Help Malware Removal. Need fixlist.txt for FRST.

H

HelloINeedHelp

New Member
Thread author
Verified
Mar 9, 2017
17
I have used Farbar FRST to investigate and log my pc. Any help would be greatly appreciated. :)

Here is my FRST.txt file:
Code: 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
Ran by Tyler (administrator) on ISO-DIDACT (10-03-2017 15:04:44)
Running from C:\Users\Tyler\Downloads
Loaded Profiles: UpdatusUser & Tyler (Available Profiles: UpdatusUser & Tyler)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\WINDOWS\SysWOW64\irstrtsv.exe
(MakerBot) C:\Program Files\MakerBot\MakerWare\conveyor-svc.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Inventor 2015\Moldflow\bin\mitsijm.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\WINDOWS\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe
() C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareTactXMacroController.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Toaster.exe
() C:\Program Files (x86)\AlienRespawn\Components\Shell\DBRCrawler.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13840 2013-05-30] (Alienware)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3011312 2013-04-08] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804432 2015-09-11] (NVIDIA Corporation)
HKLM-x32\...\Run: [Alienware Survey] => c:\Program Files (x86)\Alienware Customer Surveys\AlienSurvey.exe [7396920 2013-04-24] (Alienware, Inc.)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [4434224 2013-08-21] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-05] (Autodesk Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-662298655-4248247804-1699957461-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-11-21] (Microsoft Corporation)
HKU\S-1-5-21-662298655-4248247804-1699957461-1002\...\Run: [Akamai NetSession Interface] => "C:\Users\Tyler\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-662298655-4248247804-1699957461-1002\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1208712 2014-05-14] (Autodesk, Inc.)
HKU\S-1-5-21-662298655-4248247804-1699957461-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-662298655-4248247804-1699957461-1002\...\Run: [BitTorrent Sync] => "C:\Program Files (x86)\BitTorrent Sync\BTSync.exe"  /MINIMIZED
HKU\S-1-5-21-662298655-4248247804-1699957461-1002\...\Run: [BingSvc] => C:\Users\Tyler\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-662298655-4248247804-1699957461-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-662298655-4248247804-1699957461-1002\...\Run: [Discord] => C:\Users\Tyler\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-662298655-4248247804-1699957461-1002\...\Run: [Chromium] => c:\users\tyler\appdata\local\chromium\application\chrome.exe [1035264 2016-03-17] (The Chromium Authors)
HKU\S-1-5-21-662298655-4248247804-1699957461-1002\...\MountPoints2: {79dc90a0-b4e4-11e4-be99-ecf4bb047ebe} - "F:\Autorun.exe"
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1208712 2014-05-14] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-03-20] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-03-20] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-03-20] ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Tyler\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll [2017-02-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Tyler\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll [2017-02-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Tyler\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileSyncShell64.dll [2017-02-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\SYSTEM32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\SYSTEM32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\SYSTEM32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Tyler\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\FileSyncShell.dll [2017-02-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Tyler\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\FileSyncShell.dll [2017-02-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Tyler\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\FileSyncShell.dll [2017-02-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-02-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-02-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-02-16] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-01-30]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-01-27]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1   mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 61.9.226.33 61.9.226.1
Tcpip\..\Interfaces\{DEFBF560-583D-4A25-AF81-25F29CE23664}: [DhcpNameServer] 61.9.226.33 61.9.226.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://[URL="http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-14fc0906"]www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-14fc0906[/URL]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://[URL="http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-14fc0906"]www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-14fc0906[/URL]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL="http://www.google.com"]www.google.com[/URL]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = [URL="http://www.google.com"]www.google.com[/URL]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL="http://www.google.com"]www.google.com[/URL]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL="http://www.google.com"]www.google.com[/URL]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL="http://www.google.com"]www.google.com[/URL]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL="http://www.google.com"]www.google.com[/URL]
HKU\S-1-5-21-662298655-4248247804-1699957461-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://[URL="http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-14fc0906"]www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-14fc0906[/URL]
URLSearchHook: [S-1-5-21-662298655-4248247804-1699957461-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://[URL="http://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-ea80aef1&q="]www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-ea80aef1&q=[/URL]{searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://[URL="http://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-ea80aef1&q="]www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-ea80aef1&q=[/URL]{searchTerms}
SearchScopes: HKLM -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://[URL="http://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-14fc0906&q="]www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-14fc0906&q=[/URL]{searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://[URL="http://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-ea80aef1&q="]www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-ea80aef1&q=[/URL]{searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://[URL="http://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-ea80aef1&q="]www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-ea80aef1&q=[/URL]{searchTerms}
SearchScopes: HKLM-x32 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://[URL="http://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-14fc0906&q="]www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-14fc0906&q=[/URL]{searchTerms}
SearchScopes: HKU\S-1-5-21-662298655-4248247804-1699957461-1002 -> DefaultScope {D25E2080-48AF-484C-9E63-35A40B44726E} URL =
SearchScopes: HKU\S-1-5-21-662298655-4248247804-1699957461-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://[URL="http://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q="]www.bing.com/search?FORM=SL5MDF&PC=SL5M&q=[/URL]{searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-662298655-4248247804-1699957461-1002 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://[URL="http://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-ea80aef1&q="]www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-ea80aef1&q=[/URL]{searchTerms}
SearchScopes: HKU\S-1-5-21-662298655-4248247804-1699957461-1002 -> {D25E2080-48AF-484C-9E63-35A40B44726E} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-02-16] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-11] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-02-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-11] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-02-16] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\6gr4dqr7.default-1468830596090 [2017-03-10]
FF NewTab: Mozilla\Firefox\Profiles\6gr4dqr7.default-1468830596090 -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\6gr4dqr7.default-1468830596090 -> Bing Search Engine
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\6gr4dqr7.default-1468830596090 -> Bing Search Engine
FF Homepage: Mozilla\Firefox\Profiles\6gr4dqr7.default-1468830596090 -> google.com.au/
FF Keyword.URL: Mozilla\Firefox\Profiles\6gr4dqr7.default-1468830596090 -> user_pref("keyword.URL", true);
FF Extension: (YouTube Video and Audio Downloader) - C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\6gr4dqr7.default-1468830596090\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2017-02-03]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\6gr4dqr7.default-1468830596090\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-02-16]
FF Extension: (Adblock Plus) - C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\6gr4dqr7.default-1468830596090\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\6gr4dqr7.default-1468830596090\features\{8d5e3f3f-64c6-4fd2-bc93-aedaa7e99a77}\disableSHA1rollout@mozilla.org.xpi [2017-03-04]
FF SearchPlugin: C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\6gr4dqr7.default-1468830596090\searchplugins\bing search engine.xml [2016-12-14]
FF SearchPlugin: C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\6gr4dqr7.default-1468830596090\searchplugins\search provided by bing.xml [2016-11-21]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-05-29]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-19] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-11] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-05-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-24] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-03-21] (Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default [2017-03-01]
CHR Extension: (Google Slides) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-20]
CHR Extension: (Google Docs) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-20]
CHR Extension: (Google Drive) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-20]
CHR Extension: (YouTube) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-20]
CHR Extension: (Google Sheets) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-20]
CHR Extension: (Google Docs Offline) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-23]
CHR Extension: (Halo Waypoint Tools) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifnmllpebfhkkpihacgmnpkjflmdajpn [2016-05-20]
CHR Extension: (Skype) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-02-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Gmail) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-20]
CHR Extension: (Chrome Media Router) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2023-12-05]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R2 AVerRECentral; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe [1933000 2016-02-16] (AVerMedia TECHNOLOGIES, Inc.)
S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2017-01-17] (Microsoft Corporation)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-06-24] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-06-24] (Dell Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2017-02-16] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-02] (iolo technologies, LLC)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [668984 2013-02-08] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-19] (Intel Corporation)
R2 MakerBot Conveyor Service; C:\Program Files\MakerBot\MakerWare\conveyor-svc.exe [85504 2015-03-05] (MakerBot) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-19] (McAfee, Inc.)
R2 mitsijm2015; C:\Program Files\Autodesk\Inventor 2015\Moldflow\bin\mitsijm.exe [968480 2013-10-12] (Autodesk, Inc.)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1325384 2017-03-05] (Overwolf LTD)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294104 2015-04-10] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AVer330USB; C:\WINDOWS\system32\DRIVERS\AVer330USB.sys [1551616 2015-04-09] (AVerMedia TECHNOLOGIES, Inc.)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-02] (Broadcom Corporation)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-31] (Dell Computer Corporation)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2015-05-23] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
R0 EMSC; C:\WINDOWS\System32\drivers\EMSC.SYS [17720 2012-07-11] ()
R0 EMSC; C:\Windows\SysWOW64\drivers\EMSC.SYS [15160 2012-07-11] ()
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2017-03-10] ()
R3 irstrtdv; C:\WINDOWS\System32\drivers\irstrtdv.sys [43800 2012-12-13] (Intel Corporation)
R3 Ke2200; C:\WINDOWS\system32\DRIVERS\e22w8x64.sys [174448 2012-12-04] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-07] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-19] (Intel Corporation)
S3 NdisImPlatformMp; C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys [126464 2014-11-21] (Microsoft Corporation)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11376 2003-09-03] () [File not signed]
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [32496 2013-04-08] (Synaptics Incorporated)
R3 ST_Accel; C:\WINDOWS\system32\DRIVERS\ST_Accel.sys [91360 2013-04-12] (STMicroelectronics)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 xb1usb; C:\WINDOWS\System32\drivers\xb1usb.sys [42760 2016-02-23] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation)
S3 btwaudio; \SystemRoot\system32\drivers\btwaudio.sys [X]
S3 btwavdt; \SystemRoot\system32\drivers\btwavdt.sys [X]
S3 btwl2cap; \SystemRoot\system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; \SystemRoot\System32\drivers\btwrchid.sys [X]

========================== Drivers MD5 =======================

C:\WINDOWS\System32\drivers\1394ohci.sys E1832BD9FD7E0FC2DC9FA5935DE3E8C1
C:\WINDOWS\System32\drivers\3ware.sys AD508A1A46EC21B740AB31C28EFDFDB1
C:\WINDOWS\System32\drivers\ACPI.sys E796AE43DDD1844281DB4D57294D17C0
C:\WINDOWS\System32\Drivers\acpiex.sys AC8279D229398BCF05C3154ADCA86813
C:\WINDOWS\System32\drivers\acpipagr.sys A8970D9BF23CD309E0403978A1B58F3F
C:\WINDOWS\System32\drivers\acpipmi.sys 111A89C99C5B4F1A7BCE5F643DD86F65
C:\WINDOWS\System32\drivers\acpitime.sys 5758387D68A20AE7D3245011B07E36E7
C:\WINDOWS\System32\drivers\ADP80XX.SYS 7C1FDF1B48298CBA7CE4BDD4978951AD
C:\WINDOWS\system32\drivers\afd.sys A460C3AF3755A2A79A3C8EFE72E147B5
C:\WINDOWS\System32\drivers\agp440.sys 7DFAEBA9AD62D20102B576D5CAC45EC8
C:\WINDOWS\System32\DRIVERS\ahcache.sys FE14D249D39368CA62D8DA6BC94AC694
C:\WINDOWS\System32\drivers\amdk8.sys 7589DE749DB6F71A68489DCE04158729
C:\WINDOWS\System32\drivers\amdppm.sys B46D2D89AFF8A9490FA8C98C7A5616E3
C:\WINDOWS\System32\drivers\amdsata.sys D2BF2F94A47D332814910FD47C6BBCD2
C:\WINDOWS\System32\drivers\amdsbs.sys A8E04943C7BBA7219AA50400272C3C6E
C:\WINDOWS\System32\drivers\amdxata.sys CEA5F4F27CFC08E3A44D576811B35F50
C:\WINDOWS\system32\drivers\appid.sys 415DD71628795197F7AFC176CBADC74E
C:\WINDOWS\System32\drivers\arcsas.sys 65045784366F7EC5FB4E71BCF923187B
C:\WINDOWS\System32\drivers\atapi.sys 74B14192CF79A72F7536B27CB8814FBD
C:\WINDOWS\system32\DRIVERS\AVer330USB.sys 305DC276BE16EB32FEDAC8D94ACA3160
C:\WINDOWS\System32\drivers\bxvbda.sys A4A73F631FE2AA2826FBE4A399B04DEF
C:\WINDOWS\System32\drivers\BasicDisplay.sys 8CC7F7E4AFCBA605921B137ED7992C68
C:\WINDOWS\System32\drivers\BasicRender.sys 38A82F4EE8C416A6744B6D30381ED768
C:\WINDOWS\system32\drivers\bcbtums.sys 70433F7A216BD0B5EC7DA1202EE53E65
C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys 9A4EF701A4FC835F7DDD8956D930010F
C:\WINDOWS\System32\drivers\bcmfn2.sys C1ABB0F7E3BEA48A0417BDF6FF14AB21
C:\Windows\System32\Drivers\Beep.sys EC19013E4CF87609534165DF897274D6
C:\WINDOWS\System32\DRIVERS\bowser.sys 4938A9236300A356F97E378491EE4844
C:\WINDOWS\system32\drivers\BthA2DP.sys F4CB6F457D019857C8DB6F04CA2957F5
C:\WINDOWS\System32\drivers\BthAvrcpTg.sys A8F23D453A424FF4DE04989C4727ECC7
C:\WINDOWS\System32\drivers\BthEnum.sys 12418846B057E4F92FC621F5C6CF737D
C:\WINDOWS\system32\DRIVERS\BthHfAud.sys 7A2E3CB427309F56C2571F0610B7ADA8
C:\WINDOWS\System32\drivers\bthhfenum.sys 272A62B660A48AEF366F8A1836CED19F
C:\WINDOWS\System32\drivers\BthHFHid.sys 71FE2A48E4C93DDB9798C024880B6C07
C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys D30C67473A2E229662D21F27EAA9AAA5
C:\WINDOWS\System32\drivers\bthmodem.sys EF4B9E7C9AD88C00C18A12B0D22D1894
C:\WINDOWS\System32\drivers\bthpan.sys FEA8FC81431AD93F44D5FBFBBF096AA7
C:\WINDOWS\System32\Drivers\BTHport.sys B810B2B39CCA90DC6BF42AF1658AE0D1
C:\WINDOWS\System32\Drivers\BTHUSB.sys 52A1B7ECAB4C9EF70FD41241691E09D3
C:\WINDOWS\system32\DRIVERS\btwampfl.sys 20C8EB70C0B179DF06A01CA503F4A824
C:\WINDOWS\System32\DRIVERS\cdfs.sys 2FA6510E33F7DEFEC03658B74101A9B9
C:\WINDOWS\System32\drivers\cdrom.sys C6796EA22B513E3457514D92DCDB1A3D
C:\WINDOWS\System32\drivers\circlass.sys BE9936EDD3267FAAFF94A7835867F00B
C:\WINDOWS\System32\drivers\CLFS.sys 9DA497AEAF35AA7BF7710132FC2A9906
C:\WINDOWS\System32\drivers\CmBatt.sys EF6EF85DADC3184A10D8F2F7159973CB
C:\WINDOWS\System32\Drivers\cng.sys EFC79D3224D19FD926FFEA0A24729FEF
C:\WINDOWS\System32\drivers\CompositeBus.sys 03AAED827C36F35D70900558B8274905
C:\WINDOWS\System32\drivers\condrv.sys A1FF7DFBFBE164CF92603C651D304DD2
C:\WINDOWS\System32\drivers\dam.sys 389C998C64319CD97625B0550E52ECFA
C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys B56714DED87E29377F1EE930691DADA2
C:\WINDOWS\system32\drivers\DellProf.sys DC3BD578642252FD9569B9CD75CEF81E
C:\WINDOWS\System32\drivers\DellRbtn.sys DC253191A553DACA7684CFB5B03A4268
C:\WINDOWS\System32\Drivers\dfsc.sys FBFF94FC1FE0699A6BC5ACE270AB9EA1
C:\WINDOWS\System32\drivers\disk.sys 8B1E62881D5AC68E673CD94B136B34AC
C:\WINDOWS\System32\drivers\dmvsc.sys EB70A894708D1BC176AFD690FF06085F
C:\WINDOWS\system32\drivers\drmkaud.sys 00C594D5A1DBD22AD8B2902B9F6EFF94
C:\WINDOWS\System32\drivers\dxgkrnl.sys F74B839FA0F4E6060CA1DA6B8DA17941
C:\WINDOWS\System32\drivers\evbda.sys 114BCFDF367FF37C3F1B0A96AF542E4D
C:\WINDOWS\System32\drivers\EhStorClass.sys 43531A5993380CC5113242C29D265FD9
C:\WINDOWS\System32\drivers\EhStorTcgDrv.sys 6F8E738A9505A388B1157FDDE7B3101B
C:\WINDOWS\System32\drivers\EMSC.SYS 391FA1C8854E9539E0180D889020D2DA
C:\Windows\SysWOW64\drivers\EMSC.SYS BBC4712BE49A2EFE0EB5109E4089C4CE
C:\WINDOWS\System32\drivers\errdev.sys DFFFAE1442BA4076E18EED5E406FA0D3
C:\Windows\System32\Drivers\exfat.sys 7729D294A555C7AEB281ED8E4D0E01E4
C:\Windows\System32\Drivers\fastfat.sys 7C4E0D5900B2A1D11EDD626D6DDB937B
C:\WINDOWS\System32\drivers\fdc.sys 5D8402613E778B3BD45E687A8372710B
C:\WINDOWS\System32\drivers\fileinfo.sys BCFD8B149B3ADF92D0DB1E909CAF0265
C:\WINDOWS\System32\drivers\filetrace.sys A1A66C4FDAFD6B0289523232AFB7D8AF
C:\WINDOWS\System32\drivers\flpydisk.sys BE743083CF7063C486A4398E3AEFE59A
C:\WINDOWS\System32\drivers\fltmgr.sys C1FB505A73FA2E9019D32444AB33B75A
C:\WINDOWS\System32\drivers\FsDepends.sys A7C31B168F371E8E6796219F23E354DB
C:\Windows\System32\Drivers\Fs_Rec.sys 09F460AFEDCA03F3BF6E07D1CCC9AC42
C:\WINDOWS\System32\DRIVERS\fvevol.sys D4AB6EE3D715BC44C00277FD934FAACF
C:\WINDOWS\System32\drivers\fxppm.sys 9591D0B9351ED489EAFD9D1CE52A8015
C:\WINDOWS\System32\drivers\gagp30kx.sys FC3EF65EE20D39F8749C2218DBA681CA
C:\WINDOWS\System32\drivers\vmgencounter.sys 0BF5CAD281E25F1418E5B8875DC5ADD1
C:\WINDOWS\System32\Drivers\msgpioclx.sys 8DF1254093B5C354CE725EB6B9B0DE19
C:\WINDOWS\system32\drivers\HdAudio.sys 56F69F7C25FB67C970997D7066DBC593
C:\WINDOWS\System32\drivers\HDAudBus.sys D4B7ED39C7900384D9E5C1283F1E7926
C:\WINDOWS\System32\drivers\HidBatt.sys 10A70BC1871CD955D85CD88372724906
C:\WINDOWS\System32\drivers\hidbth.sys 42F88B57CAE42FC10059C887B3FCFCEA
C:\WINDOWS\System32\drivers\hidi2c.sys C241A8BAFBBFC90176EA0F5240EACC17
C:\WINDOWS\System32\drivers\hidir.sys 9BDDEE26255421017E161CCB9D5EDA95
C:\WINDOWS\System32\drivers\hidusb.sys 49676FEC898AB2A11B157F848269A56E
C:\WINDOWS\system32\drivers\hitmanpro37.sys 258DE302160DEEAFAB4453BB292CCF8F
C:\WINDOWS\System32\drivers\HpSAMD.sys A6AACEA4C785789BDA5912AD1FEDA80D
C:\WINDOWS\System32\drivers\HTTP.sys 76A6FDA32A21515B67633497D8FDB1E4
C:\WINDOWS\System32\drivers\hwpolicy.sys 90656C0B3864804B090434EFC582404F
C:\WINDOWS\System32\drivers\hyperkbd.sys 6D6F9E3BF0484967E52F7E846BFF1CA1
C:\WINDOWS\system32\DRIVERS\HyperVideo.sys 907C870F8C31F8DDD6F090857B46AB25
C:\WINDOWS\System32\drivers\i8042prt.sys 49EE0AE9E5B64FFBBD06D55C4984B598
C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys 5D90E32E36CE5D4C535D17CE08AEAF05
C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys DD05E7E80F52ADE9AEB292819920F32C
C:\WINDOWS\System32\drivers\iaStorA.sys 118CBC8D092787B604115F5267F77AE8
C:\WINDOWS\System32\drivers\iaStorAV.sys 08BFE413B0B4AA8DFA4B5684CE06D3DC
C:\WINDOWS\System32\drivers\iaStorV.sys A2200C3033FA4EF249FC096A7A7D02A2
C:\WINDOWS\system32\drivers\RTKVHD64.sys 734E92848983F17822B4F71C5F912C6C
C:\WINDOWS\System32\drivers\intelide.sys 4E448FCFFD00E8D657CD9E48D3E47157
C:\WINDOWS\System32\drivers\intelpep.sys 7AA01AB1C110916825E6E1389F1B9AF2
C:\WINDOWS\System32\drivers\intelppm.sys 47E74A8E53C7C24DCE38311E1451C1D9
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 9DB76D7F9E4E53EFE5DD8C53DE837514
C:\WINDOWS\System32\drivers\IPMIDrv.sys C800DCD904016B2BF6AB541083770A3A
C:\WINDOWS\System32\drivers\ipnat.sys B7342B3C58E91107F6E946A93D9D4EFD
C:\WINDOWS\System32\drivers\irenum.sys AE44C526AB5F8A487D941CEB57B10C97
C:\WINDOWS\System32\drivers\irstrtdv.sys 4D9B9A794F22415B8C3E0CCFBE61BC7A
C:\WINDOWS\System32\drivers\isapnp.sys 8AFEEA3955AA43616A60F133B1D25F21
C:\WINDOWS\System32\drivers\msiscsi.sys AD3C1F4BD9167420F04052FDA197CF29
C:\WINDOWS\System32\drivers\kbdclass.sys 5917AFE4A3F695A54B99C1849C8207FE
C:\WINDOWS\System32\drivers\kbdhid.sys 8CD840A062F6BDF41DDE3ACB96164B72
C:\WINDOWS\system32\DRIVERS\kdnic.sys 813871C7D402A05F2E3A7075F9584A05
C:\WINDOWS\system32\DRIVERS\e22w8x64.sys 9169C8B55EA5060CAA6668780D2C9DE7
C:\WINDOWS\System32\Drivers\ksecdd.sys 304DA394D958BC3B62AF6DF514005B01
C:\WINDOWS\System32\Drivers\ksecpkg.sys 3D4AE520CD6F6FFE549DD195C1F515BE
C:\WINDOWS\system32\drivers\ksthunk.sys 11AFB527AA370B1DAFD5C36F35F6D45F
C:\WINDOWS\system32\DRIVERS\lltdio.sys C09010B3680860131631F53E8FE7BAD8
C:\WINDOWS\System32\drivers\lsi_sas.sys C755AE4635457AA2A11F79C0DF857ABC
C:\WINDOWS\System32\drivers\lsi_sas2.sys ADAC09CBE7A2040B7F68B5E5C9A75141
C:\WINDOWS\System32\drivers\lsi_sas3.sys 04D1274BB9BBCCF12BD12374002AA191
C:\WINDOWS\System32\drivers\lsi_sss.sys 327469EEF3833D0C584B7E88A76AEC0C
C:\WINDOWS\system32\drivers\luafv.sys DDEE191AB32DFC22C6465002ECDF5EE4
C:\WINDOWS\system32\drivers\mbam.sys A8D28D5B3E2A528D1EF0E338E44F2820
C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys 8F22037D3F5A6BB676525D825A1388B9
C:\WINDOWS\system32\drivers\mwac.sys 85CFE7AB85B43B6B7AC7961AA3983A9F
C:\WINDOWS\System32\drivers\megasas.sys EB5C03A070F30D64A6DF80E53B22F53F
C:\WINDOWS\System32\drivers\megasr.sys F6F13533196DE7A582D422B0241E4363
C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys E0EF6C1399A9B1AAA0B28590411BED04
C:\WINDOWS\System32\drivers\modem.sys 8B38C44F69259987C95135C9627E2378
C:\WINDOWS\System32\drivers\monitor.sys 601589000CC90F0DF8DA2CC254A3CCC9
C:\WINDOWS\System32\drivers\mouclass.sys 08374E4E5B8914DE6067CBA99F61E930
C:\WINDOWS\System32\drivers\mouhid.sys 5FCBAB60598AE119E02B4C27DE6B99EA
C:\WINDOWS\System32\drivers\mountmgr.sys 24DABC0A77FAFDC0E379AB3B30F61BB6
C:\WINDOWS\System32\drivers\mpsdrv.sys 6FC047578785B0435F4E2660946D1ADC
C:\WINDOWS\system32\drivers\mrxdav.sys 3F818C1518DA702C8F10259095C9BDE0
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys C3B0566DE49265AE98405825938C20A1
C:\WINDOWS\System32\DRIVERS\mrxsmb10.sys 15D7AF1A26CCEBA32DF21A8E2098F463
C:\WINDOWS\System32\DRIVERS\mrxsmb20.sys 0790EEB1EC199F8BE8259E47B373ED23
C:\WINDOWS\system32\DRIVERS\bridge.sys F3C060444777A59FC63D920719E43CCD
C:\Windows\System32\Drivers\Msfs.sys D13329FBF8345B28AB30F44CC247DC08
C:\WINDOWS\System32\drivers\msgpiowin32.sys C6B474E46F9E543B875981ED3FFE6ADD
C:\WINDOWS\System32\drivers\mshidkmdf.sys 65C92EB9D08DB5C69F28C7FFD4E84E31
C:\WINDOWS\System32\drivers\mshidumdf.sys 52299F086AC2DAFD100DD5DC4A8614BA
C:\WINDOWS\System32\drivers\msisadrv.sys 36D92AF3343C3A3E57FEF11C449AEA4C
C:\WINDOWS\system32\drivers\MSKSSRV.sys A9BBBD2BAE6142253B9195E949AC2E8D
C:\WINDOWS\system32\DRIVERS\mslldp.sys 51B3AC0560848CD6D65AC2033E293113
C:\WINDOWS\system32\drivers\MSPCLOCK.sys 7B2128EB875DCBC006E6A913211006D6
C:\WINDOWS\system32\drivers\MSPQM.sys 1E88171579B218115C7A772F8DE04BD8
C:\Windows\System32\Drivers\MsRPC.sys BBE2A455053E63BECBF42C2F9B21FAE0
C:\WINDOWS\System32\drivers\mssmbios.sys 8D6B7D515C5CBCDB75B928A0B73C3C5E
C:\WINDOWS\system32\drivers\MSTEE.sys 115019AE01E0EB9C048530D2928AB4A2
C:\WINDOWS\System32\drivers\MTConfig.sys 96D604A35070360F0DD4A7A8AF410B5E
C:\WINDOWS\System32\Drivers\mup.sys 438EA7A2D8D4F9B8AFB64748ACA70BA8
C:\WINDOWS\System32\drivers\mvumis.sys B8C35C94DCB2DFEAF03BB42131F2F77F
C:\WINDOWS\system32\DRIVERS\nwifi.sys 008F7CED69FD5B30CBDE1E03C6F36A27
C:\WINDOWS\System32\drivers\ndis.sys 97DC5967F65503213FD1F1B3E4A6F983
C:\WINDOWS\system32\DRIVERS\ndiscap.sys 8CECC8DA55F3274181FD1EA28AD76664
C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys 269882812E9A68FFF1AFE1283D428322
C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys 269882812E9A68FFF1AFE1283D428322
C:\WINDOWS\system32\DRIVERS\ndistapi.sys DC1D9F692C2AD84C214584C28501C1F7
C:\WINDOWS\system32\DRIVERS\ndisuio.sys B832B35055BA2B7B4181861FF94D8E59
C:\WINDOWS\System32\drivers\NdisVirtualBus.sys 1F58E48EF75F34C35D8E93A0DC535CFE
C:\WINDOWS\system32\DRIVERS\ndiswan.sys C3755FCF9A0B5C6FE8ED9E873B85D3CE
C:\WINDOWS\system32\DRIVERS\ndiswan.sys C3755FCF9A0B5C6FE8ED9E873B85D3CE
C:\Windows\System32\Drivers\NDProxy.sys B8F36CBC72FC5C8B8A30AD850165EA8E
C:\WINDOWS\System32\drivers\Ndu.sys 3083926D1CC5B56EA0786527B557DD1B
C:\WINDOWS\System32\DRIVERS\netbios.sys 42FF4975D032CAE558AE4BB8448F6E5A
C:\WINDOWS\System32\DRIVERS\netbt.sys 9DC17B7D9D84C37C102D379FCC7D4942
C:\WINDOWS\System32\drivers\netvsc63.sys D4DCE03870314D3354F3501F9DDD4123
C:\Windows\System32\Drivers\Npfs.sys 8F44A2F57C9F1A19AC9C6288C10FB351
C:\WINDOWS\System32\drivers\npsvctrig.sys CBDB4F0871C88DF930FC0E8588CA67FC
C:\WINDOWS\System32\drivers\nsiproxy.sys 0E046FF5823B95326D10CF1B4AF23541
C:\Windows\System32\Drivers\Ntfs.sys 9980B262DBE439AE6BDC91AA985F19EE
C:\Windows\System32\Drivers\Null.sys EF1B290FC9F0E47CC0B537292BEE5904
C:\WINDOWS\system32\drivers\nvhda64v.sys CC9B3C3B1561914A60A95A2586C54001
C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys 6FF1F83FE08AABAF0EF451A406EA1F38
C:\WINDOWS\System32\drivers\nvraid.sys BC6B5942AFF25EBAF62DE43C3807EDF8
C:\WINDOWS\System32\drivers\nvstor.sys 1F43ABFFAC3D6CA356851D517392966E
C:\WINDOWS\system32\DRIVERS\nvstusb.sys B308BBAA043907FBC92D78A3050D275A
C:\WINDOWS\System32\drivers\nv_agp.sys 6934A936A7369DFE37B7DBA93F5E5E49
C:\WINDOWS\System32\drivers\parport.sys 57DCE4FB0467986AE78E1C6FC5240D32
C:\WINDOWS\System32\drivers\partmgr.sys BAFF6122CFC9F95CA175AD8C348179A4
C:\WINDOWS\System32\drivers\pci.sys 91ED124E261EA8FAA1C0FFDF2A71B0C4
C:\WINDOWS\System32\drivers\pciide.sys 346E38FCC6859A727DD28AFAD1F0AFF4
C:\WINDOWS\System32\drivers\pcmcia.sys 4D3BDCC1C7B40C9D7B6AD990E6DEC397
C:\WINDOWS\System32\drivers\pcw.sys BF28771D1436C88BE1D297D3098B0F7D
C:\WINDOWS\System32\drivers\pdc.sys ED54A75050211DC77F9B98C41E026858
C:\WINDOWS\System32\drivers\peauth.sys 0ECEE590F2E2EF969FB74A6FC583A1E6
C:\WINDOWS\System32\drivers\processr.sys ECD373F9571C745894367CC2635EA44F
C:\WINDOWS\system32\DRIVERS\pacer.sys FC0141B4A5AD6D637D883C1A89FC45C5
C:\WINDOWS\system32\drivers\qwavedrv.sys 83868EB2924E6BC21A54337C65D614D1
C:\WINDOWS\System32\DRIVERS\rasacd.sys B337B1F1E82A83E20A1743E008E25C0F
C:\WINDOWS\system32\DRIVERS\raspppoe.sys 5247F308C4103CDC4FE12AE1D235800A
C:\WINDOWS\system32\DRIVERS\rassstp.sys 41F631007A158FEBB67F0E2AD1601BBA
C:\WINDOWS\System32\DRIVERS\rdbss.sys D67ED4AB59D1EF66B05AD1A81AC28B26
C:\WINDOWS\System32\drivers\rdpbus.sys 6B21EBF892CD8CACB71669B35AB5DE32
C:\WINDOWS\System32\drivers\rdpdr.sys 680C1DAE268B6FB67FA21B389A8B79EF
C:\WINDOWS\System32\drivers\rdpvideominiport.sys BC8A79C625568DDB7DCA49D0C2741A64
C:\WINDOWS\System32\drivers\rdyboost.sys A26AEC49F318FEE141DDDB2C5F99B3E6
C:\Windows\System32\Drivers\ReFS.sys 2D39BCFA4DD1081B8F282B623456B858
C:\WINDOWS\System32\drivers\rfcomm.sys DC66AE45816614D2999DCD3834DCCC4E
C:\WINDOWS\system32\DRIVERS\RtsPStor.sys 57D7B7CB015A7BE60C05A13F1B9C6AD0
C:\WINDOWS\System32\DRIVERS\rspLLL64.sys 742186A23B9B3E7F90FAA4595291ED0C
C:\WINDOWS\system32\DRIVERS\rspndr.sys 2D05A5508F4685412F2B89E8C2189ABC
C:\WINDOWS\System32\drivers\vms3cap.sys 1A063730F221B2746FF00457AE17E4F0
C:\WINDOWS\System32\drivers\sbp2port.sys C624A1B32211C3166EDB3F4AB02A30B7
C:\WINDOWS\System32\DRIVERS\scfilter.sys 13BEA6C882D4D877A5A85CA149C86BC1
C:\WINDOWS\System32\drivers\sdbus.sys C54B6B2170BF628FD42F799A66956D75
C:\WINDOWS\System32\drivers\sdstor.sys 0B1E929D11A8E358106955603FAC65E8
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\WINDOWS\System32\drivers\SerCx.sys DB2FF24CE0BDD15FE75870AFE312BA89
C:\WINDOWS\System32\drivers\SerCx2.sys 0044B31F93946D5D41982314381FE431
C:\WINDOWS\System32\drivers\serenum.sys 1F0135949A6AD6025F363F80FE268251
C:\WINDOWS\System32\drivers\serial.sys 81633C87B42B63BA484A6177179AC750
C:\WINDOWS\System32\drivers\sermouse.sys 148195AE95D9BC7375A08846439FDAC1
C:\WINDOWS\System32\drivers\sfloppy.sys 472B7A5AC181C050888DB454663DD764
C:\WINDOWS\System32\drivers\SiSRaid2.sys 2F518D13DD6F3053837FE606F1A2EA1F
C:\WINDOWS\System32\drivers\sisraid4.sys 1AC9A200A9C49C4508F04AAFFCA34A3F
C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys 5476D773EE180AEB9CADA786EA131777
C:\WINDOWS\System32\drivers\spaceport.sys 546B88E6906EE9813EFE314DC95E3488
C:\WINDOWS\System32\drivers\SpbCx.sys F337BE11071818FC3F5DC2940B6BDE34
C:\WINDOWS\System32\DRIVERS\srv.sys 36B082C7A764A34FB1DC72D975870B61
C:\WINDOWS\System32\DRIVERS\srv2.sys F5849909D4B29B4E3D4445F943E5C7E3
C:\WINDOWS\System32\DRIVERS\srvnet.sys FABC49666708EA562549E78E6FBF3191
C:\WINDOWS\System32\DRIVERS\stdcfltn.sys F03B03AA7A18DEB0538D242F1DA01481
C:\WINDOWS\System32\drivers\stexstor.sys 366DEA74BBA65B362BCCFC6FC2ADFD8B
C:\WINDOWS\System32\drivers\storahci.sys 0ED2E318ABB68C1A35A8B8038BDB4C90
C:\WINDOWS\System32\drivers\vmstorfl.sys 8B9486B64E5FC17FB9CC04CA10B77A34
C:\WINDOWS\System32\drivers\stornvme.sys 0EDD1F4D470C775740625B06A60C9DD5
C:\WINDOWS\System32\drivers\storvsc.sys 548759755BC73DAD663250239D7E0B9F
C:\WINDOWS\system32\DRIVERS\ST_Accel.sys 21E86F8775A724218CCAF9009106375E
C:\WINDOWS\System32\drivers\swenum.sys 65454187E0F8B6C0DCECB0287D06EC43
C:\WINDOWS\system32\DRIVERS\SynTP.sys 75B2DF282F2D40C7DC721EC4CADC7DB5
C:\WINDOWS\System32\drivers\tcpip.sys 2F10C145F517419E17203632FCDA0A13
C:\WINDOWS\system32\DRIVERS\tcpip.sys 2F10C145F517419E17203632FCDA0A13
C:\WINDOWS\System32\drivers\tcpipreg.sys 41CF802064F72E55F50CA0A221FD36D4
C:\WINDOWS\system32\DRIVERS\tdx.sys E0BD2D83875464FEEEB242CBA8B7E073
C:\WINDOWS\System32\drivers\terminpt.sys 232D185D2337F141311D0CF1983E1431
C:\WINDOWS\system32\drivers\tpm.sys 80A2FC1A089A71F2DBE5D8394FFB009F
C:\WINDOWS\System32\drivers\tsusbflt.sys BF8F54CA37E9C9D6582C31C5761F8C93
C:\WINDOWS\System32\drivers\TsUsbGD.sys 20185BEB7512EDE4EFECDFA148AC9F99
C:\WINDOWS\system32\DRIVERS\tunnel.sys E85916632CD3B9E9B546968DB950BF42
C:\WINDOWS\System32\drivers\uagp35.sys F6EEAD052943B5A3104C1405BB856C54
C:\WINDOWS\System32\drivers\uaspstor.sys FE6067B1FD4E63650C667B33D080565B
C:\WINDOWS\System32\drivers\ucx01000.sys 807F8CF3E973305FC435C61CBBEE2A49
C:\WINDOWS\System32\DRIVERS\udfs.sys C61EAF8E1E4B2F62BA4FDF457440B2C6
C:\WINDOWS\System32\drivers\UEFI.sys 9578691F297E1B1F519970FE6D47CB21
C:\WINDOWS\System32\drivers\uliagpkx.sys 5EAB5117DDB24FC4D39E6FFFCF1837B9
C:\WINDOWS\System32\drivers\umbus.sys DA34C39A18E60E7C3FA0630566408034
C:\WINDOWS\System32\drivers\umpass.sys AE8294875E5446E359B1E8035D40C05E
C:\WINDOWS\system32\drivers\usbaudio.sys DF355EB0199198728027962DCFCDE5FB
C:\WINDOWS\System32\drivers\usbccgp.sys FF78D053A05E5A394F4E3C1816CC65A8
C:\WINDOWS\System32\drivers\usbcir.sys 0139248F6B95CF0D837B5B46A2722D40
C:\WINDOWS\System32\drivers\usbehci.sys C996CBEF922B5653A01E3F50DDCE2F86
C:\WINDOWS\System32\drivers\usbhub.sys CD81683F4553677B9BF5163A922153EB
C:\WINDOWS\System32\drivers\UsbHub3.sys 5C90D5379B53590FBB24BBAD4FA682EE
C:\WINDOWS\System32\drivers\usbohci.sys A0F0484C97D6441ED6A75D7426ECCC9E
C:\WINDOWS\System32\drivers\usbprint.sys 4D655E3B684BE9B0F7FFD8A2935C348C
C:\WINDOWS\system32\DRIVERS\usbscan.sys 0F030491BA4A27BD46F8B8ACEEE83F1A
C:\WINDOWS\system32\DRIVERS\usbser.sys 029DFB6E5B38ADD45561A8CE0F60B331
C:\WINDOWS\System32\drivers\USBSTOR.SYS 9D168BFA334D47BE404367EB58D4E130
C:\WINDOWS\System32\drivers\usbuhci.sys FC974B03C8B87455F44F734C8F31A3C8
C:\WINDOWS\System32\Drivers\usbvideo.sys 5C8F604F6DC74177CDD8372D7B1ADFF0
C:\WINDOWS\System32\drivers\USBXHCI.SYS 44603DA5A87FB491EF59C889EBBB4DDB
C:\WINDOWS\System32\drivers\vdrvroot.sys FEB26E3B8345A7E8D62F945C4AE86562
C:\WINDOWS\System32\drivers\VerifierExt.sys A026EDEAA5EECAE0B08E2748B616D4BD
C:\WINDOWS\System32\drivers\vhdmp.sys 8ABB4BABF59F092DF0B43778D8FD1884
C:\WINDOWS\System32\drivers\viaide.sys 06D38968028E9AB19DE9B618C7B6D199
C:\WINDOWS\System32\drivers\vmbus.sys 511AD3FF957A0127E6BD336FF6F89C38
C:\WINDOWS\System32\drivers\VMBusHID.sys DA40BEA0A863CE768C940CA9723BF81F
C:\WINDOWS\System32\drivers\volmgr.sys 436E1A724E7E683F6B612D3D58F04241
C:\WINDOWS\System32\drivers\volmgrx.sys CCB9E901F7254BF96D28EB1B0E5329B7
C:\WINDOWS\System32\drivers\volsnap.sys 17F7B0F2298D97F4B6C7A69511033D3D
C:\WINDOWS\System32\drivers\vpci.sys DAC438FB5FF85A9E72806E2341D5D732
C:\WINDOWS\System32\drivers\vsmraid.sys 4539F45F9F4C9757A86A56C949421E07
C:\WINDOWS\System32\drivers\vstxraid.sys 0849B7260F26FE05EA56DED0672E2F4B
C:\WINDOWS\System32\drivers\vwifibus.sys 71066FF95C487327E44C8AF1B72EBE8B
C:\WINDOWS\system32\DRIVERS\vwififlt.sys 29AB43937FFDA0B0FB56984226E698C6
C:\WINDOWS\system32\DRIVERS\vwifimp.sys 8B8624A93E3F88CB923AEB05B6313227
C:\WINDOWS\System32\drivers\wacompen.sys 0910AB9ED404C1434E2D0376C2AD5D8B
C:\WINDOWS\System32\drivers\WdBoot.sys 81285DDC994F03379DB46419300B2DCB
C:\WINDOWS\System32\drivers\wdcsam64.sys A556768CC1FA4F36022BEE2F0EDE2566
C:\WINDOWS\System32\drivers\Wdf01000.sys CB6C63FF8342B467E2EF76E98D5B934D
C:\WINDOWS\System32\drivers\WdFilter.sys 26B8FED3F3B85F5F0C4BD03FD00B9941
C:\WINDOWS\System32\Drivers\WdNisDrv.sys CE67080F00E0AF32755096CEA6430ABA
C:\WINDOWS\System32\DRIVERS\wfplwfs.sys 715ABA3DD164D06457A2A3C92F6EA9D5
C:\WINDOWS\System32\drivers\wimmount.sys 5F66B7BB330AA80067FC66149A692620
C:\WINDOWS\System32\drivers\WinUSB.SYS 3AF1FA17F1C4ACBDB660D8F98B1A9C13
C:\WINDOWS\System32\drivers\wmiacpi.sys 2834D9D3B4F554A39C72F00EA3F0E128
C:\Windows\System32\Drivers\Wof.sys 7FC5667DF73D4B04AA457CC3A4180E09
C:\WINDOWS\System32\DRIVERS\wpcfltr.sys A2468CC3509394A33C4C32F99563D845
C:\WINDOWS\System32\drivers\WpdUpFltr.sys 9F2904B55F6CECCD1A8D986B5CE2609A
C:\WINDOWS\system32\drivers\ws2ifsl.sys AE072B0339D0A18E455DC21666CAD572
C:\WINDOWS\System32\drivers\WSDPrint.sys F586F3F1BF962FE9AE4316E0D896B22F
C:\WINDOWS\system32\DRIVERS\WSDScan.sys 58035FD3369879E02D65989C44D27450
C:\WINDOWS\System32\drivers\WudfPf.sys 481286719402E4BAEFEA0604AB1B5113
C:\WINDOWS\System32\drivers\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F
C:\WINDOWS\System32\drivers\xb1usb.sys 01AD1FD7751E0E9F1C5704D38D21EC92
C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys 127702D90B07657E8421817D2D50A097

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-10 14:52 - 2017-03-10 14:52 - 00043664 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2017-03-10 03:57 - 2017-03-10 04:01 - 00139838 _____ C:\Users\Tyler\Downloads\Shortcut.txt
2017-03-10 03:55 - 2017-03-10 04:01 - 00094837 _____ C:\Users\Tyler\Downloads\Addition.txt
2017-03-10 03:53 - 2017-03-10 15:04 - 00051994 _____ C:\Users\Tyler\Downloads\FRST.txt
2017-03-10 03:52 - 2017-03-10 15:04 - 00000000 ____D C:\FRST
2017-03-10 03:51 - 2017-03-10 03:51 - 02423808 _____ (Farbar) C:\Users\Tyler\Downloads\FRST64.exe
2017-03-10 02:47 - 2017-03-10 02:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-03-04 14:23 - 2017-03-04 14:23 - 00000000 ____D C:\ProgramData\UniqueId
2017-03-04 14:22 - 2017-03-04 14:22 - 00000000 ____D C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinZip 21.0
2017-03-04 14:19 - 2017-03-04 14:24 - 00000000 ____D C:\Users\Tyler\AppData\Roaming\Anvsoft
2017-03-04 14:19 - 2017-03-04 14:19 - 00000000 ____D C:\Users\Tyler\Documents\Any Audio Converter
2017-03-04 14:18 - 2017-03-04 14:25 - 00000000 ____D C:\Program Files (x86)\Anvsoft
2017-03-04 06:07 - 2017-03-04 06:08 - 00000000 ____D C:\Users\Tyler\Desktop\iZera
2017-02-24 17:21 - 2017-02-24 17:21 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2017-02-21 10:28 - 2017-02-21 10:28 - 00000000 ____D C:\Users\Tyler\Downloads\ohgrahm - 02 02 2017 19-27-58 - I KNOW A 1MIL REQ POINT GLITCH - type !glitch in the chat
2017-02-18 18:23 - 2017-02-18 18:24 - 45264336 _____ (ReviverSoft) C:\Users\Tyler\Downloads\PCReviverSetup(1).exe
2017-02-16 15:22 - 2017-02-16 15:25 - 11581544 _____ (SurfRight B.V.) C:\Users\Tyler\Downloads\hitmanpro_x64.exe
2017-02-16 13:23 - 2017-02-16 13:24 - 00554382 _____ C:\Users\Tyler\Downloads\Salt v Water.htm
2017-02-16 13:23 - 2017-02-16 13:24 - 00000000 ____D C:\Users\Tyler\Downloads\Salt v Water_files
2017-02-07 19:17 - 2017-02-07 19:17 - 00000000 ____D C:\Users\Tyler\D2LOD-1.14b-Installer-enUS
2017-01-30 17:24 - 2017-01-30 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-01-14 01:35 - 2017-01-14 01:35 - 00003402 _____ C:\WINDOWS\System32\Tasks\{051C424B-0D15-4EBD-9BAE-FD3CF311E0DC}
2016-12-24 16:05 - 2016-12-24 16:05 - 00000000 ____D C:\ProgramData\PC-Doctor, Inc
2016-12-20 10:09 - 2016-12-20 10:09 - 00087069 _____ C:\Users\Tyler\Downloads\Team building..jpg
2016-12-15 00:31 - 2017-02-28 17:30 - 00003176 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2016-12-14 20:56 - 2016-12-02 00:43 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2016-12-14 20:56 - 2016-12-02 00:43 - 00678592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2016-12-14 20:56 - 2016-12-02 00:41 - 00875720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2016-12-14 20:56 - 2016-12-02 00:41 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2016-12-14 20:56 - 2016-10-20 23:44 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2016-12-14 20:56 - 2016-10-20 23:40 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2016-12-14 20:49 - 2016-11-20 07:54 - 00567152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-14 20:49 - 2016-11-20 07:54 - 00152856 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-14 20:49 - 2016-11-20 05:59 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-12-14 20:49 - 2016-11-20 05:14 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-12-14 20:49 - 2016-11-20 04:23 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-12-14 20:49 - 2016-11-20 03:52 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-14 20:49 - 2016-11-17 08:19 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-14 20:49 - 2016-11-13 07:36 - 00738104 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-12-14 20:49 - 2016-11-13 06:08 - 00613632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-12-14 20:49 - 2016-11-13 05:55 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-12-14 20:49 - 2016-11-13 05:38 - 25759744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-14 20:49 - 2016-11-13 05:37 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-12-14 20:49 - 2016-11-13 05:23 - 06049280 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-14 20:49 - 2016-11-13 04:59 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-12-14 20:49 - 2016-11-13 04:53 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-12-14 20:49 - 2016-11-13 04:47 - 20302848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-14 20:49 - 2016-11-13 04:44 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-12-14 20:49 - 2016-11-13 04:40 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-12-14 20:49 - 2016-11-13 04:15 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-12-14 20:49 - 2016-11-13 04:11 - 15257088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-14 20:49 - 2016-11-13 04:08 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-12-14 20:49 - 2016-11-13 04:07 - 04608000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-14 20:49 - 2016-11-13 04:05 - 02920960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-14 20:49 - 2016-11-13 03:51 - 13653504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-14 20:49 - 2016-11-13 03:50 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-14 20:49 - 2016-11-13 03:41 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-12-14 20:49 - 2016-11-13 03:35 - 02444800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-14 20:49 - 2016-11-13 03:32 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-14 20:49 - 2016-11-13 03:32 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-12-14 20:49 - 2016-11-11 13:03 - 01541240 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-14 20:49 - 2016-11-10 03:55 - 01376768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-14 20:49 - 2016-11-06 07:16 - 00422744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-12-14 20:49 - 2016-11-06 05:05 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-14 20:49 - 2016-11-06 04:27 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-14 20:49 - 2016-11-06 03:41 - 03606528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-14 20:49 - 2016-11-06 02:26 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-12-14 20:49 - 2016-11-06 02:16 - 02463744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-12-14 20:49 - 2016-10-28 13:26 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-12-14 20:49 - 2016-10-28 00:58 - 01097728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-12-14 20:49 - 2016-10-13 08:19 - 00379224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-12-14 20:49 - 2016-10-13 07:41 - 00922968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2016-12-14 20:49 - 2016-10-12 03:15 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-12-14 20:49 - 2016-10-11 10:01 - 00990040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-12-14 20:49 - 2016-10-11 04:48 - 00069976 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
2016-12-14 20:49 - 2016-10-11 04:48 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cmimcext.sys
2016-12-14 20:49 - 2016-10-10 00:47 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionQueue.dll
2016-12-14 20:49 - 2016-10-10 00:38 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll
2016-12-14 20:49 - 2016-10-10 00:38 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsetup.dll
2016-12-14 20:49 - 2016-10-09 08:54 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-12-14 20:49 - 2016-10-09 08:01 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-12-14 20:49 - 2016-10-09 07:40 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-12-14 20:49 - 2016-10-06 00:31 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-12-14 20:49 - 2016-10-06 00:30 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-12-14 20:49 - 2016-10-06 00:30 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-12-14 20:49 - 2016-10-06 00:22 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-12-14 20:49 - 2016-10-06 00:22 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2016-12-14 20:49 - 2016-10-05 14:45 - 01969944 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-12-14 20:49 - 2016-10-05 14:45 - 01613528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-12-14 20:49 - 2016-10-05 14:45 - 00324896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-12-14 20:49 - 2016-10-05 14:45 - 00245320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-12-14 20:49 - 2016-09-28 06:46 - 00445873 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-12-14 20:49 - 2016-09-21 09:00 - 02462040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-12-14 00:46 - 2017-01-14 01:35 - 00000000 ____D C:\Users\Tyler\AppData\Local\chromium
2016-12-12 00:00 - 2016-12-12 00:00 - 00040050 _____ C:\Users\Tyler\Downloads\lol moi.jpg

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-12-05 14:22 - 2013-08-23 02:06 - 00000000 ____D C:\WINDOWS\Tasks
2017-03-10 14:49 - 2013-08-23 02:06 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-10 14:45 - 2016-11-21 03:44 - 00000274 _____ C:\WINDOWS\Tasks\{46ECFCC6-6E67-D2BA-67FA-53ACE75CE130}.job
2017-03-10 14:45 - 2014-01-18 11:13 - 00000000 ____D C:\Program Files (x86)\AlienRespawn
2017-03-10 14:42 - 2014-04-30 23:46 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-662298655-4248247804-1699957461-1002
2017-03-10 14:41 - 2014-11-21 19:14 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-10 14:41 - 2013-08-23 00:06 - 00000000 ____D C:\WINDOWS\Inf
2017-03-10 14:40 - 2014-05-12 21:16 - 00000000 ___DO C:\Users\Tyler\OneDrive
2017-03-10 14:37 - 2016-11-16 17:24 - 00000000 ____D C:\Users\Tyler\AppData\LocalLow\Mozilla
2017-03-10 14:37 - 2015-03-12 20:57 - 00000624 _____ C:\WINDOWS\Tasks\MATLAB R2012a Startup Accelerator.job
2017-03-10 14:36 - 2015-07-22 18:19 - 00000504 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-03-10 14:36 - 2015-02-09 02:30 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-10 14:36 - 2013-08-23 01:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-10 04:36 - 2014-05-02 23:48 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-03-10 04:14 - 2016-11-21 03:44 - 00001000 _____ C:\WINDOWS\Tasks\Search Provided by Bing lafan.job
2017-03-10 03:12 - 2016-11-02 18:35 - 00000000 ____D C:\Yu-Gi-Oh! The Dawn of a New Era
2017-03-10 03:11 - 2015-06-07 22:39 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-10 03:04 - 2015-06-07 22:41 - 00000000 ____D C:\Users\Tyler\AppData\Local\Steam
2017-03-10 02:47 - 2015-06-10 00:25 - 00001867 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-03-09 22:14 - 2016-11-21 03:44 - 00000000 ____D C:\ProgramData\{0673C310-8C31-49D6-0AF7-D79490B55C5A}
2017-03-09 20:45 - 2016-11-16 15:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-09 20:45 - 2014-04-30 02:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-09 06:34 - 2016-04-01 18:34 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-03-08 21:43 - 2014-04-30 02:16 - 00000000 ____D C:\Users\Tyler\AppData\Local\Packages
2017-03-06 14:26 - 2016-10-16 01:20 - 00000000 ____D C:\Users\Tyler\AppData\Roaming\discord
2017-03-06 02:34 - 2015-12-02 13:16 - 00000000 ____D C:\Users\Tyler\AppData\Roaming\Skype
2017-03-05 15:49 - 2015-02-09 02:33 - 00000000 ____D C:\Users\UpdatusUser
2017-03-05 15:47 - 2015-02-09 02:33 - 00000000 ____D C:\Users\Tyler
2017-03-05 12:46 - 2013-08-23 02:06 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-04 14:26 - 2015-06-01 02:07 - 00000000 ____D C:\ProgramData\WinZip
2017-03-04 14:25 - 2015-11-01 23:20 - 00000000 ____D C:\Program Files (x86)\Majenko Technologies
2017-03-04 14:15 - 2013-08-23 02:06 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-03-02 09:13 - 2013-08-23 02:06 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-02 09:12 - 2014-04-30 22:16 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-03-01 02:18 - 2016-09-04 17:06 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-28 17:37 - 2016-10-16 01:20 - 00002212 _____ C:\Users\Tyler\Desktop\Discord.lnk
2017-02-28 17:37 - 2016-10-16 01:20 - 00000000 ____D C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-02-28 17:37 - 2016-10-16 01:19 - 00000000 ____D C:\Users\Tyler\AppData\Local\Discord
2017-02-28 17:30 - 2016-04-23 14:26 - 00002342 _____ C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-02-28 17:30 - 2015-02-09 02:39 - 00003184 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-662298655-4248247804-1699957461-1002
2017-02-27 14:55 - 2016-11-21 03:44 - 00000000 ____D C:\Users\Tyler\AppData\Local\JDownloader v2.0
2017-02-24 17:21 - 2014-01-18 11:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alienware
2017-02-24 00:07 - 2014-05-05 13:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-24 00:07 - 2012-07-26 18:29 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-24 00:05 - 2014-05-05 13:36 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-23 23:55 - 2016-03-22 10:11 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-17 12:36 - 2014-05-02 23:48 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-02-17 12:36 - 2013-08-23 02:06 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-17 12:36 - 2013-08-23 02:06 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-16 15:26 - 2015-06-10 00:25 - 00000000 ____D C:\Program Files\HitmanPro
2017-02-16 15:26 - 2015-02-15 19:23 - 00001712 _____ C:\WINDOWS\System32\Tasks\{7336F4F9-88FB-446F-968E-C9E1A663F1FE}
2017-02-16 15:26 - 2015-02-09 17:03 - 00002634 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EA12E85B-7095-491F-9947-386CF588C7E9}
2017-02-16 15:26 - 2014-01-18 11:06 - 00001826 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2017-02-08 16:54 - 2014-05-01 21:01 - 08462848 ___SH C:\Users\Tyler\Downloads\Thumbs.db

==================== Files in the root of some directories =======

2016-11-22 00:44 - 2017-01-09 00:45 - 0000320 _____ () C:\Users\Tyler\AppData\Roaming\WB.CFG
2014-06-06 15:32 - 2014-06-06 15:32 - 0001238 _____ () C:\Users\Tyler\AppData\Local\recently-used.xbel
2014-01-18 11:05 - 2014-01-18 11:05 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-02-15 19:19 - 2015-02-15 19:19 - 0000032 _____ () C:\ProgramData\Temp.log
2014-01-18 11:13 - 2014-01-18 11:13 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-01-18 11:12 - 2014-01-18 11:12 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-01-18 11:12 - 2014-01-18 11:13 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-01-18 11:12 - 2014-01-18 11:12 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2014-01-18 11:13 - 2014-01-18 11:13 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Files to move or delete:
====================
C:\Windows\Tasks\{46ECFCC6-6E67-D2BA-67FA-53ACE75CE130}.job


Some files in TEMP:
====================
2017-02-27 14:55 - 2017-02-27 14:55 - 0040448 ____N () C:\Users\Tyler\AppData\Local\Temp\proxy_vole260967733898551096.dll
2017-02-27 14:55 - 2017-02-27 14:55 - 0040448 ____N () C:\Users\Tyler\AppData\Local\Temp\proxy_vole29022568579514194.dll
2017-02-27 14:55 - 2017-02-27 14:55 - 0040448 ____N () C:\Users\Tyler\AppData\Local\Temp\proxy_vole4222765312314003305.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {5537ee52-1da7-11e6-801a-806e6f6e6963}
                        {5537ee50-1da7-11e6-801a-806e6f6e6963}
                        {5537ee51-1da7-11e6-801a-806e6f6e6963}
timeout                 0

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume3
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
integrityservices       Enable
default                 {current}
resumeobject            {22c69c33-7fde-11e3-8e58-ecf4bb047ebe}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Firmware Application (101fffff)
-------------------------------
identifier              {5537ee50-1da7-11e6-801a-806e6f6e6963}
description             EFI USB Device

Firmware Application (101fffff)
-------------------------------
identifier              {5537ee51-1da7-11e6-801a-806e6f6e6963}
description             EFI DVD/CDROM

Firmware Application (101fffff)
-------------------------------
identifier              {5537ee52-1da7-11e6-801a-806e6f6e6963}
description             EFI Network

Firmware Application (101fffff)
-------------------------------
identifier              {b6ed7931-934e-11e6-8059-54271e32dee6}
description             UEFI Onboard LAN IPv4

Firmware Application (101fffff)
-------------------------------
identifier              {b6ed7932-934e-11e6-8059-54271e32dee6}
description             UEFI Onboard LAN IPv6

Windows Boot Loader
-------------------
identifier              {22c69c30-7fde-11e3-8e58-ecf4bb047ebe}
device                  ramdisk=[\Device\HarddiskVolume6]\Recovery\WindowsRE\Winre.wim,{22c69c31-7fde-11e3-8e58-ecf4bb047ebe}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-us
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume6]\Recovery\WindowsRE\Winre.wim,{22c69c31-7fde-11e3-8e58-ecf4bb047ebe}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.efi
description             Windows 8.1
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {22c69c35-7fde-11e3-8e58-ecf4bb047ebe}
integrityservices       Enable
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {22c69c33-7fde-11e3-8e58-ecf4bb047ebe}
nx                      OptIn
bootmenupolicy          Standard

Windows Boot Loader
-------------------
identifier              {22c69c35-7fde-11e3-8e58-ecf4bb047ebe}
device                  ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{22c69c36-7fde-11e3-8e58-ecf4bb047ebe}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{22c69c36-7fde-11e3-8e58-ecf4bb047ebe}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {c784cc7b-7fd3-11e3-8227-ecf4bb047ebe}
device                  ramdisk=[\Device\HarddiskVolume6]\Recovery\WindowsRE\Winre.wim,{c784cc7c-7fd3-11e3-8227-ecf4bb047ebe}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-us
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[\Device\HarddiskVolume6]\Recovery\WindowsRE\Winre.wim,{c784cc7c-7fd3-11e3-8227-ecf4bb047ebe}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {22c69c33-7fde-11e3-8e58-ecf4bb047ebe}
device                  partition=C:
path                    \WINDOWS\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {22c69c35-7fde-11e3-8e58-ecf4bb047ebe}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {c784cc79-7fd3-11e3-8227-ecf4bb047ebe}
device                  partition=C:
path                    \Windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {22c69c30-7fde-11e3-8e58-ecf4bb047ebe}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume3
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 No

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {22c69c31-7fde-11e3-8e58-ecf4bb047ebe}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume6
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {22c69c32-7fde-11e3-8e58-ecf4bb047ebe}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {22c69c36-7fde-11e3-8e58-ecf4bb047ebe}
description             Windows Recovery
ramdisksdidevice        unknown
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {c784cc7c-7fd3-11e3-8227-ecf4bb047ebe}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume6
ramdisksdipath          \Recovery\WindowsRE\boot.sdi


LastRegBack: 2017-03-09 21:44

==================== End of FRST.txt ============================
 
Last edited by a moderator:
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,

Please run FRST again according to the instructions below without changing any options. Use Upload a File option to attach reports as documents.

FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked.

    2873ryc.png

  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please attach report into your next reply.
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments

  • fixlist.txt
    23.2 KB · Views: 33
H

HelloINeedHelp

New Member
Thread author
Verified
Mar 9, 2017
17
This is the fixlog.txt What should I do next? It still states that two of the HKLM/Software issues are still present... the HKU\S-1-5-21 has been removed.
 

Attachments

  • Fixlog.txt
    48.7 KB · Views: 2
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
adwcleaner_new.png
Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.
  • Right-click on
    adwcleaner_new.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner
 
H

HelloINeedHelp

New Member
Thread author
Verified
Mar 9, 2017
17
I ran anti-Malware afterwards which quarantined some threats... and they appear to have gone from my computer, however my computer still runs slow and the HKLM\Software... threats are still apparent.
 
H

HelloINeedHelp

New Member
Thread author
Verified
Mar 9, 2017
17
A "ReviverSoft" with the specification of HKLM\SOFTWARE\Classes\TypeLib And another "ReviverSoft" with the specification of HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib. I may also have spyware on my computer that was going across facebook messenger and applications. :/
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
FRST.gif
FRST search

Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:
  • Copy ReviverSoft into the Search: field in FRST then click the Search Registry button.
  • FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
  • Please attach it to your reply.
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments

  • fixlist.txt
    568 bytes · Views: 12
H

HelloINeedHelp

New Member
Thread author
Verified
Mar 9, 2017
17
Still slow input, but alot better... may need to check for spyware too? Dunno what is happening. Attempting to type but computer cannot keep up with the keyboard. :/
 

Similar threads

K
  • Locked
PowerShell/MaleficAms Powershell Infection Please Help
Replies
2
Views
2,494
Windows Malware Removal Help & Support
nasdaq
nasdaq
J
  • Locked
I need help with a Malware Spanish logs
Replies
2
Views
2,274
Windows Malware Removal Help & Support
nasdaq
nasdaq
F
    • Like
  • Locked
Service Host: Network List Service...Virus?
Replies
11
Views
2,353
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top