#1
Posted 31 January 2017 - 01:08 AM
Supermatt01
-
- Member
-
- 45 posts
Member
#2
Posted 31 January 2017 - 06:08 AM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
Somehow you lost the formatting. Perhaps you opened them in something besides notepad? Can you just attach the files?
#3
Posted 31 January 2017 - 07:13 PM
Supermatt01
- Topic Starter
-
- Member
-
- 45 posts
Member
yes, I used note pad. Maybe it is a windows 10 issue? I also have noticed that my keyboard has randomly been remapped a bit. a few of the keys shift + key functions have been changed.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2017
Ran by axioo (administrator) on SUPERLITE01 (31-01-2017 14:03:30)
Running from C:\Users\axioo\Desktop
Loaded Profiles: axioo (Available Profiles: axioo)
Platform: Microsoft Windows 10 Home Single Language Version 1511 (X86) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) D:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
() C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) D:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Zemana Ltd.) D:\Program Files\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Zemana Ltd.) D:\Program Files\Zemana AntiMalware\ZAM.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) D:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [103528 2015-07-30] (Intel Corporation)
HKLM\...\Run: [ZAM] => D:\Program Files\Zemana AntiMalware\ZAM.exe [14188272 2017-01-23] (Zemana Ltd.)
HKU\S-1-5-21-4294006291-3268964387-4160186193-1001\...\Run: [GoogleChromeAutoLaunch_6D5FAFE76E7B8F5F074A15E9348D3D0B] => D:\Program Files\Google\Chrome\Application\chrome.exe [945496 2017-01-25] (Google Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{902cb5f3-005d-4eec-a7b8-7173bc339658}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{ee634c6c-f4c3-45be-97cd-f1135cfa0d39}: [DhcpNameServer] 140.0.223.250 111.94.159.250 61.247.0.133
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-06-13] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe
FireFox:
========
FF Plugin: @microsoft.com/Lync,version=15.0 -> D:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-06-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> D:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2017-01-31] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> D:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2017-01-31] (Google Inc.)
FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-06-13] (Microsoft Corporation)
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://duckduckgo.com/"
CHR Profile: C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default [2017-01-31]
CHR Extension: (Google Slides) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-31]
CHR Extension: (Beatlab) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\alnfdikmbdfgkcbdodjcbmedanjinmkk [2017-01-31]
CHR Extension: (Google Docs) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-31]
CHR Extension: (Google Drive) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-31]
CHR Extension: (DuckDuckGo Search) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2017-01-31]
CHR Extension: (Audiotool) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2017-01-31]
CHR Extension: (YouTube) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-31]
CHR Extension: (Dragon Web Extension) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddaloccgjfibfpkalenodgehlhkgoahe [2017-01-31]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-01-31]
CHR Extension: (Google Sheets) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-31]
CHR Extension: (Google Docs Offline) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-31]
CHR Extension: (AdBlock) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-31]
CHR Extension: (Tab Cookies) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\iahecghojagkcoehfhfknajofkokndjm [2017-01-31]
CHR Extension: (Flat - Music scores and guitar tabs editor) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgfkpiieempkmppimblkblmlcmbdkbcg [2017-01-31]
CHR Extension: (Ghostery) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-01-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-31]
CHR Extension: (Gmail) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-31]
CHR Extension: (Chrome Media Router) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-31]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 BTDevManager; C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe [147160 2015-07-16] ()
R3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [290208 2015-07-30] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [108648 2015-07-30] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [105576 2015-07-30] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [115816 2015-07-30] (Intel Corporation)
S2 gupdate; D:\Program Files\Google\Update\GoogleUpdate.exe [153752 2017-01-31] (Google Inc.)
S3 gupdatem; D:\Program Files\Google\Update\GoogleUpdate.exe [153752 2017-01-31] (Google Inc.)
R2 HitmanProScheduler; D:\Program Files\HitmanPro\hmpsched.exe [106280 2017-01-31] (SurfRight B.V.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [283552 2015-07-30] (Intel Corporation)
R3 WdNisSvc; D:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation)
R2 WinDefend; D:\Program Files\Windows Defender\MsMpEng.exe [23256 2015-10-30] (Microsoft Corporation)
S3 WMPNetworkSvc; D:\Program Files\Windows Media Player\wmpnetwk.exe [1186816 2015-10-30] (Microsoft Corporation)
R2 ZAMSvc; D:\Program Files\Zemana AntiMalware\ZAM.exe [14188272 2017-01-23] (Zemana Ltd.)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ampa; C:\WINDOWS\system32\ampa.sys [17008 2015-11-10] () [File not signed]
R3 BthMini; C:\WINDOWS\system32\DRIVERS\BTHMINI.sys [23040 2015-10-30] (Microsoft Corporation)
R3 camera; C:\WINDOWS\system32\DRIVERS\iacamera32.sys [697360 2015-07-09] (Intel® Corporation)
R3 DptfDevDBPT; C:\WINDOWS\system32\DRIVERS\DptfDevPower.sys [55816 2015-06-24] (Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\system32\DRIVERS\DptfDevDisplay.sys [59392 2015-06-24] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\system32\DRIVERS\DptfDevGen.sys [85000 2015-06-24] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [203264 2015-06-24] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [467968 2015-06-24] (Intel Corporation)
R3 gc0310; C:\WINDOWS\System32\drivers\gc0310.sys [102440 2015-09-06] (Intel® Corporation)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [34176 2015-06-10] (Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [27496 2015-06-10] (Intel Corporation)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [57360 2015-06-18] (Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [98560 2015-06-10] (Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [44096 2015-06-27] (Intel Corporation)
R3 IntelBatteryManagement; C:\WINDOWS\System32\drivers\IntelBatteryManagement.sys [47104 2015-07-01] ()
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [277256 2015-06-13] (Intel® Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [35904 2015-06-27] (Intel Corporation)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [33792 2015-06-16] (Intel Corporation)
R1 MpKsleb36ea40; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3B16DCE3-B264-4857-A3C4-1960E8D48BE7}\MpKsleb36ea40.sys [39168 2017-01-31] (Microsoft Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [77424 2015-06-16] (Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [208624 2015-06-12] (Realtek Semiconductor Corp.)
R3 RtkUart; C:\WINDOWS\System32\drivers\RtkUart.sys [557312 2015-07-20] (Realtek Semiconductor Corporation)
R3 RtlWlans; C:\WINDOWS\system32\DRIVERS\rtwlans.sys [3933400 2015-10-08] (Realtek Semiconductor Corporation )
R3 SileadTouch; C:\WINDOWS\System32\drivers\SileadTouch.sys [82944 2014-11-06] ()
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [84520 2015-05-27] (Intel Corporation)
R3 unicam; C:\WINDOWS\System32\drivers\ov2680.sys [91696 2015-10-20] (Intel® Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation)
R3 wmbclass; C:\WINDOWS\System32\drivers\wmbclass.sys [250368 2015-10-30] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [163328 2015-10-30] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2017-01-31] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2017-01-31] (Zemana Ltd.)
========================== Drivers MD5 =======================
C:\WINDOWS\System32\drivers\1394ohci.sys FB8D2D4BFD7A88943DFE6F196309004D
C:\WINDOWS\System32\drivers\3ware.sys 533B10DEEAB26696E6E36EC731B7D529
C:\WINDOWS\System32\drivers\ACPI.sys 49EF4B22FDEAB411EC9E185D6E040B55
C:\WINDOWS\System32\Drivers\acpiex.sys EAC463769226F6B56A1631C860038B62
C:\WINDOWS\System32\drivers\acpipagr.sys 2F8584E995D918D65348B7B04766FD65
C:\WINDOWS\System32\drivers\acpipmi.sys 3850E00C80DE0D5CA81F2D80F54E8D1B
C:\WINDOWS\System32\drivers\acpitime.sys 022D57B8524BAC85C74C40AD8A3CFF31
C:\WINDOWS\System32\drivers\ADP80XX.SYS 90D2195E7357C8A1450223BAEDC6F856
C:\WINDOWS\system32\drivers\afd.sys 0E423A5854E1265F3B6D27332601355F
C:\WINDOWS\System32\drivers\agp440.sys E84A11EFFE15A551A3E67CCB6985108C
C:\WINDOWS\System32\DRIVERS\ahcache.sys 11BC9F8550B2DE51BE6910F56D413740
C:\WINDOWS\System32\drivers\amdagp.sys D6148B25A9C87FADE773FAA077DB57D0
C:\WINDOWS\System32\drivers\amdk8.sys 041F4910E2110ADAF6F2C58404F7DC57
C:\WINDOWS\System32\drivers\amdppm.sys 7F412975418E252CDB79D3BFCDAD1317
C:\WINDOWS\System32\drivers\amdsata.sys FB115921FA9C6ACB3D99A1BB95822983
C:\WINDOWS\System32\drivers\amdsbs.sys 0B0037ADF21A4A199356CCF43D0DBAAF
C:\WINDOWS\System32\drivers\amdxata.sys 22BA036FD3C92A6B44BEFB482D3C75D9
C:\WINDOWS\system32\ampa.sys 5F4C6BAC7C7584250A05E6CBACAE583D
C:\WINDOWS\System32\drivers\appid.sys 7136D377AC4DED9C71E2B6DBC9D6EFBA
C:\WINDOWS\System32\drivers\arcsas.sys 50964D19126E2154EAAC042E1475A420
C:\WINDOWS\System32\drivers\asyncmac.sys 90175BAF06E538A2DE23D511EB108ABE
C:\WINDOWS\System32\drivers\atapi.sys 845E9A40B9B3CAD20B5EE45A2A58EE11
C:\WINDOWS\System32\drivers\BasicDisplay.sys 2586B2D1AD9013859CFB684A2B85BE19
C:\WINDOWS\System32\drivers\BasicRender.sys 2ED165E5B159D7F1102F2645C0C8484C
C:\WINDOWS\System32\drivers\bcmfn.sys 045ED769BF5396D346FA7493F47DF811
C:\WINDOWS\System32\drivers\bcmfn2.sys E4D6B5E5E5CD2606391220B156235692
C:\WINDOWS\system32\Drivers\Beep.sys 4EE5D422C102493A29DE4D41A37A05B3
C:\WINDOWS\System32\DRIVERS\bowser.sys D2CD25ED5627D0E5996E715BAB0FD33E
C:\WINDOWS\system32\drivers\BthA2DP.sys 08810CB3CDCB40536C351650310EEDC0
C:\WINDOWS\System32\drivers\BthAvrcpTg.sys 0CBEDEE41532934F2FBCF3051C74C32B
C:\WINDOWS\system32\DRIVERS\BthEnum.sys DC1CF70763906EAC372FE8961A3D55A0
C:\WINDOWS\System32\drivers\bthhfenum.sys 215A1078B116C35AD62899DEB86EDE4B
C:\WINDOWS\System32\drivers\BthHFHid.sys 48CDC2E2AC676370D60A2BF1D2988E29
C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys D5FAF7C5E7996B90D779F93FD3389D38
C:\WINDOWS\system32\DRIVERS\BTHMINI.sys 7527AF9A043F83649E633D2906950108
C:\WINDOWS\System32\drivers\bthmodem.sys F0767FC04C52F8A153519E3188A8F53C
C:\WINDOWS\System32\drivers\bthpan.sys 3B2C30A592CCB7A881001D788DEEE4AE
C:\WINDOWS\system32\DRIVERS\BTHport.sys E793E8FC145AB944A82F810C77A01E43
C:\WINDOWS\System32\drivers\buttonconverter.sys 5963AB18758E5CDFBAFC43E711768CB0
C:\WINDOWS\system32\DRIVERS\iacamera32.sys 98B89F0187E2F82D5C12D551AD1D0660
C:\WINDOWS\System32\drivers\capimg.sys 53453E09F6A80A5019E93792F3E0BC04
C:\WINDOWS\System32\DRIVERS\cdfs.sys 40FF3DCC427730779DDF301A0F9FC0E1
C:\WINDOWS\System32\drivers\cdrom.sys 568DF0072AD005D29D6E987698C8225A
C:\WINDOWS\System32\drivers\circlass.sys 99BF5121E3CA714FE5E95899BCB5F029
C:\WINDOWS\System32\drivers\CLFS.sys 60DC4AA07EED9ADE1C20306E7516CEFD
C:\WINDOWS\System32\drivers\CmBatt.sys 09785DC4980820BF1C24B2806FA25DB2
C:\WINDOWS\System32\Drivers\cng.sys 7D30C95B11EE389E962DD04C60C2D270
C:\WINDOWS\System32\DRIVERS\cnghwassist.sys F35951B62F65F1EA254D4ACF8EA020CD
C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_x86_dd1d60cd48926252\CompositeBus.sys 973C1A799DEEA49AAEA717420B32E7C9
C:\WINDOWS\System32\drivers\condrv.sys 4E74758815B5E551124F6D7F51423BFA
C:\WINDOWS\System32\drivers\dam.sys FD288AF672CF286EA8717C307F5709CF
C:\WINDOWS\System32\Drivers\dfsc.sys 903EC9934C38FA7357C1DC83339A0D55
C:\WINDOWS\System32\drivers\disk.sys 0C63DDB97D5A7B8732BE3F5855908773
C:\WINDOWS\System32\drivers\dmvsc.sys 6895FB5AF4621853BC7701C185B3F4CC
C:\WINDOWS\system32\DRIVERS\DptfDevPower.sys 95BB1E2626C29F4773190913C407809A
C:\WINDOWS\system32\DRIVERS\DptfDevDisplay.sys F6E4FA4E871C595AAE547AC7031F7C2A
C:\WINDOWS\system32\DRIVERS\DptfDevGen.sys 1665FEF657AAE08CFEA5A8DA8C93CC4A
C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys 3486869169490D31B0FA53355E2AE367
C:\WINDOWS\system32\DRIVERS\DptfManager.sys 902CB4F9084262C6F37506F529053DD8
C:\WINDOWS\system32\DRIVERS\drmkaud.sys F82FE91B43208CAA608839AC5092E755
C:\WINDOWS\System32\drivers\dxgkrnl.sys 50610F7F69646DA84D7AE631ED987579
C:\WINDOWS\System32\drivers\EhStorClass.sys D2EC767AFFA76FAC2DC9D9AE779E3CAC
C:\WINDOWS\System32\drivers\EhStorTcgDrv.sys 901E228F78A9FD9F4166954F7DEC4759
C:\WINDOWS\System32\drivers\errdev.sys 63EE973821C43B935681F581BE8C5E25
C:\WINDOWS\system32\Drivers\exfat.sys D59E0F039B9E2A32CC570F086ACE5D8C
C:\WINDOWS\system32\Drivers\fastfat.sys 0CC52839EE6EF38117A558FD94996E34
C:\WINDOWS\System32\drivers\fdc.sys 1A2342AAD334EB05901C285B0B8CCC3C
C:\WINDOWS\System32\drivers\filecrypt.sys B3C4ACF0613E4E924201C8EBB6A67F93
C:\WINDOWS\System32\drivers\fileinfo.sys 8FE19EC177769B3A8FF13A4F92920DB3
C:\WINDOWS\System32\drivers\filetrace.sys E125E9C492589AF597A4B770057A3A12
C:\WINDOWS\System32\drivers\flpydisk.sys 756C635C598803DF1A6E506247F35BF0
C:\WINDOWS\System32\drivers\fltmgr.sys 2308364B5ED19C2603AE3F21A166C959
C:\WINDOWS\System32\drivers\FsDepends.sys E432D770EF3653E9E6FACFA3483A990A
C:\WINDOWS\system32\Drivers\Fs_Rec.sys D33F6D08ADFF6F80385E3960DB0D83A9
C:\WINDOWS\System32\DRIVERS\fvevol.sys A08C1BAA6B85196EC545574E7052F453
C:\WINDOWS\System32\drivers\gagp30kx.sys 60492E91A999D09669A4AB17091581AD
C:\WINDOWS\System32\drivers\gc0310.sys D59E91BF2B3B2B9D5127D9F601485F78
C:\WINDOWS\System32\drivers\vmgencounter.sys 26202FC5B0A82FD5F0106F976CD7A92D
C:\WINDOWS\System32\drivers\genericusbfn.sys D8F0CFCE925CCE536DE75E6F9811510D
C:\WINDOWS\System32\drivers\iaiogpioe.sys 6240C5BA82C9106839F5AE74993A6A24
C:\WINDOWS\System32\Drivers\msgpioclx.sys 59C3B230FBE68CCFECF38C07ABC16C98
C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys 47D5E97BE0ABB1019C63879D00DA1E98
C:\WINDOWS\System32\drivers\gpuenergydrv.sys C27E32C315891FF4C87ADBC7590F8DA9
C:\WINDOWS\System32\drivers\HDAudBus.sys 1CB5E8AA58EE45207109AD07D50BB7D2
C:\WINDOWS\System32\drivers\HidBatt.sys 833941648D37C327BF38B8A2C5CB955B
C:\WINDOWS\System32\drivers\hidbth.sys 3611C7F77B30C90BDF5C66333EAC9253
C:\WINDOWS\System32\drivers\hidi2c.sys 2217CA086F9A6EA24D98E5EB06CE0F32
C:\WINDOWS\System32\drivers\hidinterrupt.sys ED909E1BBF334A8A98F7F2B1A9FB7796
C:\WINDOWS\System32\drivers\hidir.sys 0B166BC4B839032BC88A94042E6C5355
C:\WINDOWS\System32\drivers\hidusb.sys F04A843EEE1CED85726678C00019CEE5
C:\WINDOWS\System32\drivers\HpSAMD.sys 916D0E02CE190CEAB13859159B0AC4D3
C:\WINDOWS\System32\drivers\HTTP.sys 43DFEEF9B81A711631A54443F8F8304F
C:\WINDOWS\System32\drivers\hwpolicy.sys 77C4AEA23D5DA47FF163203D6558544D
C:\WINDOWS\System32\drivers\hyperkbd.sys C7F351B16A3DAF63F3C9D7710F1C7970
C:\WINDOWS\System32\drivers\i8042prt.sys 14DDBB0CBE11A736C089A4F2813A5EDF
C:\WINDOWS\System32\drivers\iai2c.sys 801117B7AA15AD1C341C3CF371AFF325
C:\WINDOWS\System32\drivers\iaioi2ce.sys 9919907798C5B483B2E898179CA41D1E
C:\WINDOWS\System32\drivers\iaiouart.sys FBA3B9D68E57A91AF424F5FEC63D10EB
C:\WINDOWS\System32\drivers\iaStorAV.sys 8CFFB5797ADA7215993581A5FA51EF16
C:\WINDOWS\System32\drivers\iaStorV.sys 26D396F60FDD0313CD97B4750F4FCC84
C:\WINDOWS\system32\DRIVERS\igdkmd32.sys EB95742F69D548D0300F6611C1624CD8
C:\WINDOWS\system32\drivers\intelaud.sys C70C387CD13AC99331EE0B40877A06F9
C:\WINDOWS\System32\drivers\IntelBatteryManagement.sys 5E0213BEEC1F98F66AC6BB5295D255A6
C:\WINDOWS\System32\drivers\intelide.sys A5DC79385A81C24A14904EFD96339121
C:\WINDOWS\System32\drivers\intelpep.sys 8C2C98E6A17CA85FC2D15E53696D65AB
C:\WINDOWS\System32\drivers\intelppm.sys 0710A97CE4ACBF8307231AB40015B474
C:\WINDOWS\system32\drivers\isstrtc.sys 01C8813F162EC4463624F3E22BA56DFD
C:\WINDOWS\System32\drivers\ioqos.sys C30E3C4A9ABA790D65005AC0D0BE6370
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 7A290DFB2FA6DC0F0A9FFBA746AE3DFB
C:\WINDOWS\System32\drivers\IPMIDrv.sys B7C0ED2BC3CF918B1A1DE3C1234AC40D
C:\WINDOWS\System32\drivers\ipnat.sys F97C1D68DE39952F880F98CFCE0DAF1A
C:\WINDOWS\System32\drivers\irenum.sys F55E0DB077851C173E0005A2BD98C95D
C:\WINDOWS\System32\drivers\isapnp.sys BD75A64FE423170B06D81624CC16284C
C:\WINDOWS\System32\drivers\msiscsi.sys 41E22053211B29FD4514D3D36EC986EF
C:\WINDOWS\System32\drivers\iwdbus.sys 444EFC5CF2C852749FE0B8E7879CAD86
C:\WINDOWS\System32\drivers\kbdclass.sys 93B1D122E8CCB431F82E73749ACA77C2
C:\WINDOWS\System32\drivers\kbdhid.sys A906C71E1BF30A194FAE5EACDEFEEC21
C:\WINDOWS\System32\drivers\kdnic.sys 545E0110E125943EA66541A4D91290A6
C:\WINDOWS\System32\Drivers\ksecdd.sys FD83780B75CF973F81D4222225E6865A
C:\WINDOWS\System32\Drivers\ksecpkg.sys 6A813C491F74C68F518E7968CFE1D771
C:\WINDOWS\System32\drivers\lltdio.sys 373B5D08F6C20C98FB2390BC87AE6CFB
C:\WINDOWS\System32\drivers\lsi_sas.sys 611CCF74A32835BD737B37A46E60E98E
C:\WINDOWS\System32\drivers\lsi_sas2i.sys 09B3B5C44F4E6C3B088622727559FBDC
C:\WINDOWS\System32\drivers\lsi_sas3i.sys 497BA2351A7748EAD8C5F78EAB02DF7B
C:\WINDOWS\System32\drivers\lsi_sss.sys E9395CB4168B9D2F3A8E3CF18F2E21C1
C:\WINDOWS\system32\drivers\luafv.sys 6F3CA54B215222C61CAE35F42048E9C9
C:\WINDOWS\System32\drivers\MBI.sys 12EC1C3412A06E1C41412EBC2323E2E3
C:\WINDOWS\System32\drivers\megasas.sys 9996A2D4AA02E7EC365CB002623BEDD8
C:\WINDOWS\System32\drivers\megasr.sys EC4C9BD08D216E50C39BBEF14EE288EA
C:\WINDOWS\system32\drivers\mmcss.sys BC6A2EEA0C9C315F8506E9E52B6DFBA1
C:\WINDOWS\System32\drivers\modem.sys 8027E8E8C05DDE62E633D2776A58B37F
C:\WINDOWS\System32\drivers\monitor.sys 4991C8029A6C540AE4B3943C36C1E81C
C:\WINDOWS\System32\drivers\mouclass.sys AD4F6603C7B6CBFF0734F42137CB2D28
C:\WINDOWS\System32\drivers\mouhid.sys CBC561116A824A781DB5C53D5758E893
C:\WINDOWS\System32\drivers\mountmgr.sys D3A190AD51B1187F5D408553A59FB587
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3B16DCE3-B264-4857-A3C4-1960E8D48BE7}\MpKsleb36ea40.sys BB7BB66A8DAF16950F83AE7BF498AF8F
C:\WINDOWS\System32\drivers\mpsdrv.sys 4037CA096170510A51982DE2E7DE416C
C:\WINDOWS\system32\drivers\mrxdav.sys AF49C73CF934E5E2CCAC0A304A6AF4FE
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 95848668B7DB1638D83391CE56E2B517
C:\WINDOWS\System32\DRIVERS\mrxsmb10.sys 6E0C3BD2490F4D487D73E50ACFE730A6
C:\WINDOWS\System32\DRIVERS\mrxsmb20.sys 56DBA6170A515AA35B70ED15940BC7AF
C:\WINDOWS\System32\drivers\bridge.sys 612D4893590120C7A6D90CE68FF6B82B
C:\WINDOWS\system32\Drivers\Msfs.sys D7094E04F8F5F84F1C2D0651594EC47C
C:\WINDOWS\System32\drivers\msgpiowin32.sys 2067E7F5063160AC11C1914FA7E8FDDD
C:\WINDOWS\System32\drivers\mshidkmdf.sys 1E0CB295ABF08EB6DC9AA8CF6D33E001
C:\WINDOWS\System32\drivers\mshidumdf.sys C81FED291A9F425184CC72F1AED64F7E
C:\WINDOWS\System32\drivers\msisadrv.sys 5295CE68F72A22D12FC1505B84640C2F
C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys A4C341573EFA765B3A7874C7D3D92D46
C:\WINDOWS\System32\drivers\mslldp.sys ACEB854E7D89E88EA94ED9F7FAB11FE0
C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys A6D1472D89F3FA6A9E2C6EE43F020ED2
C:\WINDOWS\system32\DRIVERS\MSPQM.sys 5BA5EBA2F1452E525267AB0F523EC7E2
C:\WINDOWS\system32\Drivers\MsRPC.sys 5A7335C9C55283F5FCF21053FB5A759B
C:\WINDOWS\System32\drivers\mssmbios.sys EF107B9BDA0C241EB45C970C840A6575
C:\WINDOWS\system32\DRIVERS\MSTEE.sys 07CA316EE395669E5561EF81C0986B9F
C:\WINDOWS\System32\drivers\MTConfig.sys B810626D319D4B5E4BD9BF85FD813A88
C:\WINDOWS\System32\Drivers\mup.sys C09931CF6195E58D726466AB40609DBD
C:\WINDOWS\System32\drivers\mvumis.sys 269D818745A242640355702646A74B99
C:\WINDOWS\System32\DRIVERS\nwifi.sys C9FEEC602942731C463FAC58117F018A
C:\WINDOWS\System32\drivers\ndis.sys 471CF5F6D7C5FDC912F52DF52C8C1E71
C:\WINDOWS\System32\drivers\ndiscap.sys 5E4E278F613D345E11DC961D2399FEA4
C:\WINDOWS\System32\drivers\NdisImPlatform.sys 66EAF91097BC2A8B7EC8DFD4C75E0453
C:\WINDOWS\System32\DRIVERS\ndistapi.sys DD421C7B39693EF60C4793D535B50E41
C:\WINDOWS\System32\drivers\ndisuio.sys A8DDCFF13A50B872D04731AE369A72B7
C:\WINDOWS\System32\drivers\NdisVirtualBus.sys D3285C154415EA9C4B5FBCB7063E436C
C:\WINDOWS\System32\drivers\ndiswan.sys 0174FE40EA6219317FA6B5F846B7C29A
C:\WINDOWS\System32\DRIVERS\ndiswan.sys 0174FE40EA6219317FA6B5F846B7C29A
C:\WINDOWS\System32\DRIVERS\NDProxy.sys 9CCEA21891D79F180F00E07806CF93AB
C:\WINDOWS\System32\drivers\Ndu.sys B2BE5E04514EBFE842AD07A5B80327CD
C:\WINDOWS\System32\drivers\netbios.sys 15F48CB9C97B69EB901A3E0EBB496167
C:\WINDOWS\System32\DRIVERS\netbt.sys 1CA44BC32773FCB9FE4ADAA077AB642E
C:\WINDOWS\system32\Drivers\Npfs.sys AE369CFADC557F15AAA45A96FC6F5DF6
C:\WINDOWS\System32\drivers\npsvctrig.sys 06368C63820FBCF1DD9E87757A6C92DD
C:\WINDOWS\System32\drivers\nsiproxy.sys 88D14F6047B6E276C55FA3F85F770D2A
C:\WINDOWS\system32\Drivers\NTFS.sys 67CC605D5DDF5D9DC8BF5FBED1FF89B7
C:\WINDOWS\system32\Drivers\Null.sys DFD914F2033F8A69D3DA357DEF474C31
C:\WINDOWS\System32\drivers\nvraid.sys F3A3A757559C735001AC71A191577E8B
C:\WINDOWS\System32\drivers\nvstor.sys 4EACAB016B1239921387500173BFAE41
C:\WINDOWS\System32\drivers\nv_agp.sys AB6FBB9E2ADEF7664479205C5A8B4549
C:\WINDOWS\System32\drivers\parport.sys B69B323395ABC1303EB9F69E9B8460F8
C:\WINDOWS\System32\drivers\partmgr.sys EE23562B266542D49DF7A8648A2794B1
C:\WINDOWS\System32\drivers\parvdm.sys B5F6CE391E5510F45F74061A9B5A5B06
C:\WINDOWS\System32\drivers\pci.sys E77F502CCE1105AD4F46B46EB60C561B
C:\WINDOWS\System32\drivers\pciide.sys ECEC3D77767962C04D7F97B91455DDA0
C:\WINDOWS\System32\drivers\pcmcia.sys BC67657EE279C7AA2335CC678770367C
C:\WINDOWS\System32\drivers\pcw.sys 92E594462D997A2A9E3AAB6B21D9C580
C:\WINDOWS\System32\drivers\pdc.sys C887431C908C12BFA1746801E684A58D
C:\WINDOWS\System32\drivers\peauth.sys E31B9C22C1B7F245ADA4CF9DB12FBCB7
C:\WINDOWS\System32\drivers\percsas2i.sys 8763C09E1C0DC49D6C96E12364387B89
C:\WINDOWS\System32\drivers\percsas3i.sys 70BE20D700E853153AAEF254B56B8EB3
C:\WINDOWS\System32\drivers\PMIC.sys 547BDB3EC12C2F437F1F6A887AAA8995
C:\WINDOWS\System32\drivers\raspptp.sys 32F7EA4FED6D588CB95F3939EF93C47F
C:\WINDOWS\System32\drivers\processr.sys 6D595CD068691AFC59E7ED3B760CE12E
C:\WINDOWS\System32\drivers\pacer.sys ED52651C95D36C639A88DC639AD46A8B
C:\WINDOWS\system32\drivers\qwavedrv.sys 07B60F91EDFA2519AF0701F1CD6EFE16
C:\WINDOWS\System32\DRIVERS\rasacd.sys 5C4EEC621C8ECFAA03EEEF93DE03C595
C:\WINDOWS\System32\drivers\AgileVpn.sys FB5AC6F46F4F7F877358442866A16D29
C:\WINDOWS\System32\drivers\rasl2tp.sys BE374F3DBF29B4094C25679081B22D79
C:\WINDOWS\System32\DRIVERS\raspppoe.sys F20245B35228B55324DAEED158CCBA75
C:\WINDOWS\System32\drivers\rassstp.sys 1C0DE9EFAD982DF7FA4216AC100AE48E
C:\WINDOWS\System32\DRIVERS\rdbss.sys EBA52E812B8888593ACDAA931238A171
C:\WINDOWS\System32\drivers\rdpbus.sys 81DCA0CDB005CA556A32AFB69C61BBA4
C:\WINDOWS\System32\drivers\rdpdr.sys 288DA2E52BFE6A90937FF9A994FA56ED
C:\WINDOWS\System32\drivers\rdpvideominiport.sys 1120A66FB9E6C41F2C5F817A27C3EA7C
C:\WINDOWS\System32\drivers\rdyboost.sys 9E0CECE19D5435C92B4928CA5F4A7DBA
C:\WINDOWS\System32\drivers\rfcomm.sys 81DCAE87941E27B748B55831BE394BF9
C:\WINDOWS\System32\drivers\rspndr.sys DC83F205844B3FB7E5E141E49EC999D9
C:\WINDOWS\system32\DRIVERS\rtii2sac.sys 2E040AFB3527459DCD112389A27DE032
C:\WINDOWS\System32\drivers\RtkUart.sys 01FF48F7A9C766AFFA43E2ED2F83413F
C:\WINDOWS\system32\DRIVERS\rtwlans.sys 0272C7A571837FC89035969124ED0C1D
C:\WINDOWS\System32\drivers\vms3cap.sys 46A5689B7ED4A894EB2CBD7D42B32B4E
C:\WINDOWS\System32\drivers\sbp2port.sys 3474F4025781EEA401D709BE23CFC556
C:\WINDOWS\System32\DRIVERS\scfilter.sys 0DE6E9DFFD1D252B351F48408593C325
C:\WINDOWS\System32\drivers\sdbus.sys 5FF63904B79ACCB6DC758200BF83753C
C:\WINDOWS\System32\drivers\sdstor.sys 57A7585BB9952E90C4A791833EB31B99
C:\WINDOWS\System32\drivers\SerCx.sys 717BE0184E6C4CA20C5733F4CE332383
C:\WINDOWS\System32\drivers\SerCx2.sys 4C6C157F1EFA6C167357D8E3C44AAADE
C:\WINDOWS\System32\drivers\serenum.sys 425BB23B81184F186ED90D0C3DD4E3DE
C:\WINDOWS\System32\drivers\serial.sys 664B9000F9B2953A25CD4060D24D3052
C:\WINDOWS\System32\drivers\sermouse.sys 0BD8E3C2BCB05F0DE6FDC3BFEE708607
C:\WINDOWS\System32\drivers\sfloppy.sys 7EF99E869A3DD3B027D79D6F4156593E
C:\WINDOWS\System32\drivers\SileadTouch.sys D8E27BA40D09C25B6EFDAFA6E145F86D
C:\WINDOWS\System32\drivers\sisagp.sys 5DDA57A3E19147B47B99F08314AAE954
C:\WINDOWS\System32\drivers\SiSRaid2.sys CB00A2CA0B4B236D59837B9C43104E6B
C:\WINDOWS\System32\drivers\sisraid4.sys 18706B3C33D8A5AE575BD7922846497E
C:\WINDOWS\System32\drivers\spaceport.sys 9D3FB1E0BFBB8A3F888E55505695741A
C:\WINDOWS\System32\drivers\SpbCx.sys FA225A488BD443F8707103D1569260EE
C:\WINDOWS\System32\DRIVERS\srv.sys 171F2EC32EE6812DC8BFA83C73EC54E5
C:\WINDOWS\System32\DRIVERS\srv2.sys CB8EA447496A34170421D2DADBD35085
C:\WINDOWS\System32\DRIVERS\srvnet.sys CB9C58EE0B356BB166DFD19DDC4E7CAA
C:\WINDOWS\System32\drivers\stexstor.sys D4379D5350797ED7E8DB376BA2607242
C:\WINDOWS\System32\drivers\storahci.sys 39773B37FE454AF48616DBF2E31BFC06
C:\WINDOWS\System32\drivers\vmstorfl.sys 691B26EA5058B6A2F49F5A36B0152971
C:\WINDOWS\System32\drivers\stornvme.sys E34791E4376136F4BDD5332CBE99F3B6
C:\WINDOWS\System32\drivers\storqosflt.sys 1CE8E8A4855665DF9308A561A4D559F3
C:\WINDOWS\System32\drivers\storufs.sys 2A3381FA0C3C0D52B8404F41CFCDA01D
C:\WINDOWS\System32\drivers\storvsc.sys 260D5CA9F7962ADE3AA3751DE212A14F
C:\WINDOWS\System32\drivers\swenum.sys 4A3D2E2A4FDFA29F11034D1BB1996E77
C:\WINDOWS\System32\drivers\Synth3dVsc.sys 7859019D71C137D34FDC9A17608BE39A
C:\WINDOWS\System32\drivers\tcpip.sys EFA268B72C4BB766848B96F43BA1F5AC
C:\WINDOWS\System32\drivers\tcpip.sys EFA268B72C4BB766848B96F43BA1F5AC
C:\WINDOWS\System32\drivers\tcpipreg.sys 1F24546CD99E1860F567212ED3A9F29E
C:\WINDOWS\system32\DRIVERS\tdx.sys 1683BCB69B9950CD8C97865F3EC6781E
C:\WINDOWS\System32\drivers\terminpt.sys 8568FFB7D3932E6AA8A1465A00D4401E
C:\WINDOWS\System32\drivers\tpm.sys 87DD174258F870B575F085CEAFA5ED1F
C:\WINDOWS\System32\drivers\tsusbflt.sys 444DAD7C9DE8259CD33AA02E2DDF9F62
C:\WINDOWS\System32\drivers\TsUsbGD.sys 7A6A6B080CA2DC40EEF2C68F1D914B8B
C:\WINDOWS\System32\drivers\tunnel.sys E89451DADDC4AE9D85F4B1FE972BE74B
C:\WINDOWS\System32\drivers\TXEI.sys 9113D8A3018E274BFC77C7859B315409
C:\WINDOWS\System32\drivers\uagp35.sys 8B7CDE06707C9AF0C4934E4CC508695D
C:\WINDOWS\System32\drivers\uaspstor.sys A8A7BDB2CB62FD7CE711CA16FB3451DF
C:\WINDOWS\System32\Drivers\UcmCx.sys C9AF8F7C50611D1CBEC31945174FC3AA
C:\WINDOWS\System32\drivers\UcmUcsi.sys 93164F4C774847A6777ACE96C418E895
C:\WINDOWS\System32\drivers\ucx01000.sys 3DFFB0793F36A31165DAA464B09749BD
C:\WINDOWS\System32\drivers\udecx.sys F5944D42BB3E7C49762851A37475D24C
C:\WINDOWS\System32\DRIVERS\udfs.sys DFAB94D2AA5BF219A603A94413F69D80
C:\WINDOWS\System32\drivers\UEFI.sys B661E6B5B37135F597569CC2D379466B
C:\WINDOWS\System32\drivers\ufx01000.sys 5BA4BFCAA3B2C6F6F12C350022027EE3
C:\WINDOWS\System32\drivers\UfxChipidea.sys 75019BD006BEA3E4CB8619E58A834ED8
C:\WINDOWS\System32\drivers\ufxsynopsys.sys 37B7C7BAF2425810BFBF18E8260687D6
C:\WINDOWS\System32\drivers\uliagpkx.sys 1F40A2F255499DB5A5949CD3F3BF4381
C:\WINDOWS\System32\drivers\umbus.sys DBBCCAAA495D5FD25D75AC3535F89BD0
C:\WINDOWS\System32\drivers\umpass.sys 2C9342DB0106ECF032449E650E9616BD
C:\WINDOWS\System32\drivers\ov2680.sys 58C37B927DC2AE11BE63106574CA5367
C:\WINDOWS\System32\drivers\urschipidea.sys BD0C12906FA5E5F87C6D0E253DB9F701
C:\WINDOWS\System32\drivers\urscx01000.sys CE109DD08D8F60EE1E126D5417F2CD58
C:\WINDOWS\System32\drivers\urssynopsys.sys 443FC85BE4D5F257F46062FE58BB4E9D
C:\WINDOWS\System32\drivers\usbccgp.sys 0275FD8F5A518103E8DBF1EBE22DC0EF
C:\WINDOWS\System32\drivers\usbcir.sys 82FB879A28D64AC7177A6B8E06F27DD9
C:\WINDOWS\System32\drivers\usbehci.sys 82DDF3B4A7B321E3E27620CF68EE7C4F
C:\WINDOWS\System32\drivers\usbhub.sys 4BCA36149697A5BCBD27D462BDE88BFC
C:\WINDOWS\System32\drivers\UsbHub3.sys E9B99D64E52B2439EEE238CC2E00559F
C:\WINDOWS\System32\drivers\usbohci.sys 14683F2DD9ADD8CE06F2108F063455A6
C:\WINDOWS\System32\drivers\usbprint.sys 05E3B01618985139A82EA0EC8719F977
C:\WINDOWS\System32\drivers\usbser.sys 797B66269E15E0869302CE666D2A610A
C:\WINDOWS\System32\drivers\USBSTOR.SYS F12EF72F066105527F5404A92EA179D2
C:\WINDOWS\System32\drivers\usbuhci.sys C05F56A51DFB51CCA57AB586CF5463B8
C:\WINDOWS\System32\drivers\USBXHCI.SYS F2F4FED52A4BB8390E5CB56950A2CB35
C:\WINDOWS\System32\drivers\usb8023x.sys 31086B876E31BA67984CF87D5E89C63E
C:\WINDOWS\System32\drivers\vdrvroot.sys 50BB29EEAD014FE8D36E8B823C458A29
C:\WINDOWS\System32\drivers\VerifierExt.sys 5E4D0F621C33316695E90F192DDD1104
C:\WINDOWS\System32\drivers\vhdmp.sys 206348CFAA86E7D9AB34CA928E15F1C7
C:\WINDOWS\System32\drivers\vhf.sys 95DB34CBAAB29B81B47C317501EB7AAD
C:\WINDOWS\System32\drivers\viaagp.sys 878A9F6B1ECDBA9A8F1D56B0DDCDF456
C:\WINDOWS\System32\drivers\viac7.sys 963E0592575BCCEAF1310BE36B3872B5
C:\WINDOWS\System32\drivers\vmbus.sys 990AD55A607CB947A15892C434212280
C:\WINDOWS\System32\drivers\VMBusHID.sys E3B6FCFB7896FC86702E76A03EE87F8F
C:\WINDOWS\System32\drivers\volmgr.sys 69CC70090A6E765F539CC97765E55527
C:\WINDOWS\System32\drivers\volmgrx.sys D65C55174A16701AF39200A353AD2387
C:\WINDOWS\System32\drivers\volsnap.sys 2E5522E831E616B37F06908B7B56C3B3
C:\WINDOWS\System32\drivers\vsmraid.sys 72AECD924E0FC8E0241C1DEEA628F33A
C:\WINDOWS\System32\drivers\vstxraid.sys 1F1AD54C55038FE642AAB73C94BC48EF
C:\WINDOWS\System32\drivers\vwifibus.sys 50F54817390D24C40FAEDA63358D4926
C:\WINDOWS\System32\drivers\vwififlt.sys 86040D1A0206B7776DC4984438288AF2
C:\WINDOWS\System32\drivers\vwifimp.sys 7D98515B68189D9CB7A8DA7145F6BDEC
C:\WINDOWS\System32\drivers\wacompen.sys 4C10F9CAC332906B82B31313AA6C85B0
C:\WINDOWS\System32\DRIVERS\wanarp.sys A6DC318DD7135250BCB7583E10F82E28
C:\WINDOWS\System32\DRIVERS\wanarp.sys A6DC318DD7135250BCB7583E10F82E28
C:\WINDOWS\System32\drivers\WdBoot.sys 9437CE842271C16F6CBF77BCF0EC189F
C:\WINDOWS\System32\drivers\Wdf01000.sys 4DC928F02FA315F4B08A151F8F8A7CF8
C:\WINDOWS\System32\drivers\WdFilter.sys 0CC824E96F998502830AC9AA6F5040BF
C:\WINDOWS\System32\DRIVERS\wdiwifi.sys 80E34787D7AB9C4B24388BAA76D9A2D1
C:\WINDOWS\System32\Drivers\WdNisDrv.sys 9D2129AA0B3E8CAB551E80E729B5A059
C:\WINDOWS\System32\drivers\wfplwfs.sys 4908DA33D0EBE5868706F0205B241C3B
C:\WINDOWS\System32\drivers\wimmount.sys 9E649CA7603DFE8ABB69568524A616BF
C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys D12B86DACE4F869F17DBFF9D7D6FB10F
C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys E0AC5561C8DD901E34F0B58A509E6049
C:\WINDOWS\System32\drivers\WinUSB.SYS 131719A42F88CD20E6341C65A918AD3B
C:\WINDOWS\System32\drivers\wmbclass.sys E87F8F0C4EF1117E992B148BCD57FAAD
C:\WINDOWS\System32\drivers\wmiacpi.sys 013D1BA8ECA6EC3F07E261EA27F12C33
C:\WINDOWS\system32\Drivers\Wof.sys FD5BC5B3215BABB14F58846659B8F3E9
C:\WINDOWS\System32\DRIVERS\wpcfltr.sys 89A5B1F5BC56D9B2D4EFD930806D74EA
C:\WINDOWS\System32\drivers\WpdUpFltr.sys E2CAC0E886E5DE934794E1BF9E241397
C:\WINDOWS\system32\drivers\ws2ifsl.sys 9EA6A73D56202174FA6BB091770ADB6C
C:\WINDOWS\System32\drivers\WudfPf.sys CD8E310F1D88BD14F6D52664BBDD2367
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys EB34555DC8E1A35054499D43C727B99F
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys EB34555DC8E1A35054499D43C727B99F
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys EB34555DC8E1A35054499D43C727B99F
C:\WINDOWS\System32\drivers\xboxgip.sys 25787766F0482077E263CE619EB67594
C:\WINDOWS\System32\drivers\xinputhid.sys B534D7D556C86616DE06E3B6BDFD7675
C:\WINDOWS\System32\drivers\zam32.sys 06897B431C07886454E0681723DD53E6
C:\WINDOWS\System32\drivers\zamguard32.sys 06897B431C07886454E0681723DD53E6
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-31 14:03 - 2017-01-31 14:04 - 00037863 _____ C:\Users\axioo\Desktop\FRST.txt
2017-01-31 13:58 - 2017-01-31 13:58 - 08892800 _____ C:\Users\axioo\Downloads\Unconfirmed 889857.crdownload
2017-01-31 13:49 - 2017-01-31 14:03 - 00000000 ____D C:\FRST
2017-01-31 13:41 - 2017-01-31 13:49 - 01762816 _____ (Farbar) C:\Users\axioo\Desktop\FRST.exe
2017-01-31 13:41 - 2017-01-31 13:41 - 00388608 _____ (Trend Micro Inc.) C:\Users\axioo\Downloads\HiJackThis.exe
2017-01-31 11:59 - 2017-01-31 11:59 - 00001841 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-01-31 11:59 - 2017-01-31 11:59 - 00000000 ____D D:\Program Files\HitmanPro
2017-01-31 11:59 - 2017-01-31 11:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-01-31 11:32 - 2017-01-31 12:11 - 00000000 ____D C:\ProgramData\HitmanPro
2017-01-31 11:29 - 2017-01-31 11:32 - 09096848 _____ (SurfRight B.V.) C:\Users\axioo\Downloads\HitmanPro.exe
2017-01-31 11:23 - 2017-01-31 11:24 - 04015056 _____ C:\Users\axioo\Downloads\adwcleaner_6.043.exe
2017-01-31 11:22 - 2017-01-31 11:37 - 00000000 ____D C:\AdwCleaner
2017-01-31 10:56 - 2017-01-31 14:03 - 00246420 _____ C:\WINDOWS\ZAM.krnl.trace
2017-01-31 10:56 - 2017-01-31 14:03 - 00037842 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-01-31 10:56 - 2017-01-31 10:56 - 00181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard32.sys
2017-01-31 10:56 - 2017-01-31 10:56 - 00181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam32.sys
2017-01-31 10:56 - 2017-01-31 10:56 - 00001830 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-01-31 10:56 - 2017-01-31 10:56 - 00000000 ____D D:\Program Files\Zemana AntiMalware
2017-01-31 10:56 - 2017-01-31 10:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-01-31 10:55 - 2017-01-31 10:55 - 00000000 ____D C:\Users\axioo\AppData\Local\Zemana
2017-01-31 10:53 - 2017-01-31 10:54 - 05510592 _____ ( ) C:\Users\axioo\Downloads\Zemana.AntiMalware.Setup.exe
2017-01-31 10:47 - 2017-01-31 10:48 - 00003388 _____ C:\Users\axioo\Desktop\Rkill.txt
2017-01-31 10:47 - 2017-01-31 10:47 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\axioo\Downloads\rkill.exe
2017-01-31 09:39 - 2017-01-31 10:01 - 00345690 _____ C:\WINDOWS\ntbtlog.txt
2017-01-31 09:39 - 2017-01-31 09:39 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-01-31 09:34 - 2017-01-31 09:34 - 00000000 ____D C:\Users\axioo\AppData\Local\ElevatedDiagnostics
2017-01-31 09:23 - 2017-01-31 09:23 - 00018592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2017-01-31 09:22 - 2017-01-31 09:22 - 00029376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2017-01-31 09:12 - 2017-01-31 09:13 - 01429344 _____ (Microsoft Corporation) C:\Users\axioo\Downloads\NDP462-KB3151802-Web.exe
2017-01-31 08:42 - 2017-01-31 08:42 - 00002131 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-31 08:42 - 2017-01-31 08:42 - 00002131 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-31 08:38 - 2017-01-31 13:43 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-01-31 08:38 - 2017-01-31 12:17 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-01-31 08:38 - 2017-01-31 09:21 - 00000000 ____D C:\Users\axioo\AppData\Local\Google
2017-01-31 08:38 - 2017-01-31 08:40 - 00000000 ____D D:\Program Files\Google
2017-01-31 08:37 - 2017-01-31 08:37 - 01065376 _____ (Google Inc.) C:\Users\axioo\Downloads\ChromeSetup.exe
2017-01-31 08:28 - 2017-01-31 08:28 - 00000000 ____D D:\Program Files\Intel
2017-01-31 08:28 - 2017-01-31 08:28 - 00000000 ____D D:\Program Files\DIFX
2017-01-31 08:27 - 2017-01-31 08:27 - 00000000 ____D D:\Program Files\Windows Portable Devices
2017-01-31 08:27 - 2017-01-31 08:27 - 00000000 ____D D:\Program Files\Windows Photo Viewer
2017-01-31 08:27 - 2017-01-31 08:27 - 00000000 ____D D:\Program Files\Windows NT
2017-01-31 08:27 - 2017-01-31 08:27 - 00000000 ____D D:\Program Files\Windows Multimedia Platform
2017-01-31 08:27 - 2017-01-31 08:27 - 00000000 ____D D:\Program Files\Windows Journal
2017-01-31 08:27 - 2017-01-31 08:27 - 00000000 ____D D:\Program Files\Windows Defender
2017-01-31 08:27 - 2017-01-31 08:27 - 00000000 ____D D:\Program Files\REALTEK SD Wireless LAN Driver
2017-01-31 08:27 - 2017-01-31 08:27 - 00000000 ____D D:\Program Files\Bonjour
2017-01-31 08:26 - 2017-01-31 08:26 - 00000000 ____D D:\Program Files\REALTEK
2017-01-30 12:39 - 2017-01-31 07:42 - 00000000 ____D C:\WINDOWS\AutoKMS
2017-01-30 12:18 - 2017-01-31 12:14 - 00000000 ____D D:\Program Files\EqualizerAPO
2017-01-30 12:17 - 2017-01-30 12:17 - 06888519 _____ C:\Users\axioo\Downloads\EqualizerAPO32-1.1.2.exe
2017-01-30 10:49 - 2017-01-30 10:49 - 00000000 ____D C:\Users\axioo\AppData\LocalLow\Temp
2017-01-30 09:55 - 2017-01-30 09:55 - 00000801 _____ C:\Users\Public\Desktop\LifePreInt.lnk
2017-01-30 09:55 - 2017-01-30 09:55 - 00000801 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LifePreInt.lnk
2017-01-30 09:55 - 2017-01-30 09:55 - 00000000 ____D C:\Users\axioo\AppData\Roaming\com.adobe.example.LifePreInt.EE56868B10F1E873F72054D45113DA2EF16FE085.1
2017-01-30 09:53 - 2017-01-30 09:55 - 00000000 ____D D:\Program Files\LifePreInt
2017-01-30 09:42 - 2017-01-30 09:42 - 00000789 _____ C:\Users\Public\Desktop\LifeElem.lnk
2017-01-30 09:42 - 2017-01-30 09:42 - 00000789 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LifeElem.lnk
2017-01-30 09:42 - 2017-01-30 09:42 - 00000000 ____D C:\Users\axioo\AppData\Roaming\com.adobe.example.LifeElem.EE56868B10F1E873F72054D45113DA2EF16FE085.1
2017-01-30 09:40 - 2017-01-30 09:42 - 00000000 ____D D:\Program Files\LifeElem
2017-01-30 09:25 - 2017-01-30 09:25 - 00000000 ____D C:\ProgramData\Adobe
2017-01-30 09:24 - 2017-01-30 09:24 - 00000779 _____ C:\Users\Public\Desktop\LifeBeg.lnk
2017-01-30 09:24 - 2017-01-30 09:24 - 00000779 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LifeBeg.lnk
2017-01-30 09:24 - 2017-01-30 09:24 - 00000000 ____D C:\Users\axioo\AppData\Roaming\com.adobe.example.LifeBeg.EE56868B10F1E873F72054D45113DA2EF16FE085.1
2017-01-30 09:22 - 2017-01-30 09:24 - 00000000 ____D D:\Program Files\LifeBeg
2017-01-30 09:22 - 2017-01-30 09:22 - 00000000 ____D D:\Program Files\Adobe
2017-01-30 09:22 - 2017-01-30 09:22 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2017-01-30 09:22 - 2017-01-30 09:22 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2017-01-30 09:22 - 2017-01-30 09:22 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2017-01-30 09:04 - 2017-01-30 09:04 - 00000000 ____D C:\Users\axioo\AppData\Local\Adobe
2017-01-30 09:00 - 2017-01-30 09:00 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-01-30 00:19 - 2017-01-30 00:19 - 00000000 ____D C:\Users\axioo\Documents\Custom Office Templates
2017-01-30 00:15 - 2017-01-30 00:15 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2017-01-30 00:11 - 2017-01-30 00:11 - 00000000 ____D C:\Users\axioo\AppData\Roaming\WinRAR
2017-01-30 00:09 - 2017-01-30 00:13 - 00000000 ____D D:\Program Files\WinRAR
2017-01-30 00:09 - 2017-01-30 00:09 - 00000000 ____D C:\Users\axioo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-30 00:09 - 2017-01-30 00:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-30 00:01 - 2017-01-30 00:01 - 00000000 ____D D:\Program Files\Mozilla Firefox
2017-01-29 23:58 - 2017-01-29 23:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-01-29 23:57 - 2017-01-29 23:57 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-01-29 23:54 - 2017-01-29 23:56 - 00000000 ____D D:\Program Files\Microsoft SQL Server
2017-01-29 23:54 - 2017-01-29 23:54 - 00000000 ____D C:\WINDOWS\PCHEALTH
2017-01-29 23:53 - 2017-01-29 23:53 - 00000000 ____D D:\Program Files\AOMEI Partition Assistant Unlimited Edition 6.0
2017-01-29 23:51 - 2017-01-29 23:51 - 00000000 ___RD C:\Users\axioo\3D Objects
2017-01-29 23:49 - 2017-01-29 23:54 - 00000000 ____D D:\Program Files\Microsoft Office
2017-01-29 23:49 - 2017-01-29 23:49 - 00000000 ____D D:\Program Files\Microsoft Analysis Services
2017-01-29 23:41 - 2017-01-29 23:41 - 00000933 _____ C:\Users\axioo\Desktop\WinDirStat.lnk
2017-01-29 23:41 - 2017-01-29 23:41 - 00000000 ____D D:\Program Files\WinDirStat
2017-01-29 23:41 - 2017-01-29 23:41 - 00000000 ____D C:\Users\axioo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2017-01-29 23:22 - 2017-01-29 23:22 - 00000652 _____ C:\Users\axioo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EverQuest.lnk
2017-01-29 23:12 - 2017-01-29 23:12 - 00000000 ____D C:\Users\axioo\AppData\Roaming\Acronis
2017-01-29 23:12 - 2017-01-29 23:12 - 00000000 ____D C:\ProgramData\Apple
2017-01-29 22:59 - 2017-01-29 22:59 - 00000000 ____D C:\Users\Public\Daybreak Game Company
2017-01-29 22:55 - 2017-01-29 22:55 - 00000000 ____D C:\Users\axioo\AppData\Roaming\VOS
2017-01-29 21:24 - 2017-01-30 00:18 - 00000000 ____D C:\Users\axioo\AppData\Local\Microsoft Help
2017-01-27 11:20 - 2017-01-27 11:20 - 00000000 ____D C:\Users\axioo\AppData\Roaming\Macromedia
2017-01-27 11:17 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2017-01-27 11:17 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2017-01-27 11:17 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2017-01-27 11:17 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2017-01-27 11:17 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2017-01-27 11:17 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2017-01-27 11:17 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2017-01-27 11:17 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2017-01-27 11:17 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2017-01-27 00:27 - 2017-01-27 00:28 - 00000000 ____D C:\Users\axioo\AppData\LocalLow\Daybreak Game Company
2017-01-27 00:27 - 2017-01-27 00:27 - 00000000 ____D C:\Users\axioo\AppData\Local\SCE
2017-01-27 00:27 - 2017-01-27 00:27 - 00000000 ____D C:\Users\axioo\AppData\Local\Daybreak Game Company
2017-01-26 23:49 - 2017-01-26 23:49 - 00005671 _____ C:\WINDOWS\ddclog.txt
2017-01-26 23:47 - 2017-01-27 00:22 - 00000000 ____D C:\WINDOWS\amlog
2017-01-26 23:46 - 2017-01-27 00:22 - 00000462 _____ C:\WINDOWS\ampa.ini
2017-01-26 23:25 - 2017-01-27 00:18 - 00001024 ____H C:\AMTAG.BIN
2017-01-26 23:19 - 2017-01-26 23:20 - 00000000 ____D C:\Users\axioo\AppData\Local\MicrosoftEdge
2017-01-26 23:18 - 2017-01-26 23:18 - 00001330 _____ C:\Users\Public\Desktop\AOMEI Partition Assistant Unlimited Edition 6.0.lnk
2017-01-26 23:18 - 2017-01-26 23:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Partition Assistant Unlimited Edition 6.0
2017-01-26 23:18 - 2015-12-11 09:57 - 01664624 _____ C:\WINDOWS\ampa.exe
2017-01-26 23:18 - 2015-11-10 09:36 - 00017008 _____ C:\WINDOWS\system32\ampa.sys
2017-01-26 16:40 - 2017-01-26 16:42 - 00000000 ____D C:\Users\axioo\Desktop\AOMEI Partition Assistant v6.0 FINAL + Serials [TechTools.NET]
2017-01-19 01:15 - 2015-07-10 10:34 - 00001324 _____ C:\WINDOWS\system32\WinToAnd.lnk
2017-01-19 01:15 - 2014-12-26 16:42 - 00336224 _____ (TODO: <Company name>) C:\WINDOWS\system32\WinToAnd.exe
2017-01-18 11:48 - 2017-01-18 11:48 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2017-01-18 10:35 - 2017-01-18 10:35 - 00000000 ____D C:\Users\axioo\AppData\Local\NetworkTiles
2017-01-18 10:35 - 2017-01-18 10:35 - 00000000 ____D C:\Users\axioo\AppData\Local\Comms
2017-01-18 10:32 - 2017-01-18 10:32 - 00000000 ____D C:\Users\axioo\AppData\Roaming\Skype
2017-01-18 10:28 - 2017-01-27 00:25 - 00000000 ___RD C:\Users\axioo\OneDrive
2017-01-18 10:27 - 2017-01-18 10:27 - 00000000 ____D C:\Users\axioo\AppData\Local\ActiveSync
2017-01-18 10:26 - 2017-01-31 13:42 - 00000000 ____D C:\Users\axioo\AppData\Local\VirtualStore
2017-01-18 10:26 - 2017-01-31 12:17 - 00000000 __SHD C:\Users\axioo\IntelGraphicsProfiles
2017-01-18 10:26 - 2017-01-30 12:19 - 00000000 ____D C:\Users\axioo
2017-01-18 10:26 - 2017-01-30 09:24 - 00000000 ____D C:\Users\axioo\AppData\Roaming\Adobe
2017-01-18 10:26 - 2017-01-29 23:46 - 00000000 ____D C:\Users\axioo\AppData\Local\Packages
2017-01-18 10:26 - 2017-01-18 10:26 - 00000020 ___SH C:\Users\axioo\ntuser.ini
2017-01-18 10:26 - 2017-01-18 10:26 - 00000000 ____D C:\Users\axioo\AppData\Local\TileDataLayer
2017-01-18 10:26 - 2017-01-18 10:26 - 00000000 ____D C:\Users\axioo\AppData\Local\Publishers
2017-01-18 10:25 - 2017-01-18 10:25 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-31 12:22 - 2016-01-20 06:55 - 00835836 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-31 12:22 - 2015-10-30 12:47 - 00000000 ____D C:\WINDOWS\INF
2017-01-31 12:17 - 2016-01-20 06:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-31 12:16 - 2015-10-30 12:13 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-01-31 09:34 - 2015-10-30 12:48 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-31 09:24 - 2015-10-30 12:39 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-30 10:40 - 2016-01-20 06:43 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-30 10:17 - 2015-10-30 12:48 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-30 07:59 - 2016-01-20 06:43 - 00265544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-29 23:57 - 2015-10-30 12:48 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-01-29 23:55 - 2015-10-30 12:48 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-29 23:50 - 2015-10-30 13:47 - 00000000 ____D C:\WINDOWS\ShellNew
2017-01-29 23:46 - 2015-10-30 12:48 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-27 00:20 - 2016-01-20 06:43 - 00067584 ____S C:\WINDOWS\bootstat2.dat
2017-01-26 14:56 - 2015-10-30 12:48 - 00000000 ____D C:\WINDOWS\AppCompat
2017-01-26 12:46 - 2015-10-30 12:48 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-01-19 01:15 - 2015-10-30 12:48 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-01-19 01:15 - 2014-11-27 17:06 - 00000000 ____D C:\SMT
2017-01-19 01:15 - 2014-11-27 17:06 - 00000000 ____D C:\Customer
2017-01-18 10:26 - 2016-01-20 06:48 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-18 10:25 - 2015-10-30 12:48 - 00000000 ____D C:\WINDOWS\rescache
2017-01-18 10:23 - 2016-01-20 14:42 - 00000000 ____D C:\WINDOWS\Panther
2017-01-18 10:23 - 2015-10-30 12:13 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-01-18 10:17 - 2016-01-20 06:58 - 00000000 ____D C:\Program Files\Common Files\Intel
Some files in TEMP:
====================
2017-01-31 11:32 - 2017-01-31 11:37 - 0507904 _____ () C:\Users\axioo\AppData\Local\Temp\HitmanPro.exe
2017-01-30 12:38 - 2017-01-30 12:38 - 0921440 _____ (Microsoft Corporation) C:\Users\axioo\AppData\Local\Temp\PidGenX.dll
2017-01-31 07:45 - 2017-01-31 07:45 - 0609840 _____ (Flexera Software LLC ) C:\Users\axioo\AppData\Local\Temp\wVx4rt.exe
2016-08-24 15:34 - 2016-08-24 15:34 - 516440432 _____ () C:\Users\axioo\AppData\Local\Temp\_setup.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-20 06:43
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-01-2017
Ran by axioo (31-01-2017 14:04:44)
Running from C:\Users\axioo\Desktop
Microsoft Windows 10 Home Single Language Version 1511 (X86) (2017-01-18 03:25:36)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4294006291-3268964387-4160186193-500 - Administrator - Disabled)
axioo (S-1-5-21-4294006291-3268964387-4160186193-1001 - Administrator - Enabled) => C:\Users\axioo
DefaultAccount (S-1-5-21-4294006291-3268964387-4160186193-503 - Limited - Disabled)
Guest (S-1-5-21-4294006291-3268964387-4160186193-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
AOMEI Partition Assistant Unlimited Edition 6.0 (HKLM\...\{02F850ED-FD0E-4ED1-BE0B-5498165BF3D0}_is1) (Version: - AOMEI Technology Co., Ltd.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
EverQuest (HKU\S-1-5-21-4294006291-3268964387-4160186193-1001\...\DG0-EverQuest) (Version: - Sony Online Entertainment)
EverQuest (HKU\S-1-5-21-4294006291-3268964387-4160186193-1001\...\DGC-EverQuest) (Version: 1.0.3.192 - Daybreak Game Company)
Google Chrome (HKLM\...\Google Chrome) (Version: 56.0.2924.76 - Google Inc.)
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.3.193 - SurfRight B.V.)
LifeBeg (HKLM\...\com.adobe.example.LifeBeg.EE56868B10F1E873F72054D45113DA2EF16FE085.1) (Version: 1.0 - UNKNOWN)
LifeBeg (Version: 1.0 - UNKNOWN) Hidden
LifeElem (HKLM\...\com.adobe.example.LifeElem.EE56868B10F1E873F72054D45113DA2EF16FE085.1) (Version: 1.0 - UNKNOWN)
LifeElem (Version: 1.0 - UNKNOWN) Hidden
LifePreInt (HKLM\...\com.adobe.example.LifePreInt.EE56868B10F1E873F72054D45113DA2EF16FE085.1) (Version: 1.0 - UNKNOWN)
LifePreInt (Version: 1.0 - UNKNOWN) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
REALTEK Bluetooth (HKLM\...\InstallShield_{192979A0-37F4-4703-B1BB-62052142CE44}) (Version: 1.0.102.50724 - Realtek Semiconductor Corp.)
REALTEK Bluetooth (Version: 1.0.102.50724 - REALTEK Semiconductor Corp.) Hidden
REALTEK Wireless LAN Driver (HKLM\...\{33AABC60-A52F-41FF-B2B9-17321240CD5}) (Version: 1.00.0276 - REALTEK Semiconductor Corp.)
WinDirStat 1.1.2 (HKU\S-1-5-21-4294006291-3268964387-4160186193-1001\...\WinDirStat) (Version: - )
Windows Driver Package - Kionix (WUDFRd) Sensor (07/30/2015 1.0.0.6) (HKLM\...\382C168E514F6CE64FDCF21159DD6ECEC5449121) (Version: 07/30/2015 1.0.0.6 - Kionix)
WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.591 - Zemana Ltd.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4294006291-3268964387-4160186193-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\axioo\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-4294006291-3268964387-4160186193-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\axioo\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll => No File
CustomCLSID: HKU\S-1-5-21-4294006291-3268964387-4160186193-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4294006291-3268964387-4160186193-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\axioo\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll => No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1520FF60-C188-4467-BB74-D410F220E326} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2017-01-30] ()
Task: {3C7F824F-12D2-4D93-BD71-389BA80CD543} - System32\Tasks\InstallShield® Update Service Scheduler => C:\Program Files\Common Files\InstallShield\Update\ISUSPM.exe [2017-01-18] (InstallShield®)
Task: {93E3C633-BC18-4B11-8DB7-F1CD82395AD6} - System32\Tasks\GoogleUpdateTaskMachineUA => D:\Program Files\Google\Update\GoogleUpdate.exe [2017-01-31] (Google Inc.)
Task: {A838CE2E-1147-4532-B4A2-8E33135979AF} - System32\Tasks\Optimize Thumbnail Cache Files => Wscript.exe //nologo //E:jscript //B C:\ProgramData\InstallShield\Update\isuspm.ini <==== ATTENTION
Task: {B070BF4E-F288-43D7-B524-0411E9239310} - System32\Tasks\GoogleUpdateTaskMachineCore => D:\Program Files\Google\Update\GoogleUpdate.exe [2017-01-31] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => D:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => D:\Program Files\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 12:44 - 2015-10-30 12:44 - 00149504 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-26 10:47 - 2016-01-26 10:47 - 01859448 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-01-20 07:01 - 2015-07-16 20:40 - 00147160 _____ () C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
2017-01-31 08:42 - 2017-01-25 13:56 - 01870168 _____ () D:\Program Files\Google\Chrome\Application\56.0.2924.76\libglesv2.dll
2017-01-31 08:42 - 2017-01-25 13:56 - 00085848 _____ () D:\Program Files\Google\Chrome\Application\56.0.2924.76\libegl.dll
2016-01-26 10:47 - 2016-01-26 10:47 - 01859448 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2017-01-31 10:56 - 2017-01-31 10:56 - 00129392 _____ () D:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll
2016-01-26 10:47 - 2016-01-26 10:47 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-01-26 10:47 - 2016-01-26 10:47 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-26 10:47 - 2016-01-26 10:47 - 05340672 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-26 10:47 - 2016-01-26 10:47 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-26 10:47 - 2016-01-26 10:47 - 02365952 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-26 10:47 - 2016-01-26 10:47 - 02656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-30 12:45 - 2015-10-30 12:45 - 00164224 _____ () c:\windows\system32\WerEtw.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 12:48 - 2015-10-30 12:47 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4294006291-3268964387-4160186193-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\OEMBackground.jpg
DNS Servers: 192.168.42.129
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{BA359AF1-E542-4C45-A433-B7B2762D2A3A}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BFA29102-4425-43DB-8542-EA7E038A21B2}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FF79700D-F0AD-4A92-B112-02D80B70B995}] => D:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{118A8F0A-E81E-452B-B105-91A06A5321C2}] => D:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{193BCBEB-B5C7-4A2B-B080-E8D42B653622}] => D:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{433E17CF-3B95-419F-8343-5293DDA3AF37}] => D:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{CECB334B-2BA0-4F01-A156-C9004C4DDF23}] => D:\Program Files\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
29-01-2017 23:33:51 help me ahhhh
31-01-2017 09:08:17 Installed SharpKeys
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/31/2017 02:04:57 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-03-02T05:17:57Z. Error Code: 0x80070002.
Error: (01/31/2017 02:04:27 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-03-02T05:18:27Z. Error Code: 0x80070002.
Error: (01/31/2017 02:03:57 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-03-02T05:17:57Z. Error Code: 0x80070002.
Error: (01/31/2017 02:03:27 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-03-02T05:18:27Z. Error Code: 0x80070002.
Error: (01/31/2017 02:03:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 29.1.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: a0c
Start Time: 01d27b9007a40829
Termination Time: 27
Application Path: C:\Users\axioo\Desktop\FRST.exe
Report Id: 4f8e9bbd-e783-11e6-a145-02005f553036
Faulting package full name:
Faulting package-relative application ID:
Error: (01/31/2017 02:02:57 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-03-02T05:17:57Z. Error Code: 0x80070002.
Error: (01/31/2017 02:02:27 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-03-02T05:18:27Z. Error Code: 0x80070002.
Error: (01/31/2017 02:01:57 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-03-02T05:17:57Z. Error Code: 0x80070002.
Error: (01/31/2017 02:01:27 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-03-02T05:18:27Z. Error Code: 0x80070002.
Error: (01/31/2017 02:00:57 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-03-02T05:17:57Z. Error Code: 0x80070002.
System errors:
=============
Error: (01/31/2017 12:16:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WWAN AutoConfig service terminated with the following error:
Overlapped I/O operation is in progress.
Error: (01/31/2017 12:16:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_1f8b6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (01/31/2017 12:16:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_1f8b6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (01/31/2017 12:16:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_1f8b6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (01/31/2017 12:16:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_1f8b6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (01/31/2017 12:16:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/31/2017 11:37:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not start due to a logon failure.
Error: (01/31/2017 11:37:31 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
The request is not supported.
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Error: (01/31/2017 11:37:27 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Error: (01/31/2017 11:37:27 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
CodeIntegrity:
===================================
Date: 2017-01-31 10:03:39.039
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-31 08:58:59.573
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-30 12:40:53.421
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-29 23:59:01.971
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-29 22:57:51.545
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-29 22:50:23.453
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-29 21:28:43.815
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-26 14:57:28.017
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-18 10:25:20.427
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-20 07:47:02.169
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Atom™ CPU Z3735F @ 1.33GHz
Percentage of memory in use: 77%
Total physical RAM: 1985.14 MB
Available physical RAM: 443.48 MB
Total Virtual: 2689.14 MB
Available Virtual: 788.02 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:28.73 GB) (Free:16.88 GB) NTFS
Drive d: (Superdisk) (Removable) (Total:119.26 GB) (Free:84.41 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 28.9 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 1 (Size: 119.3 GB) (Disk ID: 9E1247B5)
Partition 1: (Not Active) - (Size=119.3 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Attached Files
-
FRST.txt 53.41KB
161 downloads
-
Addition.txt 19.65KB
167 downloads
#4
Posted 31 January 2017 - 07:49 PM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that
Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs.
#5
Posted 31 January 2017 - 10:22 PM
Supermatt01
- Topic Starter
-
- Member
-
- 45 posts
Member
Thanks, that didn't work. I still have a locked proxy server and my keyboard is still acting out and when the system rebooted I saw an installer window pop up that was blank white and had an owl in the left corner. I don't know what it was or what it did.
Attached Files
-
Fixlog.txt 13.48KB
284 downloads
-
FRST.txt 30.19KB
173 downloads
-
Addition.txt 15.18KB
187 downloads
#6
Posted 31 January 2017 - 10:54 PM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
FRST says it couldn't find: ProxySettingsPerUser
under
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
tho it saw it on a scan before the fix and again after we ran the fix.
Possibly a permission problem.
We can try again and have FRST unlock: the key first.
#7
Posted 31 January 2017 - 11:37 PM
Supermatt01
- Topic Starter
-
- Member
-
- 45 posts
Member
unlock what key?
#8
Posted 01 February 2017 - 12:02 AM
Supermatt01
- Topic Starter
-
- Member
-
- 45 posts
Member
Okay, so far so good. It seems to have killed the loopback. I am still experiencing keyboard key map issues. When I rebooted I saw a popup that said one thing failed but it was quick and I forgot the way it was worded. Any advice on remapping my keyboard to fix it? I think that is what got me infected to start with. I was trying to find a tool to fix my malfunctioning keyboard.
Attached Files
-
Fixlog.txt 2.65KB
195 downloads
-
FRST.txt 29.34KB
184 downloads
-
Addition.txt 14.59KB
197 downloads
#9
Posted 01 February 2017 - 12:59 AM
Supermatt01
- Topic Starter
-
- Member
-
- 45 posts
Member
Okay, I think that this issue has been solved. A friend of mine knew how to fix my keyboard issue and the proxy attack hasn't come back over multiple reboots. Thank you so much for your help. I am going to post a review of this experience on my Facebook page. :-)
#10
Posted 01 February 2017 - 06:30 AM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
There was a registry entry sometimes called a key:
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction -
ProxySettings)
The permissions on it had been changed. When I used the UNLOCK: command on it FRST, took ownership of the key and changed the permissions to allow Full Control so that it was able to remove the key.
We can look to see what is going on at boot if you like:
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
* System
4. Under 'Select type to list', select:
* Error
* Warning
Then use the 'Number of events' as follows:
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
Similar Topics
Also tagged with one or more of these keywords: proxy, windows 10, virus
 
|
Security →
Virus, Spyware, Malware Removal →
Having Powersheel.exe Issues ... Need fixlist.txtStarted by raj0171 , 19 Mar 2024  Virus, HELP, Malwarebytes
|
|
|
|
|
|
Hardware →
Hardware, Components and Peripherals →
Recover the hard driveStarted by Andrew Board , 16 Jan 2024 data recovery, hard drive, help and 1 more...
|
|
|
|
|
|
Security →
Virus, Spyware, Malware Removal →
HP desktop - google.com is in Norwegian [Solved]Started by wayneman50 , 23 Jul 2023 internet, google, virus and 1 more...
|
|
![HP desktop - google.com is in Norwegian [Solved] - last post by wayneman50](https://www.geekstogo.com/forum/uploads/profile/photo-thumb-328601.jpg?_r=1546827512)
|
|
|
|
Hardware →
Networking →
Weird recurring disconnect issue - Windows 10Started by Rickie , 27 Dec 2022 windows 10, wireless, ethernet and 2 more...
|
|
|
|
|
|
Security →
Virus, Spyware, Malware Removal →
Virus InfectionStarted by ForrestGump , 05 Oct 2022 Virus
|
|
|
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
