Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus turning off safety tools (Malwarebytes Real-Time Protection)!


  • Please log in to reply

#1
MattMMM

MattMMM

    Member

  • Member
  • PipPip
  • 33 posts

Hello

 

I have recently updated my anti-virus Avast Free and Malwarebytes programs. Avast also prompted me to update programs that were out of date (Mozzila, winrar, Flash, Adobe,...) and I did.

 

Malwarebytes was upgraded to a 30day premium trial (with real time protection). Soon after it started throwing warning messages, it intercepted some outgoing stuff (can't remember exactly what it said) every few minutes.

 

I scanned everything both with Avast and Malwarebytes. Found nothing.

 

Following various sites&forums I first downloaded Tdsskiller and run it through. It found a single issue with secdrv.sys (System32/drivers/secdrv.sys). It only marked it as medium dangerous. As it's a system file I did not delete it.

 

I then downloaded NortonPowerEraser and HitmanPRO and run it...Norton found some simple stuff (mostly cookies) as problematic. I followed its recomended settings (making sure I don't delete something vital) and deleted and completed scans.

 

I ran all of these programs multiple times.

 

The Malwarebytes warning messages went away for a while. When I woke up this morning I get a message from Malewarebytes that my real time web protection is off. As I try to turn it on, it turns off on its own right away. This virus is turning off my safty features.

 

QUESTION: Should I keep my computer on Shut down or Sleep whilst waiting for a reply? Or can I continue to use it? I don't want the infection to spread.

 

PERHAPS UNRELATED:

I have a bad motherboard(fixed before), so the laptop often runs 100% CPU and sometimes throws a blue screen of death. The high CPU is very apparant when using Chrome and Mozzila. Might be my hardware, might be the virus running something in the background...idk.

 

Thank you for taking the time to look into this.

 

FRSTtxt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-11-2017
Ran by Mathew (administrator) on MATHEW-PC (21-11-2017 13:46:20)
Running from C:\Users\Mathew\Desktop
Loaded Profiles: Mathew (Available Profiles: Mathew)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files\SimracewayUpdater\SRWUpdate.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-18] (AVAST Software)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [153672 2010-05-05] (Logitech Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2247568 2013-01-03] (ELAN Microelectronics Corp.)
HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [5422432 2014-05-13] (Sentelic Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7772704 2009-10-02] (Realtek Semiconductor)
HKLM\...\Run: [ATKOSD2] => C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM\...\Run: [ATKMEDIA] => C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM\...\Run: [HControlUser] => C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1990737404-2085512467-1734709770-1001\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3111712 2017-11-17] (Valve Corporation)
HKU\S-1-5-21-1990737404-2085512467-1734709770-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1990737404-2085512467-1734709770-1001\...\Run: [DownloadAccelerator] => C:\Program Files\DAP\DAP.EXE [4110992 2014-04-27] (Speedbit Ltd.)
HKU\S-1-5-21-1990737404-2085512467-1734709770-1001\...\MountPoints2: {cfc95b6d-a835-11e5-ad7b-c89ac6531659} - I:\LaunchU3.exe -a
BootExecute: autocheck autochk * sdnclean.exebootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{D2D5868A-4340-4853-8DD5-C36310836696}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{D2D5868A-4340-4853-8DD5-C36310836696}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1990737404-2085512467-1734709770-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.si/?gws_rd=cr,ssl&ei=QJs_VNL-KqTnygOQj4DoCA
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-11-19] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-18] (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-19] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Mathew\AppData\Roaming\Mozilla\Firefox\Profiles\yp7khgkp.default-1486819378120 [2017-11-21]
FF Homepage: Mozilla\Firefox\Profiles\yp7khgkp.default-1486819378120 -> hxxps://www.google.com/?bcutc=sp-006
FF NewTab: Mozilla\Firefox\Profiles\yp7khgkp.default-1486819378120 -> about:newtab
FF Keyword.URL: Mozilla\Firefox\Profiles\yp7khgkp.default-1486819378120 -> hxxps://www.google.com/search?bcutc=sp-006
FF Extension: (Avast SafePrice) - C:\Users\Mathew\AppData\Roaming\Mozilla\Firefox\Profiles\yp7khgkp.default-1486819378120\Extensions\[email protected] [2017-10-15]
FF Extension: (Avast Online Security) - C:\Users\Mathew\AppData\Roaming\Mozilla\Firefox\Profiles\yp7khgkp.default-1486819378120\Extensions\[email protected] [2017-11-11]
FF SearchPlugin: C:\Users\Mathew\AppData\Roaming\Mozilla\Firefox\Profiles\yp7khgkp.default-1486819378120\searchplugins\google-avast.xml [2017-02-17]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\DAP\daplinkchecker => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-20] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-1990737404-2085512467-1734709770-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mathew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-24] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://search.entru.com/?s=21983
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Mathew\AppData\Local\Google\Chrome\User Data\Default [2017-11-21]
CHR Extension: (Docs) - C:\Users\Mathew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\Mathew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01]
CHR Extension: (YouTube) - C:\Users\Mathew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03]
CHR Extension: (Google Search) - C:\Users\Mathew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Google Docs Offline) - C:\Users\Mathew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-25]
CHR Extension: (Avast Online Security) - C:\Users\Mathew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-15]
CHR Extension: (You've Got Gmail) - C:\Users\Mathew\AppData\Local\Google\Chrome\User Data\Default\Extensions\malfeooooleemdfajjpighcjgnbmmbam [2014-10-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mathew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25]
CHR Extension: (Gmail) - C:\Users\Mathew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-20]
CHR Extension: (Chrome Media Router) - C:\Users\Mathew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-18]
CHR Profile: C:\Users\Mathew\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-04-21]
CHR HKLM\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [djcpfkccckpeeghiklnhienllljccglb] - D:\Program Files\SPEEDbit Video Downloader\Chrome\DownloaderChrome.crx [2014-06-28]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files\DAP\DAPChrome\DAPChrome6.crx [2014-04-27]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [ledcpigomgblcmofccnacobhmcdkpiea] - C:\Program Files\SearchPredict\Chrome\SearchPredictChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5904136 2017-11-18] (AVAST Software)
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-18] (AVAST Software)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65640 2015-11-05] (CyberGhost S.R.L)
R2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-10-29] (Foxit Software Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2905656 2016-06-15] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2018360 2016-06-15] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-11-14] ()
R2 Simraceway Update Service; C:\Program Files\SimracewayUpdater\SRWUpdate.exe [1630720 2013-07-11] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-07-15] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
S3 asmthub3; C:\Windows\system32\drivers\asmthub3.sys [110920 2012-11-08] (ASMedia Technology Inc)
S3 asmtxhci; C:\Windows\system32\drivers\asmtxhci.sys [333128 2012-11-08] (ASMedia Technology Inc)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [157176 2017-11-18] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [255616 2017-11-18] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [157408 2017-11-18] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [276728 2017-11-18] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [50376 2017-11-18] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42848 2017-11-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [124952 2017-11-18] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [99560 2017-11-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [70864 2017-11-18] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783136 2017-11-18] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [388760 2017-11-19] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [150848 2017-11-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [298360 2017-11-18] (AVAST Software)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3237888 2013-11-01] (Qualcomm Atheros Communications, Inc.)
S3 b06diag; C:\Windows\system32\drivers\bxdiagx.sys [75816 2012-03-08] (Broadcom Corporation)
S3 BFN7x86; C:\Windows\system32\drivers\Xeno7x86.sys [130152 2012-02-22] (Bigfoot Networks, Inc.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [150568 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [435240 2012-02-22] (Broadcom Corporation)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1.sys [24424 2012-12-13] (Windows ® Win 7 DDK provider)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-04-25] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59896 2017-11-01] ()
S3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [296336 2013-01-03] (ELAN Microelectronics Corp.)
S3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [65152 2012-07-24] (Etron Technology Inc)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
S3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [88832 2012-07-24] (Etron Technology Inc)
S3 fspad_win732; C:\Windows\System32\DRIVERS\fspad_win732.sys [144736 2014-05-13] (Sentelic Corporation)
R2 giveio; C:\Windows\system32\giveio.sys [5248 1996-04-03] () [File not signed]
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [527344 2013-03-05] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26096 2013-03-05] (Intel Corporation)
S3 iusb3hub; C:\Windows\system32\drivers\iusb3hub.sys [359560 2012-12-21] (Intel Corporation)
S3 iusb3xhc; C:\Windows\system32\drivers\iusb3xhc.sys [792712 2012-12-21] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [167352 2017-11-19] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [91576 2017-11-21] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40376 2017-11-21] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2017-11-21] (Malwarebytes)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [14392 2009-05-13] (ASUS)
S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [73984 2011-10-25] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [165120 2011-10-25] (Renesas Electronics Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [50744 2016-04-14] (NVIDIA Corporation)
S4 secdrv; C:\Windows\system32\Drivers\secdrv.sys [11968 2000-07-24] () [File not signed]
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1761024 2010-09-07] (Sonix Technology Co., Ltd.)
R2 speedfan; C:\Windows\system32\speedfan.sys [24184 2012-12-29] (Almico Software)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
S3 WmHidLo; C:\Windows\System32\drivers\WmHidLo.sys [31816 2010-04-27] (Logitech Inc.)
R3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
S1 EterlogicVirtualSerialDriver; \??\C:\Users\Mathew\AppData\Local\Temp\VSPE.sys [X]
R4 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-21 13:46 - 2017-11-21 13:51 - 000019395 _____ C:\Users\Mathew\Desktop\FRST.txt
2017-11-21 13:46 - 2017-11-21 13:46 - 000000000 ____D C:\FRST
2017-11-21 13:45 - 2017-11-21 13:45 - 001787904 _____ (Farbar) C:\Users\Mathew\Desktop\FRST.exe
2017-11-21 13:40 - 2017-11-21 13:40 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-11-21 12:33 - 2017-11-21 12:40 - 000229830 _____ C:\TDSSKiller.3.1.0.15_21.11.2017_12.33.00_log.txt
2017-11-21 03:54 - 2017-11-21 03:56 - 000233460 _____ C:\TDSSKiller.3.1.0.15_21.11.2017_03.54.32_log.txt
2017-11-21 03:52 - 2017-11-21 03:52 - 000012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2017-11-21 03:52 - 2017-11-21 03:52 - 000000780 _____ C:\Windows\system32\bootdelete.lst
2017-11-21 03:30 - 2017-11-21 03:54 - 000000000 ____D C:\ProgramData\HitmanPro
2017-11-21 03:30 - 2017-11-21 03:30 - 000000000 ____D C:\Program Files\HitmanPro
2017-11-21 03:29 - 2017-11-21 03:29 - 011007936 _____ (SurfRight B.V.) C:\Users\Mathew\Desktop\hitmanpro.exe
2017-11-21 03:21 - 2017-11-21 03:25 - 000233626 _____ C:\TDSSKiller.3.1.0.15_21.11.2017_03.21.58_log.txt
2017-11-21 03:19 - 2017-11-21 03:19 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-11-21 03:17 - 2017-11-21 03:17 - 000091576 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-11-21 03:00 - 2017-11-21 03:25 - 000000000 ____D C:\Users\Mathew\AppData\Local\NPE
2017-11-21 03:00 - 2017-11-21 03:00 - 000000000 ____D C:\ProgramData\Norton
2017-11-21 02:58 - 2017-11-21 02:59 - 003422944 _____ (Symantec Corporation) C:\Users\Mathew\Desktop\NPE.exe
2017-11-21 02:19 - 2017-11-21 02:59 - 000231826 _____ C:\TDSSKiller.3.1.0.15_21.11.2017_02.19.03_log.txt
2017-11-21 01:35 - 2017-11-21 02:13 - 000460978 _____ C:\TDSSKiller.3.1.0.15_21.11.2017_01.35.42_log.txt
2017-11-20 21:50 - 2017-11-20 21:50 - 000000000 ____D C:\Users\Mathew\AppData\Local\AVAST Software
2017-11-20 21:45 - 2017-11-20 21:45 - 000002095 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2017-11-20 21:45 - 2017-11-20 21:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2017-11-20 21:25 - 2017-11-20 21:30 - 000985390 _____ C:\TDSSKiller.3.1.0.15_20.11.2017_21.25.33_log.txt
2017-11-20 21:09 - 2017-11-20 21:21 - 000230872 _____ C:\TDSSKiller.3.1.0.15_20.11.2017_21.09.00_log.txt
2017-11-20 20:41 - 2017-11-20 21:08 - 000456586 _____ C:\TDSSKiller.3.1.0.15_20.11.2017_20.41.46_log.txt
2017-11-20 20:41 - 2017-11-20 20:41 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Mathew\Desktop\tdsskiller.exe
2017-11-20 20:37 - 2017-11-20 20:37 - 003227608 _____ C:\Users\Mathew\Downloads\Unconfirmed 25082.crdownload
2017-11-20 20:32 - 2017-11-20 20:32 - 004551260 _____ C:\Users\Mathew\Downloads\Unconfirmed 376312.crdownload
2017-11-20 20:31 - 2017-11-20 20:31 - 003084203 _____ C:\Users\Mathew\Downloads\Unconfirmed 286259.crdownload
2017-11-19 02:45 - 2017-11-21 03:17 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-11-19 02:45 - 2017-11-21 03:17 - 000040376 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-11-19 02:45 - 2017-11-19 02:45 - 000167352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-11-19 02:45 - 2017-11-19 02:45 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-19 02:45 - 2017-11-19 02:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-19 02:44 - 2017-11-19 02:44 - 000000000 ____D C:\ProgramData\MB2Migration
2017-11-19 02:44 - 2017-11-19 02:44 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-19 02:44 - 2017-11-01 08:54 - 000059896 _____ C:\Windows\system32\Drivers\mbae.sys
2017-11-19 02:42 - 2017-11-19 02:42 - 000000000 ____D C:\Program Files\Common Files\Java
2017-11-19 02:26 - 2017-11-18 02:21 - 000305328 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-11-19 02:22 - 2017-11-19 02:22 - 007176464 _____ (AVAST Software) C:\Users\Mathew\Downloads\avast_free_antivirus_setup_online.exe
2017-11-19 02:18 - 2017-11-19 02:18 - 008893232 _____ (AVAST Software) C:\Users\Mathew\Downloads\Unconfirmed 106996.crdownload
2017-11-19 02:14 - 2017-11-18 02:22 - 000157176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2017-11-15 12:11 - 2017-10-18 07:45 - 000347336 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-11-15 12:11 - 2017-10-18 02:55 - 000285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-11-15 12:11 - 2017-10-18 02:55 - 000259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-11-15 12:11 - 2017-10-18 02:55 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-11-15 12:11 - 2017-10-18 02:55 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-11-15 12:11 - 2017-10-18 02:55 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-11-15 12:11 - 2017-10-18 02:55 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-11-15 12:11 - 2017-10-18 02:55 - 000006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-11-15 12:11 - 2017-10-16 23:49 - 001213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-15 12:11 - 2017-10-16 23:25 - 002402816 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-11-15 12:11 - 2017-10-16 22:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2017-11-15 12:11 - 2017-10-14 08:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-11-15 12:11 - 2017-10-14 08:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-11-15 12:11 - 2017-10-14 08:03 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-11-15 12:11 - 2017-10-14 07:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-11-15 12:11 - 2017-10-14 07:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-11-15 12:11 - 2017-10-14 07:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-11-15 12:11 - 2017-10-14 07:52 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-11-15 12:11 - 2017-10-14 07:51 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-11-15 12:11 - 2017-10-14 07:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-11-15 12:11 - 2017-10-14 07:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-11-15 12:11 - 2017-10-14 07:47 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-11-15 12:11 - 2017-10-14 07:46 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-11-15 12:11 - 2017-10-14 07:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-11-15 12:11 - 2017-10-14 07:45 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-11-15 12:11 - 2017-10-14 07:45 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-11-15 12:11 - 2017-10-14 07:45 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-11-15 12:11 - 2017-10-14 07:41 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-11-15 12:11 - 2017-10-14 07:38 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-11-15 12:11 - 2017-10-14 07:35 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-11-15 12:11 - 2017-10-14 07:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-11-15 12:11 - 2017-10-14 07:34 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-11-15 12:11 - 2017-10-14 07:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-11-15 12:11 - 2017-10-14 07:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-11-15 12:11 - 2017-10-14 07:32 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-11-15 12:11 - 2017-10-14 07:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-11-15 12:11 - 2017-10-14 07:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-11-15 12:11 - 2017-10-14 07:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-11-15 12:11 - 2017-10-14 07:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-11-15 12:11 - 2017-10-14 07:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-11-15 12:11 - 2017-10-14 07:24 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-11-15 12:11 - 2017-10-14 07:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-11-15 12:11 - 2017-10-14 07:23 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-11-15 12:11 - 2017-10-14 07:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-11-15 12:11 - 2017-10-14 07:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-11-15 12:11 - 2017-10-14 07:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-11-15 12:11 - 2017-10-12 01:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-11-15 12:11 - 2017-10-12 01:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-11-15 12:11 - 2017-10-12 01:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-15 12:11 - 2017-10-12 01:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-15 12:11 - 2017-10-12 01:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-11-15 12:11 - 2017-10-12 01:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-11-15 12:11 - 2017-10-12 01:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-11-15 12:11 - 2017-10-12 01:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-11-15 12:11 - 2017-10-12 01:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-11-15 12:11 - 2017-10-12 01:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-11-15 12:11 - 2017-10-12 01:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-11-15 12:11 - 2017-10-12 01:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-11-15 12:11 - 2017-10-12 01:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-11-15 12:11 - 2017-10-12 01:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-11-15 12:11 - 2017-10-12 01:37 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-11-15 12:11 - 2017-10-12 01:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-11-15 12:11 - 2017-10-12 01:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-11-15 12:11 - 2017-10-12 01:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-11-15 12:11 - 2017-10-12 01:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-11-15 12:11 - 2017-10-12 01:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-11-15 12:11 - 2017-10-12 01:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-11-15 12:11 - 2017-10-12 01:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-11-15 12:11 - 2017-10-12 01:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-11-15 12:11 - 2017-10-12 01:16 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-11-15 12:11 - 2017-10-12 01:14 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-15 12:11 - 2017-09-07 14:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-11-12 15:03 - 2017-11-12 15:04 - 001204720 _____ (Adobe Systems Incorporated) C:\Users\Mathew\Downloads\flashplayer27_xa_install.exe
2017-11-10 21:29 - 2017-11-10 21:30 - 014158948 _____ C:\Users\Mathew\Downloads\2014 CRF Enduro.saf
2017-11-06 13:16 - 2017-11-06 13:16 - 000000000 ____D C:\Program Files\Motocross The Force 9XX
2017-11-06 13:15 - 2017-11-06 13:16 - 016862444 _____ C:\Users\Mathew\Downloads\MotocrossTheForce964Setup.exe
2017-11-06 00:52 - 2017-11-06 00:52 - 000453832 _____ C:\Windows\Minidump\110617-25724-01.dmp
2017-10-30 13:14 - 2017-10-30 13:14 - 001060179 _____ C:\Users\Mathew\Downloads\grand-theft-auto-vice-city-v10-english-no-cdfixed-exe-passwd-lonebullet.7z
2017-10-30 12:55 - 2017-10-30 12:55 - 000232689 _____ C:\Users\Mathew\Downloads\1505777222_First Person View Mod For Vice City.rar
2017-10-30 12:55 - 2017-10-30 12:55 - 000232689 _____ C:\Users\Mathew\Downloads\1505777222_First Person View Mod For Vice City (1).rar
2017-10-30 12:54 - 2017-10-30 12:55 - 016062857 _____ C:\Users\Mathew\Downloads\1508063391_VC Remastered 2.0.zip
2017-10-29 21:12 - 2017-10-30 13:04 - 000000000 ____D C:\Users\Mathew\Documents\GTA Vice City User Files
2017-10-29 19:05 - 2017-10-29 19:05 - 000000215 _____ C:\Users\Mathew\Desktop\Grand Theft Auto Vice City.url
2017-10-23 18:23 - 2017-10-23 18:40 - 000000098 _____ C:\Users\Mathew\Desktop\PC specs.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-21 13:50 - 2009-07-14 05:34 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-21 13:50 - 2009-07-14 05:34 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-21 03:19 - 2016-10-08 00:32 - 000000000 ____D C:\Program Files\Steam
2017-11-21 03:17 - 2014-08-07 14:39 - 000000348 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
2017-11-21 03:16 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-21 01:36 - 2017-09-04 14:58 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-21 01:36 - 2016-06-10 16:42 - 000000000 ____D C:\Users\Mathew\AppData\Roaming\Mozilla
2017-11-20 22:00 - 2016-10-09 12:32 - 000000000 ____D C:\Users\Mathew\AppData\Roaming\Octoshape
2017-11-20 21:47 - 2014-11-03 23:05 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-11-20 21:47 - 2014-11-03 23:05 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-11-20 21:47 - 2014-11-03 23:05 - 000000000 ____D C:\Windows\system32\Macromed
2017-11-20 21:45 - 2017-05-18 21:31 - 000000000 ____D C:\ProgramData\Foxit Software
2017-11-19 02:44 - 2014-04-24 20:08 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-19 02:44 - 2014-04-24 20:08 - 000000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2017-11-19 02:42 - 2014-09-01 10:32 - 000095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2017-11-19 02:42 - 2014-09-01 10:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-11-19 02:41 - 2014-09-01 10:32 - 000000000 ____D C:\Program Files\Java
2017-11-19 02:27 - 2015-06-29 14:17 - 000002079 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-11-19 02:27 - 2014-04-24 14:05 - 000000000 ____D C:\ProgramData\AVAST Software
2017-11-19 02:26 - 2014-04-24 14:08 - 000388760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-11-19 02:17 - 2017-08-13 21:32 - 000000000 _____ C:\Windows\system32\last.dump
2017-11-18 02:22 - 2014-04-24 14:08 - 000298360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-11-18 02:22 - 2014-04-24 14:08 - 000150848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-11-18 02:22 - 2014-04-24 14:08 - 000124952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-11-18 02:22 - 2014-04-24 14:08 - 000099560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-11-18 02:22 - 2014-04-24 14:08 - 000070864 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-11-18 02:22 - 2014-04-24 14:08 - 000042848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-11-18 02:21 - 2017-08-15 12:46 - 000276728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-11-18 02:21 - 2017-08-15 12:46 - 000255616 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-11-18 02:21 - 2017-08-15 12:46 - 000157408 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-11-18 02:21 - 2017-08-15 12:46 - 000050376 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-11-18 02:21 - 2014-04-24 14:08 - 000783136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-11-16 15:00 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\rescache
2017-11-16 12:37 - 2009-07-14 05:33 - 000444336 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-15 00:21 - 2014-04-24 14:10 - 000002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-14 12:43 - 2016-10-08 00:32 - 000000000 ____D C:\Program Files\Common Files\Steam
2017-11-13 19:06 - 2017-08-10 18:52 - 000000000 ____D C:\Users\Mathew\AppData\Local\CrashDumps
2017-11-12 15:05 - 2014-11-03 23:03 - 000000000 ____D C:\Users\Mathew\AppData\Local\Adobe
2017-11-10 21:54 - 2015-01-07 17:10 - 000000000 ____D C:\Users\Mathew\AppData\Local\MX Simulator
2017-11-10 21:52 - 2015-01-07 17:02 - 000000000 ____D C:\Program Files\Mx simulator
2017-11-08 21:11 - 2016-11-16 20:35 - 000000000 ____D C:\Users\Mathew\AppData\LocalLow\Mozilla
2017-11-07 18:49 - 2016-11-13 19:08 - 000039410 _____ C:\Users\Mathew\Desktop\Next Arma suggestion.txt
2017-11-06 00:52 - 2014-07-03 21:55 - 000000000 ____D C:\Windows\Minidump
2017-11-06 00:51 - 2016-06-10 16:41 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-11-05 09:49 - 2014-04-25 18:56 - 000000000 ____D C:\Users\Mathew\AppData\Local\NVIDIA
2017-11-04 08:23 - 2014-04-25 18:57 - 000000000 ____D C:\Users\Mathew\AppData\Local\NVIDIA Corporation
2017-11-04 08:23 - 2014-04-25 18:52 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-11-04 08:23 - 2014-04-25 18:41 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-11-03 14:29 - 2010-11-20 22:01 - 000778834 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-03 14:29 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2017-10-29 21:11 - 2014-04-29 11:29 - 000000000 ____D C:\Users\Mathew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-10-22 20:34 - 2014-09-03 16:04 - 000002394 _____ C:\Users\Mathew\Desktop\MOVIES.txt

==================== Files in the root of some directories =======

2015-11-14 10:12 - 2015-11-14 10:12 - 000138576 _____ () C:\Users\Mathew\AppData\Roaming\PnkBstrK.sys
2014-06-12 16:08 - 2014-06-12 16:13 - 000003584 _____ () C:\Users\Mathew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-27 18:34 - 2017-02-11 13:39 - 000007669 _____ () C:\Users\Mathew\AppData\Local\resmon.resmoncfg
2016-02-11 21:56 - 2016-02-11 21:56 - 000000000 _____ () C:\Users\Mathew\AppData\Local\{82A76771-8F6F-42F6-A934-737C31A590CE}

Some files in TEMP:
====================
2017-11-20 21:44 - 2017-08-21 17:01 - 003700288 _____ (Foxit Corporation) C:\Users\Mathew\AppData\Local\Temp\FoxitUpdater.exe
2017-11-14 12:36 - 2017-11-14 12:36 - 000000000 _____ () C:\Users\Mathew\AppData\Local\Temp\{810D1997-C0A5-4BF7-AFE3-D3734A2DAD57}-GoogleUpdateSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-19 18:22

==================== End of FRST.txt ============================

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-11-2017
Ran by Mathew (21-11-2017 13:52:20)
Running from C:\Users\Mathew\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2014-04-24 12:55:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1990737404-2085512467-1734709770-500 - Administrator - Disabled)
Guest (S-1-5-21-1990737404-2085512467-1734709770-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1990737404-2085512467-1734709770-1002 - Limited - Enabled)
Mathew (S-1-5-21-1990737404-2085512467-1734709770-1001 - Administrator - Enabled) => C:\Users\Mathew

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1990737404-2085512467-1734709770-1001\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
1 (HKLM\...\MOTORM4X Offroad Extreme_is1) (Version:  - )
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-0015-0424-0000-0000000FF1CE}_PROPLUS_{CAC07BC7-D855-4A94-B1DB-5154D99BFBE0}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-0016-0424-0000-0000000FF1CE}_PROPLUS_{CAC07BC7-D855-4A94-B1DB-5154D99BFBE0}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-0018-0424-0000-0000000FF1CE}_PROPLUS_{CAC07BC7-D855-4A94-B1DB-5154D99BFBE0}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-0019-0424-0000-0000000FF1CE}_PROPLUS_{CAC07BC7-D855-4A94-B1DB-5154D99BFBE0}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-001A-0424-0000-0000000FF1CE}_PROPLUS_{CAC07BC7-D855-4A94-B1DB-5154D99BFBE0}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-001B-0424-0000-0000000FF1CE}_PROPLUS_{CAC07BC7-D855-4A94-B1DB-5154D99BFBE0}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-001F-041A-0000-0000000FF1CE}_PROPLUS_{C9CC66D9-D7D3-46C1-A485-9601E4DE8D28}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-001F-0424-0000-0000000FF1CE}_PROPLUS_{6E8DFF8D-F7D1-4451-952A-61CAB73A59E2}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-0044-0424-0000-0000000FF1CE}_PROPLUS_{CAC07BC7-D855-4A94-B1DB-5154D99BFBE0}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-006E-0424-0000-0000000FF1CE}_PROPLUS_{5983F0B6-A661-4378-AEA8-9EB1992D2FB0}) (Version:  - Microsoft) Hidden
3D Route Builder (HKLM\...\{22EA8886-788F-449C-9ADE-417F41E9C954}) (Version: 7.3.9 - Hybrid GeoTools)
3D Sound Back Beta0.1 (HKLM\...\{39DB116F-E088-486F-B13C-8925ECE7A6E5}) (Version: 0.1 - Realtek Semiconductor Corp.)
7-Zip 16.04 (HKLM\...\{23170F69-40C1-2701-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.)
Armed Assault Türkiye Mod Paketi (HKLM\...\Armed Assault Türkiye Mod Paketiv1.0) (Version: v1.0 - Armed Assault Türkiye)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
B375 Peugeot 206 1.00 (HKLM\...\B375 Peugeot 206 1.00) (Version:  - )
Bathurst v1.5 (2010 V8SC) (HKLM\...\{DDD54BB5-416B-41AE-A67A-F7BAC01C6CA1}_is1) (Version: v1.5 - Team ORSM)
BobsTrackBuilder (HKLM\...\{ECDF8120-703D-4A96-B36C-A565419B3900}) (Version: 1.0.0 - Bobs Track Builder)
BS.Player PRO (HKLM\...\BSPlayerp) (Version: 2.66.1075 - AB Team, d.o.o.)
CBR Reader (HKLM\...\{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1) (Version:  - cbrreader.com)
Cities XL Platinum (HKLM\...\Cities XL Platinum_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
D.O.D. Map Pack v1.2 (HKLM\...\D.O.D. Map Pack v1.2) (Version:  - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Deus Ex - Game of the Year Edition (HKLM\...\Deus Ex - Game of the Year Edition_is1) (Version:  - GOG.com)
Disney's Simba's Pride GameBreak (HKLM\...\Simba's Pride GameBreak) (Version:  - )
Download Accelerator Plus (DAP) (HKLM\...\Download Accelerator Plus (DAP)) (Version: 10059 (Build 2593) - Speedbit Ltd.)
Electronic Arts Game Updater (HKLM\...\Electronic Arts Game Updater) (Version:  - )
ETDWare PS/2-X86 11.5.6.6_WHQL (HKLM\...\Elantech) (Version: 11.5.6.6 - ELAN Microelectronic Corp.)
Façade (HKLM\...\{24E34264-D483-477C-A9A0-4E53F69834CF}) (Version: 1.1.2 - Procedural Arts)
Fender FUSE (HKU\S-1-5-21-1990737404-2085512467-1734709770-1001\...\4051934814.fuse.fender.com) (Version:  - fuse.fender.com)
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 9.4.7.1 - Sentelic)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 9.0.0.29935 - Foxit Software Inc.)
Freelancer (HKLM\...\Freelancer 1.0) (Version:  - )
Game Copa Petrobras de Marcas version 1.02 (HKLM\...\{A5075C60-242E-432B-B935-31C90D127DA9}}_is1) (Version: 1.02 - Reiza Studios Ltda.)
Google Chrome (HKLM\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Earth Pro (HKLM\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
IMVU Avatar Chat Software (HKU\S-1-5-21-1990737404-2085512467-1734709770-1001\...\IMVU Avatar chat client software BETA) (Version:  - )
Installer (HKLM\...\{97E12F84-C033-4DA2-97D2-F540C3E292EA}) (Version: 1.0.0 - Sierra Entertainment, Inc.) Hidden
Java 8 Update 131 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 144 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 151 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Logitech Gaming Software 5.09 (HKLM\...\{4EDD761B-5253-4CD1-A309-9DFEE960E344}) (Version: 5.09.131 - Logitech)
Mafia II (HKLM\...\Mafia II_is1) (Version:  - R.G. Mechanics, DANTE2050)
Mafia The City of Lost Heaven version 1.0.0.1 (HKLM\...\Mafia The City of Lost Heaven_is1) (Version: 1.0.0.1 - KNIGHT)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Midtown Madness 2 (HKLM\...\Midtown Madness 2.0) (Version:  - )
Microsoft Midtown Madness 2 Trial (HKLM\...\Midtown Madness 2.0 Trial) (Version:  - )
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM\...\WMV9_VCM) (Version:  - )
Minecraft1.8 (HKLM\...\Minecraft1.8) (Version:  - )
Motocross The Force (remove only) (HKLM\...\Motocross The Force) (Version:  - )
Mount&Blade Warband (HKLM\...\Mount&Blade Warband) (Version:  - )
Mozilla Firefox 57.0 (x86 sl) (HKLM\...\Mozilla Firefox 57.0 (x86 sl)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.2.6506 - Mozilla)
muvee Reveal 11 (HKLM\...\{92150CEE-F017-9FF5-17C4-B1CEB1048A3D}) (Version: 11.0.0.26762 - muvee Technologies Pte Ltd)
muvee Reveal Runtime (HKLM\...\{89018418-6136-4BA8-BAF9-FC0D3C4D4DDA}) (Version: 11.0.0.26762 - muvee Technologies Pte Ltd)
Mx simulator version 1 (HKLM\...\{E7D1E14C-153A-4EBF-8F20-616EB8B45CDF}_is1) (Version: 1 - Josh Vanderhoof)
Need for Speed - Hot Pursuit 2 (HKLM\...\Need for Speed - Hot Pursuit 2_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Need For Speed - Porsche 2000 (HKLM\...\Need For Speed - Porsche 2000) (Version:  - )
NirSoft VideoCacheView (HKLM\...\NirSoft VideoCacheView) (Version:  - )
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version:  - )
Operation Flashpoint 1.96 Multi Serial Edition (HKLM\...\{8FF6FFEC-E59D-40FD-9089-8B71F51CF67F}) (Version: 1.20 - GanjaBlood)
ParaflySim 3D Simulator BETA Demo (HKLM\...\{747E9E45-921F-4A99-BAB8-298F96F63A81}) (Version: 1.0.0 - RealSimSoft)
PCSX2 - Playstation 2 Emulator (HKLM\...\pcsx2-r5875) (Version:  - )
Posodobitev za Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0424-0000-0000000FF1CE}_PROPLUS_{FD705E62-13B4-4BF5-A4B2-A7599309751B}) (Version:  - Microsoft)
Posodobitev za Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0424-0000-0000000FF1CE}_PROPLUS_{045DC059-1CCC-47B9-BA35-713E269D33B8}) (Version:  - Microsoft)
Posodobitev za Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0424-0000-0000000FF1CE}_PROPLUS_{AD1C31E7-4856-4887-9307-1ABDE0F2DF7C}) (Version:  - Microsoft)
Project Reality: BF2 (HKLM\...\Project Reality: BF2 (pr)_is1) (Version: v1.3 - Project Reality)
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
Raven Shield 2.0 English (HKLM\...\Raven_0) (Version:  - KetsuCorp Enterprises)
Real Lives 2010 (HKLM\...\Real Lives 2010) (Version: 10.0.0.13 - Educational Simulations)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5951 - Realtek Semiconductor Corp.)
S.T.A.L.K.E.R - Shadow of Chernobyl (HKLM\...\S.T.A.L.K.E.R - Shadow of Chernobyl_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Screamer 4x4 (HKLM\...\Screamer 4x4) (Version:  - )
SeeYou Version 3.1 (HKLM\...\SeeYou_is1) (Version:  - )
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Sid Meier's Pirates! (HKLM\...\{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}) (Version: 1.00.0000 - Firaxis Games) Hidden
Sid Meier's Pirates! (HKLM\...\InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}) (Version: 1.00.0000 - Firaxis Games)
Simraceway 28.92 (HKLM\...\Simraceway) (Version: 28.92 - Simraceway)
SpeedBit Video Downloader (HKLM\...\SPEEDbit Video Downloader) (Version: 1155(build_502) - SPEEDbit Ltd.)
Splinter Cell Chaos Theory version 1.0.5 (HKLM\...\Splinter Cell Chaos Theory_is1) (Version: 1.0.5 - Ubisoft)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SWAT 3 - Tactical Game of The Year Edition (HKLM\...\SWAT 3 - Tactical Game of The Year Edition_is1) (Version:  - GOG.com)
SWAT 4 - The Stetchkov Syndicate (HKLM\...\InstallShield_{97E12F84-C033-4DA2-97D2-F540C3E292EA}) (Version: 1.0.0 - Sierra Entertainment, Inc.)
SWAT 4 (HKLM\...\{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}) (Version: 1.0.31973 - Sierra Entertainment, Inc.) Hidden
SWAT 4 (HKLM\...\InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}) (Version: 1.0.31973 - Sierra Entertainment, Inc.)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Syberia (HKLM\...\Syberia_is1) (Version:  - GOG.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.7 - Synaptics Incorporated)
System Requirements Lab (HKLM\...\{B35DBBD7-B42E-494A-8913-431A2E448131}) (Version: 6.1.1.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM\...\{CF2519AE-18CA-49DD-B590-11C08AC216F4}) (Version: 6.1.6.0 - Husdawg, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Terror Strike (HKLM\...\{11B3D22F-AAAA-4A52-99A5-A2966CE640EA}) (Version:  - Encore)
TGZ TDM Map Pack 1 (HKLM\...\TGZ TDM Map Pack 1) (Version:  - )
Unity Web Player (HKU\S-1-5-21-1990737404-2085512467-1734709770-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Outlook 2007 Junk Email Filter (kb976884) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{FB60F280-C70F-4174-BADB-471412AA42F0}) (Version:  - Microsoft)
USB 2.0 2.0M UVC WebCam (HKLM\...\USB 2.0 2.0M UVC WebCam) (Version:  - )
UserTesting (HKU\S-1-5-21-1990737404-2085512467-1734709770-1001\...\UserTestingPlugin) (Version:  - UserTesting.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Mathew\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-18] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-18] (AVAST Software)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2017-10-21] (Foxit Software Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-18] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-02-04] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-18] (AVAST Software)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2017-10-21] (Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01C89291-F0F3-4587-819A-00D525056BF7} - System32\Tasks\{5526E1A7-8AD9-45E2-91BB-82A5C906A6B0} => C:\Windows\system32\pcalua.exe -a "E:\see you\wcusetup.exe" -d "E:\see you"
Task: {01D14CA3-FAE7-43B1-9708-30E499CD40EC} - System32\Tasks\{807C03D6-2F4A-480C-8CA0-AC8198EF4933} => C:\Windows\system32\pcalua.exe -a "E:\see you\pcusetup.exe" -d "E:\see you"
Task: {080AC514-22EA-4C5B-87D0-B80234D42AC2} - System32\Tasks\{41C75AC0-628D-40B9-B03B-52FD7A3BC093} => C:\Program Files\Bohemia Interactive\ArmA\arma.exe
Task: {0C27DD63-45C9-4CF0-A132-DE73B8B3FCD4} - System32\Tasks\{1BEDF4F3-0FD7-4162-B440-A8A0C51A06B7} => C:\Windows\system32\pcalua.exe -a C:\Users\Mathew\Desktop\SWAT4XSRIInstaller_19122013_2156_F4.exe -d C:\Users\Mathew\Desktop
Task: {1584D162-1732-4EF3-AD97-D8245790B77D} - System32\Tasks\ATKOSD2 => C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {16F12432-5798-4DA7-84C4-7FCA1B65EFE5} - System32\Tasks\{A7AC577A-51DA-4319-8472-6C6E3788E20D} => D:\Pcx2\pcsx2-r5875.exe
Task: {1EB39D68-559E-42D9-B9E9-BD6C9BFFBFB0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {206BCD4C-651B-438F-907F-849113E4B96E} - System32\Tasks\{90973D2C-DC55-4F62-9FB1-2EB0A8B0E2AD} => D:\Program Files\Red Storm Entertainment\RavenShield\RavenShield.exe [2004-11-07] ()
Task: {2573EEA7-13AC-4119-B896-6BB95E462357} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-18] (AVAST Software)
Task: {3100433B-1060-4ED7-A67D-6FD456585ABE} - System32\Tasks\{361B90C5-B454-46B9-9BC1-DF0908C9A02F} => D:\Program Files\Red Storm Entertainment\RavenShield\RavenShield.exe [2004-11-07] ()
Task: {491B71A8-92C8-468D-9BB0-07AFE9BC02F6} - System32\Tasks\{AA3C8F08-07F5-4DDB-95D2-2C01716546E5} => C:\Windows\system32\pcalua.exe -a "E:\see you\alps_cit.exe" -d "E:\see you"
Task: {50155067-7FB4-4DB8-9E90-292111043CE8} - System32\Tasks\{E7987ECD-059F-4B3D-A0EC-4D7895256A97} => C:\Windows\system32\pcalua.exe -a "C:\Users\Mathew\Downloads\RAINBOW SIX\Raven Shield Complete\Rainbow Six - Raven Shield - Athena Sword\athena_sword_v1.00_to_v1.10_us.exe" -d "C:\Users\Mathew\Downloads\RAINBOW SIX\Raven Shield Complete\Rainbow Six - Raven Shield - Athena Sword"
Task: {592D3C7E-7AA5-401E-8164-EA6600C9AD7D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-20] (Adobe Systems Incorporated)
Task: {6BFA1515-C906-4422-88C2-19CC09E88219} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {807F4D55-974D-4667-8FFF-A6485F846FDF} - System32\Tasks\{A71E74B9-400F-4BE5-A127-4B5185F0FEF0} => D:\Pcx2\pcsx2-r5875.exe
Task: {82E4CF9C-6A95-4954-8826-9EA52EEBA155} - System32\Tasks\{11F4B189-75CF-4F2B-BDBD-216595340620} => C:\Windows\system32\pcalua.exe -a "D:\Program Files\Mount&Blade Warband\Modules\TLD\.exe" -d "D:\Program Files\Mount&Blade Warband\Modules\TLD"
Task: {983E5AE6-EEC6-4512-B67D-83B7D0F10CF8} - System32\Tasks\{57A9B9E8-C773-4996-ABEE-5B977EBA7B16} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Microsoft Games\Midtown Madness 2\mm1xppat.EXE" -d "C:\Program Files\Microsoft Games\Midtown Madness 2"
Task: {9B05C977-B011-4FA5-B9C9-13DEE669E250} - System32\Tasks\{E5957E5B-AC2B-437B-913F-460F192E5217} => C:\Program Files\Bohemia Interactive\ArmA\arma.exe
Task: {A11990F2-7550-44A3-BE36-94FC642FE894} - System32\Tasks\{8039A73C-C336-435D-ACB6-AB5FA97818FE} => C:\Windows\system32\pcalua.exe -a "D:\Program Files\Red Storm Entertainment\RavenShield\IronWrathSetup_US.exe" -d "D:\Program Files\Red Storm Entertainment\RavenShield"
Task: {A492C135-2A02-4F09-8EFB-AA0CBE98A3D3} - System32\Tasks\DriverToolkit Autorun => C:\Program Files\DriverToolkit\DriverToolkit.exe
Task: {A54C47BF-5C6E-447A-9B9C-A823C7428DD2} - System32\Tasks\{CFB91BDE-3F0A-4327-9F92-8F1BBBBF71E3} => D:\Pcx2\pcsx2-r5875.exe
Task: {A598B1E6-1776-42ED-88BE-C203D7E47032} - System32\Tasks\{D7A9FAF8-E8C1-4E15-8C78-2CC37A894333} => C:\Windows\system32\pcalua.exe -a F:\SETUP.EXE -d F:\
Task: {AC2271E5-FF2D-4B43-A418-AA3BEDA37F99} - System32\Tasks\{7295C6F3-157E-4264-B0A2-C3FE9D7D9327} => C:\Windows\system32\pcalua.exe -a F:\Setup.exe -d F:\
Task: {ACA9AC95-D2BD-4AC4-832D-0466CB7DE555} - System32\Tasks\{977D0F07-3C67-4770-98B5-D27CA70317BE} => C:\Windows\system32\pcalua.exe -a "F:\See You\zemljevidi\see you\italy_cit.exe" -d "F:\See You\zemljevidi\see you"
Task: {AE63424B-4E30-4050-99C5-78FEA931C38A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {B611825A-6748-4DCE-ACFA-8251CABD7830} - System32\Tasks\{DF220F30-33A2-4EE2-BEC8-701A7D6C4CB6} => C:\Users\Mathew\AppData\Local\VelvetSundown\VelvetSundown.exe
Task: {C99F2DCB-FD40-416D-98C0-1D93F3D74C5D} - System32\Tasks\{AEAB169B-AD88-440E-B016-747A08D43020} => C:\Windows\system32\pcalua.exe -a "E:\see you\alps_cit.exe" -d "E:\see you"
Task: {D8BBD54C-11B4-4757-84CB-E786CD1C0BF4} - System32\Tasks\{80086FA0-C125-4351-8297-5A1E05BCB3A0} => C:\Windows\system32\pcalua.exe -a "F:\See You\zemljevidi\see you\alps_e_cmr.exe" -d "F:\See You\zemljevidi\see you"
Task: {DB8CC00E-FFF5-4202-AD2C-2E9A10F98583} - System32\Tasks\{92A7044C-88C6-496C-8A6E-A7C9AAB9DE0B} => C:\Windows\system32\pcalua.exe -a "D:\Program Files\Red Storm Entertainment\RavenShield\system\Setup.exe" -d "D:\Program Files\Red Storm Entertainment\RavenShield\system"
Task: {EF89DD9B-D528-4659-B043-D6C494D503A6} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {F9E4DF57-CA79-4F17-BA40-127296F642C2} - System32\Tasks\{F78B9C97-3D06-442A-AF31-B4FC10D07AB0} => C:\Users\Mathew\AppData\Local\VelvetSundown\VelvetSundown.exe
Task: {FC3E0844-0D4C-474A-BAAD-BA59984AC6F4} - System32\Tasks\{902C7244-6053-4828-8207-DC7D2F14DAD1} => D:\Pcx2\pcsx2-r5875.exe
Task: {FF6BE837-4060-4578-B2C1-91E23E2DAB07} - System32\Tasks\{9CB8ACF6-B226-4629-96E3-D223F37194AB} => C:\Windows\system32\pcalua.exe -a "D:\see you\alps_cit.exe" -d "D:\see you"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files\DriverToolkit\DriverToolkit.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Mathew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\Mathew\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat ()

==================== Loaded Modules (Whitelisted) ==============

2014-04-25 18:53 - 2015-02-04 03:05 - 000106640 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2017-11-18 02:21 - 2017-11-18 02:21 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-11-18 02:21 - 2017-11-18 02:21 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-11-18 02:21 - 2017-11-18 02:21 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-11-18 02:21 - 2017-11-18 02:21 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-11-18 02:21 - 2017-11-18 02:21 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2017-11-20 21:19 - 2017-11-20 21:19 - 005881408 _____ () C:\Program Files\AVAST Software\Avast\defs\17112014\algo.dll
2017-11-18 02:21 - 2017-11-18 02:21 - 000710056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-11-18 02:21 - 2017-11-18 02:21 - 000245608 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-11-21 12:16 - 2017-11-21 12:16 - 005881408 _____ () C:\Program Files\AVAST Software\Avast\defs\17112100\algo.dll
2015-11-14 10:12 - 2015-11-14 10:12 - 000076152 _____ () C:\Windows\system32\PnkBstrA.exe
2013-07-11 22:04 - 2013-07-11 22:04 - 001630720 _____ () C:\Program Files\SimracewayUpdater\SRWUpdate.exe
2013-07-11 22:03 - 2013-07-11 22:03 - 000252832 _____ () C:\Program Files\SimracewayUpdater\PATCHW32.dll
2017-11-19 02:44 - 2017-11-01 08:55 - 001930696 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-11-18 02:21 - 2017-11-18 02:21 - 000142792 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2015-06-14 15:04 - 2016-06-15 02:14 - 000020536 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
2017-08-15 12:44 - 2017-08-15 12:44 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-11-18 02:21 - 2017-11-18 02:21 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\.rdata:X [526]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [244]
AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A [132]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\60543831.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\60543831.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1990737404-2085512467-1734709770-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mathew\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRW Download Manager.lnk => C:\Windows\pss\SRW Download Manager.lnk.CommonStartup
MSCONFIG\startupreg: DownloadAccelerator => "C:\Program Files\DAP\DAP.EXE" /STARTUP

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4DD5E91C-5DF6-42E8-BE82-4CCD56A2A26A}] => (Allow) C:\Users\Mathew\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{262F9DEA-19D9-452C-87CD-791016A91855}] => (Allow) C:\Users\Mathew\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{31C54D4B-5672-4DCB-8C45-9A87FE82F527}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{4C071302-58D6-4E45-9576-550E8D61C6AF}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C4CBA154-ABF1-4CAB-976F-40CD3576C9A2}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{392E21F7-6031-460D-8CC4-D84F2D1F0C03}C:\program files\dap\dap.exe] => (Allow) C:\program files\dap\dap.exe
FirewallRules: [UDP Query User{CA1A5252-919E-42B7-BD7A-89514CD9972B}C:\program files\dap\dap.exe] => (Allow) C:\program files\dap\dap.exe
FirewallRules: [TCP Query User{3667509C-B9D9-453C-BC99-1DAD751AD833}D:\program files\red storm entertainment\ravenshield\ravenshield.exe] => (Block) D:\program files\red storm entertainment\ravenshield\ravenshield.exe
FirewallRules: [UDP Query User{D89534E5-9B63-434C-BE5F-B6AC3867CAD3}D:\program files\red storm entertainment\ravenshield\ravenshield.exe] => (Block) D:\program files\red storm entertainment\ravenshield\ravenshield.exe
FirewallRules: [{2518DBC8-F8C5-4A79-8525-7A34DA4D5822}] => (Allow) D:\IgniteGT\Simraceway\SimracewayGame.exe
FirewallRules: [{F2F062B1-C20B-4BFD-B22C-7224D4EC260D}] => (Allow) D:\IgniteGT\Simraceway\SimracewayGame.exe
FirewallRules: [{A6F73AB1-55B8-411F-B294-645A959B02F9}] => (Allow) D:\IgniteGT\Simraceway\SimracewayGame.exe
FirewallRules: [{F8B5D939-309B-4082-BF45-6644DA1C0FFC}] => (Allow) D:\IgniteGT\Simraceway\SimracewayGame.exe
FirewallRules: [{9A8471CC-973F-4157-8917-6F986156C161}] => (Allow) D:\IgniteGT\Simraceway\SRWAgent.exe
FirewallRules: [{92A99E4A-89A7-4BAD-BBEA-D6BF47F381DA}] => (Allow) D:\IgniteGT\Simraceway\SRWAgent.exe
FirewallRules: [{AE367BBC-29CB-4254-8263-75114D8A12EE}] => (Allow) D:\IgniteGT\Simraceway\SRWAgent.exe
FirewallRules: [{B7898FA4-38E7-4D24-A33F-540D3062C2A9}] => (Allow) D:\IgniteGT\Simraceway\SRWAgent.exe
FirewallRules: [TCP Query User{9A68EAC7-542A-4E16-BD73-F99F0428CD32}D:\program files\operation flashpoint\flashpointresistance.exe] => (Allow) D:\program files\operation flashpoint\flashpointresistance.exe
FirewallRules: [UDP Query User{D885F59C-B000-4F14-8D09-7604C12B9EB5}D:\program files\operation flashpoint\flashpointresistance.exe] => (Allow) D:\program files\operation flashpoint\flashpointresistance.exe
FirewallRules: [{8BE31250-6D9A-4F18-83D7-D8473A9C28F7}] => (Block) D:\program files\operation flashpoint\flashpointresistance.exe
FirewallRules: [{A0D5A1D9-905C-4AB3-B708-A85A31BAF929}] => (Block) D:\program files\operation flashpoint\flashpointresistance.exe
FirewallRules: [TCP Query User{88FEB055-B353-409B-8DEF-6D3E699B9E15}D:\program files\rfactor\rfactor.exe] => (Allow) D:\program files\rfactor\rfactor.exe
FirewallRules: [UDP Query User{43C14CF6-9698-44B8-A42F-05C8EB764E5A}D:\program files\rfactor\rfactor.exe] => (Allow) D:\program files\rfactor\rfactor.exe
FirewallRules: [{379C16A1-81CD-4E85-AC96-A665ABF66443}] => (Block) D:\program files\rfactor\rfactor.exe
FirewallRules: [{04B88080-6829-48FC-A402-7A8CEC5A89B9}] => (Block) D:\program files\rfactor\rfactor.exe
FirewallRules: [{6265EEA4-33C9-4286-A905-ACFDEC0A6580}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{478FE079-0D9B-49FF-96D3-BFD0B85CA82E}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{A269DBC6-9061-4184-B4F8-F66AD27FB143}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{B8E78A08-50CF-49A7-8F43-3307DDA3098D}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{41A65162-1C5B-46C0-A77A-7101DC94C07F}] => (Allow) C:\Program Files\Project Reality\Project Reality BF2\prbf2.exe
FirewallRules: [{38F40F2D-F141-45F6-8F8A-2295A93C0CE2}] => (Allow) C:\Program Files\Project Reality\Project Reality BF2\mods\pr\bin\PRLauncher.exe
FirewallRules: [{D272909C-5CDE-4AF1-AAA8-53FC9F414AF0}] => (Allow) C:\Program Files\Project Reality\Project Reality BF2\mods\pr\bin\PRUpdater.exe
FirewallRules: [{E6152171-877C-4111-B5E6-619201217474}] => (Allow) C:\Program Files\Project Reality\Project Reality BF2\mods\pr\bin\PRMumble\PRMumble.exe
FirewallRules: [TCP Query User{08B05F11-DC8C-43B8-BB12-AE52BEF2DF79}D:\program files\red storm entertainment\ravenshield\system\ravenshield.exe] => (Allow) D:\program files\red storm entertainment\ravenshield\system\ravenshield.exe
FirewallRules: [UDP Query User{FA6D00AC-9818-4608-B7D0-F0793C8EB7DC}D:\program files\red storm entertainment\ravenshield\system\ravenshield.exe] => (Allow) D:\program files\red storm entertainment\ravenshield\system\ravenshield.exe
FirewallRules: [TCP Query User{990FADB7-02DE-49BD-AFB3-F2B150EF7F35}C:\program files\ubisoft\splinter cell chaos theory\system\splintercell3.exe] => (Allow) C:\program files\ubisoft\splinter cell chaos theory\system\splintercell3.exe
FirewallRules: [UDP Query User{B618ED6D-84AA-46CE-9E4B-699634B72364}C:\program files\ubisoft\splinter cell chaos theory\system\splintercell3.exe] => (Allow) C:\program files\ubisoft\splinter cell chaos theory\system\splintercell3.exe
FirewallRules: [{276AB34D-6B60-45F3-9CCE-103BCBA18DDC}] => (Block) C:\program files\ubisoft\splinter cell chaos theory\system\splintercell3.exe
FirewallRules: [{8EF818FE-B96F-499B-838E-2727AC7D20A0}] => (Block) C:\program files\ubisoft\splinter cell chaos theory\system\splintercell3.exe
FirewallRules: [{32B7B097-ECB1-40A7-96E4-B3D9B7A735D1}] => (Allow) C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4X.exe
FirewallRules: [{996B20A4-1CD6-4716-BB05-45EAB2DEFC59}] => (Allow) C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4X.exe
FirewallRules: [{01F8C205-D591-4624-8920-E8EEDAF98028}] => (Allow) C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4XDedicatedServer.exe
FirewallRules: [{6C59BFD7-8345-4546-BDBD-3E97DFDF79F9}] => (Allow) C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4XDedicatedServer.exe
FirewallRules: [{142835AE-4657-4BC2-9904-D8DAB2FC1024}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{29340537-89EC-414F-9F42-3C2EE7347A53}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A36C2FBF-5D95-41A0-AF91-48D0D6F832F8}D:\igg-rimworld.alpha.14\rimworldwin.exe] => (Block) D:\igg-rimworld.alpha.14\rimworldwin.exe
FirewallRules: [UDP Query User{A45554D6-32B3-4B2C-9871-94A1AAF98875}D:\igg-rimworld.alpha.14\rimworldwin.exe] => (Block) D:\igg-rimworld.alpha.14\rimworldwin.exe
FirewallRules: [TCP Query User{758070AA-1711-4A93-BA77-B3503A4543C3}D:\program files\encore\terror strike\system\ts.exe] => (Block) D:\program files\encore\terror strike\system\ts.exe
FirewallRules: [UDP Query User{39C4A6FA-3BFF-4243-A69F-1DD0CB65BCCD}D:\program files\encore\terror strike\system\ts.exe] => (Block) D:\program files\encore\terror strike\system\ts.exe
FirewallRules: [{7FE63155-73AF-4D77-AE47-D7EFB9DD5583}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{5AAE7CC4-3D3F-4705-AED1-22D1DEA6D39D}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{20116EF8-35DA-4FD9-BE81-D0E0AA8B5E04}] => (Allow) C:\Program Files\Steam\steamapps\common\ARMA Gold\arma.exe
FirewallRules: [{0F38A0F5-EFFD-4855-8628-30EDABA32DBE}] => (Allow) C:\Program Files\Steam\steamapps\common\ARMA Gold\arma.exe
FirewallRules: [{B1F3594D-5ADC-45EF-BE40-F694CCD0BA9A}] => (Allow) C:\Program Files\Steam\steamapps\common\ARMA Cold War Assault\ColdWarAssault.exe
FirewallRules: [{E53E862A-6333-4725-A808-BEE19375272C}] => (Allow) C:\Program Files\Steam\steamapps\common\ARMA Cold War Assault\ColdWarAssault.exe
FirewallRules: [{3F2634F8-737C-488C-9E72-93BA83D93EC0}] => (Allow) C:\Program Files\Steam\steamapps\common\ARMA Cold War Assault\ColdWarAssaultPreferences.exe
FirewallRules: [{93B3620E-0CAE-4E62-B692-7DA04B9B2331}] => (Allow) C:\Program Files\Steam\steamapps\common\ARMA Cold War Assault\ColdWarAssaultPreferences.exe
FirewallRules: [TCP Query User{30E66A4A-8BD5-4B0D-B986-8D41F24EFB70}C:\users\mathew\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\mathew\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [UDP Query User{A98CC43C-26E7-452C-B058-94D22D2E476A}C:\users\mathew\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\mathew\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [{88E63957-D523-4878-9A2D-E1C82A53F96B}] => (Block) C:\users\mathew\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [{A4DEF5F5-43CD-44A4-9AE5-23213CD159BD}] => (Block) C:\users\mathew\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [{7E6D70BD-5ABA-4F1F-8691-E5B0EFCABC9D}] => (Allow) C:\Program Files\Steam\steamapps\common\Ghost Master\ghost.exe
FirewallRules: [{B5CE0A47-2C1A-42B1-BD12-AD5762F58139}] => (Allow) C:\Program Files\Steam\steamapps\common\Ghost Master\ghost.exe
FirewallRules: [{7ECAA8F3-BA09-4397-AEE4-EAFD9EAC2145}] => (Allow) C:\Program Files\Steam\steamapps\common\WOG\disasm.exe
FirewallRules: [{5CE93207-7470-4808-8AA5-3DCBF2D1F8EA}] => (Allow) C:\Program Files\Steam\steamapps\common\WOG\disasm.exe
FirewallRules: [{5871D4C7-11D5-4C1B-BF96-41A9432CFB6D}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{142B7AFF-B90A-40DB-920B-F7FDCF2DC3B3}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A2598BEF-B0DF-4758-8BB2-AD76485D9037}] => (Allow) C:\Program Files\Steam\steamapps\common\Enclave\Enclave.exe
FirewallRules: [{293026D5-41BA-462D-9962-9BEB38AEE06E}] => (Allow) C:\Program Files\Steam\steamapps\common\Enclave\Enclave.exe
FirewallRules: [{EFBF68DF-53E9-40E2-96B8-40094A4DD358}] => (Allow) C:\Program Files\Steam\steamapps\common\Oddworld Abes Oddysee\AbeWin.exe
FirewallRules: [{661CF132-31C9-4DD0-8C41-20DAD4803653}] => (Allow) C:\Program Files\Steam\steamapps\common\Oddworld Abes Oddysee\AbeWin.exe
FirewallRules: [{6034DCC7-F960-46D5-8CCB-5A07CAB0940F}] => (Allow) D:\Program Files\SteamLibrary\steamapps\common\Rainbow Six Lockdown\lockdown.exe
FirewallRules: [{75FBD5BB-83FB-4A58-BE91-F0727CE6806A}] => (Allow) D:\Program Files\SteamLibrary\steamapps\common\Rainbow Six Lockdown\lockdown.exe
FirewallRules: [{ACED9187-0ADF-449E-804B-2452C6782B4F}] => (Allow) D:\Program Files\SteamLibrary\steamapps\common\Another World\anowor.exe
FirewallRules: [{315AFAE8-8A9C-4A11-94C5-2F4AA13014A7}] => (Allow) D:\Program Files\SteamLibrary\steamapps\common\Another World\anowor.exe
FirewallRules: [{F97DA682-43C1-4769-ADB2-E5731E146D63}] => (Allow) D:\Program Files\SteamLibrary\steamapps\common\Grand Theft Auto 3\gta3.exe
FirewallRules: [{E152EF10-4A70-45A8-85B1-9123AC9B97E7}] => (Allow) D:\Program Files\SteamLibrary\steamapps\common\Grand Theft Auto 3\gta3.exe
FirewallRules: [{DCDE74F4-F04E-4CB4-8A04-8A2E47E3C90B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{1DD5BF34-14FC-4A31-A460-6A25152A324B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{641DC58E-45D7-4CA8-90EE-0B979EAA7AB8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{841A1A3B-1C59-4CC9-8FA1-2EF8C7235895}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FC7DDEE9-850A-4C38-88B0-BEC35A8DCE2B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BE42EA93-37BF-4EE9-8B37-7053D86AB6F8}] => (Allow) C:\Program Files\Steam\steamapps\common\Theatre of War\tow.exe
FirewallRules: [{489A23C8-34AF-4CC5-AAA3-310EBE95F5AF}] => (Allow) C:\Program Files\Steam\steamapps\common\Theatre of War\tow.exe
FirewallRules: [{4F411B8A-6168-4597-8664-8223FE164335}] => (Allow) C:\Program Files\Steam\steamapps\common\Theatre of War\MissionEditor\MissionGen.exe
FirewallRules: [{77D57FEF-98D8-410D-BF1B-BD55DEFF6396}] => (Allow) C:\Program Files\Steam\steamapps\common\Theatre of War\MissionEditor\MissionGen.exe
FirewallRules: [{51109AB5-E7B3-41A5-8FAC-468584CC140B}] => (Allow) C:\Program Files\Steam\steamapps\common\Theatre of War\MissionEditor\Editor.exe
FirewallRules: [{87CE4F46-BEA2-4EED-9C66-2EB863C9ADF4}] => (Allow) C:\Program Files\Steam\steamapps\common\Theatre of War\MissionEditor\Editor.exe
FirewallRules: [{26014F3B-FC79-443E-993C-A0AE3A10E1E3}] => (Allow) C:\Program Files\Steam\steamapps\common\Theatre of War\Builder.exe
FirewallRules: [{D23492F7-5099-4B0F-9353-C7E8D9239C58}] => (Allow) C:\Program Files\Steam\steamapps\common\Theatre of War\Builder.exe
FirewallRules: [{2ADB96CE-FCA7-41F0-AAA9-A648F9009D71}] => (Allow) C:\Program Files\Steam\steamapps\common\Theatre of War\towsetup.exe
FirewallRules: [{3A19E02E-7A98-4B07-A8BD-010DCD06B5F2}] => (Allow) C:\Program Files\Steam\steamapps\common\Theatre of War\towsetup.exe
FirewallRules: [{C1F6D369-02D5-410E-BA1D-2592787EE3B1}] => (Allow) C:\Program Files\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe
FirewallRules: [{D36A6836-05F8-4B27-BC5A-27E05A4DC31F}] => (Allow) C:\Program Files\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe
FirewallRules: [{F920886C-2B4F-495A-BA09-901F005D6EB7}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Name: EterlogicVirtualSerialDriver
Description: EterlogicVirtualSerialDriver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: EterlogicVirtualSerialDriver
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/21/2017 03:53:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000014c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0146F9B8.64).  hr = 0x80070005, Access is denied.
.

Error: (11/21/2017 03:53:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000050c,(null),0,REG_BINARY,0353F0C8.64).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e72413f5-22f3-41e8-8331-c3036670b73c}

Error: (11/21/2017 03:53:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000050c,(null),0,REG_BINARY,0353F0B4.64).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e72413f5-22f3-41e8-8331-c3036670b73c}

Error: (11/21/2017 03:53:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000007e4,(null),0,REG_BINARY,010DEDF8.64).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {b60c6403-e015-49a5-9d9f-23a5f5b5d955}

Error: (11/21/2017 03:53:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000007e4,(null),0,REG_BINARY,010DEDE4.64).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {b60c6403-e015-49a5-9d9f-23a5f5b5d955}

Error: (11/21/2017 03:53:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000db4,(null),0,REG_BINARY,0715ECB0.64).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {496171cf-6d47-43a0-8372-cfbbde522674}

Error: (11/21/2017 03:53:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001ac,(null),0,REG_BINARY,019BF118.64).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {bfd2c29d-10d0-4af2-b1dc-6b1cc14594fe}

Error: (11/21/2017 03:53:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001e8,(null),0,REG_BINARY,0106F208.64).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {127b9787-3ab8-4fd8-8158-afab059b07bf}

Error: (11/21/2017 03:53:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000db4,(null),0,REG_BINARY,0715EC9C.64).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {496171cf-6d47-43a0-8372-cfbbde522674}

Error: (11/21/2017 03:53:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001b8,(null),0,REG_BINARY,014FF898.64).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {51a2e8a4-ca15-4cff-aa61-a317877dbcb7}


System errors:
=============
Error: (11/21/2017 01:42:18 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{D2D5868A-4340-4853-8DD5-C36310836696}.
The backup browser is stopping.

Error: (11/21/2017 01:40:57 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error:
Access is denied.

Error: (11/21/2017 01:39:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (11/21/2017 01:39:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (11/21/2017 01:39:45 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Error: (11/21/2017 01:39:29 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error:
Access is denied.

Error: (11/21/2017 01:38:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (11/21/2017 01:38:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (11/21/2017 01:38:35 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Error: (11/21/2017 12:41:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535


CodeIntegrity:
===================================
  Date: 2017-08-14 17:29:37.846
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-08-14 17:29:37.783
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-08-13 22:34:06.892
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-08-13 22:30:47.969
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-08-13 22:30:47.922
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-08-13 20:40:49.265
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-08-13 20:40:49.202
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-08-10 12:34:46.402
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-08-10 12:31:53.226
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-08-10 12:31:53.180
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 53%
Total physical RAM: 3071.11 MB
Available physical RAM: 1433.56 MB
Total Virtual: 7677.44 MB
Available Virtual: 5810.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.04 GB) (Free:20.55 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:139.28 GB) (Free:9.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 97646C29)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=1C)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=139.3 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc  /scannow



Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo.com/download_speccy/ (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.


 

 


  • 0

#3
MattMMM

MattMMM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

At the...

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)

 

...part I just get an empty junk.txt file. No text.

I also got a "junk.txt file does not exist, would you like to create one?" the first time I ran those lines. I clicked yes.


  • 0

#4
MattMMM

MattMMM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

At the...

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

 

...

...part I get the "VEW has not been coded for your language" message as I hit RUN.


  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

SFC when it runs correctly should create entries in the cbs.log located at C:\windows\logs\cbs\cbs.log

 

This is a hidden system file so you need to tell Windows to let you see it:

 

Control Panel, (View By:  Large Icons)  Folder Options, View.

Uncheck Hide Extensions for Known File Types
Uncheck Hide Protected System Files
Check Show Hidden Files,Folders and Drives.
OK

 

The file is always in use so you first have to make a copy which it will usually let you do then look at the copy with notepad.

 

SFC entries in the log will have [SR] in each line which is what the findstr is looking for.  If it doesn't find them then it won't create \junk.txt.

 

The cbs.log file is too big for the forum.  You can upload it to one of the free file servers and give me the link.

 

It's possible the SFC did not run.  Was there an error message?  (If not in an elevated Command Prompt it won't run.  An elevated Command Prompt will have :  c:\Windows\System32> as the prompt.)

 

Since VEW doesn't like you language:

 

Try:  FullEventLogView v1.22

 

http://www.nirsoft.n...t_log_view.html

 

There are download links near the bottom of the page for 32 and 64 bit systems.

 

Once you download it right click and Extract All.  Double click on the FullEventLogView.exe file.  Once the program starts, click on Options, Advanced Options.  Uncheck Information, Verbose and Undefined.  OK.

Now press the Stop button.  Edit, Select all then File, Save Selected Items.  Give it a name and note where it saves the log.  You should be able to open it in notepad and copy and paste the text into a reply.  I don't think it really cares what language the logs are in.  The language options are mostly for the menus.


  • 0

#6
MattMMM

MattMMM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

sfc scan ran 100% (with the c:\Windows\System32> prompt) after scan message reads "Windows Resource Protection did not find any integrity violations"

 

Cbs.log file link http://www.mediafire...05oqlx8/CBS.log

 

FullEventLog: https://www.mediafir...lleventlogs.txt


  • 0

#7
MattMMM

MattMMM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

At the Get Process Explorer part:

 

I download the link procexp.exe, save on desktop, run as admin., but get the following error message "C:\Users\Mathew\Desktop\procexp.exe is not a valid Win32 application"


  • 0

#8
MattMMM

MattMMM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Nevermind the last post...just a bad download.


  • 0

#9
MattMMM

MattMMM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

CPU usage:

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    60.57    0 K    28 K    0            
procexp.exe    18.38    22.024 K    40.060 K    4872    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
firefox.exe    9.62    455.304 K    497.896 K    1284    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
Interrupts    3.68    0 K    0 K    n/a    Hardware Interrupts and DPCs        
dwm.exe    2.14    27.456 K    21.344 K    2052    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
System    1.84    52 K    944 K    4            
taskmgr.exe    0.64    2.336 K    8.576 K    3940    Windows Task Manager    Microsoft Corporation    (Verified) Microsoft Windows
MBAMService.exe    0.64    180.080 K    206.820 K    3232    Malwarebytes Service    Malwarebytes    (Verified) Malwarebytes Corporation
csrss.exe    0.46    1.528 K    3.680 K    568    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
csrss.exe    0.44    1.900 K    6.856 K    632    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
AvastUI.exe    0.33    17.176 K    26.252 K    2536    Avast Antivirus    AVAST Software    (Verified) AVAST Software s.r.o.
LWEMon.exe    0.21    3.460 K    7.636 K    3540    Logitech WingMan Event Monitor    Logitech Inc.    (Verified) Logitech
explorer.exe    0.19    42.092 K    55.332 K    2416    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
AvastSvc.exe    0.15    151.188 K    41.024 K    1732    Avast Service    AVAST Software    (Verified) AVAST Software s.r.o.
FoxitConnectedPDFService.exe    0.15    3.972 K    10.036 K    1744    Foxit Reader ConnectedPDF Windows Service.    Foxit Software Inc.    (Verified) Foxit Software Incorporated
SearchFilterHost.exe    0.11    1.636 K    4.584 K    4624    Microsoft Windows Search Filter Host    Microsoft Corporation    (Verified) Microsoft Windows
aswidsagent.exe    0.07    12.936 K    21.516 K    2080    Avast Behavior Shield    AVAST Software    (Verified) AVAST Software s.r.o.
lsass.exe    0.06    3.592 K    8.772 K    704    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
lsm.exe    0.04    1.436 K    3.080 K    712    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
wmpnetwk.exe    0.04    8.508 K    8.056 K    2232    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
SearchProtocolHost.exe    0.04    2.164 K    6.452 K    3036    Microsoft Windows Search Protocol Host    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.03    2.800 K    5.696 K    1000    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe    0.02    43.136 K    35.852 K    2676    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.02    11.808 K    11.300 K    1528    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
PnkBstrA.exe    0.02    868 K    3.256 K    2568            (Verified) Even Balance
taskhost.exe    0.02    10.640 K    10.892 K    1696    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
mbamtray.exe    0.02    15.684 K    21.860 K    5256    Malwarebytes Tray Application    Malwarebytes    (Verified) Malwarebytes Corporation
svchost.exe    0.01    20.324 K    30.248 K    1228    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.01    6.916 K    13.976 K    1188    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
SynTPEnh.exe    0.01    7.392 K    752 K    2480    Synaptics TouchPad Enhancements    Synaptics Incorporated    (Verified) Synaptics Incorporated
svchost.exe    0.01    75.100 K    78.808 K    1156    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
ETDCtrl.exe    0.01    3.508 K    7.784 K    1804    ETD Control Center    ELAN Microelectronics Corp.    (Verified) ELAN Microelectronics Corporation
FullEventLogView.exe    0.01    11.196 K    23.956 K    2960    FullEventLogView    NirSoft    (Verified) Nir Sofer
HControl.exe    < 0.01    6.120 K    5.996 K    2180    HControl    ASUS    (Verified) ASUSTeK Computer Inc.
nvvsvc.exe    < 0.01    3.536 K    8.060 K    1448    NVIDIA Driver Helper Service, Version 341.44    NVIDIA Corporation    (Verified) NVIDIA Corporation
conhost.exe    < 0.01    1.240 K    4.844 K    536    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
WUDFHost.exe        1.188 K    3.768 K    2608    Windows Driver Foundation - User-mode Driver Framework Host Process    Microsoft Corporation    (Verified) Microsoft Windows
WUDFHost.exe        1.420 K    4.760 K    3944    Windows Driver Foundation - User-mode Driver Framework Host Process    Microsoft Corporation    (Verified) Microsoft Windows
wuauclt.exe        2.264 K    6.044 K    6020    Windows Update    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        2.172 K    5.144 K    2236    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
winlogon.exe        1.772 K    5.008 K    768    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        956 K    3.368 K    620    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows
WDC.exe        1.092 K    4.128 K    2576    WDC    ASUS    (Verified) ASUSTeK Computer Inc.
taskeng.exe        1.352 K    4.748 K    2336    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
SynTPHelper.exe        608 K    532 K    740    Synaptics Pointing Device Helper    Synaptics Incorporated    (Verified) Synaptics Incorporated
svchost.exe        4.964 K    9.468 K    1824    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        1.788 K    5.280 K    5104    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        18.056 K    18.156 K    1112    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2.940 K    7.060 K    880    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        1.112 K    4.072 K    2916    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        12.028 K    12.320 K    664    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        1.988 K    5.500 K    1324    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        3.092 K    5.228 K    1556    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
SRWUpdate.exe        1.116 K    3.404 K    2596            (No signature was present in the subject)
spoolsv.exe        4.784 K    7.964 K    504    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        268 K    780 K    356    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows
services.exe        4.852 K    7.044 K    672    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows
RtHDVCpl.exe        7.528 K    8.888 K    3988    Realtek HD Audio Manager    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
nvxdsync.exe        4.932 K    12.800 K    1440    NVIDIA User Experience Driver Component    NVIDIA Corporation    (Verified) NVIDIA Corporation
nvvsvc.exe        1.664 K    5.424 K    960    NVIDIA Driver Helper Service, Version 341.44    NVIDIA Corporation    (Verified) NVIDIA Corporation
nvtray.exe        1.928 K    6.216 K    3796    NVIDIA Settings    NVIDIA Corporation    (Verified) NVIDIA Corporation
NvNetworkService.exe        3.152 K    4.724 K    2424    NVIDIA Network Service    NVIDIA Corporation    (Verified) NVIDIA Corporation
NvBackend.exe        1.488 K    4.852 K    1076    NVIDIA Backend    NVIDIA Corporation    (Verified) NVIDIA Corporation
jusched.exe        2.080 K    4.508 K    2752    Java Update Scheduler    Oracle Corporation    (Verified) Oracle America
HControlUser.exe        760 K    2.552 K    1924    HControlUser    ASUS    (Verified) ASUSTeK Computer Inc.
GoogleCrashHandler.exe        1.064 K    532 K    3164    Google Crash Handler    Google Inc.    (Verified) Google Inc
GFNEXSrv.exe        440 K    1.624 K    1680    GFNEXSrv    ASUS    (Verified) ASUSTeK Computer Inc.
DMedia.exe        1.152 K    4.284 K    1820    ATK Media    ASUS    (Verified) ASUSTeK Computer Inc.
cmd.exe        2.092 K    3.364 K    5696    Windows Command Processor    Microsoft Corporation    (Verified) Microsoft Windows
audiodg.exe        17.308 K    15.816 K    6052    Windows Audio Device Graph Isolation     Microsoft Corporation    (Verified) Microsoft Windows
ATKOSD2.exe        1.048 K    532 K    2440    ATKOSD2    ASUS    (Verified) ASUSTeK Computer Inc.
ATKOSD.exe        552 K    3.092 K    2432    ATKOSD    ASUS    (Verified) ASUSTeK Computer Inc.
AsLdrSrv.exe        796 K    2.684 K    1656    ASLDR Service    ASUS    (Verified) ASUSTeK Computer Inc.

 


  • 0

#10
MattMMM

MattMMM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

junk.txt

 

Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       356 N/A                                         
csrss.exe                      568 N/A                                         
wininit.exe                    620 N/A                                         
csrss.exe                      632 N/A                                         
services.exe                   672 N/A                                         
lsass.exe                      704 KeyIso, SamSs                               
lsm.exe                        712 N/A                                         
winlogon.exe                   768 N/A                                         
svchost.exe                    880 DcomLaunch, PlugPlay, Power                 
nvvsvc.exe                     960 nvsvc                                       
svchost.exe                   1000 RpcEptMapper, RpcSs                         
svchost.exe                   1112 Audiosrv, Dhcp, eventlog,                   
                                   HomeGroupProvider, lmhosts, wscsvc          
svchost.exe                   1156 AudioEndpointBuilder, CscService,           
                                   HomeGroupListener, Netman, PcaSvc, SysMain,
                                   TrkWks, UxSms, Wlansvc, WPDBusEnum, wudfsvc
svchost.exe                   1188 EventSystem, fdPHost, FontCache, netprofm,  
                                   nsi, WdiServiceHost                         
svchost.exe                   1228 AeLookupSvc, Appinfo, AppMgmt, BITS,        
                                   Browser, EapHost, iphlpsvc, LanmanServer,   
                                   MMCSS, ProfSvc, Schedule, SENS,             
                                   ShellHWDetection, Themes, Winmgmt, wuauserv
svchost.exe                   1324 gpsvc                                       
nvxdsync.exe                  1440 N/A                                         
nvvsvc.exe                    1448 N/A                                         
svchost.exe                   1528 CryptSvc, Dnscache, LanmanWorkstation,      
                                   NlaSvc                                      
AsLdrSrv.exe                  1656 ASLDRService                                
GFNEXSrv.exe                  1680 ATKGFNEXSrv                                 
AvastSvc.exe                  1732 avast! Antivirus                            
spoolsv.exe                    504 Spooler                                     
svchost.exe                    664 BFE, DPS, MpsSvc                            
svchost.exe                   1556 DiagTrack                                   
svchost.exe                   1824 FDResPub, SSDPSRV, upnphost                 
FoxitConnectedPDFService.     1744 FoxitReaderService                          
taskhost.exe                  1696 N/A                                         
dwm.exe                       2052 N/A                                         
HControl.exe                  2180 N/A                                         
taskeng.exe                   2336 N/A                                         
explorer.exe                  2416 N/A                                         
NvNetworkService.exe          2424 NvNetworkService                            
ATKOSD.exe                    2432 N/A                                         
ATKOSD2.exe                   2440 N/A                                         
SynTPEnh.exe                  2480 N/A                                         
PnkBstrA.exe                  2568 PnkBstrA                                    
WDC.exe                       2576 N/A                                         
SRWUpdate.exe                 2596 Simraceway Update Service                   
svchost.exe                   2916 StiSvc                                      
GoogleCrashHandler.exe        3164 N/A                                         
MBAMService.exe               3232 MBAMService                                 
nvtray.exe                    3796 N/A                                         
aswidsagent.exe               2080 aswbIDSAgent                                
WUDFHost.exe                  2608 N/A                                         
WUDFHost.exe                  3944 N/A                                         
SynTPHelper.exe                740 N/A                                         
NvBackend.exe                 1076 N/A                                         
AvastUI.exe                   2536 N/A                                         
LWEMon.exe                    3540 N/A                                         
ETDCtrl.exe                   1804 N/A                                         
SearchIndexer.exe             2676 WSearch                                     
RtHDVCpl.exe                  3988 N/A                                         
wmpnetwk.exe                  2232 WMPNetworkSvc                               
DMedia.exe                    1820 N/A                                         
HControlUser.exe              1924 N/A                                         
jusched.exe                   2752 N/A                                         
taskmgr.exe                   3940 N/A                                         
svchost.exe                   5104 p2pimsvc                                    
mbamtray.exe                  5256 N/A                                         
wuauclt.exe                   6020 N/A                                         
cmd.exe                       5696 N/A                                         
conhost.exe                    536 N/A                                         
FullEventLogView.exe          2960 N/A                                         
firefox.exe                   1284 N/A                                         
WmiPrvSE.exe                  2236 N/A                                         
SearchProtocolHost.exe        5120 N/A                                         
SearchFilterHost.exe          5700 N/A                                         
audiodg.exe                   2800 N/A                                         
cmd.exe                       3740 N/A                                         
conhost.exe                    844 N/A                                         
tasklist.exe                  3096 N/A                                         
WmiPrvSE.exe                  4424 N/A                                         
 


  • 0

Advertisements


#11
MattMMM

MattMMM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Attached File  MATHEW-PC.txt   386.03KB   15 downloads


  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

All I see in the event logs is Information stuff which should have been unchecked along with Verbose and Undefined.   If you do that then the log file is much much smaller and if you are really lucky there may be no events left to worry about.

 

Process Explorer is showing:

 

Interrupts    3.68    0 K    0 K    n/a    Hardware Interrupts and DPCs  

 

 

Interrupts  should be under 1.4 % and even tho small it makes a big difference as every interrupt requires the CPU to stop what it is doing, write the contents of its registers onto the stack, process the interrupt, then read its info back off the stack.

This is usually caused by a bad driver.

 

Let's try Latency Monitor:

Go to

http://www.resplendence.com/downloads

Scroll down to

System Monitoring Tools

and then find

LatencyMon 6.51

Click on Download free home edition

Save it then right click and Run As Admin.  It will install and then start the program.  
It will tell you to click on the Start button but there isn't one.  
Instead click on the green arrowhead (looks like a Play button).  Let it run for a bit then click on Drivers.  
File, Export View, Save it to your Desktop so you can find it easily.  The default name is drivers.txt.  
Open Drivers.txt and copy and paste the text into a Reply.


  • 0

#13
MattMMM

MattMMM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Driver file                Description                                                             ISR count  DPC count  Highest execution (ms)  Total execution (ms)  Image base  Image size  Company                                              Product                                                          Version                                                 Path                                                   
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
nvlddmkm.sys               NVIDIA Windows Kernel Mode Driver, Version 341.44                       0          27264      0,506714                772,695674            0xD0028000  10985472    NVIDIA Corporation                                   NVIDIA Windows Kernel Mode Driver, Version 341.44                9.18.13.4144                                            C:\Windows\system32\drivers\nvlddmkm.sys               
ndis.sys                   NDIS 6.20 driver                                                        3485       5721       0,470872                333,444091            0xBC03D000  749568      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\ndis.sys                   
ACPI.sys                   ACPI Driver for NT                                                      106        50         0,318776                5,206835              0xBB8BB000  294912      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\acpi.sys                   
ntkrnlpa.exe               NT Kernel & System                                                      0          40612      0,238814                162,272028            0xE320C000  4308992     Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.23915 (win7sp1_ldr.170913-0600)                C:\Windows\system32\ntkrnlpa.exe                       
netbt.sys                  MBT Transport driver                                                    0          80         0,216101                2,097172              0xCEA7C000  208896      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.23889 (win7sp1_ldr.170810-1615)                C:\Windows\system32\drivers\netbt.sys                  
tcpip.sys                  TCP/IP Driver                                                           0          1175       0,205009                23,633861             0xBC211000  1376256     Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\tcpip.sys                  
USBPORT.SYS                USB 1.1 & 2.0 Port Driver                                               15909      14078      0,201656                240,140757            0xD0B9E000  307200      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.23933 (win7sp1_ldr.171017-1700)                C:\Windows\system32\drivers\usbport.sys                
dxgkrnl.sys                DirectX Graphics Kernel                                                 13453      2102       0,178042                1188,624665           0xD0AA2000  753664      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.23809 (win7sp1_ldr.170516-0600)                C:\Windows\system32\drivers\dxgkrnl.sys                
NETIO.SYS                  Network I/O Subsystem                                                   0          1090       0,15650                 8,918646              0xBC0F4000  258048      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.23821 (win7sp1_ldr.170529-1924)                C:\Windows\system32\drivers\netio.sys                  
iaStorA.sys                Intel Rapid Storage Technology driver - x86                             0          44217      0,061837                199,998722            0xBBA2C000  2789376     Intel Corporation                                    Intel Rapid Storage Technology driver                            11.7.4.1001                                             C:\Windows\system32\drivers\iastora.sys                
rspLLL32.sys               Resplendence Latency Monitoring and Auxiliary Kernel Library            0          58985      0,053423                103,987659            0xCE86E000  40960       Resplendence Software Projects Sp.                   LatMon                                                           6.50 built by: WinDDK                                   C:\Windows\system32\drivers\rsplll32.sys               
CLASSPNP.SYS               SCSI Class System Dll                                                   0          1769       0,047999                23,330945             0xBC011000  151552      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\classpnp.sys               
storport.sys               Microsoft Storage Port Driver                                           0          45619      0,034822                239,336986            0xBBCD5000  294912      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.18386 (win7sp1_gdr.140203-1432)                C:\Windows\system32\drivers\storport.sys               
Wdf01000.sys               Kernel Mode Driver Framework Runtime                                    13453      186        0,032586                32,392011             0xBB82C000  528384      Microsoft Corporation                                Microsoft® Windows® Operating System                             1.11.9200.16384 (win8_rtm.120725-1247)                  C:\Windows\system32\drivers\wdf01000.sys               
HDAudBus.sys               High Definition Audio Bus Driver                                        745        745        0,020890                6,460094              0xD0000000  126976      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\hdaudbus.sys               
afd.sys                    Ancillary Function Driver for WinSock                                   0          514        0,017611                2,907329              0xCEA09000  368640      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\afd.sys                    
usbccgp.sys                USB Common Class Generic Parent Driver                                  0          47         0,015113                0,234842              0xD3CD6000  94208       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.23933 (win7sp1_ldr.171017-1700)                C:\Windows\system32\drivers\usbccgp.sys                
tunnel.sys                 Microsoft Tunnel Interface Driver                                       0          372        0,013650                0,864482              0xCEC7A000  135168      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\tunnel.sys                 
RTKVHDA.sys                Realtek® High Definition Audio Function Driver                        0          372        0,01320                 1,246657              0xD3A01000  2772992     Realtek Semiconductor Corp.                          Realtek® High Definition Audio Function Driver                 6.0.1.5951 built by: WinDDK                             C:\Windows\system32\drivers\rtkvhda.sys                
srvnet.sys                 Server Network driver                                                   0          10         0,010417                0,035392              0xE6ACD000  135168      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.23913 (win7sp1_ldr.170907-0600)                C:\Windows\system32\drivers\srvnet.sys                 
cng.sys                    Kernel Cryptography, Next Generation                                    0          16         0,010237                0,037767              0xBBF83000  385024      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.23600 (win7sp1_ldr.161119-0600)                C:\Windows\system32\drivers\cng.sys                    
Ntfs.sys                   NT File System Driver                                                   0          37         0,008722                0,054523              0xBBE15000  1245184     Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\ntfs.sys                   
srv.sys                    Server driver                                                           0          94         0,005297                0,159127              0xE6B4C000  335872      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\srv.sys                    
rdbss.sys                  Redirected Drive Buffering SubSystem Driver                             0          31         0,003871                0,065025              0xCEB18000  266240      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\rdbss.sys                  
HTTP.sys                   HTTP Protocol Stack                                                     0          54         0,009348                0,118690              0xD3D63000  544768      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\http.sys                   
aswSP.sys                  Avast self protection module                                            0          3          0,003571                0,009096              0xCE8E1000  385024      AVAST Software                                       Avast Antivirus                                                  17.8.3705.249                                           C:\Windows\system32\drivers\aswsp.sys                  
rdyboost.sys               ReadyBoost Driver                                                       0          1          0,002015                0,002015              0xBC198000  184320      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.17514 (win7sp1_rtm.101119-1850)                C:\Windows\system32\drivers\rdyboost.sys               
luafv.sys                  LUA File Virtualization Filter Driver                                   0          31         0,001861                0,032957              0xD6CF3000  110592      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\luafv.sys                  
halmacpi.dll               Hardware Abstraction Layer DLL                                          0          3          0,000555                0,001387              0xE3628000  225280      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.17514 (win7sp1_rtm.101119-1850)                C:\Windows\system32\halmacpi.dll                       
fltmgr.sys                 Microsoft Filesystem Filter Manager                                     0          3          0,000435                0,000863              0xBBD26000  212992      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\fltmgr.sys                 
vga.sys                    VGA/Super VGA Video Driver                                              0          0          0                       0                     0xBBDDC000  49152       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\vga.sys                    
watchdog.sys               Watchdog Driver                                                         0          0          0                       0                     0xBBDE8000  53248       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\watchdog.sys               
VIDEOPRT.SYS               Video Port Driver                                                       0          0          0                       0                     0xBBA00000  135168      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\videoprt.sys               
disk.sys                   PnP Disk Driver                                                         0          0          0                       0                     0xBC000000  69632       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\disk.sys                   
aswSnx.sys                 Avast Virtualization Driver                                             0          0          0                       0                     0xCE93F000  774144      AVAST Software                                       Avast Antivirus                                                  17.8.3698.0                                             C:\Windows\system32\drivers\aswsnx.sys                 
aswblogx.sys               Logging Driver                                                          0          0          0                       0                     0xBBD6B000  258048      AVAST Software s.r.o.                                Avast                                                            17.8.3.16331                                            C:\Windows\system32\drivers\aswblogx.sys               
aswbidshx.sys              Application Activity Monitor Helper Driver                              0          0          0                       0                     0xBBDAA000  151552      AVAST Software s.r.o.                                Avast                                                            17.8.3.16331                                            C:\Windows\system32\drivers\aswbidshx.sys              
cdrom.sys                  SCSI CD-ROM Driver                                                      0          0          0                       0                     0xCE8C2000  126976      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\cdrom.sys                  
ks.sys                     Kernel CSA Library                                                      0          0          0                       0                     0xBB7B2000  212992      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.17514 (win7sp1_rtm.101119-1850)                C:\Windows\system32\drivers\ks.sys                     
Beep.SYS                   BEEP Driver                                                             0          0          0                       0                     0xBC036000  28672       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\beep.sys                   
blbdrive.sys               BLB Drive Driver                                                        0          0          0                       0                     0xBB623000  57344       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\blbdrive.sys               
Null.SYS                   NULL Driver                                                             0          0          0                       0                     0xCE600000  28672       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\null.sys                   
aswbunivx.sys              Universal Driver                                                        0          0          0                       0                     0xBBE00000  45056       AVAST Software s.r.o.                                Avast                                                            17.8.3.16331                                            C:\Windows\system32\drivers\aswbunivx.sys              
RDPCDD.sys                 RDP Miniport                                                            0          0          0                       0                     0xBBFF8000  32768       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.17514 (win7sp1_rtm.101119-1850)                C:\Windows\system32\drivers\rdpcdd.sys                 
termdd.sys                 Remote Desktop Server Driver                                            0          0          0                       0                     0xCEB07000  69632       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.17514 (win7sp1_rtm.101119-1850)                C:\Windows\system32\drivers\termdd.sys                 
nsiproxy.sys               NSI Proxy                                                               0          0          0                       0                     0xCEB59000  40960       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.23889 (win7sp1_ldr.170810-1615)                C:\Windows\system32\drivers\nsiproxy.sys               
wanarp.sys                 MS Remote Access and Routing ARP Driver                                 0          0          0                       0                     0xCEAF4000  77824       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.17514 (win7sp1_rtm.101119-1850)                C:\Windows\system32\drivers\wanarp.sys                 
vwififlt.sys               Virtual WiFi Filter Driver                                              0          0          0                       0                     0xCEAD5000  69632       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\vwififlt.sys               
netbios.sys                NetBIOS interface driver                                                0          0          0                       0                     0xCEAE6000  57344       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\netbios.sys                
csc.sys                    Windows Client Side Caching Driver                                      0          0          0                       0                     0xCEB84000  409600      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.17514 (win7sp1_rtm.101119-1850)                C:\Windows\system32\drivers\csc.sys                    
dfsc.sys                   DFS Namespace Client Driver                                             0          0          0                       0                     0xCEBE8000  98304       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.23542 (win7sp1_ldr.160908-0600)                C:\Windows\system32\drivers\dfsc.sys                   
discache.sys               System Indexer/Cache Driver                                             0          0          0                       0                     0xCEB78000  49152       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\discache.sys               
mssmbios.sys               System Management BIOS Driver                                           0          0          0                       0                     0xCEB63000  40960       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\mssmbios.sys               
mbae.sys                                                                                           0          0          0                       0                     0xCEB6D000  45056                                                                                                                             6.1.7600.16385 (win7_rtm.090713-1255)                   c:\windows\system32\drivers\mbae.sys                   
Npfs.SYS                   NPFS Driver                                                             0          0          0                       0                     0xBB7F1000  57344       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\npfs.sys                   
tdx.sys                    TDI Translation Driver                                                  0          0          0                       0                     0xBB600000  94208       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.23880 (win7sp1_ldr.170729-0600)                C:\Windows\system32\drivers\tdx.sys                    
Msfs.SYS                   Mailslot driver                                                         0          0          0                       0                     0xBB7E6000  45056       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\msfs.sys                   
rdpencdd.sys               RDP Encoder Miniport                                                    0          0          0                       0                     0xBBDF5000  32768       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\rdpencdd.sys               
rdprefmp.sys               RDP Reflector Driver Miniport                                           0          0          0                       0                     0xBBA21000  32768       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\rdprefmp.sys               
wfplwf.sys                 WFP NDIS 6.20 Lightweight Filter Driver                                 0          0          0                       0                     0xCEAAF000  28672       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\wfplwf.sys                 
pacer.sys                  QoS Packet Scheduler                                                    0          0          0                       0                     0xCEAB6000  126976      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\pacer.sys                  
ATMFD.DLL                  Windows NT OpenType/Type 1 Font Driver                                  0          0          0                       0                     0xD9BB0000  323584      Adobe Systems Incorporated                           Adobe Type Manager                                               5.1 Build 252                                           C:\Windows\system32\atmfd.dll                          
TDI.SYS                    TDI Wrapper                                                             0          0          0                       0                     0xBB617000  49152       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.17514 (win7sp1_rtm.101119-1850)                C:\Windows\system32\drivers\tdi.sys                    
aswRdr2.sys                Avast WFP Redirect Driver                                               0          0          0                       0                     0xCEA63000  102400      AVAST Software                                       Avast Antivirus                                                  17.8.3698.0 built by: WinDDK                            C:\Windows\system32\drivers\aswrdr2.sys                
partmgr.sys                Partition Management Driver                                             0          0          0                       0                     0xBB949000  69632       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\partmgr.sys                
compbatt.sys               Composite Battery Driver                                                0          0          0                       0                     0xBB95A000  32768       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\compbatt.sys               
vdrvroot.sys               Virtual Drive Root Enumerator                                           0          0          0                       0                     0xBB93E000  45056       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\vdrvroot.sys               
msisadrv.sys               ISA Driver                                                              0          0          0                       0                     0xBB90C000  32768       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\msisadrv.sys               
pci.sys                    NT Plug and Play PCI Enumerator                                         0          0          0                       0                     0xBB914000  172032      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\pci.sys                    
mountmgr.sys               Mount Point Manager                                                     0          0          0                       0                     0xBB9C8000  90112       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.18933 (win7sp1_gdr.150715-0600)                C:\Windows\system32\drivers\mountmgr.sys               
atapi.sys                  ATAPI IDE Miniport Driver                                               0          0          0                       0                     0xBB9DE000  36864       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\atapi.sys                  
volmgrx.sys                Volume Manager Extension Driver                                         0          0          0                       0                     0xBB97D000  307200      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\volmgrx.sys                
BATTC.SYS                  Battery Class Driver                                                    0          0          0                       0                     0xBB962000  45056       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\battc.sys                  
volmgr.sys                 Volume Manager Driver                                                   0          0          0                       0                     0xBB96D000  65536       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.17514 (win7sp1_rtm.101119-1850)                C:\Windows\system32\drivers\volmgr.sys                 
PSHED.dll                  Platform Specific Hardware Error Driver                                 0          0          0                       0                     0xBB6F0000  69632       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\pshed.dll                          
BOOTVID.dll                VGA Boot Driver                                                         0          0          0                       0                     0xBB701000  32768       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\bootvid.dll                        
mcupdate_GenuineIntel.dll  Intel Microcode Update Library                                          0          0          0                       0                     0xBB63B000  741376      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.18848 (win7sp1_gdr.150509-0603)                C:\Windows\system32\mcupdate_genuineintel.dll          
apisetschema.dll           ApiSet Schema DLL                                                       0          0          0                       0                     0x77200000  327680      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.23915 (win7sp1_ldr.170913-0600)                C:\Windows\system32\apisetschema.dll                   
kdcom.dll                  Serial Kernel Debugger                                                  0          0          0                       0                     0xE0BA6000  32768       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\kdcom.dll                          
smss.exe                   Windows Session Manager                                                 0          0          0                       0                     0x47EE0000  77824       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\smss.exe                           
WMILIB.SYS                 WMILIB WMI support library Dll                                          0          0          0                       0                     0xBB903000  36864       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\wmilib.sys                 
WDFLDR.SYS                 Kernel Mode Driver Framework Loader                                     0          0          0                       0                     0xBB8AD000  57344       Microsoft Corporation                                Microsoft® Windows® Operating System                             1.11.9200.16384 (win8_rtm.120725-1247)                  C:\Windows\system32\drivers\wdfldr.sys                 
CLFS.SYS                   Common Log File System Driver                                           0          0          0                       0                     0xBB709000  270336      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\clfs.sys                           
CI.dll                     Code Integrity Module                                                   0          0          0                       0                     0xBB74B000  421888      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.23915 (win7sp1_ldr.170913-0600)                C:\Windows\system32\ci.dll                             
ataport.SYS                ATAPI Driver Extension                                                  0          0          0                       0                     0xBB800000  143360      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\ataport.sys                
vmstorfl.sys               Virtual Storage Filter Driver                                           0          0          0                       0                     0xBC3E6000  36864       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.17514 (win7sp1_rtm.101119-1850)                C:\Windows\system32\drivers\vmstorfl.sys               
volsnap.sys                Volume Shadow Copy Driver                                               0          0          0                       0                     0xBC159000  258048      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\volsnap.sys                
aswVmm.sys                 Avast VM Monitor                                                        0          0          0                       0                     0xBC3A1000  282624      AVAST Software                                       Avast Antivirus                                                  17.8.3698.0                                             C:\Windows\system32\drivers\aswvmm.sys                 
fwpkclnt.sys               FWP/IPsec Kernel-Mode API                                               0          0          0                       0                     0xBC361000  200704      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.23821 (win7sp1_ldr.170529-1924)                C:\Windows\system32\drivers\fwpkclnt.sys               
aswRvrt.sys                Avast Revert                                                            0          0          0                       0                     0xBC392000  61440       AVAST Software                                       Avast Antivirus                                                  17.8.3698.0                                             C:\Windows\system32\drivers\aswrvrt.sys                
hwpolicy.sys               Hardware Policy Driver                                                  0          0          0                       0                     0xBC1C5000  32768       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.17514 (win7sp1_rtm.101119-1850)                C:\Windows\system32\drivers\hwpolicy.sys               
fvevol.sys                 BitLocker Drive Encryption Driver                                       0          0          0                       0                     0xBC1CD000  204800      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\fvevol.sys                 
iaStorF.sys                Intel Rapid Storage Technology Filter driver - x86                      0          0          0                       0                     0xBC3F7000  36864       Intel Corporation                                    Intel Rapid Storage Technology Filter driver                     11.7.4.1001                                             C:\Windows\system32\drivers\iastorf.sys                
spldr.sys                  loader for security processor                                           0          0          0                       0                     0xBC3EF000  32768       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7127.0 (fbl_security_bugfix(sepbld-s).090511-0900)  C:\Windows\system32\drivers\spldr.sys                  
mup.sys                    Multiple UNC Provider Driver                                            0          0          0                       0                     0xBC200000  65536       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\mup.sys                    
fileinfo.sys               FileInfo Filter Driver                                                  0          0          0                       0                     0xBBD5A000  69632       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\fileinfo.sys               
msrpc.sys                  Kernel Remote Procedure Call Provider                                   0          0          0                       0                     0xBBF45000  176128      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\msrpc.sys                  
amdxata.sys                Storage Filter Driver                                                   0          0          0                       0                     0xBBD1D000  36864       Advanced Micro Devices                               Storage Filter Driver                                            1.1.2.5 (NT.091202-1711)                                C:\Windows\system32\drivers\amdxata.sys                
msahci.sys                 MS AHCI 1.0 Standard Driver                                             0          0          0                       0                     0xBB9E7000  40960       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.17514 (win7sp1_rtm.101119-1850)                C:\Windows\system32\drivers\msahci.sys                 
PCIIDEX.SYS                PCI IDE Bus Driver Extension                                            0          0          0                       0                     0xBB9F1000  57344       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\pciidex.sys                
ntdll.dll                  NT Layer DLL                                                            0          0          0                       0                     0x76FA0000  1318912     Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\ntdll.dll                          
ksecpkg.sys                Kernel Security Support Provider Interface Packages                     0          0          0                       0                     0xBC133000  155648      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.23915 (win7sp1_ldr.170913-0600)                C:\Windows\system32\drivers\ksecpkg.sys                
Fs_Rec.sys                 File System Recognizer Driver                                           0          0          0                       0                     0xBBFEF000  36864       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.17787 (win7sp1_gdr.120229-1502)                C:\Windows\system32\drivers\fs_rec.sys                 
ksecdd.sys                 Kernel Security Support Provider Interface                              0          0          0                       0                     0xBBF70000  77824       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.23915 (win7sp1_ldr.170913-0600)                C:\Windows\system32\drivers\ksecdd.sys                 
pcw.sys                    Performance Counters for Windows Driver                                 0          0          0                       0                     0xBBFE1000  57344       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\pcw.sys                    
aswbidsdriverx.sys         IDS Application Activity Monitor Driver.                                0          0          0                       0                     0xCEC02000  258048      AVAST Software s.r.o.                                Avast                                                            17.8.3.16331                                            C:\Windows\system32\drivers\aswbidsdriverx.sys         
cdd.dll                    Canonical Display Driver                                                0          0          0                       0                     0xD9B90000  122880      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.23809 (win7sp1_ldr.170516-0600)                C:\Windows\system32\cdd.dll                            
aswMonFlt.sys              Avast File System Minifilter for Windows 2003/Vista                     0          0          0                       0                     0xD6D0E000  143360      AVAST Software                                       Avast Antivirus                                                  17.8.3698.0                                             C:\Windows\system32\drivers\aswmonflt.sys              
TSDDD.dll                  Framebuffer Display Driver                                              0          0          0                       0                     0xD9B60000  36864       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\tsddd.dll                          
Dxapi.sys                  DirectX API Driver                                                      0          0          0                       0                     0xD6CDE000  40960       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\dxapi.sys                  
monitor.sys                Monitor Driver                                                          0          0          0                       0                     0xD6CE8000  45056       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\monitor.sys                
MbamChameleon.sys          Malwarebytes Chameleon                                                  0          0          0                       0                     0xD6D31000  167936      Malwarebytes                                         Malwarebytes Chameleon                                           3.0.0.191                                               C:\Windows\system32\drivers\mbamchameleon.sys          
ndisuio.sys                NDIS User mode I/O driver                                               0          0          0                       0                     0xD6DD4000  65536       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\ndisuio.sys                
rspndr.sys                 Link-Layer Topology Responder Driver for NDIS 6                         0          0          0                       0                     0xD6DE4000  77824       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\rspndr.sys                 
nwifi.sys                  NativeWiFi Miniport Driver                                              0          0          0                       0                     0xD6D8D000  290816      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\nwifi.sys                  
aswStm.sys                 Stream Filter                                                           0          0          0                       0                     0xD6D5A000  143360      AVAST Software                                       Avast Antivirus                                                  17.8.3698.0                                             C:\Windows\system32\drivers\aswstm.sys                 
lltdio.sys                 Link-Layer Topology Mapper I/O Driver                                   0          0          0                       0                     0xD6D7D000  65536       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\lltdio.sys                 
snp2uvc.sys                UVC Camera Streaming Driver                                             0          0          0                       0                     0xCE607000  1761280     Sonix Technology Co., Ltd.                           UVC Camera Streaming Driver                                      2, 3, 2, 1                                              C:\Windows\system32\drivers\snp2uvc.sys                
STREAM.SYS                 WDM CODEC Class Device Driver 2.0                                       0          0          0                       0                     0xD3D03000  57344       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\stream.sys                 
cdfs.sys                   CD-ROM File System Driver                                               0          0          0                       0                     0xD3CED000  90112       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\cdfs.sys                   
HIDPARSE.SYS               Hid Parsing Library                                                     0          0          0                       0                     0xD3CC4000  28672       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.18199 (win7sp1_gdr.130702-1534)                C:\Windows\system32\drivers\hidparse.sys               
mouhid.sys                 HID Mouse Filter Driver                                                 0          0          0                       0                     0xD3CCB000  45056       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\mouhid.sys                 
sncduvc.SYS                USBCAMD for Sonix UVC                                                   0          0          0                       0                     0xD3D11000  28672       Sonix Technology Co., Ltd.                           USBCAMD for Sonix UVC                                            1.2.6.0                                                 C:\Windows\system32\drivers\sncduvc.sys                
dump_dumpfve.sys                                                                                   0          0          0                       0                     0xD6CCD000  69632                                                                                                                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\dump_dumpfve.sys           
win32k.sys                 Multi-User Win32 Driver                                                 0          0          0                       0                     0xD98F0000  2482176     Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\win32k.sys                         
dump_iaStorA.sys                                                                                   0          0          0                       0                     0xD6A24000  2789376                                                                                                                           6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\dump_iastora.sys           
crashdmp.sys               Crash Dump Driver                                                       0          0          0                       0                     0xD3D4C000  53248       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\crashdmp.sys               
dump_diskdump.sys                                                                                  0          0          0                       0                     0xD3D59000  40960                                                                                                                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\dump_diskdump.sys          
WudfPf.sys                 Windows Driver Foundation - User-mode Driver Framework Platform Driver  0          0          0                       0                     0xE6BC8000  81920       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.2.9200.16384 (win8_rtm.120725-1247)                   C:\Windows\system32\drivers\wudfpf.sys                 
WinUsb.sys                 Windows USB Class Driver BETA                                           0          0          0                       0                     0xE6BDC000  36864       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.17514 (win7sp1_rtm.101119-1850)                C:\Windows\system32\drivers\winusb.sys                 
fastfat.SYS                Fast FAT File System Driver                                             0          0          0                       0                     0xE6B9E000  172032      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.23717 (win7sp1_ldr.170310-0600)                C:\Windows\system32\drivers\fastfat.sys                
tcpipreg.sys               TCP/IP Registry Compatibility Driver                                    0          0          0                       0                     0xE6AEE000  53248       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.17964 (win7sp1_gdr.121003-0333)                C:\Windows\system32\drivers\tcpipreg.sys               
srv2.sys                   Smb 2.0 Server driver                                                   0          0          0                       0                     0xE6AFB000  331776      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.23913 (win7sp1_ldr.170907-0600)                C:\Windows\system32\drivers\srv2.sys                   
WUDFRd.sys                 Windows Driver Foundation - User-mode Driver Framework Reflector        0          0          0                       0                     0xE6A00000  176128      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.2.9200.16384 (win8_rtm.120725-1247)                   C:\Windows\system32\drivers\wudfrd.sys                 
farflt.sys                 Malwarebytes Anti-Ransomware Protection                                 0          0          0                       0                     0xD0E00000  94208       Malwarebytes                                         Malwarebytes Anti-Ransomware Protection                          3.0.0.289                                               C:\Windows\system32\drivers\farflt.sys                 
mbam.sys                   Malwarebytes Real-Time Protection                                       0          0          0                       0                     0xE6BF1000  45056       Malwarebytes                                         Malwarebytes Real-Time Protection                                3.0.0.116                                               C:\Windows\system32\drivers\mbam.sys                   
mbamswissarmy.sys          Malwarebytes SwissArmy                                                  0          0          0                       0                     0xCE835000  233472      Malwarebytes                                         Malwarebytes SwissArmy                                           4.2.0.140                                               C:\Windows\system32\drivers\mbamswissarmy.sys          
WmVirHid.sys               Logitech WingMan Virtual Hid Device Driver                              0          0          0                       0                     0xE6A2B000  12288       Logitech Inc.                                        Logitech Gaming Software                                         5.09.129                                                C:\Windows\system32\drivers\wmvirhid.sys               
kbdhid.sys                 HID Keyboard Filter Driver                                              0          0          0                       0                     0xE6BE5000  49152       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\kbdhid.sys                 
mpsdrv.sys                 Microsoft Protection Service Driver                                     0          0          0                       0                     0xD3DE8000  73728       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\mpsdrv.sys                 
mrxsmb.sys                 Windows NT SMB Minirdr                                                  0          0          0                       0                     0xD3D18000  143360      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.23915 (win7sp1_ldr.170913-0600)                C:\Windows\system32\drivers\mrxsmb.sys                 
bowser.sys                 NT Lan Manager Datagram Receiver Driver                                 0          0          0                       0                     0xD6A09000  98304       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.23567 (win7sp1_ldr.161005-0600)                C:\Windows\system32\drivers\bowser.sys                 
ASMMAP.sys                 Memory mapping Driver                                                   0          0          0                       0                     0xD6DF7000  8192        ASUS                                                 ATK Generic Function Service                                     1, 0, 9, 1                                              c:\program files\asus\atk package\atkgfnex\asmmap.sys  
vwifimp.sys                Virtual WiFi Miniport Driver                                            0          0          0                       0                     0xD6A00000  36864       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\vwifimp.sys                
mrxsmb10.sys               Longhorn SMB Downlevel SubRdr                                           0          0          0                       0                     0xCE7B5000  245760      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.23915 (win7sp1_ldr.170913-0600)                C:\Windows\system32\drivers\mrxsmb10.sys               
peauth.sys                 Protected Environment Authentication and Authorization Export Driver    0          0          0                       0                     0xE6A30000  622592      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.23471 (win7sp1_ldr.160614-0600)                C:\Windows\system32\drivers\peauth.sys                 
speedfan.sys               SpeedFan x32 Driver                                                     0          0          0                       0                     0xE6AC8000  20480       Almico Software                                      SpeedFan                                                         X2.03.11                                                c:\windows\system32\speedfan.sys                       
giveio.sys                                                                                         0          0          0                       0                     0xD6A21000  4096                                                                                                                              11.0.0.14 built by: WinDDK                              c:\windows\system32\giveio.sys                         
mrxsmb20.sys               Longhorn SMB 2.0 Redirector                                             0          0          0                       0                     0xC5600000  114688      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.23915 (win7sp1_ldr.170913-0600)                C:\Windows\system32\drivers\mrxsmb20.sys               
acedrv11.sys               ProtectDisc x64/x86 Hybrid Driver                                       0          0          0                       0                     0xCE809000  180224      Protect Software GmbH                                ProtectDisc x64/x86 Hybrid Driver                                11.0.0.14 built by: WinDDK                              c:\windows\system32\drivers\acedrv11.sys               
HIDCLASS.SYS               Hid Class Library                                                       0          0          0                       0                     0xD3CB1000  77824       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.18199 (win7sp1_gdr.130702-1534)                C:\Windows\system32\drivers\hidclass.sys               
rixdptsk.sys               RICOH XD SM Driver                                                      0          0          0                       0                     0xCED5F000  335872      REDC                                                 R5C852 Ricoh xD Controller                                       6.10.01.05                                              C:\Windows\system32\drivers\rixdptsk.sys               
i8042prt.sys               i8042 Port Driver                                                       0          0          0                       0                     0xD11B2000  98304       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\i8042prt.sys               
rimsptsk.sys               RICOH MS Driver                                                         0          0          0                       0                     0xD119E000  81920       REDC                                                 Ricoh Memorystick Controller                                     6.10.01.05                                              C:\Windows\system32\drivers\rimsptsk.sys               
risdptsk.sys               RICOH SD/MMC Driver                                                     0          0          0                       0                     0xD117C000  69632       REDC                                                 RICOH SD/MMC Driver                                              6.03.02.28                                              C:\Windows\system32\drivers\risdptsk.sys               
rimmptsk.sys               RICOH SD/MMC Driver                                                     0          0          0                       0                     0xD118D000  69632       REDC                                                 RICOH SD/MMC Driver                                              6.10.01.05                                              C:\Windows\system32\drivers\rimmptsk.sys               
SynTP.sys                  Synaptics Touchpad Driver                                               0          0          0                       0                     0xC5624000  335872      Synaptics Incorporated                               Synaptics Pointing Device Driver                                 16.2.11.7 17Sep12                                       C:\Windows\system32\drivers\syntp.sys                  
tpm.sys                    TPM Device Driver                                                       0          0          0                       0                     0xC5692000  49152       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\tpm.sys                    
CmBatt.sys                 Control Method Battery Driver                                           0          0          0                       0                     0xC569E000  16384       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\cmbatt.sys                 
mouclass.sys               Mouse Class Driver                                                      0          0          0                       0                     0xC5685000  53248       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\mouclass.sys               
USBD.SYS                   Universal Serial Bus Driver                                             0          0          0                       0                     0xC5676000  8192        Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.23933 (win7sp1_ldr.171017-1700)                C:\Windows\system32\drivers\usbd.sys                   
kbdclass.sys               Keyboard Class Driver                                                   0          0          0                       0                     0xC5678000  53248       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.17514 (win7sp1_rtm.101119-1850)                C:\Windows\system32\drivers\kbdclass.sys               
dxgmms1.sys                DirectX Graphics MMS                                                    0          0          0                       0                     0xD0B5A000  233472      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.23809 (win7sp1_ldr.170516-0600)                C:\Windows\system32\drivers\dxgmms1.sys                
usbuhci.sys                UHCI USB Miniport Driver                                                0          0          0                       0                     0xD0B93000  45056       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.23933 (win7sp1_ldr.171017-1700)                C:\Windows\system32\drivers\usbuhci.sys                
PROCEXP152.SYS                                                                                     0          0          0                       0                     0xCEDF5000  40960                                                                                                                             3.0.0.159                                               c:\windows\system32\drivers\procexp152.sys             
aswArPot.sys               Avast anti rootkit                                                      0          0          0                       0                     0xCEC41000  233472      AVAST Software                                       Avast Antivirus                                                  17.8.3698.0                                             C:\Windows\system32\drivers\aswarpot.sys               
intelppm.sys               Processor Device Driver                                                 0          0          0                       0                     0xCEC9B000  73728       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\intelppm.sys               
mwac.sys                   Malwarebytes Web Protection                                             0          0          0                       0                     0xD3D3B000  69632       Malwarebytes                                         Malwarebytes Web Protection                                      3.0.0.159                                               C:\Windows\system32\drivers\mwac.sys                   
Rt86win7.sys               Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver                         0          0          0                       0                     0xCECAD000  729088      Realtek                                              Realtek 8136/8168/8169 PCI/PCIe Adapters                         7.092.0115.2015 built by: WinDDK                        C:\Windows\system32\drivers\rt86win7.sys               
1394ohci.sys               1394 OpenHCI Port Driver                                                0          0          0                       0                     0xD114F000  184320      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\1394ohci.sys               
vwifibus.sys               Virtual WiFi Bus Driver                                                 0          0          0                       0                     0xD1145000  40960       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\vwifibus.sys               
usbehci.sys                EHCI eUSB Miniport Driver                                               0          0          0                       0                     0xD0BE9000  65536       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.23933 (win7sp1_ldr.171017-1700)                C:\Windows\system32\drivers\usbehci.sys                
athr.sys                   Qualcomm Atheros Extensible Wireless LAN device driver                  0          0          0                       0                     0xD0E17000  3334144     Qualcomm Atheros Communications, Inc.                Driver for Qualcomm Atheros CB42/CB43/MB42/MB43 Network Adapter  10.0.0.270 built by: WinDDK                             C:\Windows\system32\drivers\athr.sys                   
WmXlCore.sys               Logitech WingMan Translation Driver                                     0          0          0                       0                     0xC57AB000  61440       Logitech Inc.                                        Logitech Gaming Software                                         5.09.129                                                C:\Windows\system32\drivers\wmxlcore.sys               
umbus.sys                  User-Mode Bus Enumerator                                                0          0          0                       0                     0xC57BA000  57344       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\umbus.sys                  
WmBEnum.sys                Logitech WingMan Virtual Bus Enumerator Driver                          0          0          0                       0                     0xC57A7000  16384       Logitech Inc.                                        Logitech Gaming Software                                         5.09.129                                                C:\Windows\system32\drivers\wmbenum.sys                
swenum.sys                 Plug and Play Software Device Enumerator                                0          0          0                       0                     0xC5765000  8192        Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\swenum.sys                 
dtsoftbus01.sys            DAEMON Tools Virtual Bus Driver                                         0          0          0                       0                     0xC5767000  262144      Disc Soft Ltd                                        DAEMON Tools                                                     4.49.0001.0352                                          C:\Windows\system32\drivers\dtsoftbus01.sys            
nvvad32v.sys               NVIDIA Virtual Audio Driver                                             0          0          0                       0                     0xC57C8000  49152       NVIDIA Corporation                                   NVIDIA Virtual Audio Driver                                      1.2.40 built by: WinDDK                                 C:\Windows\system32\drivers\nvvad32v.sys               
NDProxy.SYS                NDIS Proxy                                                              0          0          0                       0                     0xC57ED000  69632       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.17514 (win7sp1_rtm.101119-1850)                C:\Windows\system32\drivers\ndproxy.sys                
hidusb.sys                 USB Miniport Driver for Input Devices                                   0          0          0                       0                     0xD3CA6000  45056       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.17514 (win7sp1_rtm.101119-1850)                C:\Windows\system32\drivers\hidusb.sys                 
usbhub.sys                 Default Hub Driver for USB                                              0          0          0                       0                     0xCEDB1000  278528      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.23933 (win7sp1_ldr.171017-1700)                C:\Windows\system32\drivers\usbhub.sys                 
portcls.sys                Port Class (Class Driver for Port/Miniport Devices)                     0          0          0                       0                     0xD11CA000  192512      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\portcls.sys                
drmk.sys                   Microsoft Trusted Audio Drivers                                         0          0          0                       0                     0xC57D4000  102400      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.19091 (win7sp1_gdr.151208-0600)                C:\Windows\system32\drivers\drmk.sys                   
rasl2tp.sys                RAS L2TP mini-port/call-manager driver                                  0          0          0                       0                     0xC56C9000  98304       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\rasl2tp.sys                
ndistapi.sys               NDIS 3.0 connection wrapper driver                                      0          0          0                       0                     0xC56E1000  45056       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\ndistapi.sys               
AgileVpn.sys               RAS Agile Vpn Miniport Call Manager                                     0          0          0                       0                     0xC56B7000  73728       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\agilevpn.sys               
ATKACPI.sys                ATK0100 ACPI Utility                                                    0          0          0                       0                     0xC56A2000  32768       ASUS                                                 ATK0100 ACPI Utility                                             1043, 2, 31, 105                                        C:\Windows\system32\drivers\atkacpi.sys                
CompositeBus.sys           Multi-Transport Composite Bus Enumerator                                0          0          0                       0                     0xC56AA000  53248       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.17514 (win7sp1_rtm.101119-1850)                C:\Windows\system32\drivers\compositebus.sys           
ndiswan.sys                MS PPP Framing Driver (Strong Encryption)                               0          0          0                       0                     0xC56EC000  139264      Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7601.17514 (win7sp1_rtm.101119-1850)                C:\Windows\system32\drivers\ndiswan.sys                
tap0901.sys                TAP-Windows Virtual Network Driver                                      0          0          0                       0                     0xC5754000  28672       The OpenVPN Project                                  TAP-Windows Virtual Network Driver                               9.9.2 9/9 built by: WinDDK                              C:\Windows\system32\drivers\tap0901.sys                
rdpbus.sys                 Microsoft RDP Bus Device driver                                         0          0          0                       0                     0xC575B000  40960       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\rdpbus.sys                 
rassstp.sys                RAS SSTP Miniport Call Manager                                          0          0          0                       0                     0xC573D000  94208       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\rassstp.sys                
raspppoe.sys               RAS PPPoE mini-port/call-manager driver                                 0          0          0                       0                     0xC570E000  98304       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\raspppoe.sys               
raspptp.sys                Peer-to-Peer Tunneling Protocol                                         0          0          0                       0                     0xC5726000  94208       Microsoft Corporation                                Microsoft® Windows® Operating System                             6.1.7600.16385 (win7_rtm.090713-1255)                   C:\Windows\system32\drivers\raspptp.sys                
 


  • 0

#14
MattMMM

MattMMM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

The text aligment got all weird. If this helps https://www.mediafir...9bh/Drivers.txt


  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

My bet would be the network driver.  Looking at your Speccy I see:

 

Wi-Fi (sailor2)
                    SSID    sailor2
                    Frequency    2412000 kHz
                    Channel Number    1
                    Name    sailor2
                    Signal Strength/Quality    40
                    Security    Enabled
                    State    The interface is connected to a network
                    Dot11 Type    Infrastructure BSS network
                    Network    Connectible
                    Network Flags    Currently Connected to this network
                    Cipher Algorithm to be used when joining this network    AES-CCMP algorithm
                    Default Auth used to join this network for the first time    802.11i RSNA algorithm that uses PSK

 

40 is pretty weak.  Can you move closer to the router?

 

Also see if you can find an update for your Qualcomm Atheros AR928X Wireless Network Adapter  there was a recent Windows Update that passed out a bad driver so you may need to revert back to the older driver or get one from your PC maker's support site.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP