F6D45F
C:\Windows\system32\DRIVERS\lltdio.sys C09010B3680860131631F53E8FE7BAD8
C:\Windows\System32\drivers\lsi_sas.sys C755AE4635457AA2A11F79C0DF857ABC
C:\Windows\System32\drivers\lsi_sas2.sys ADAC09CBE7A2040B7F68B5E5C9A75141
C:\Windows\System32\drivers\lsi_sas3.sys 04D1274BB9BBCCF12BD12374002AA191
C:\Windows\System32\drivers\lsi_sss.sys 327469EEF3833D0C584B7E88A76AEC0C
C:\Windows\system32\drivers\luafv.sys DDEE191AB32DFC22C6465002ECDF5EE4
C:\WINDOWS\system32\drivers\mbam.sys 78BFF5425E044086E74E78650A359FBB
C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys 78488AF2AB2111D67B3C4044707A519B
C:\WINDOWS\system32\drivers\mwac.sys 898415AC0B5F1D2A9A48ABCB68A6DC4B
C:\Windows\System32\drivers\megasas.sys EB5C03A070F30D64A6DF80E53B22F53F
C:\Windows\System32\drivers\megasr.sys F6F13533196DE7A582D422B0241E4363
C:\Windows\system32\DRIVERS\TeeDriverx64.sys E0EF6C1399A9B1AAA0B28590411BED04
C:\Windows\System32\drivers\modem.sys 8B38C44F69259987C95135C9627E2378
C:\Windows\System32\drivers\monitor.sys 601589000CC90F0DF8DA2CC254A3CCC9
C:\Windows\System32\drivers\mouclass.sys 08374E4E5B8914DE6067CBA99F61E930
C:\Windows\System32\drivers\mouhid.sys 5FCBAB60598AE119E02B4C27DE6B99EA
C:\Windows\System32\drivers\mountmgr.sys 9A788037D768809DFD677F4BA08A224A
C:\Windows\System32\drivers\mpsdrv.sys 6FC047578785B0435F4E2660946D1ADC
C:\Windows\system32\drivers\mrxdav.sys D2AC8F07995CE6CD18848C129435B481
C:\Windows\System32\DRIVERS\mrxsmb.sys 5DCD41F62F71519D2A46D41F60C69B0C
C:\Windows\System32\DRIVERS\mrxsmb10.sys D7C9BC4D37BF08C7DD436A0A5F321668
C:\Windows\System32\DRIVERS\mrxsmb20.sys 4065615E836BF8C61AF6278EB2A9D1D6
C:\Windows\system32\DRIVERS\bridge.sys F3C060444777A59FC63D920719E43CCD
C:\Windows\System32\Drivers\Msfs.sys D13329FBF8345B28AB30F44CC247DC08
C:\Windows\System32\drivers\msgpiowin32.sys C6B474E46F9E543B875981ED3FFE6ADD
C:\Windows\System32\drivers\mshidkmdf.sys 65C92EB9D08DB5C69F28C7FFD4E84E31
C:\Windows\System32\drivers\mshidumdf.sys 52299F086AC2DAFD100DD5DC4A8614BA
C:\Windows\System32\drivers\msisadrv.sys 36D92AF3343C3A3E57FEF11C449AEA4C
C:\Windows\system32\drivers\MSKSSRV.sys A9BBBD2BAE6142253B9195E949AC2E8D
C:\Windows\system32\DRIVERS\mslldp.sys 51B3AC0560848CD6D65AC2033E293113
C:\Windows\system32\drivers\MSPCLOCK.sys 7B2128EB875DCBC006E6A913211006D6
C:\Windows\system32\drivers\MSPQM.sys 1E88171579B218115C7A772F8DE04BD8
C:\Windows\System32\Drivers\MsRPC.sys BBE2A455053E63BECBF42C2F9B21FAE0
C:\Windows\System32\drivers\mssmbios.sys 8D6B7D515C5CBCDB75B928A0B73C3C5E
C:\Windows\system32\drivers\MSTEE.sys 115019AE01E0EB9C048530D2928AB4A2
C:\Windows\System32\drivers\MTConfig.sys 96D604A35070360F0DD4A7A8AF410B5E
C:\Windows\System32\Drivers\mup.sys 438EA7A2D8D4F9B8AFB64748ACA70BA8
C:\Windows\System32\drivers\mvumis.sys B8C35C94DCB2DFEAF03BB42131F2F77F
C:\Windows\system32\DRIVERS\nwifi.sys 008F7CED69FD5B30CBDE1E03C6F36A27
C:\Windows\System32\drivers\ndis.sys 97DC5967F65503213FD1F1B3E4A6F983
C:\Windows\system32\DRIVERS\ndiscap.sys 8CECC8DA55F3274181FD1EA28AD76664
C:\Windows\system32\DRIVERS\NdisImPlatform.sys 269882812E9A68FFF1AFE1283D428322
C:\Windows\system32\DRIVERS\ndistapi.sys DC1D9F692C2AD84C214584C28501C1F7
C:\Windows\system32\DRIVERS\ndisuio.sys B832B35055BA2B7B4181861FF94D8E59
C:\Windows\System32\drivers\NdisVirtualBus.sys 1F58E48EF75F34C35D8E93A0DC535CFE
C:\Windows\system32\DRIVERS\ndiswan.sys C3755FCF9A0B5C6FE8ED9E873B85D3CE
C:\Windows\system32\DRIVERS\ndiswan.sys C3755FCF9A0B5C6FE8ED9E873B85D3CE
C:\Windows\System32\Drivers\NDProxy.sys 0BBE2FA30BAD58C9ADC01E4F84A3D2A1
C:\Windows\System32\drivers\Ndu.sys 3083926D1CC5B56EA0786527B557DD1B
C:\Windows\System32\DRIVERS\netbios.sys 42FF4975D032CAE558AE4BB8448F6E5A
C:\Windows\System32\DRIVERS\netbt.sys 9DC17B7D9D84C37C102D379FCC7D4942
C:\Windows\System32\drivers\netvsc63.sys D4DCE03870314D3354F3501F9DDD4123
C:\Windows\System32\Drivers\Npfs.sys 8F44A2F57C9F1A19AC9C6288C10FB351
C:\Windows\System32\drivers\npsvctrig.sys CBDB4F0871C88DF930FC0E8588CA67FC
C:\Windows\System32\drivers\nsiproxy.sys 0E046FF5823B95326D10CF1B4AF23541
C:\Windows\System32\Drivers\Ntfs.sys 9980B262DBE439AE6BDC91AA985F19EE
C:\Windows\System32\Drivers\Null.sys EF1B290FC9F0E47CC0B537292BEE5904
C:\Windows\System32\drivers\nvraid.sys BC6B5942AFF25EBAF62DE43C3807EDF8
C:\Windows\System32\drivers\nvstor.sys 1F43ABFFAC3D6CA356851D517392966E
C:\Windows\System32\drivers\nv_agp.sys 6934A936A7369DFE37B7DBA93F5E5E49
C:\Windows\System32\drivers\parport.sys 764B1121867B2D9B31C491668AC72B2B
C:\Windows\System32\drivers\partmgr.sys BAFF6122CFC9F95CA175AD8C348179A4
C:\Windows\System32\drivers\pci.sys 91ED124E261EA8FAA1C0FFDF2A71B0C4
C:\Windows\System32\drivers\pciide.sys 346E38FCC6859A727DD28AFAD1F0AFF4
C:\Windows\System32\drivers\pcmcia.sys 4D3BDCC1C7B40C9D7B6AD990E6DEC397
C:\Windows\System32\drivers\pcw.sys BF28771D1436C88BE1D297D3098B0F7D
C:\Windows\System32\drivers\pdc.sys ED54A75050211DC77F9B98C41E026858
C:\Windows\System32\drivers\peauth.sys 0ECEE590F2E2EF969FB74A6FC583A1E6
C:\Windows\System32\drivers\processr.sys ECD373F9571C745894367CC2635EA44F
C:\Windows\system32\DRIVERS\pacer.sys FC0141B4A5AD6D637D883C1A89FC45C5
C:\Windows\system32\drivers\qwavedrv.sys 83868EB2924E6BC21A54337C65D614D1
C:\Windows\System32\drivers\RadioHIDMini.sys 194ED3C117525613E701FF257882303E
C:\Windows\System32\DRIVERS\rasacd.sys B337B1F1E82A83E20A1743E008E25C0F
C:\Windows\system32\DRIVERS\raspppoe.sys 5247F308C4103CDC4FE12AE1D235800A
C:\Windows\System32\DRIVERS\rdbss.sys D67ED4AB59D1EF66B05AD1A81AC28B26
C:\Windows\System32\drivers\rdpbus.sys 6B21EBF892CD8CACB71669B35AB5DE32
C:\Windows\System32\drivers\rdpdr.sys 680C1DAE268B6FB67FA21B389A8B79EF
C:\Windows\System32\drivers\rdpvideominiport.sys BC8A79C625568DDB7DCA49D0C2741A64
C:\Windows\System32\drivers\rdyboost.sys A26AEC49F318FEE141DDDB2C5F99B3E6
C:\Windows\System32\Drivers\ReFS.sys 615DFD97DEA56CE1C3A52185A3038FF8
C:\Windows\System32\drivers\rfcomm.sys DC66AE45816614D2999DCD3834DCCC4E
C:\Windows\System32\Drivers\RimUsb_AMD64.sys 87ECA4118B28344139DCE9EA9A16F8F8
C:\Windows\system32\DRIVERS\rspndr.sys 2D05A5508F4685412F2B89E8C2189ABC
C:\Windows\system32\DRIVERS\Rt630x64.sys 9F2A38C1170594CF493283CE0B987B70
C:\Windows\System32\drivers\vms3cap.sys 1A063730F221B2746FF00457AE17E4F0
C:\Windows\System32\drivers\sbp2port.sys C624A1B32211C3166EDB3F4AB02A30B7
C:\Windows\System32\DRIVERS\scfilter.sys 13BEA6C882D4D877A5A85CA149C86BC1
C:\Windows\System32\drivers\sdbus.sys C54B6B2170BF628FD42F799A66956D75
C:\Windows\System32\drivers\sdstor.sys 0B1E929D11A8E358106955603FAC65E8
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\SerCx.sys DB2FF24CE0BDD15FE75870AFE312BA89
C:\Windows\System32\drivers\SerCx2.sys 0044B31F93946D5D41982314381FE431
C:\Windows\System32\drivers\serenum.sys 3CD600C089C1251BEEB4CD4CD5164F9E
C:\Windows\System32\drivers\serial.sys D864381BC9C725FAB01D94C060660166
C:\Windows\System32\drivers\sermouse.sys 148195AE95D9BC7375A08846439FDAC1
C:\Windows\System32\drivers\sfloppy.sys 472B7A5AC181C050888DB454663DD764
C:\Windows\System32\drivers\SiSRaid2.sys 2F518D13DD6F3053837FE606F1A2EA1F
C:\Windows\System32\drivers\sisraid4.sys 1AC9A200A9C49C4508F04AAFFCA34A3F
C:\Windows\System32\drivers\spaceport.sys B45AE0970B2D66CCE756DE6989E23EEC
C:\Windows\System32\drivers\SpbCx.sys F337BE11071818FC3F5DC2940B6BDE34
C:\Windows\System32\Drivers\N360x64\1607000.04C\SRTSP64.SYS 050509118EFE916DE0FE07ED1E9BB9DA
C:\Windows\system32\drivers\N360x64\1607000.04C\SRTSPX64.SYS 27382B6CF36D08783212FCF8B3691649
C:\Windows\System32\DRIVERS\srv.sys 69DC128CF54009A686E0F0C57E2BA0DC
C:\Windows\System32\DRIVERS\srv2.sys CED8576CD925E83ABEB14F65EA205C29
C:\Windows\System32\DRIVERS\srvnet.sys 4396587119D8F4B72561ED24666E7567
C:\Windows\System32\drivers\stexstor.sys 366DEA74BBA65B362BCCFC6FC2ADFD8B
C:\Windows\System32\drivers\storahci.sys 0ED2E318ABB68C1A35A8B8038BDB4C90
C:\Windows\System32\drivers\vmstorfl.sys 8B9486B64E5FC17FB9CC04CA10B77A34
C:\Windows\System32\drivers\stornvme.sys 0EDD1F4D470C775740625B06A60C9DD5
C:\Windows\System32\drivers\storvsc.sys 548759755BC73DAD663250239D7E0B9F
C:\Windows\System32\drivers\swenum.sys 65454187E0F8B6C0DCECB0287D06EC43
C:\Windows\System32\drivers\N360x64\1607000.04C\SYMEFASI64.SYS 6ADFA39058484ADECCCF159627DC987E
C:\Windows\System32\drivers\N360x64\1607000.04C\SymELAM.sys 1DE0CBF15AC67AE0E5B456ADEFB89493
C:\windows\system32\Drivers\SYMEVENT64x86.SYS F612740A892E8F9E789A85DD92B51150
C:\Windows\system32\drivers\N360x64\1607000.04C\Ironx64.SYS 9458A37D3A38597FBF62F97E05B3170A
C:\Windows\System32\Drivers\N360x64\1607000.04C\SYMNETS.SYS 5A185256AE1689912B5EC53F69D53820
C:\Windows\System32\drivers\tcpip.sys 1C8560E3A37A9D4F25B7769C3E3D4163
C:\Windows\system32\DRIVERS\tcpip.sys 1C8560E3A37A9D4F25B7769C3E3D4163
C:\Windows\System32\drivers\tcpipreg.sys 41CF802064F72E55F50CA0A221FD36D4
C:\Windows\system32\DRIVERS\tdx.sys E0BD2D83875464FEEEB242CBA8B7E073
C:\Windows\System32\drivers\terminpt.sys 232D185D2337F141311D0CF1983E1431
C:\Windows\system32\drivers\tpm.sys 80A2FC1A089A71F2DBE5D8394FFB009F
C:\Windows\System32\drivers\tsusbflt.sys BF8F54CA37E9C9D6582C31C5761F8C93
C:\Windows\System32\drivers\TsUsbGD.sys 20185BEB7512EDE4EFECDFA148AC9F99
C:\Windows\system32\DRIVERS\tunnel.sys E85916632CD3B9E9B546968DB950BF42
C:\Windows\System32\drivers\uagp35.sys F6EEAD052943B5A3104C1405BB856C54
C:\Windows\System32\drivers\uaspstor.sys FE6067B1FD4E63650C667B33D080565B
C:\Windows\System32\drivers\ucx01000.sys 807F8CF3E973305FC435C61CBBEE2A49
C:\Windows\System32\DRIVERS\udfs.sys C61EAF8E1E4B2F62BA4FDF457440B2C6
C:\Windows\System32\drivers\UEFI.sys 9578691F297E1B1F519970FE6D47CB21
C:\Windows\System32\drivers\uliagpkx.sys 5EAB5117DDB24FC4D39E6FFFCF1837B9
C:\Windows\System32\drivers\umbus.sys DA34C39A18E60E7C3FA0630566408034
C:\Windows\System32\drivers\umpass.sys AE8294875E5446E359B1E8035D40C05E
C:\Windows\System32\drivers\usbccgp.sys FF78D053A05E5A394F4E3C1816CC65A8
C:\Windows\System32\drivers\usbcir.sys 0139248F6B95CF0D837B5B46A2722D40
C:\Windows\System32\drivers\usbehci.sys C996CBEF922B5653A01E3F50DDCE2F86
C:\Windows\System32\drivers\usbhub.sys CD81683F4553677B9BF5163A922153EB
C:\Windows\System32\drivers\UsbHub3.sys 5C90D5379B53590FBB24BBAD4FA682EE
C:\Windows\System32\drivers\usbohci.sys A0F0484C97D6441ED6A75D7426ECCC9E
C:\Windows\System32\drivers\usbprint.sys 4D655E3B684BE9B0F7FFD8A2935C348C
C:\Windows\System32\drivers\USBSTOR.SYS 9D168BFA334D47BE404367EB58D4E130
C:\Windows\System32\drivers\usbuhci.sys FC974B03C8B87455F44F734C8F31A3C8
C:\Windows\System32\Drivers\usbvideo.sys 5C8F604F6DC74177CDD8372D7B1ADFF0
C:\Windows\System32\drivers\USBXHCI.SYS 44603DA5A87FB491EF59C889EBBB4DDB
C:\Windows\System32\drivers\vdrvroot.sys FEB26E3B8345A7E8D62F945C4AE86562
C:\Windows\System32\drivers\VerifierExt.sys A026EDEAA5EECAE0B08E2748B616D4BD
C:\Windows\System32\drivers\vhdmp.sys 5DB4AFA10A488EC4DDB3DA09B0425BE5
C:\Windows\System32\drivers\viaide.sys 06D38968028E9AB19DE9B618C7B6D199
C:\Windows\System32\drivers\vmbus.sys 511AD3FF957A0127E6BD336FF6F89C38
C:\Windows\System32\drivers\VMBusHID.sys DA40BEA0A863CE768C940CA9723BF81F
C:\Windows\System32\drivers\volmgr.sys 436E1A724E7E683F6B612D3D58F04241
C:\Windows\System32\drivers\volmgrx.sys CCB9E901F7254BF96D28EB1B0E5329B7
C:\Windows\System32\drivers\volsnap.sys 17F7B0F2298D97F4B6C7A69511033D3D
C:\Windows\System32\drivers\vpci.sys DAC438FB5FF85A9E72806E2341D5D732
C:\Windows\System32\drivers\vsmraid.sys 4539F45F9F4C9757A86A56C949421E07
C:\Windows\System32\drivers\vstxraid.sys 0849B7260F26FE05EA56DED0672E2F4B
C:\Windows\System32\drivers\vwifibus.sys BE970C369E43B509C1EDA2B8FA7CECB0
C:\Windows\system32\DRIVERS\vwififlt.sys 6B26AD573CCDD5209DF4397438B76354
C:\Windows\system32\DRIVERS\vwifimp.sys 0B48E0DFB44EE475F4FD8A8EE599AF30
C:\Windows\System32\drivers\wacompen.sys 0910AB9ED404C1434E2D0376C2AD5D8B
C:\Windows\system32\drivers\WdBoot.sys 81285DDC994F03379DB46419300B2DCB
C:\Windows\System32\drivers\Wdf01000.sys CB6C63FF8342B467E2EF76E98D5B934D
C:\Windows\System32\drivers\WdFilter.sys 26B8FED3F3B85F5F0C4BD03FD00B9941
C:\Windows\System32\Drivers\WdNisDrv.sys CE67080F00E0AF32755096CEA6430ABA
C:\Windows\System32\DRIVERS\wfplwfs.sys 715ABA3DD164D06457A2A3C92F6EA9D5
C:\Windows\System32\drivers\wimmount.sys 5F66B7BB330AA80067FC66149A692620
C:\Windows\system32\DRIVERS\WinUsb.sys 3AF1FA17F1C4ACBDB660D8F98B1A9C13
C:\Windows\System32\drivers\wmiacpi.sys 2834D9D3B4F554A39C72F00EA3F0E128
C:\Windows\System32\Drivers\Wof.sys 7FC5667DF73D4B04AA457CC3A4180E09
C:\Windows\System32\DRIVERS\wpcfltr.sys A2468CC3509394A33C4C32F99563D845
C:\Windows\System32\drivers\WpdUpFltr.sys 9F2904B55F6CECCD1A8D986B5CE2609A
C:\Windows\system32\drivers\ws2ifsl.sys AE072B0339D0A18E455DC21666CAD572
C:\Windows\System32\drivers\WSDPrint.sys F586F3F1BF962FE9AE4316E0D896B22F
C:\Windows\system32\DRIVERS\WSDScan.sys 58035FD3369879E02D65989C44D27450
C:\Windows\System32\drivers\WudfPf.sys 481286719402E4BAEFEA0604AB1B5113
C:\Windows\System32\drivers\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F
C:\Windows\system32\DRIVERS\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F
C:\Windows\system32\DRIVERS\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F
C:\Windows\system32\DRIVERS\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-19 21:53 - 2016-08-19 21:53 - 00038250 _____ C:\Users\karen\Downloads\Shortcut.txt
2016-08-19 21:51 - 2016-08-19 21:51 - 00000000 ____D C:\Users\karen\Desktop\New folder
2016-08-19 21:14 - 2016-08-19 21:53 - 00025779 _____ C:\Users\karen\Downloads\Addition.txt
2016-08-19 21:13 - 2016-08-19 21:59 - 00039370 _____ C:\Users\karen\Downloads\FRST.txt
2016-08-19 21:12 - 2016-08-19 21:59 - 00000000 ____D C:\FRST
2016-08-19 21:12 - 2016-08-19 21:58 - 02395648 _____ (Farbar) C:\Users\karen\Downloads\FRST64.exe
2016-08-19 21:04 - 2016-08-19 21:04 - 00000000 ___RD C:\Users\karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-08-18 12:32 - 2016-08-19 21:44 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-18 12:32 - 2016-08-18 12:32 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-18 12:32 - 2016-08-18 12:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-18 12:31 - 2016-08-18 12:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-18 12:31 - 2016-08-18 12:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-18 12:31 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-18 12:31 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-18 12:31 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-08-18 12:29 - 2016-08-18 12:29 - 22851472 _____ (Malwarebytes ) C:\Users\karen\Downloads\mbam-setup-2.2.1.1043 (1).exe
2016-08-18 12:28 - 2016-08-18 12:33 - 00393216 _____ (Malwarebytes ) C:\Users\karen\Downloads\mbam-setup-2.2.1.1043.exe.uj1mwg1.partial
2016-08-17 09:07 - 2016-08-18 10:46 - 00185102 _____ C:\WINDOWS\ntbtlog.txt
2016-08-16 14:44 - 2016-08-19 21:05 - 00003392 _____ C:\WINDOWS\System32\Tasks\Driver Detective
2016-08-16 14:29 - 2016-08-16 14:35 - 00000000 ____D C:\NPE
2016-08-16 14:26 - 2016-08-16 14:43 - 00000000 ____D C:\Users\karen\AppData\Local\NPE
2016-08-11 09:07 - 2016-06-18 21:06 - 00590688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-08-11 09:07 - 2016-06-18 21:06 - 00072408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2016-08-11 09:07 - 2016-06-11 20:52 - 00379232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-11 09:07 - 2016-06-11 20:52 - 00057184 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2016-08-11 09:07 - 2016-06-11 19:05 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpresult.exe
2016-08-11 09:07 - 2016-06-11 18:14 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpresult.exe
2016-08-11 09:07 - 2016-06-11 17:50 - 00987136 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-11 09:07 - 2016-06-11 17:46 - 00482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2016-08-11 09:07 - 2016-06-11 17:44 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-08-11 09:07 - 2016-06-11 17:37 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-08-11 09:07 - 2016-06-11 17:24 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-11 09:07 - 2016-06-11 17:20 - 00413184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2016-08-11 09:07 - 2016-06-11 17:16 - 00626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-08-11 09:07 - 2016-06-11 04:44 - 00107984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-08-11 09:07 - 2016-06-11 04:44 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-08-11 09:07 - 2016-06-10 21:07 - 03820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-08-11 09:07 - 2016-06-10 21:03 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-08-11 09:07 - 2016-06-10 20:04 - 03547136 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-11 09:07 - 2016-06-10 19:11 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-08-11 09:07 - 2016-06-10 19:11 - 01487992 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-11 09:07 - 2016-06-10 19:11 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-11 09:07 - 2016-06-10 19:11 - 00125024 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptxml.dll
2016-08-11 09:07 - 2016-06-10 19:10 - 00099136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptxml.dll
2016-08-11 09:07 - 2016-06-10 19:07 - 03273728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-08-11 09:07 - 2016-06-10 19:04 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-08-11 09:07 - 2016-06-09 20:32 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2016-08-11 09:07 - 2016-06-09 19:18 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2016-08-11 09:07 - 2016-06-07 19:10 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\hbaapi.dll
2016-08-11 09:07 - 2016-06-07 18:13 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hbaapi.dll
2016-08-11 09:07 - 2016-06-04 01:38 - 01613528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-08-11 09:07 - 2016-06-04 01:37 - 01970968 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-08-11 09:07 - 2016-05-29 08:08 - 22361344 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-11 09:07 - 2016-05-28 19:31 - 19788688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-11 09:07 - 2016-05-18 22:54 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\certenc.dll
2016-08-11 09:07 - 2016-05-18 22:15 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certenc.dll
2016-08-11 09:07 - 2016-05-18 21:56 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2016-08-11 09:07 - 2016-05-18 21:28 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-08-11 09:07 - 2016-05-18 21:16 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-08-11 09:07 - 2016-05-14 21:26 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-11 09:07 - 2016-05-14 06:19 - 01134768 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-08-11 09:07 - 2016-05-14 00:08 - 00111616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-08-11 09:07 - 2016-05-14 00:08 - 00032768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2016-08-11 09:07 - 2016-05-13 23:24 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-08-11 09:07 - 2016-05-13 22:42 - 03667968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-11 09:07 - 2016-05-13 22:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2016-08-11 09:07 - 2016-05-13 22:26 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2016-08-11 09:07 - 2016-05-13 22:26 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-11 09:07 - 2016-05-13 22:16 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-11 09:07 - 2016-05-12 19:36 - 00034600 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserAccountBroker.exe
2016-08-11 09:07 - 2016-05-12 18:39 - 00030984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserAccountBroker.exe
2016-08-11 09:07 - 2016-05-06 22:59 - 00331608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2016-08-11 09:07 - 2016-05-06 18:13 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-08-11 09:07 - 2016-05-05 19:28 - 01661072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-11 09:07 - 2016-05-05 18:39 - 01212256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-11 09:07 - 2016-05-05 18:18 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2016-08-11 09:07 - 2016-05-05 18:02 - 03320832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-08-11 09:07 - 2016-05-05 17:37 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2016-08-11 09:07 - 2016-05-05 17:34 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-08-11 09:07 - 2016-05-05 17:29 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-08-11 09:07 - 2016-04-16 14:56 - 01080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-08-11 09:07 - 2016-04-10 06:35 - 00551256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-08-11 09:07 - 2016-04-09 23:15 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-08-11 09:07 - 2016-04-09 23:14 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Geolocation.dll
2016-08-11 09:07 - 2016-04-09 23:10 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2016-08-11 09:07 - 2016-04-09 23:09 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-08-11 09:07 - 2016-04-09 23:02 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2016-08-11 09:07 - 2016-04-09 22:59 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Geolocation.dll
2016-08-11 09:07 - 2016-04-09 22:59 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-08-11 09:07 - 2016-04-09 22:56 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-08-11 09:07 - 2016-04-09 22:55 - 00881152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-08-11 09:07 - 2016-04-09 22:52 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2016-08-11 09:07 - 2016-04-07 17:06 - 00927744 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-08-11 09:07 - 2016-04-06 22:21 - 00114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys
2016-08-11 09:07 - 2016-04-06 19:20 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-11 09:07 - 2016-04-06 19:17 - 18825216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-11 09:07 - 2016-04-06 17:25 - 15158272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-11 09:07 - 2016-04-05 23:37 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys
2016-08-11 09:07 - 2016-04-02 14:58 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-08-11 09:07 - 2016-04-01 18:40 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-08-11 09:07 - 2016-04-01 17:53 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-08-11 09:07 - 2016-04-01 17:50 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-08-11 09:07 - 2016-02-04 17:49 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-08-11 09:06 - 2016-05-18 21:33 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2016-08-11 09:06 - 2016-05-14 00:08 - 00032512 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2016-08-11 09:06 - 2016-05-13 22:30 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2016-08-11 09:06 - 2016-05-13 22:29 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2016-08-11 09:06 - 2016-05-13 22:27 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2016-08-11 09:06 - 2016-05-13 22:18 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2016-08-11 09:06 - 2016-05-13 22:18 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2016-08-11 09:06 - 2016-05-13 22:16 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2016-08-11 09:06 - 2016-05-05 16:28 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-08-11 09:06 - 2016-05-05 16:16 - 02464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-08-11 09:06 - 2016-02-04 17:57 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-08-11 09:06 - 2016-02-04 17:39 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-08-11 09:04 - 2016-07-08 15:18 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-08-11 09:02 - 2016-08-02 07:54 - 25808384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-11 09:02 - 2016-08-02 07:32 - 02894336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-11 09:02 - 2016-08-02 07:18 - 06047744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-11 09:02 - 2016-08-02 06:54 - 20343808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-11 09:02 - 2016-08-02 06:47 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-11 09:02 - 2016-08-02 06:28 - 15412224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-11 09:02 - 2016-08-02 06:23 - 02868224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-11 09:02 - 2016-08-02 06:11 - 13808128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-11 09:02 - 2016-08-02 06:10 - 01550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-11 09:02 - 2016-08-02 05:56 - 02393088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-11 09:02 - 2016-08-02 05:53 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-11 09:01 - 2016-08-02 07:31 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-08-11 09:01 - 2016-08-02 07:20 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2016-08-11 09:01 - 2016-08-02 07:18 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-08-11 09:01 - 2016-08-02 06:55 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-08-11 09:01 - 2016-08-02 06:51 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-08-11 09:01 - 2016-08-02 06:46 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-08-11 09:01 - 2016-08-02 06:41 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-08-11 09:01 - 2016-08-02 06:40 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-08-11 09:01 - 2016-08-02 06:39 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-11 09:01 - 2016-08-02 06:38 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-11 09:01 - 2016-08-02 06:38 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-11 09:01 - 2016-08-02 06:36 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-11 09:01 - 2016-08-02 06:21 - 04608000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-11 09:01 - 2016-08-02 06:20 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-08-11 09:01 - 2016-08-02 06:15 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-11 09:01 - 2016-08-02 06:15 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-11 09:01 - 2016-08-02 06:14 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-11 09:01 - 2016-08-02 05:59 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-11 09:01 - 2016-08-02 05:51 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-11 09:01 - 2016-07-12 15:08 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-11 09:01 - 2016-07-09 01:09 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-08-11 09:01 - 2016-07-09 01:08 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-08-11 09:01 - 2016-07-08 15:32 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-11 09:01 - 2016-07-08 15:25 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-11 09:01 - 2016-07-08 15:22 - 01445376 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-11 09:01 - 2016-07-08 15:19 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-08-11 09:01 - 2016-07-08 15:17 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-08-11 09:01 - 2016-07-07 23:33 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-08-11 09:01 - 2016-07-07 22:53 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-08-11 09:01 - 2016-07-07 21:06 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-08-11 09:01 - 2016-07-06 15:26 - 07793152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-11 09:01 - 2016-07-06 15:26 - 07075328 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-08-11 09:01 - 2016-07-06 15:23 - 05270016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-08-11 09:01 - 2016-07-06 15:21 - 05265920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-11 09:01 - 2016-05-19 00:18 - 00563024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-11 09:01 - 2016-05-19 00:18 - 00397232 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-08-11 09:01 - 2016-05-19 00:16 - 00178016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-11 09:01 - 2016-05-18 23:28 - 00340880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-08-05 23:38 - 2016-08-05 23:38 - 00000000 ____D C:\Users\karen\AppData\Roaming\Atheros
2016-08-05 23:38 - 2016-08-05 23:38 - 00000000 ____D C:\Users\karen\AppData\Local\BMExplorer
2016-08-05 23:38 - 2016-08-05 23:38 - 00000000 ____D C:\ProgramData\Atheros
2016-08-05 23:00 - 2016-08-05 23:00 - 00003132 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2016-08-05 22:59 - 2016-08-05 23:00 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-08-05 22:59 - 2016-08-05 22:59 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-08-05 22:59 - 2016-08-05 22:59 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-08-05 22:59 - 2016-08-05 22:59 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-08-05 22:59 - 2016-08-05 22:59 - 00000000 ____D C:\Program Files\Realtek
2016-08-05 22:59 - 2013-10-02 21:37 - 03678680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2016-08-05 22:59 - 2013-10-02 17:28 - 02586840 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkAPO64.dll
2016-08-05 22:59 - 2013-10-02 17:10 - 00617176 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2016-08-05 22:59 - 2013-10-02 14:07 - 00653829 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2016-08-05 22:59 - 2013-10-02 14:04 - 33917440 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2016-08-05 22:59 - 2013-10-01 18:17 - 00150744 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2016-08-05 22:59 - 2013-09-28 00:50 - 00209096 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2016-08-05 22:59 - 2013-09-26 16:11 - 01021656 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2016-08-05 22:59 - 2013-09-13 18:44 - 02080472 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2016-08-05 22:59 - 2013-09-10 04:02 - 06217904 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2016-08-05 22:59 - 2013-09-10 04:02 - 00313520 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2016-08-05 22:59 - 2013-09-10 04:01 - 01938608 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2016-08-05 22:59 - 2013-09-10 04:01 - 00260272 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2016-08-05 22:59 - 2013-09-09 15:32 - 05681192 _____ C:\WINDOWS\system32\Drivers\rtvienna.dat
2016-08-05 22:59 - 2013-08-20 20:17 - 02809048 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2016-08-05 22:59 - 2013-08-14 16:36 - 00662784 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2016-08-05 22:59 - 2013-08-14 16:35 - 00663296 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2016-08-05 22:59 - 2013-08-07 17:41 - 00113576 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2016-08-05 22:59 - 2013-08-06 09:47 - 00947248 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2016-08-05 22:59 - 2013-08-05 18:11 - 02743328 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2016-08-05 22:59 - 2013-07-24 10:07 - 02032896 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2016-08-05 22:59 - 2013-07-23 15:40 - 02103040 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2016-08-05 22:59 - 2013-07-23 15:39 - 14048512 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll
2016-08-05 22:59 - 2013-07-23 15:39 - 00922880 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2016-08-05 22:59 - 2013-04-24 17:16 - 01662024 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2016-08-05 22:59 - 2013-02-20 18:55 - 01284680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2016-08-05 22:59 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2016-08-05 22:59 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2016-08-05 22:59 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2016-08-05 22:59 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2016-08-05 22:59 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2016-08-05 22:59 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2016-08-05 22:59 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2016-08-05 22:59 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2016-08-05 22:59 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2016-08-05 22:59 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2016-08-05 22:59 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2016-08-05 22:59 - 2011-08-23 17:00 - 00603984 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll
2016-08-05 22:59 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2016-08-05 22:59 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2016-08-05 22:59 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2016-08-05 22:59 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2016-08-05 22:59 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2016-08-05 22:59 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2016-08-05 22:59 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2016-08-05 22:59 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2016-08-05 22:59 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2016-08-05 22:59 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2016-08-05 22:59 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2016-08-05 22:59 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2016-08-05 22:59 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2016-08-05 22:59 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2016-08-05 22:59 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2016-08-05 22:59 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2016-08-05 22:59 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2016-08-05 22:59 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2016-08-05 22:59 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2016-08-05 22:59 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2016-08-05 22:59 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2016-08-05 22:59 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2016-08-05 22:59 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2016-08-05 22:59 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2016-08-05 22:59 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2016-08-05 22:55 - 2013-08-28 00:44 - 00085828 ____N C:\WINDOWS\system32\athwbx.cat
2016-08-05 22:55 - 2013-08-15 20:13 - 03859968 ____N (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\athwbx.sys
2016-08-05 22:55 - 2013-08-15 20:13 - 03859968 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athwbx.sys
2016-08-05 22:54 - 2016-08-05 22:54 - 00000000 ____D C:\Program Files\Elantech
2016-08-05 22:54 - 2013-07-26 15:07 - 00827096 _____ (Realtek ) C:\WINDOWS\system32\Drivers\Rt630x64.sys
2016-08-05 22:54 - 2013-07-26 15:07 - 00074456 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2016-08-05 22:53 - 2016-08-05 22:54 - 00005310 _____ C:\IFRToolLog.txt
2016-08-05 22:49 - 2016-08-05 23:38 - 00000000 ____D C:\Users\karen\Documents\Bluetooth Folder
2016-08-05 22:48 - 2016-08-05 22:51 - 00000000 ____D C:\Program Files\Common Files\QCA_Bluetooth
2016-08-05 22:48 - 2016-08-05 22:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
2016-08-05 22:48 - 2016-08-05 22:49 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite
2016-08-05 22:46 - 2016-08-05 22:47 - 00000000 ____D C:\WINDOWS\RSTLog
2016-08-05 22:46 - 2013-09-16 12:20 - 00016344 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelMEFWVer.dll
2016-08-05 22:45 - 2016-08-05 23:42 - 00000000 ____D C:\ProgramData\Intel
2016-08-05 22:45 - 2016-08-05 22:47 - 00000000 ____D C:\Program Files\Intel
2016-08-05 22:44 - 2016-08-05 22:44 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2016-08-05 22:43 - 2016-08-05 22:43 - 00003434 _____ C:\WINDOWS\System32\Tasks\Settings
2016-08-05 22:43 - 2016-08-05 22:43 - 00002039 _____ C:\Users\Public\Desktop\Online Support(S Service).lnk
2016-08-05 22:43 - 2016-08-05 22:43 - 00000000 ____D C:\Users\karen\AppData\Roaming\Samsung
2016-08-05 22:43 - 2016-08-05 22:43 - 00000000 ____D C:\Program Files\DIFX
2016-08-05 22:42 - 2016-08-05 22:42 - 00002044 _____ C:\Users\Public\Desktop\Settings.lnk
2016-08-05 22:42 - 2014-01-29 13:20 - 00024968 _____ (Samsung Electronics Co. Ltd.) C:\WINDOWS\SysWOW64\wsabi.dll
2016-08-05 22:42 - 2014-01-29 13:20 - 00008072 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\SysWOW64\wmof64.dll
2016-08-05 14:46 - 2016-08-06 00:03 - 00001910 _____ C:\Users\Public\Desktop\Samsung Update.lnk
2016-08-04 00:36 - 2016-08-04 00:36 - 00000000 ____D C:\Users\karen\Documents\HeroBlade Logs
2016-08-04 00:36 - 2016-08-04 00:36 - 00000000 ____D C:\Users\karen\AppData\Local\SWTOR
2016-07-18 13:21 - 2016-05-25 14:22 - 00875712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2016-07-18 13:21 - 2016-05-25 14:22 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2016-07-18 13:21 - 2016-05-25 14:12 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2016-07-18 13:21 - 2016-05-25 14:12 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2016-07-16 19:55 - 2016-06-25 21:05 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-07-16 19:55 - 2016-06-22 14:48 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2016-07-16 19:55 - 2016-06-21 14:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-07-16 19:55 - 2016-06-21 14:48 - 01208320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-07-16 19:55 - 2016-06-21 14:48 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-07-16 19:55 - 2016-06-21 14:48 - 00544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-07-16 19:55 - 2016-06-21 14:48 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-07-16 19:55 - 2016-06-21 14:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-07-16 19:55 - 2016-06-21 14:48 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-07-13 16:03 - 2016-06-25 19:13 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2016-07-13 16:03 - 2016-06-25 17:24 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2016-07-13 16:03 - 2016-06-25 17:15 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-07-13 16:03 - 2016-06-25 17:13 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-07-13 16:03 - 2016-06-25 17:05 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2016-07-13 16:03 - 2016-06-21 19:32 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2016-07-13 16:03 - 2016-06-21 15:12 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2016-07-13 16:03 - 2016-06-11 20:45 - 07445856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-07-13 16:03 - 2016-01-30 20:50 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2016-07-13 16:03 - 2016-01-30 20:00 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2016-07-13 16:03 - 2016-01-30 19:48 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2016-07-13 16:03 - 2016-01-30 19:18 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2016-07-13 16:03 - 2016-01-30 18:48 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2016-07-13 16:03 - 2016-01-30 18:41 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2016-07-13 16:02 - 2016-06-11 18:22 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-07-13 16:02 - 2016-06-11 18:21 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2016-07-13 16:02 - 2016-06-11 18:20 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-07-13 16:02 - 2016-06-11 17:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-07-13 16:02 - 2016-06-11 17:43 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-07-13 16:02 - 2016-06-11 17:33 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-06-30 15:46 - 2016-06-30 15:46 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2016-06-30 15:38 - 2016-06-30 15:38 - 00003206 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2016-06-30 15:38 - 2016-06-30 15:38 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2016-06-21 16:25 - 2016-07-02 05:29 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-06-21 16:25 - 2016-07-02 05:29 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-15 14:31 - 2016-04-12 16:46 - 14467584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-15 14:31 - 2016-04-12 16:30 - 12879872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-15 14:18 - 2016-01-31 20:17 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2016-06-15 14:18 - 2016-01-31 19:07 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2016-06-15 14:17 - 2016-06-03 18:11 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-06-15 11:32 - 2016-05-18 06:31 - 00372568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-15 11:32 - 2016-05-18 06:31 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-15 11:32 - 2016-05-14 00:07 - 00675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-15 11:32 - 2016-05-14 00:07 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-15 11:32 - 2016-05-14 00:06 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-15 11:32 - 2016-05-14 00:04 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-15 11:32 - 2016-05-13 23:19 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-15 11:32 - 2016-05-12 19:38 - 00135336 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-15 11:32 - 2016-05-12 18:43 - 00115704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2016-06-15 11:32 - 2016-05-12 17:17 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-15 11:32 - 2016-05-12 17:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-15 11:32 - 2016-05-12 17:07 - 01360896 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-15 11:32 - 2016-05-12 16:59 - 00398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-15 11:32 - 2016-05-12 16:43 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-15 11:32 - 2016-05-12 16:37 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-15 11:32 - 2016-05-06 16:45 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-15 11:32 - 2016-05-06 16:23 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-15 11:30 - 2016-05-19 00:15 - 01379040 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-15 11:30 - 2016-05-18 21:35 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-15 11:30 - 2016-05-14 21:01 - 00363104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-15 11:30 - 2016-05-14 21:01 - 00320720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-15 11:30 - 2016-05-14 00:07 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-15 11:30 - 2016-05-13 22:58 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-15 11:30 - 2016-05-13 22:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-05-31 16:53 - 2016-06-02 20:11 - 00000000 ____D C:\Users\karen\Documents\Callum IGNORE

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-19 21:27 - 2013-10-02 15:14 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2798866812-108762286-1726297710-1001
2016-08-19 21:18 - 2015-12-16 15:27 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-08-19 21:07 - 2015-06-24 14:51 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{35D268C4-3BF7-4AC8-927C-3050817993BD}
2016-08-19 21:04 - 2015-06-24 14:27 - 00000000 ___RD C:\Users\karen\OneDrive
2016-08-19 16:45 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-19 16:44 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-08-19 16:38 - 2013-10-02 15:55 - 00000000 ____D C:\Users\karen\Documents\Outlook Files
2016-08-19 16:37 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-08-19 12:31 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-08-19 12:00 - 2013-12-11 21:55 - 00000944 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2798866812-108762286-1726297710-1001UA.job
2016-08-18 13:03 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-18 12:51 - 2014-01-15 19:12 - 00000000 ____D C:\ProgramData\APN
2016-08-17 10:30 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-16 14:44 - 2014-01-15 19:13 - 00004374 _____ C:\WINDOWS\System32\Tasks\Driver Detective-RTMScan
2016-08-16 14:44 - 2014-01-15 19:13 - 00003842 _____ C:\WINDOWS\System32\Tasks\Driver Detective-RTMUpdater
2016-08-16 14:44 - 2014-01-15 19:13 - 00003826 _____ C:\WINDOWS\System32\Tasks\Driver Detective-RTMRules
2016-08-16 14:44 - 2014-01-15 19:13 - 00000000 ____D C:\ProgramData\UAB
2016-08-16 14:30 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-08-16 14:26 - 2013-10-04 10:46 - 00000000 ____D C:\ProgramData\Norton
2016-08-16 14:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2016-08-16 10:23 - 2013-10-04 11:18 - 00000000 ____D C:\Users\karen\AppData\Local\CrashDumps
2016-08-14 21:00 - 2013-12-11 21:55 - 00000922 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2798866812-108762286-1726297710-1001Core.job
2016-08-13 20:38 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-13 20:38 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-12 12:04 - 2013-08-22 15:44 - 00410416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-12 12:00 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-08-12 12:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-08-12 12:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-08-11 09:10 - 2013-10-03 10:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-11 09:07 - 2013-10-03 10:52 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-11 09:06 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-05 23:42 - 2015-06-24 12:58 - 00000000 ____D C:\Program Files (x86)\Intel
2016-08-05 23:42 - 2014-11-22 02:01 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-05 22:59 - 2012-11-02 00:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-08-05 22:59 - 2012-11-02 00:06 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-08-05 22:57 - 2012-11-02 00:07 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2016-08-05 22:43 - 2012-11-02 00:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2016-08-05 22:43 - 2012-11-02 00:08 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-08-04 04:33 - 2014-07-26 10:20 - 00000000 _____ C:\end
2016-08-03 23:24 - 2014-07-26 10:33 - 00000000 ____D C:\ProgramData\BitRaider
2016-07-27 22:51 - 2014-12-27 15:22 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-07-22 17:23 - 2015-06-24 13:44 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-07-22 17:23 - 2015-06-24 13:44 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-07-22 17:18 - 2014-11-22 01:45 - 00000000 ____D C:\Program Files\Windows Journal

==================== Files in the root of some directories =======

2016-08-05 22:59 - 2016-08-05 22:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-02-03 09:45 - 2013-02-21 17:59 - 2063240 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2015-02-03 09:45 - 2013-01-13 00:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml

Some files in TEMP:
====================
C:\Users\karen\AppData\Local\Temp\uninstall.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {1d368fb9-24fe-11e2-be68-806e6f6e6963}
                        {1d368faf-24fe-11e2-be68-806e6f6e6963}
                        {1d368fb2-24fe-11e2-be68-806e6f6e6963}
                        {1d368fb3-24fe-11e2-be68-806e6f6e6963}
                        {1d368fb5-24fe-11e2-be68-806e6f6e6963}
                        {1d368fb6-24fe-11e2-be68-806e6f6e6963}
                        {1d368fb7-24fe-11e2-be68-806e6f6e6963}
                        {1d368fb8-24fe-11e2-be68-806e6f6e6963}
timeout                 0

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  en-GB
inherit                 {globalsettings}
default                 {current}
resumeobject            {651602a6-248b-11e2-9c53-e8039a34e4cf}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Firmware Application (101fffff)
-------------------------------
identifier              {1d368faf-24fe-11e2-be68-806e6f6e6963}
description             Setup

Firmware Application (101fffff)
-------------------------------
identifier              {1d368fb0-24fe-11e2-be68-806e6f6e6963}
description             Boot Menu

Firmware Application (101fffff)
-------------------------------
identifier              {1d368fb1-24fe-11e2-be68-806e6f6e6963}
description             Recovery

Firmware Application (101fffff)
-------------------------------
identifier              {1d368fb2-24fe-11e2-be68-806e6f6e6963}
description             SATA HDD:

Firmware Application (101fffff)
-------------------------------
identifier              {1d368fb3-24fe-11e2-be68-806e6f6e6963}
description             SATA CD:

Firmware Application (101fffff)
-------------------------------
identifier              {1d368fb4-24fe-11e2-be68-806e6f6e6963}
description             CD-ROM:

Firmware Application (101fffff)
-------------------------------
identifier              {1d368fb5-24fe-11e2-be68-806e6f6e6963}
description             USB CD:

Firmware Application (101fffff)
-------------------------------
identifier              {1d368fb6-24fe-11e2-be68-806e6f6e6963}
description             USB FDD:

Firmware Application (101fffff)
-------------------------------
identifier              {1d368fb7-24fe-11e2-be68-806e6f6e6963}
description             USB HDD:

Firmware Application (101fffff)
-------------------------------
identifier              {1d368fb8-24fe-11e2-be68-806e6f6e6963}
description             NETWORK:

Firmware Application (101fffff)
-------------------------------
identifier              {1d368fb9-24fe-11e2-be68-806e6f6e6963}
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager

Windows Boot Loader
-------------------
identifier              {65160297-248b-11e2-9c53-e8039a34e4cf}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{65160298-248b-11e2-9c53-e8039a34e4cf}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-us
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{65160298-248b-11e2-9c53-e8039a34e4cf}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.efi
description             Windows 8.1
locale                  en-GB
inherit                 {bootloadersettings}
recoverysequence        {651602a8-248b-11e2-9c53-e8039a34e4cf}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {651602a6-248b-11e2-9c53-e8039a34e4cf}
nx                      OptIn
bootmenupolicy          Standard
bootlog                 No

Windows Boot Loader
-------------------
identifier              {651602a8-248b-11e2-9c53-e8039a34e4cf}
device                  ramdisk=[\Device\HarddiskVolume5]\Recovery\WindowsRE\Winre.wim,{651602a9-248b-11e2-9c53-e8039a34e4cf}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-GB
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[\Device\HarddiskVolume5]\Recovery\WindowsRE\Winre.wim,{651602a9-248b-11e2-9c53-e8039a34e4cf}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {65160299-248b-11e2-9c53-e8039a34e4cf}
device                  partition=C:
path                    \windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-GB
inherit                 {resumeloadersettings}
recoverysequence        {65160297-248b-11e2-9c53-e8039a34e4cf}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {651602a6-248b-11e2-9c53-e8039a34e4cf}
device                  partition=C:
path                    \WINDOWS\system32\winresume.efi
description             Windows Resume Application
locale                  en-GB
inherit                 {resumeloadersettings}
recoverysequence        {651602a8-248b-11e2-9c53-e8039a34e4cf}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-GB
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 No

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}
badmemorylist           0x10007

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {65160298-248b-11e2-9c53-e8039a34e4cf}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {651602a5-248b-11e2-9c53-e8039a34e4cf}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {651602a9-248b-11e2-9c53-e8039a34e4cf}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume5
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

 

LastRegBack: 2016-08-19 21:27

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-08-2016
Ran by karen (19-08-2016 21:59:38)
Running from C:\Users\karen\Downloads
Windows 8.1 (Update) (X64) (2015-06-24 13:24:10)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2798866812-108762286-1726297710-500 - Administrator - Disabled)
Guest (S-1-5-21-2798866812-108762286-1726297710-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2798866812-108762286-1726297710-1003 - Limited - Enabled)
karen (S-1-5-21-2798866812-108762286-1726297710-1001 - Administrator - Enabled) => C:\Users\karen

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Banished v1.0.0 64-bit (HKLM\...\{72C32B02-0B78-45F8-8528-2C93F62A7B47}) (Version: 1.0.0 - Shining Rock Software LLC)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon MG2900 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2900_series) (Version: 1.00 - Canon Inc.)
Canon MG2900 series On-screen Manual (HKLM-x32\...\Canon MG2900 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon MG2900 series User Registration (HKLM-x32\...\Canon MG2900 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.)
CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414) (Version:  - Canon Inc.)
Driver Detective (HKLM-x32\...\{5D6D605B-E4B7-490B-A794-9284BC3D2A8B}) (Version: 8.1 - PC Drivers HeadQuarters)
ETDWare X64 11.7.18.2_WHQL (HKLM\...\Elantech) (Version: 11.7.18.2 - ELAN Microelectronic Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 22.7.0.76 - Symantec Corporation)
Online Support(S Service) (HKLM-x32\...\{C8996970-A56E-4659-B01B-CCB7097C4E59}) (Version: 1.1 - Samsung Electronics Co., Ltd.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7055 - Realtek Semiconductor Corp.)
S Agent (Version: 1.1.58 - Samsung Electronics Co., Ltd.) Hidden
Samsung Update (HKLM-x32\...\{0BC4AC38-E7C5-4394-A6BD-32CDCE2C8B9D}) (Version: 2.2.36 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 11.0.0.22 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (08/23/2013 6.2.8400.4218) (HKLM\...\26BFE384C802803107F583AE1A739E4FEB56134B) (Version: 08/23/2013 6.2.8400.4218 - Samsung Electronics Co. Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0076D6DB-CD07-4338-AC61-003144EAAA5C} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2016-06-17] (Symantec Corporation)
Task: {25597DAC-80A6-488C-AEC4-608FECB05A74} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2798866812-108762286-1726297710-1001UA => C:\Users\karen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-11] (Facebook Inc.)
Task: {33995079-70AA-4576-8255-A598FC0E50A0} - System32\Tasks\Driver Detective-RTMUpdater => C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2016-08-16] (PC Drivers Headquarters)
Task: {524C2E24-4330-4419-854B-80146B226236} - System32\Tasks\Driver Detective-RTMScanRunOnce => C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2016-08-16] (PC Drivers Headquarters)
Task: {537EDA34-BCDE-4B8E-B7AF-9488C752B801} - System32\Tasks\Driver Detective-RTMScan => C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2016-08-16] (PC Drivers Headquarters)
Task: {6B8C995E-DE0E-451A-9FD2-1BFE2B7A8A9D} - System32\Tasks\Driver Detective => C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2016-08-16] (PC Drivers Headquarters)
Task: {8178FF78-ED68-443E-B5DB-23D1929F3C89} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {9C4652F6-2887-4C59-96A3-8352340A64DB} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-09-30] (Realtek Semiconductor)
Task: {AFBBBA2E-379C-4FF0-A0A3-18EC80366BAE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2798866812-108762286-1726297710-1001Core => C:\Users\karen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-11] (Facebook Inc.)
Task: {B036A33E-FA47-44BD-B287-78FCB7572FB6} - System32\Tasks\SUPatchForW10Up => C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe [2015-08-18] (Samsung Electronics CO., LTD.)
Task: {BADC428E-A86C-4B4D-9B90-9AE544C620A9} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\WSCStub.exe [2016-06-17] (Symantec Corporation)
Task: {C86848DC-52EA-48D5-BE78-72A4088A9855} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2016-02-24] (Samsung Electronics Co., Ltd.)
Task: {C9B07908-321E-483D-8A11-0B4F117AE08B} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {E63965F3-3340-4179-BA50-E2BF9D950400} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-11] (Microsoft Corporation)
Task: {F4F35A2A-4D52-430C-AA39-0873E6FB815A} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2014-01-29] (Samsung Electronics CO., LTD.)
Task: {F5C52E10-A7CA-4A5C-B4E5-17A6CAE29A03} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {F93512DD-8A03-43AC-9509-DCF2AC8734B1} - System32\Tasks\Driver Detective-RTMRules => C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2016-08-16] (PC Drivers Headquarters)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2798866812-108762286-1726297710-1001Core.job => C:\Users\karen\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2798866812-108762286-1726297710-1001UA.job => C:\Users\karen\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-01-29 13:20 - 2014-01-29 13:20 - 00084800 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2016-08-16 14:44 - 2016-08-16 14:44 - 00369792 _____ () C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\Agent.Common.XmlSerializers.dll
2013-09-19 10:30 - 2016-08-16 14:43 - 00817280 _____ () C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\ThemePack.Default.dll
2013-09-19 10:31 - 2016-08-16 14:43 - 00496768 _____ () C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\Agent.Communication.XmlSerializers.dll
2013-09-25 03:04 - 2013-09-25 03:04 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-25 03:01 - 2013-09-25 03:01 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-25 03:08 - 2013-09-25 03:08 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-01-29 23:02 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-08-05 22:44 - 2013-09-16 12:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00027968 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 01141056 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00059712 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00102720 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2798866812-108762286-1726297710-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-2798866812-108762286-1726297710-1001\...\driversupport.com -> hxxps://apps.driversupport.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2798866812-108762286-1726297710-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{EF5864EC-76B0-4363-9369-7C2EC030CA5D}] => (Allow) C:\Users\karen\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{FA2F27EB-5FAB-43EE-BFA9-4104A48DC246}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{561C4074-9AEB-448A-9908-CBC578BDA869}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{9B419A32-F13F-4415-A6FD-A203DB4174C1}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{C490084A-FBE8-4BE4-8F7F-A8E16F7EE5C0}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{F4CCCBDC-CE17-4BE3-B3F0-D9F459D39356}] => (Allow) C:\Users\karen\AppData\Local\Temp\7zS5C58.tmp\SymNRT.exe
FirewallRules: [{C6A80270-BC44-487B-86BF-7CA769074E62}] => (Allow) C:\Users\karen\AppData\Local\Temp\7zS5C58.tmp\SymNRT.exe

==================== Restore Points =========================

04-08-2016 04:23:50 Scheduled Checkpoint
05-08-2016 14:44:53 Installed Samsung Update
11-08-2016 09:04:16 Windows Update
17-08-2016 10:29:22 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/19/2016 04:40:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OUTLOOK.EXE version 14.0.7172.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 143c

Start Time: 01d1fa2fb2179423

Termination Time: 19

Application Path: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

Report Id: 26fc9570-6623-11e6-bef2-50b7c3f8c018

Faulting package full name:

Faulting package-relative application ID:

Error: (08/19/2016 11:56:10 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (08/19/2016 11:20:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1838

Start Time: 01d1f9805ee9ba24

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 80cc917e-65f6-11e6-bef1-50b7c3f8c018

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (08/18/2016 12:00:05 PM) (Source: Google Update) (EventID: 20) (User: COMPASS)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook...maha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http s

Error: (08/18/2016 11:21:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SWMAgent.exe, version: 2.2.7.24, time stamp: 0x573310de
Faulting module name: ntdll.dll, version: 6.3.9600.18233, time stamp: 0x56bb4e1d
Exception code: 0xc0000005
Fault offset: 0x0001dd93
Faulting process ID: 0x6b0
Faulting application start time: 0xSWMAgent.exe0
Faulting application path: SWMAgent.exe1
Faulting module path: SWMAgent.exe2
Report ID: SWMAgent.exe3
Faulting package full name: SWMAgent.exe4
Faulting package-relative application ID: SWMAgent.exe5

Error: (08/18/2016 09:00:05 AM) (Source: Google Update) (EventID: 20) (User: COMPASS)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook...maha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http s

Error: (08/16/2016 01:38:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b88

Start Time: 01d1f7ba69c9a7a5

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 5dc3eede-63ae-11e6-beed-50b7c3f8c018

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (08/16/2016 10:23:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Toolbar.exe, version: 21.17.3.7808, time stamp: 0x5744a963
Faulting module name: so.dll_unloaded, version: 21.17.3.7808, time stamp: 0x5744a959
Exception code: 0xc0000005
Fault offset: 0x00004170
Faulting process ID: 0x11b4
Faulting application start time: 0xToolbar.exe0
Faulting application path: Toolbar.exe1
Faulting module path: Toolbar.exe2
Report ID: Toolbar.exe3
Faulting package full name: Toolbar.exe4
Faulting package-relative application ID: Toolbar.exe5

Error: (08/16/2016 10:23:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Toolbar.exe, version: 21.17.3.7808, time stamp: 0x5744a963
Faulting module name: so.dll_unloaded, version: 21.17.3.7808, time stamp: 0x5744a959
Exception code: 0xc0000005
Fault offset: 0x00004170
Faulting process ID: 0x874
Faulting application start time: 0xToolbar.exe0
Faulting application path: Toolbar.exe1
Faulting module path: Toolbar.exe2
Report ID: Toolbar.exe3
Faulting package full name: Toolbar.exe4
Faulting package-relative application ID: Toolbar.exe5

Error: (08/16/2016 09:28:17 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

System errors:
=============
Error: (08/18/2016 11:24:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SW Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/18/2016 11:21:57 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SWUpdateService service.

Error: (08/18/2016 11:20:10 AM) (Source: DCOM) (EventID: 10005) (User: COMPASS)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/18/2016 11:18:02 AM) (Source: DCOM) (EventID: 10005) (User: COMPASS)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/18/2016 11:17:25 AM) (Source: DCOM) (EventID: 10005) (User: COMPASS)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/18/2016 11:17:25 AM) (Source: DCOM) (EventID: 10005) (User: COMPASS)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/18/2016 11:17:25 AM) (Source: DCOM) (EventID: 10005) (User: COMPASS)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/18/2016 11:17:25 AM) (Source: DCOM) (EventID: 10005) (User: COMPASS)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/18/2016 11:17:21 AM) (Source: DCOM) (EventID: 10005) (User: COMPASS)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/18/2016 11:17:09 AM) (Source: DCOM) (EventID: 10005) (User: COMPASS)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

==================== Memory info ===========================

Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 35%
Total physical RAM: 5843.54 MB
Available physical RAM: 3758.96 MB
Total Virtual: 8147.54 MB
Available Virtual: 5815.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:905.82 GB) (Free:830.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0B48BC19)

Partition: GPT.

==================== End of Addition.txt ============================

 

 


  • 1

Advertisements


#2
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Hi wishlist1,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

  • Please read all of my response through at least once before attempting to follow the procedures described.  I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.  If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed.   We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.  All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.  If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.  Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.  Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


- Save ALL Tools to your Desktop-

 

All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

Quoted from and used by permission of BrianDrab.  Thank you.

Let's get started....


FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Driver Detective

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.  

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>

Please move the FRST64.exe file from Downloads to your desktop.  The file is loacated in C:\Users\karen\Downloads.  Right click on the file and select CUT.  Then go to your desktop, right click on a blank spot
and select PASTE.  FRST64.exe should now be on your desktop; we will remove this and any other tools from your desktop when we are finished.

Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter.  Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt



Start
CreateRestorePoint:
CloseProcesses:
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
Task: {33995079-70AA-4576-8255-A598FC0E50A0} - System32\Tasks\Driver Detective-RTMUpdater => C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2016-08-16] (PC Drivers Headquarters)
Task: {524C2E24-4330-4419-854B-80146B226236} - System32\Tasks\Driver Detective-RTMScanRunOnce => C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2016-08-16] (PC Drivers Headquarters)
Task: {537EDA34-BCDE-4B8E-B7AF-9488C752B801} - System32\Tasks\Driver Detective-RTMScan => C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2016-08-16] (PC Drivers Headquarters)
Task: {6B8C995E-DE0E-451A-9FD2-1BFE2B7A8A9D} - System32\Tasks\Driver Detective => C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2016-08-16] (PC Drivers Headquarters)
Task: {8178FF78-ED68-443E-B5DB-23D1929F3C89} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {F93512DD-8A03-43AC-9509-DCF2AC8734B1} - System32\Tasks\Driver Detective-RTMRules => C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2016-08-16] (PC Drivers Headquarters)
IE trusted site: HKU\S-1-5-21-2798866812-108762286-1726297710-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-2798866812-108762286-1726297710-1001\...\driversupport.com -> hxxps://apps.driversupport.com
2016-08-05 22:59 - 2016-08-05 22:59 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-08-16 14:44 - 2014-01-15 19:13 - 00004374 _____ C:\WINDOWS\System32\Tasks\Driver Detective-RTMScan
2016-08-16 14:44 - 2014-01-15 19:13 - 00003842 _____ C:\WINDOWS\System32\Tasks\Driver Detective-RTMUpdater
2016-08-16 14:44 - 2014-01-15 19:13 - 00003826 _____ C:\WINDOWS\System32\Tasks\Driver Detective-RTMRules
2016-08-16 14:44 - 2014-01-15 19:13 - 00000000 ____D C:\ProgramData\UAB
C:\Program Files (x86)\PC Drivers HeadQuarters
C:\Users\karen\AppData\Local\Temp\uninstall.exe
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start FRST that is on the desktop by double clicking on file.  If the UAC prompt appears, please allow the program to run.  Once loaded, wait for the tool to inform you it is ready to use and press the Fix button just once and wait.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Information to Reply with >>>>


  • How did the uninstall go?  Any problems or errors?
  • The Fixlog.txt file text posted.
  • Any questions or concerns you have.  How is the system running now?

 

 


  • 0

#3
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP