Jump to content

Search the Community

Showing results for tags 'MBAR'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 25 results

  1. After running the anti-rootkit scanner, going through the normal procedure and restarting my computer, my keyboard and mouse suddenly and randomly stop working. I have uninstalled and reinstalled the USB root hubs, and different mice and keyboards do not resolve the issue forcing me to reboot. Please help.
  2. I have a Windows 10 Home device that I am trying to assist the user to resolve an issue. The user is getting "The Requested Resource is in use" error, especially when she tries to run any EXEs. After a quickly look over, I noticed that she has Svcvmx.exe running and that it is in %UserProfile%\AppData\Local\ntuserlitelist\. It is blocking the ability to run any cleaner programs such as (MalwareBytes AntiMalware), starting the anti-virus program, etc. The only program that I have been able to run, so far is MBAR and it finds this and other items quickly, however it currently shows 7195 Malware Found, but is stuck in the "Not Responding" state. Any ideas?
  3. Hello, I have found on the task manager five windows process managers (32 bit) Every time I launch a game on steam, one or two of them would suddenly jump from 60% to 80% CPU usage. I have searched for a solution, scanned with malware-bytes free and adware cleaner, but nothing worked. Then I got mbar, but it just does not start. When I launch it, it would ask for administrator permission, and then nothing would happen. Malwarebytes log Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/22/17 Scan Time: 9:43 AM Log File: 6cf58efe-e726-11e7-901b-4ccc6a8170c6.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.3543 License: Free -System Information- OS: Windows 10 (Build 15063.786) CPU: x64 File System: NTFS User: MSI\Legitozone (H) -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 351463 Threats Detected: 5 Threats Quarantined: 3 Time Elapsed: 3 min, 52 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 5 PUP.Optional.RelevantKnowledge, C:\USERS\LEGITOZONE (H)\APPDATA\LOCAL\TEMP\~OSCD9C.TMP\RLXF.DLL, Removal Failed, [1136], [296186],1.0.3543 PUP.Optional.RelevantKnowledge, C:\USERS\LEGITOZONE (H)\APPDATA\LOCAL\TEMP\~OSCD9C.TMP\RLXG.DLL, Removal Failed, [1136], [296186],1.0.3543 PUP.Optional.Conduit, C:\USERS\LEGITOZONE (H)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Sync Data\SyncData.sqlite3, Replaced, [532], [454835],1.0.3543 PUP.Optional.Conduit, C:\USERS\LEGITOZONE (H)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Web Data, Replaced, [532], [454835],1.0.3543 PUP.Optional.Trovi, C:\USERS\LEGITOZONE (H)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Web Data, Replaced, [4703], [454808],1.0.3543 Physical Sector: 0 (No malicious items detected) (end) Adwarecleaner log # AdwCleaner 7.0.4.0 - Logfile created on Fri Dec 22 14:57:08 2017 # Updated on 2017/27/10 by Malwarebytes # Database: 12-21-2017.1 # Running on Windows 10 Home (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.Legacy, C:\ProgramData\Tencent PUP.Optional.Legacy, C:\ProgramData\Application Data\Tencent PUP.Optional.Legacy, C:\Users\All Users\Tencent ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* C:/AdwCleaner/AdwCleaner[C0].txt - [2112 B] - [2017/11/2 23:13:50] C:/AdwCleaner/AdwCleaner[C1].txt - [1556 B] - [2017/11/26 5:31:49] C:/AdwCleaner/AdwCleaner[C2].txt - [1564 B] - [2017/11/27 15:30:46] C:/AdwCleaner/AdwCleaner[S0].txt - [2059 B] - [2017/11/2 23:13:30] C:/AdwCleaner/AdwCleaner[S1].txt - [1590 B] - [2017/11/26 5:25:15] C:/AdwCleaner/AdwCleaner[S2].txt - [1449 B] - [2017/11/26 5:28:29] C:/AdwCleaner/AdwCleaner[S3].txt - [1414 B] - [2017/11/27 15:29:53] C:/AdwCleaner/AdwCleaner[S4].txt - [1423 B] - [2017/12/1 21:59:41] C:/AdwCleaner/AdwCleaner[S5].txt - [1491 B] - [2017/12/2 15:42:21] C:/AdwCleaner/AdwCleaner[S6].txt - [1559 B] - [2017/12/6 19:20:20] C:/AdwCleaner/AdwCleaner[S7].txt - [1627 B] - [2017/12/10 2:8:35] C:/AdwCleaner/AdwCleaner[S8].txt - [1823 B] - [2017/12/22 14:35:53] ########## EOF - C:\AdwCleaner\AdwCleaner[S9].txt ##########
  4. I'm not getting an answer on this in the MBAE forum. MBAR seems like it's most responsible for me seeing the TMP files. What's that about? MBAE and MBAR, Access Denied, visible TMP files - Anti-Exploit Beta - Malwarebytes Forums . . . https://forums.malwarebytes.com/topic/214152-mbae-and-mbar-access-denied-visible-tmp-files/
  5. I'm trying both of these: MBAE and MBAR I see that they don't auto-update. How often do they update? MBAE gives you the version number in the file name, but not MBAR. Any idea why? That's useful to know. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - MBAE 1.10.1.41 . . . mbae-setup-1.10.1.41.exe 1.11.1.18 . . . mbae-setup-1.11.1.18.exe MBAR mbarw-setup-consumer-0.9.18.807.exe . . . 0.9.18.807-1.1.117 mbarw-setup-consumer-0.9.18.807.exe . . . 0.9.18.807-1.1.86
  6. RUNNING WINDOWS 7! I logged on my computer the other day and realized Explorer.exe was taking over 80% of my CPU. But that wasn't all. There was two "client" applications running(according to task manager) and a couple of vxmclients running in processes, that would also take up 10%. I searched the problem, nobody had a real answer. I decided to turn to mbar. I scanned a probably 3-4 times and it would find malware, but it would freeze and not respond every time. I decided to separate the areas to scan. First I did drivers, it found 1, and cleaned it up(woo!). Then sectors, didn't find anything. System is where it found a lot, but froze up. Yes, I updated it every time. I'm sorry if this is rude in any way, I am really frustrated(not at you). As you can tell from my username, it is my baby. Any help is extremely appreciated.
  7. Hey guys, sorry about necro-ing this thread but I do have the exact same issue as EniNeu A scan with GMER reveals this as well : Service C:\WINDOWS\system32\drivers\WdBoot.sys (*** hidden *** ) [BOOT] WdBoot <-- ROOTKIT !!! Service C:\WINDOWS\system32\drivers\WdFilter.sys (*** hidden *** ) [BOOT] WdFilter <-- ROOTKIT !!! Service C:\Program Files (x86)\Windows Defender\MsMpEng.exe (*** hidden ***) [AUTO] WinDefend <-- ROOTKIT !!! I am wondering if I should attempt deletion through GMER or if there is a better way. Just in case this might be a false positive I've attached a log of the complete scan. Thank you in advance CHRONOS gmer scan 03.05.17.log
  8. First of all, Thank you this forum and staffs for providing solutions. I had "Resources in use" when starting antivirus or antispyware programs - similar to other users that I read here. Unable to start any antivirus or software at all. Windows defender can be run but did not detect anything. log files attached if staff can shed light on what kind of virus it is. CanNOT run Malware Anti-Rootkit Beta (or MBAR). It gave "Resource in use" error message I finally were able to run the MBAR that I could NOT run before. It may be because I "end task" some suspected processes and deleted some Registry entries related to the said processes. Took many tries and lots of methods recommended by staffs here. None worked until somehow were able to run the MBAR, as mention before, then "clean up," restart and running antivirus and antispyware scans now. Usually, I run both SuperAntispyware and MalwareBytes and it solved all the problems. Again, thank you MalwareBytes forum ! JRT1.txt FRST_28-03-2017 00.31.41.txt Addition_28-03-2017 01.37.00.txt MalwareBytes-after.virus.removed.txt
  9. Hello Malwarebytes Support, I am inquiring about Malwarebytes Anti-Rootkit Beta detecting a possible rootkit due to appinit_dlls being present, and upon clicking yes to remove the registry value, MBAR crashed. I restarted the application and it replied it did not detect any malware. The only system change I made between today and yesterday was the addition of Zemana Anti-Logger, as HitmanPro.Alert kept crashing and failed to encrypt my keystrokes. I confess I immediately removed Zemana Antilogger and ran Norton Antivirus's full scan, MBAM's Full Scan, and MBAR's full scan. I fell asleep with my PC connected to the Internet last night, but am unsure if that would be an issue considering it was solely downloading a Steam title. Thank you for the assistance! FRST.txt Addition.txt
  10. Okay, I think this is probably my first post on the forums, so I apologize for being a noob and doing whatever annoying things noobs do before they get a clue. That said, I am pretty positive I have a rootkit. It's a quiet and crafty sort; from the beginning there were no obvious signs of infection, there wasn't any slowing or memory leaking, no unusual traffic noted. I felt like something was off, but I couldn't pinpoint what until I got the first warning message from MBAM (see Exploit Blocking below). Now I notice that all my desktop icons are rearranged and suddenly there is a bit of dead space at the bottom where I can no longer move any icons, though that's kind of the least of my worries. Please see all the notes below and txt files (assuming I can figure out how to attach them!). I believe the initial infection came from a popup/pop under (can't recall which, sorry!) at http://www (dot) nowvideo (dot) sx/video/11bb079eff255 while using Chrome. Yes, I run AdBlock Plus, Ghostery, and have all my many browsers configured to block popups, and I never have any issues on any other sites, but this one managed to get around all that. I threw everything I could think of at this but I really just feel like I'm chasing it from one corner to another. Any help would be thoroughly appreciated. MBAM: * Initial error message that an exploit was blocked in Powershell (see txt file) * Scans Clean - All Scans * Starts up as normal, except Web Protection is shut off * On first load, Web Protection can be re-enabled * At some point, Web Protection with return to off, and Exploit Protection goes with it * Exploit Protection can be re-enabled, but it will switch off again * On attempting to re-enable Web Protection, it will forever say "Starting..." until next reboot ~~~ MBAR: * Scans clean ~~~ Avast: * Scans clean ~~~ TrendMicro Housecall: * Scans clean ~~~ GMER: * Initially found the following: Service C:\WINDOWS\system32\drivers\WdBoot.sys (*** hidden *** ) [BOOT] WdBoot <-- ROOTKIT !!! Service C:\WINDOWS\system32\drivers\WdFilter.sys (*** hidden *** ) [BOOT] WdFilter <-- ROOTKIT !!! Service C:\Program Files (x86)\Windows Defender\MsMpEng.exe (*** hidden ***) [AUTO] WinDefend <-- ROOTKIT !!! * Attempted deletion (through GMER) of all three, but WdBoot failed. ~~~ aswMBR: * Ran after GMER. The service below popped up, but aswMBR was unable to fix the issue (see full log). 23:05:02.343 Service WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys **LOCKED** * Subsequent attempts to run aswMBR result in BSOD for the reason "Page fault in non-paged area" and then forced restart. ~~~ JRT: * Nothing to report ~~~ HitmanPro: * Found buckets of cookies in all browsers, including Internet Explorer and Edge which I NEVER use. All cookies were deleted. This was the initial confirmation something was up. ~~~ rKill: * A couple of issues popped up, nothing glaring... See txt. ~~~ ADW Cleaner: * No issues found ~~~ FRST: * See txt ~~~ RootKitRemover (McAffee): * Scanned Clean hijackthis 2-14-17.log MBAM - Exploit Blocked.txt Rkill 2-13-17.txt aswMBR 2-14-17.txt FRST 2-14-17.txt GMER Full 2-15-17.log GMER Pert 2-15-17.txt
  11. 1. Malwarebytes 3.0 premium/trial and beta stand-alone protection agents Let's consider this scenario. We have a user that uses Malwarebytes 3.0 premium or trial but he/she also wants to beta test at least 1 stand-alone protection agent. While there is no reason to do this at this monent considering this timeline: <table border='1'> <tr> <th>Stand-alone protection agent - latest public beta</th> <th>Announce date</th> </tr> <tr> <th>Malwarebytes Anti-Ransomware v.0.9.17.661</th> <th>September 6</th> </tr> <tr> <th>Malwarebytes Anti-Exploit v1.9.1.1280</th> <th>December 5</th> </tr> <tr> <th>Malwarebytes 3.0</th> <th>December 8</th> </tr> </table> this issue will definitely come into play later on. At this moment it is safe to assume that Malwarebytes 3.0 includes these agents functionalities as it is implemented in their latest versions outlined in this table, but this is meant to change. I theoretically see only one way for this - disable the real time protection layer in Malwarebytes 3.0 that the user intends to substitute with the beta agent implementation. While this looks like a neat workaround it has some problems: -Malwarebytes 3.0 will keep bragging that one or more protection layers are disabled; -I didn't test this, there could be conflicts - most likely device drivers overlaps and is unsupported. Updated: made a check with Autoruns and definitely there will be drivers overlaps (mbae64.sys and farflt.sys). Related: https://forums.malwarebytes.org/topic/191882-how-install-malwarebytes-30-anti-exploit-free-in-the-same-time/ 2. Late alert about protection disabled during database update This known issue is pretty annoying considering that nobody mentioned the fact that this alert which comes late informing about an event that has already expired also steals input focus. Most comprehensive thread: https://forums.malwarebytes.org/topic/191921-not-fully-protected/ 3. The dashboard doesn't mention database version and most importantly last definition update The dashboard only mentions if databases are current. Although I can lookup database version in Settings - About, the time of last definition update can only be looked up from logs: %ProgramData%\Malwarebytes\MBAMService\dbupdate.log This needs improvement. 4. Reports panel needs some organising per days. It will quickly get cluttered.
  12. Hello, I had D/L the Beta of MBAR, and it was working fine. After about a month, I noticed in my tray that it got a message that said..... "Anti Ransomware Protection is Disabled". So I clicked on "Fix Now" AND Start Protection. Neither one worked and MBAR Software sits, disabled on my computer. I am running version (BETA) 0.9.16.484 I am running Windows 10 on a new HP Pavilion Computer. Any help, Tips ect would be appreciated.
  13. When deleting a folder on Server 2012 R1 I had to disable protection to be able to delete files via windows explorer from the inetpub folder for websites.
  14. Hello there, my situation is very tough from my point of view. Im using Windows XP SP3 build 2600, everything working normally. But today my computer has stopped working almost completely and won't start in normal mode, just like if something damaged my HDD, went on safe-mode and then I remembered I had my very old OS system, wanted to make a recovery but then the blue screen would come up, I discarded that possibility totally. After that I tried MBAM with chameleon but to my surprise, the DDA driver couldn't be installed!, as far as I know the DDA driver should be working perfectly on safe-mode, then I realized that the main problem wasn't a boot problem, it was a rootkit, OKAY NOW you barely know my situation, I tried MBAR but the driver won't install due to the rootkit, I tried several times getting chameleon executed first, then MBAR but nothing. You could be thinking that I have to reboot and let the driver install normally... but wait!, I am on safe mode and I can't go on Normal mode due to the rootkit! Safe mode will just delete any scheduled operations no matter what program schedules it. Maybe I'm skipping something important here or misunderstanding how safe-mode works, or even a bad configuration (I don't think so, I've been using MB products from a very long time now), but what matters now is that I need the driver installed under these circumstances, formatting is not an option, I have a ton of important files and backing them up its unreal. I need help. Thanks for reading guys I'm relying on you!, Zantetsuken.
  15. Windows 7 Professional, SP1; NIS 22.6.0.142 Installed MBAR several days ago. NIS issued an update that required a reboot. On restart the icons had been rearranged, and set to medium size. THE NIS History (as well as I understand it) suggests that NIS is treating mbamservice.exe as an intrusion. I realize mbamservice.exe is not mbarw.exe. But the described behavior is coincidental with the mbarw.exe install, and the NIS update. Bill
  16. Hi, I installed the beta version of malwarebytes anti Ransomware yesterday and after installation it asked me to reboot my machine. I am on Asus k55vj - windows 10. After reboot, i got a notification that chrome has been detected infected with ransomware activity. It asked me to reboot again to finish the cleanup. After i did, i cannot sign in on my user.. I was taken to a temp user profile. I tried to use the "startup repair" of windows 10. It finished without any errors found. I just turned machine off... Today, I booted into my old user profile, it let me in. BUt then MB anti ransomware gave another alert that software distribution is infected. Had e restart. After, firefox and edge are acting funny as it opens a new window when i click on them, I have been reading this forum for quite some time so i already ran frst and heres the result of the scan. Can someone let me know how to interpret the scan logs and the next steps please... appreciate it, Just scanned a few mins ago. Thanks! Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016 Ran by JacJefferson (administrator) on ZERO-DAY (28-01-2016 01:05:27) Running from D:\Downloads Loaded Profiles: JacJefferson (Available Profiles: UpdatusUser & JacJefferson) Platform: Windows 10 Home (X64) Language: English (United Kingdom) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avcenter.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avscan.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avscan.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (VS Revo Group) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-08] (Oracle Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [803200 2015-12-16] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-1844098555-2217923043-3675393532-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-01272016232201798\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation) HKU\S-1-5-21-1844098555-2217923043-3675393532-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google) HKU\S-1-5-21-1844098555-2217923043-3675393532-1002\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50622080 2016-01-19] (Skype Technologies S.A.) HKU\S-1-5-21-1844098555-2217923043-3675393532-1002\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2016-01-22] (SUPERAntiSpyware) HKU\S-1-5-21-1844098555-2217923043-3675393532-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd) HKU\S-1-5-21-1844098555-2217923043-3675393532-1002\...\Run: [spotify Web Helper] => C:\Users\JacJefferson\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2016-01-22] (Spotify Ltd) HKU\S-1-5-21-1844098555-2217923043-3675393532-1002\...\Run: [uTorrent] => /MINIMIZED HKU\S-1-5-21-1844098555-2217923043-3675393532-1002\...\RunOnce: [uninstall C:\Users\JacJefferson\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JacJefferson\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64" HKU\S-1-5-21-1844098555-2217923043-3675393532-1002\...\RunOnce: [uninstall C:\Users\JacJefferson\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JacJefferson\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64" HKU\S-1-5-21-1844098555-2217923043-3675393532-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-18\...\Run: [] => 0 AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [175368 2015-12-16] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [153208 2015-12-16] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Ransomware.lnk [2016-01-27] ShortcutTarget: Malwarebytes Anti-Ransomware.lnk -> C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe (Malwarebytes) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{13042e69-6434-4e3a-a8b1-e19c3b79894c}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{ac77a4aa-d0f2-428f-a30a-3fbdfa98cd6f}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1844098555-2217923043-3675393532-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-21-1844098555-2217923043-3675393532-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKU\S-1-5-21-1844098555-2217923043-3675393532-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1ewenusDefaultPack/SK2M_FRPage HKU\S-1-5-21-1844098555-2217923043-3675393532-1002\Software\Microsoft\Internet Explorer\Main,Start Page = SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1844098555-2217923043-3675393532-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-01-07] (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-15] (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-07] (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-15] (Oracle Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-07] (Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-07] (Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-07] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-07] (Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-07] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-07] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-07] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-07] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-1844098555-2217923043-3675393532-1002 -> hxxp://www.yandex.ru/?win=212&clid=2100767-002 FireFox: ======== FF ProfilePath: C:\Users\JacJefferson\AppData\Roaming\Mozilla\Firefox\Profiles\xqvcojme.default-1436817673206 FF SelectedSearchEngine: Яндекс FF Session Restore: -> is enabled. FF NetworkProxy: "no_proxies_on", "" FF NetworkProxy: "socks", "71.205.115.155" FF NetworkProxy: "socks_port", 65535 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-19] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-07] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-07] (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-15] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-15] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-01-07] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Extension: Lightbeam - C:\Users\JacJefferson\AppData\Roaming\Mozilla\Firefox\Profiles\xqvcojme.default-1436817673206\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-12-06] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found Chrome: ======= CHR HomePage: Default -> yandex.ru/?__PARAM__from=chromehp CHR StartupUrls: Default -> "hxxps://inbox.google.com/?pli=1","hxxps://accounts.google.com/Login","hxxp://moz.com/","hxxp://semrush.com/","hxxp://buzzsumo.com/","hxxp://drive.google.com/","hxxp://www.windowsxlive.net/","hxxp://www.google.com" CHR Profile: C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (SEOquake) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2016-01-20] CHR Extension: (Google Docs) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-19] CHR Extension: (Google Drive) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-19] CHR Extension: (oscraper) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhoedkafpknpijecolafolipaidgjcoo [2016-01-20] CHR Extension: (Genius Web Annotator) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccaokncpmmjiakalbcfdbfmpcaiddjdn [2016-01-20] CHR Extension: (OneTab) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-01-27] CHR Extension: (Google Search) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-19] CHR Extension: (BuiltWith Technology Profiler) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapjbgnjinbpoindlpdmhochffioedbn [2016-01-20] CHR Extension: (High Contrast) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2016-01-20] CHR Extension: (MozBar) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2016-01-24] CHR Extension: (Gmail Offline) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2016-01-20] CHR Extension: (Google Calendar) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-01-20] CHR Extension: (Blur) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2016-01-20] CHR Extension: (Peek) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffccoaooonomblpmkaidfhphgjgkimod [2016-01-20] CHR Extension: (Chrome Remote Desktop) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-01-20] CHR Extension: (Google Docs Offline) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-19] CHR Extension: (Vysor (Beta)) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidgenkbbabolejbgbpnhbimgjbffefm [2016-01-20] CHR Extension: (UX Check) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\giekhiebdpmljgchjojblnekkcgpdobp [2016-01-20] CHR Extension: (AdBlock) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-20] CHR Extension: (Asana) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hffokgiicnnkgaodkpofkcgpdmkdpebj [2016-01-20] CHR Extension: (Similar Sites Pro) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidjnkeodmholilgafgdlgmgggbhnigl [2016-01-24] CHR Extension: (SimilarWeb - Site Traffic Sources and Ranking) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoklmmgfnpapgjgcpechhaamimifchmp [2016-01-20] CHR Extension: (Ubersuggest CPC & Search Volume Enhancer) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hopggcicaffnjomhjjpogcelclkbnigp [2016-01-20] CHR Extension: (META SEO inspector) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibkclpciafdglkjkcibmohobjkcfkaef [2016-01-20] CHR Extension: (JacReyes.com) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhopmchchfpfdcdjodmpfaaphdclmlj [2016-01-20] CHR Extension: (SimpleExtManager) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\kniehgiejgnnpgojkdhhjbgbllnfkfdk [2016-01-20] CHR Extension: (Momentum) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2016-01-23] CHR Extension: (Evernote Web) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2016-01-20] CHR Extension: (Wordtracker Scout) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkalodfoplipapmeogaehmiabdhhjapb [2016-01-20] CHR Extension: (SEO Peek) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkkpfhgjmocgneajknedjhodkjkkclod [2016-01-20] CHR Extension: (Asana) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafkcmbfnknnkmbdbdhflbidiigecfln [2016-01-20] CHR Extension: (Moqups · Mockups, Wireframes & Prototyping) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfbhphohgafllkjnakmdppmmkjfbnke [2016-01-20] CHR Extension: (GTM DevTools Sidebar Panes) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlpchkkljkimifenglmblhnklbngejfh [2016-01-20] CHR Extension: (Chrome Web Store Payments) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-19] CHR Extension: (Evernote Web Clipper) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-01-20] CHR Extension: (Gmail) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-19] CHR Extension: (Inbox by Gmail) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkclgpgponpjmpfokoepglboejdobkpl [2016-01-20] CHR Profile: C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-20] CHR Extension: (Google Docs) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-20] CHR Extension: (Google Drive) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-20] CHR Extension: (YouTube) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-20] CHR Extension: (Google Search) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-20] CHR Extension: (Советник Яндекс.Маркета) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fdjdjkkjoiomafnihnobkinnfjnnlhdg [2016-01-20] CHR Extension: (Google Sheets) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-20] CHR Extension: (Avira Browser Safety) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-01-20] CHR Extension: (Google Docs Offline) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-20] CHR Extension: (Skype) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-20] CHR Extension: (Яндекс) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mdeldjolamfbcgnndjmjjiinnhbnbnla [2016-01-20] CHR Extension: (Chrome Web Store Payments) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-20] CHR Extension: (Gmail) - C:\Users\JacJefferson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-20] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1844098555-2217923043-3675393532-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fdjdjkkjoiomafnihnobkinnfjnnlhdg] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08] CHR HKLM-x32\...\Chrome\Extension: [mdeldjolamfbcgnndjmjjiinnhbnbnla] - hxxp://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [948392 2015-12-16] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466408 2015-12-16] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466408 2015-12-16] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1418560 2015-12-16] (Avira Operations GmbH & Co. KG) R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [251160 2015-12-07] (Avira Operations GmbH & Co. KG) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2762936 2016-01-06] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-21] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-21] (Dropbox, Inc.) R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [7152128 2015-05-28] (SecureMix LLC) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328616 2015-10-14] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625648 2015-06-07] (Lenovo) R2 MB3Service; C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe [3124536 2016-01-25] (Malwarebytes) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-04] (Malwarebytes) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-24] (Atheros) [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-25] () R3 athr; C:\Windows\System32\drivers\athw10x.sys [4323976 2015-11-17] (Qualcomm Atheros Communications, Inc.) R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-07] (ASUSTek Computer Inc.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [100776 2015-07-27] (ASUS Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2015-12-16] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146696 2015-12-16] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-16] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2015-12-16] (Avira Operations GmbH & Co. KG) R3 bcmsmbsp; C:\Windows\System32\drivers\bcmsmbsp.sys [53024 2015-07-10] (Broadcom Corporation.) R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-07-10] (Microsoft Corporation) R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-07-10] (Microsoft Corporation) R3 farflt; C:\WINDOWS\system32\drivers\farflt.sys [53464 2016-01-27] (Malwarebytes) R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (SecureMix LLC) R3 int0800; C:\Windows\System32\drivers\flashud.sys [51712 2009-09-08] (Intel Corporation) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( ) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-04] (Malwarebytes) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [217328 2016-01-27] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-04] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [185600 2015-10-08] (Intel Corporation) S3 necbatt; C:\Windows\System32\drivers\necbatt.sys [28512 2015-09-27] (NEC Personal Computers, Ltd.) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [935168 2015-11-19] (Realtek ) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 tap-tb-0901; C:\Windows\System32\drivers\tap-tb-0901.sys [38656 2015-08-10] (The OpenVPN Project) S3 tap0901cn; C:\Windows\System32\drivers\tap0901cn.sys [39616 2014-12-29] (Connectify) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-09-27] () S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) S3 digitalpower; \SystemRoot\system32\drivers\digitalpower.sys [X] S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-28 01:05 - 2016-01-28 01:05 - 00000000 ____D C:\FRST 2016-01-28 01:04 - 2016-01-28 01:03 - 02370560 _____ (Farbar) C:\Users\JacJefferson\Desktop\FRST64.exe 2016-01-28 00:46 - 2016-01-28 00:46 - 00016148 _____ C:\WINDOWS\system32\ZERO-DAY_JacJefferson_HistoryPrediction.bin 2016-01-27 07:54 - 2016-01-27 07:54 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2016-01-27 07:52 - 2016-01-27 07:52 - 00231814 _____ C:\WINDOWS\ntbtlog.txt 2016-01-27 05:47 - 2016-01-27 07:51 - 00000000 ____D C:\Users\TEMP 2016-01-27 05:47 - 2016-01-27 05:47 - 00000000 ____D C:\Users\TEMP\AppData\Local\TileDataLayer 2016-01-27 05:02 - 2016-01-27 05:02 - 00000847 _____ C:\Users\Public\Desktop\Speccy.lnk 2016-01-27 05:02 - 2016-01-27 05:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2016-01-27 05:02 - 2016-01-27 05:02 - 00000000 ____D C:\Program Files\Speccy 2016-01-27 03:24 - 2016-01-27 03:24 - 00325432 _____ C:\WINDOWS\Minidump\012716-31234-01.dmp 2016-01-27 03:14 - 2016-01-27 03:14 - 00000000 ____D C:\Users\JacJefferson\AppData\Roaming\NVIDIA 2016-01-27 03:09 - 2016-01-27 23:22 - 00053464 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2016-01-27 03:09 - 2016-01-27 03:09 - 00001956 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Ransomware.lnk 2016-01-27 03:09 - 2016-01-27 03:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2016-01-27 03:09 - 2016-01-27 03:09 - 00000000 ____D C:\Program Files\Malwarebytes 2016-01-27 03:06 - 2016-01-27 03:06 - 00000000 ___HD C:\$Windows.~BT 2016-01-27 03:05 - 2016-01-27 03:30 - 00000000 ___HD C:\$SysReset 2016-01-27 01:15 - 2016-01-27 01:15 - 00001249 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.4.lnk 2016-01-27 01:15 - 2016-01-27 01:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility 2016-01-27 01:15 - 2016-01-27 01:15 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility 2016-01-26 23:58 - 2016-01-26 23:58 - 00309648 _____ C:\WINDOWS\Minidump\012616-35296-01.dmp 2016-01-26 23:53 - 2016-01-27 03:24 - 00000000 ____D C:\WINDOWS\Minidump 2016-01-26 23:53 - 2016-01-26 23:53 - 00328424 _____ C:\WINDOWS\Minidump\012616-27750-01.dmp 2016-01-26 23:52 - 2016-01-27 03:24 - 661340051 _____ C:\WINDOWS\MEMORY.DMP 2016-01-26 23:50 - 2016-01-26 23:50 - 00000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo 2016-01-26 05:37 - 2016-01-26 05:37 - 00000218 _____ C:\Users\JacJefferson\.recently-used.xbel 2016-01-25 05:34 - 2016-01-25 05:50 - 00001651 _____ C:\Users\JacJefferson\Desktop\UnionJac Experience Mail.lnk 2016-01-25 05:32 - 2016-01-25 05:32 - 00002613 _____ C:\Users\JacJefferson\Desktop\Reyes.Jac08.lnk 2016-01-24 13:44 - 2016-01-24 13:47 - 00000000 ____D C:\AdwCleaner 2016-01-22 12:15 - 2016-01-23 00:39 - 00000000 ____D C:\Users\JacJefferson\Desktop\mbar 2016-01-22 08:51 - 2016-01-22 09:34 - 00000000 ____D C:\Users\JacJefferson\AppData\LocalLow\uTorrent 2016-01-20 06:12 - 2016-01-20 06:12 - 00002460 _____ C:\Users\JacJefferson\Desktop\Main - Jac Reyes - Chrome.lnk 2016-01-20 06:09 - 2016-01-27 05:39 - 00000000 ____D C:\Users\JacJefferson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2016-01-20 06:04 - 2016-01-20 06:04 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2016-01-20 02:48 - 2016-01-20 02:49 - 00000000 ____D C:\Program Files\Defraggler 2016-01-20 02:48 - 2016-01-20 02:48 - 00001775 _____ C:\Users\Public\Desktop\Defraggler.lnk 2016-01-20 02:48 - 2016-01-20 02:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler 2016-01-19 07:52 - 2016-01-19 07:52 - 00001242 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-01-19 07:52 - 2016-01-19 07:52 - 00001230 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-01-19 07:52 - 2016-01-19 07:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-01-19 07:52 - 2016-01-19 07:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-01-19 07:36 - 2016-01-19 07:36 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-ZERO-DAY-Windows-10-Home-(64-bit).dat 2016-01-19 07:36 - 2016-01-19 07:36 - 00000000 ____D C:\RegBackup 2016-01-19 03:55 - 2016-01-19 07:51 - 00002346 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-01-19 03:55 - 2016-01-19 03:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2016-01-18 11:02 - 2016-01-18 11:02 - 00000000 ____D C:\WINDOWS\SysWOW64\NV 2016-01-18 11:02 - 2016-01-18 11:02 - 00000000 ____D C:\WINDOWS\system32\NV 2016-01-18 09:55 - 2008-04-15 07:00 - 01355776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvbvm50.dll 2016-01-18 09:55 - 1996-01-11 19:00 - 00935632 _____ (Microsoft Corporation) C:\WINDOWS\system\Vb40016.dll 2016-01-18 09:55 - 1996-01-11 19:00 - 00722192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Vb40032.dll 2016-01-18 09:55 - 1993-05-11 12:00 - 00398416 _____ (Microsoft Corporation) C:\WINDOWS\system\Vbrun300.dll 2016-01-18 09:55 - 1992-10-20 17:00 - 00356992 _____ (Microsoft Corporation) C:\WINDOWS\system\vbrun200.dll 2016-01-18 09:55 - 1991-05-09 18:00 - 00271264 _____ C:\WINDOWS\system\vbrun100.dll 2016-01-18 09:54 - 2014-09-10 11:14 - 00163480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.ocx 2016-01-18 09:54 - 2013-11-25 08:27 - 01070232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscomctl.ocx 2016-01-18 09:54 - 2013-11-25 08:27 - 00660120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscomct2.ocx 2016-01-18 09:54 - 2013-11-25 08:27 - 00617896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.ocx 2016-01-18 09:54 - 2013-11-25 08:27 - 00444328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MShflxgd.ocx 2016-01-18 09:54 - 2013-11-25 08:27 - 00416408 _____ (Microsoft Corporation ) C:\WINDOWS\SysWOW64\comct332.ocx 2016-01-18 09:54 - 2013-11-25 08:27 - 00279192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdatgrd.ocx 2016-01-18 09:54 - 2013-11-25 08:27 - 00259736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msflxgrd.ocx 2016-01-18 09:54 - 2013-11-25 08:27 - 00253080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdatlst.ocx 2016-01-18 09:54 - 2013-11-25 08:27 - 00222360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tabctl32.ocx 2016-01-18 09:54 - 2013-11-25 08:27 - 00219288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\richtx32.ocx 2016-01-18 09:54 - 2013-11-25 08:27 - 00218776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dblist32.ocx 2016-01-18 09:54 - 2013-11-25 08:27 - 00212112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mci32.ocx 2016-01-18 09:54 - 2013-11-25 08:27 - 00179352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmask32.ocx 2016-01-18 09:54 - 2013-11-25 08:27 - 00170920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comct232.ocx 2016-01-18 09:54 - 2013-11-25 08:27 - 00131728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinet.ocx 2016-01-18 09:54 - 2013-11-25 08:27 - 00130712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msstdfmt.dll 2016-01-18 09:54 - 2013-11-25 08:27 - 00127640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswinsck.ocx 2016-01-18 09:54 - 2013-11-25 08:27 - 00119960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscomm32.ocx 2016-01-18 09:54 - 2013-11-25 08:27 - 00108696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTKPRP.DLL 2016-01-18 09:54 - 2013-11-25 08:27 - 00104088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\picclp32.ocx 2016-01-18 09:54 - 2013-11-25 08:27 - 00084624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysinfo.ocx 2016-01-18 09:54 - 2011-01-12 14:36 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71u.dll 2016-01-18 09:54 - 2011-01-12 14:25 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71DEU.DLL 2016-01-18 09:54 - 2011-01-12 14:25 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71ITA.DLL 2016-01-18 09:54 - 2011-01-12 14:25 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71FRA.DLL 2016-01-18 09:54 - 2011-01-12 14:25 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71ESP.DLL 2016-01-18 09:54 - 2011-01-12 14:25 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71ENU.DLL 2016-01-18 09:54 - 2011-01-12 14:25 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71KOR.DLL 2016-01-18 09:54 - 2011-01-12 14:25 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71JPN.DLL 2016-01-18 09:54 - 2011-01-12 14:25 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71CHT.DLL 2016-01-18 09:54 - 2011-01-12 14:25 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71CHS.DLL 2016-01-18 09:54 - 2011-01-12 14:19 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71.dll 2016-01-18 09:54 - 2011-01-12 13:53 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl71.dll 2016-01-18 09:54 - 2007-01-30 11:04 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr70.dll 2016-01-18 09:54 - 2006-08-25 15:28 - 01017344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70u.dll 2016-01-18 09:54 - 2006-08-25 15:15 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70ita.dll 2016-01-18 09:54 - 2006-08-25 15:15 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70fra.dll 2016-01-18 09:54 - 2006-08-25 15:15 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70esp.dll 2016-01-18 09:54 - 2006-08-25 15:15 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70deu.dll 2016-01-18 09:54 - 2006-08-25 15:15 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70enu.dll 2016-01-18 09:54 - 2006-08-25 15:15 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70kor.dll 2016-01-18 09:54 - 2006-08-25 15:15 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70jpn.dll 2016-01-18 09:54 - 2006-08-25 15:15 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70cht.dll 2016-01-18 09:54 - 2006-08-25 15:15 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70chs.dll 2016-01-18 09:54 - 2006-08-25 15:07 - 01024000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70.dll 2016-01-18 09:54 - 2006-08-25 14:17 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl70.dll 2016-01-18 09:54 - 2006-04-10 15:41 - 01066176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL32.OCX 2016-01-18 09:54 - 2005-01-20 10:25 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvci70.dll 2016-01-18 09:54 - 2002-01-04 20:40 - 00487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVCP70.DLL 2016-01-18 09:54 - 1994-11-17 16:00 - 00210944 _____ C:\WINDOWS\SysWOW64\msvcrt10.dll 2016-01-18 09:49 - 2016-01-27 04:49 - 00000444 _____ C:\WINDOWS\Tasks\Обновление Браузера Яндекс .job 2016-01-18 09:47 - 2016-01-18 10:44 - 00000000 ____D C:\Users\JacJefferson\AppData\Roaming\DriverPack Notifier 2016-01-18 09:45 - 2016-01-18 10:35 - 00000000 ____D C:\Users\JacJefferson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Яндекс 2016-01-18 09:45 - 2016-01-18 10:35 - 00000000 ____D C:\Users\JacJefferson\AppData\Local\Package Cache 2016-01-18 09:44 - 2016-01-18 09:44 - 00000000 ____D C:\Users\JacJefferson\AppData\Local\Chromium 2016-01-18 09:39 - 2016-01-18 10:22 - 00000000 ____D C:\Users\JacJefferson\AppData\Roaming\Opera Software 2016-01-18 09:39 - 2016-01-18 10:22 - 00000000 ____D C:\Users\JacJefferson\AppData\Local\Opera Software 2016-01-18 09:25 - 2016-01-18 09:25 - 00003260 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice 2016-01-18 08:57 - 2016-01-18 09:32 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2016-01-18 08:57 - 2015-12-17 22:49 - 00040080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys 2016-01-18 08:57 - 2015-12-16 06:59 - 42976888 _____ C:\WINDOWS\system32\nvcompiler.dll 2016-01-18 08:57 - 2015-12-16 06:59 - 37608568 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll 2016-01-18 08:57 - 2015-12-16 06:59 - 31098488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll 2016-01-18 08:57 - 2015-12-16 06:59 - 24923768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll 2016-01-18 08:57 - 2015-12-16 06:59 - 21131424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2016-01-18 08:57 - 2015-12-16 06:59 - 20672376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2016-01-18 08:57 - 2015-12-16 06:59 - 17568432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2016-01-18 08:57 - 2015-12-16 06:59 - 17164160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2016-01-18 08:57 - 2015-12-16 06:59 - 17123736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll 2016-01-18 08:57 - 2015-12-16 06:59 - 17104016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll 2016-01-18 08:57 - 2015-12-16 06:59 - 14103608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll 2016-01-18 08:57 - 2015-12-16 06:59 - 03184152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2016-01-18 08:57 - 2015-12-16 06:59 - 02560816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2016-01-18 08:57 - 2015-12-16 06:59 - 02214192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2016-01-18 08:57 - 2015-12-16 06:59 - 01915512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436143.dll 2016-01-18 08:57 - 2015-12-16 06:59 - 01564976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436143.dll 2016-01-18 08:57 - 2015-12-16 06:59 - 00938104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2016-01-18 08:57 - 2015-12-16 06:59 - 00872056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2016-01-18 08:57 - 2015-12-16 06:59 - 00735024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2016-01-18 08:57 - 2015-12-16 06:59 - 00681592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2016-01-18 08:57 - 2015-12-16 06:59 - 00445728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll 2016-01-18 08:57 - 2015-12-16 06:59 - 00153208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll 2016-01-18 08:57 - 2015-12-16 06:59 - 00151184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll 2016-01-18 08:57 - 2015-12-16 06:59 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 72203792 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat 2016-01-18 08:51 - 2015-12-17 20:48 - 04498889 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT 2016-01-18 08:51 - 2015-12-17 20:48 - 03299832 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 03271912 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 03195648 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 03152591 _____ C:\WINDOWS\system32\Drivers\rtkSSTsetting.dat 2016-01-18 08:51 - 2015-12-17 20:48 - 02893568 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl 2016-01-18 08:51 - 2015-12-17 20:48 - 02693360 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 02190992 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 02110592 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 02030208 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 01928624 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 01435144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 01382240 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 01356504 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 01286160 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 01008360 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00965024 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00933640 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00888480 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tossaeapo64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00873464 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00716104 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00689888 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00596128 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosasfapo64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00589080 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.DLL 2016-01-18 08:51 - 2015-12-17 20:48 - 00532384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00467168 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00448584 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00387320 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00381408 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00343712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00341152 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00341152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00258504 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00231920 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00224264 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tossaemaxapo64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00221976 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00214840 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00209536 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00192984 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00172576 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\toseaeapo64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00166208 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00158696 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00110992 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00105312 _____ C:\WINDOWS\system32\audioLibVc.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00090920 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00088352 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00088328 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00083632 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll 2016-01-18 08:51 - 2015-12-17 20:48 - 00075544 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 14057256 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 13120760 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO3064.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 12986520 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO4064.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 10521552 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSSTAPO.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 07172920 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 07096192 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 06264640 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 05776680 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV2apo.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 05338936 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 05289944 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOlfx.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 03282024 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 02823280 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO7064.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 02437144 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 02050184 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 01965816 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 01959608 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 01780624 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 01601944 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 01591064 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 01508936 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 01421104 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO6064.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 01334384 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxSpeechAPO64.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 01211832 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 01186160 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSstCApoPropPage.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 01164336 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 01003864 _____ (Nahimic Inc) C:\WINDOWS\system32\NahimicAPONSControl.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00998032 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00952984 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00931624 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00923744 _____ (Sony Corporation) C:\WINDOWS\system32\MISS_APO.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00743968 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00727440 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00708320 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00678184 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00677672 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00618184 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00574760 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00514528 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX64.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00504312 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00500560 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX64.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00447720 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00445400 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00441272 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00428232 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC64.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00369304 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00362056 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00340648 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00330560 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00327464 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00310424 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00272720 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00253904 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00253872 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00252880 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00151792 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00134200 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00122328 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00118600 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00118600 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll 2016-01-18 08:50 - 2015-12-17 20:48 - 00084616 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll 2016-01-18 08:46 - 2015-10-14 12:47 - 01155992 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll 2016-01-18 08:46 - 2015-10-14 12:47 - 01151840 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll 2016-01-18 08:46 - 2015-10-14 12:47 - 00229656 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll 2016-01-18 08:46 - 2015-10-14 12:47 - 00199088 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll 2016-01-18 08:46 - 2015-10-14 12:47 - 00194360 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll 2016-01-18 08:46 - 2015-10-14 12:47 - 00169368 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll 2016-01-18 08:46 - 2015-10-14 12:46 - 11896096 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10iumd32.dll 2016-01-18 08:46 - 2015-10-14 12:46 - 10574992 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumdim32.dll 2016-01-18 08:46 - 2015-10-14 12:46 - 03675560 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdusc32.dll 2016-01-18 08:46 - 2015-10-14 12:46 - 00467696 _____ (Intel Corporation) C:\WINDOWS\system32\igdmd64.dll 2016-01-18 08:46 - 2015-10-14 12:46 - 00378824 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmd32.dll 2016-01-18 08:46 - 2015-10-14 12:37 - 00250360 _____ (Intel Corporation) C:\WINDOWS\system32\IntelOpenCL64.dll 2016-01-18 08:46 - 2015-10-14 12:37 - 00202232 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelOpenCL32.dll 2016-01-18 08:46 - 2015-10-14 12:35 - 00617976 _____ (Intel Corporation) C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll 2016-01-18 08:46 - 2015-10-14 12:34 - 00382384 _____ (Intel Corporation) C:\WINDOWS\system32\igfxTray.exe 2016-01-18 08:46 - 2015-10-14 12:34 - 00379904 _____ (Intel Corporation) C:\WINDOWS\system32\igfxOSP.dll 2016-01-18 08:46 - 2015-10-14 12:34 - 00290216 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe 2016-01-18 08:46 - 2015-10-14 12:34 - 00072704 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll 2016-01-18 08:46 - 2015-10-14 12:34 - 00069120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll 2016-01-18 08:46 - 2015-10-14 12:33 - 02035712 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll 2016-01-18 08:46 - 2015-10-14 12:33 - 01766912 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll 2016-01-18 08:46 - 2015-10-14 12:33 - 00264192 _____ C:\WINDOWS\system32\igfxCPL.cpl 2016-01-18 08:46 - 2015-10-14 12:33 - 00204720 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe 2016-01-18 08:46 - 2015-10-14 12:33 - 00193536 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll 2016-01-18 08:46 - 2015-10-14 12:33 - 00163840 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll 2016-01-18 08:46 - 2015-10-14 12:33 - 00095232 _____ C:\WINDOWS\system32\igfxCUIServicePS.dll 2016-01-18 08:46 - 2015-10-14 12:33 - 00078336 _____ ( ) C:\WINDOWS\system32\igfxDHLibv2_0.dll 2016-01-18 08:46 - 2015-10-14 12:33 - 00068096 _____ ( ) C:\WINDOWS\system32\igfxDHLib.dll 2016-01-18 08:46 - 2015-10-14 12:33 - 00039416 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll 2016-01-18 08:46 - 2015-10-14 12:33 - 00019456 _____ ( ) C:\WINDOWS\system32\igfxDILib.dll 2016-01-18 08:46 - 2015-10-14 12:33 - 00019448 _____ ( ) C:\WINDOWS\system32\igfxDILibv2_0.dll 2016-01-18 08:46 - 2015-10-14 12:33 - 00018944 _____ ( ) C:\WINDOWS\system32\igfxEMLib.dll 2016-01-18 08:46 - 2015-10-14 12:33 - 00018936 _____ ( ) C:\WINDOWS\system32\igfxEMLibv2_0.dll 2016-01-18 08:46 - 2015-10-14 12:33 - 00013824 _____ ( ) C:\WINDOWS\system32\igfxLHMLibv2_0.dll 2016-01-18 08:46 - 2015-10-14 12:33 - 00013816 _____ ( ) C:\WINDOWS\system32\igfxLHMLib.dll 2016-01-18 08:46 - 2015-10-14 12:32 - 08522240 _____ (Intel Corporation) C:\WINDOWS\system32\ig7icd64.dll 2016-01-18 08:46 - 2015-10-14 12:32 - 06509056 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig7icd32.dll 2016-01-18 08:46 - 2015-10-14 12:32 - 00232952 _____ C:\WINDOWS\system32\igdde64.dll 2016-01-18 08:46 - 2015-10-14 12:32 - 00194560 _____ C:\WINDOWS\SysWOW64\igdde32.dll 2016-01-18 08:46 - 2015-10-14 12:32 - 00171000 _____ C:\WINDOWS\system32\igdail64.dll 2016-01-18 08:46 - 2015-10-14 12:32 - 00152568 _____ C:\WINDOWS\SysWOW64\igdail32.dll 2016-01-18 08:46 - 2015-10-14 12:31 - 04374440 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv2_0.exe 2016-01-18 08:46 - 2015-10-14 12:31 - 00969128 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUIEx.exe 2016-01-18 08:46 - 2015-10-14 12:31 - 00555432 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyApp.exe 2016-01-18 08:46 - 2015-10-14 12:31 - 00554920 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyAppv2_0.exe 2016-01-18 08:46 - 2015-10-14 12:31 - 00409512 _____ (Intel Corporation) C:\WINDOWS\system32\CustomModeApp.exe 2016-01-18 08:46 - 2015-10-14 12:31 - 00409008 _____ (Intel Corporation) C:\WINDOWS\system32\CustomModeAppv2_0.exe 2016-01-18 08:46 - 2015-10-14 12:31 - 00165800 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe 2016-01-18 08:46 - 2015-10-14 12:31 - 00102912 _____ C:\WINDOWS\system32\IccLibDll_x64.dll 2016-01-18 08:46 - 2015-10-14 12:28 - 04378024 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv4_0.exe 2016-01-18 08:46 - 2015-10-14 09:34 - 00191028 __RSH C:\WINDOWS\system32\resTHA.cui 2016-01-18 08:46 - 2015-10-14 09:34 - 00183668 __RSH C:\WINDOWS\system32\resELL.cui 2016-01-18 08:46 - 2015-10-14 09:34 - 00179444 __RSH C:\WINDOWS\system32\resRUS.cui 2016-01-18 08:46 - 2015-10-14 09:34 - 00165188 __RSH C:\WINDOWS\system32\resARA.cui 2016-01-18 08:46 - 2015-10-14 09:34 - 00164660 __RSH C:\WINDOWS\system32\resHEB.cui 2016-01-18 08:46 - 2015-10-14 09:34 - 00164644 __RSH C:\WINDOWS\system32\resJPN.cui 2016-01-18 08:46 - 2015-10-14 09:34 - 00160020 __RSH C:\WINDOWS\system32\resHUN.cui 2016-01-18 08:46 - 2015-10-14 09:34 - 00160004 __RSH C:\WINDOWS\system32\resFRA.cui 2016-01-18 08:46 - 2015-10-14 09:34 - 00158260 __RSH C:\WINDOWS\system32\resKOR.cui 2016-01-18 08:46 - 2015-10-14 09:34 - 00158180 __RSH C:\WINDOWS\system32\resDEU.cui 2016-01-18 08:46 - 2015-10-14 09:34 - 00158164 __RSH C:\WINDOWS\system32\resITA.cui 2016-01-18 08:46 - 2015-10-14 09:34 - 00157988 __RSH C:\WINDOWS\system32\resROM.cui 2016-01-18 08:46 - 2015-10-14 09:34 - 00157876 __RSH C:\WINDOWS\system32\resESN.cui 2016-01-18 08:46 - 2015-10-14 09:34 - 00157428 __RSH C:\WINDOWS\system32\resPLK.cui 2016-01-18 08:46 - 2015-10-14 09:34 - 00157332 __RSH C:\WINDOWS\system32\resSKY.cui 2016-01-18 08:46 - 2015-10-14 09:34 - 00157140 __RSH C:\WINDOWS\system32\resNLD.cui 2016-01-18 08:46 - 2015-10-14 09:34 - 00156532 __RSH C:\WINDOWS\system32\resPTB.cui 2016-01-18 08:46 - 2015-10-14 09:34 - 00156436 __RSH C:\WINDOWS\system32\resTRK.cui 2016-01-18 08:46 - 2015-10-14 09:34 - 00156372 __RSH C:\WINDOWS\system32\resCSY.cui 2016-01-18 08:46 - 2015-10-14 09:34 - 00156244 __RSH C:\WINDOWS\system32\resPTG.cui 2016-01-18 08:46 - 2015-10-14 09:34 - 00155796 __RSH C:\WINDOWS\system32\resFIN.cui 2016-01-18 08:46 - 2015-10-14 09:34 - 00155396 __RSH C:\WINDOWS\system32\resHRV.cui 2016-01-18 08:46 - 2015-10-14 09:34 - 00154932 __RSH C:\WINDOWS\system32\resSVE.cui 2016-01-18 08:46 - 2015-10-14 09:34 - 00154820 __RSH C:\WINDOWS\system32\resSLV.cui 2016-01-18 08:46 - 2015-10-14 09:34 - 00153828 __RSH C:\WINDOWS\system32\resNOR.cui 2016-01-18 08:46 - 2015-10-14 09:34 - 00153332 __RSH C:\WINDOWS\system32\resDAN.cui 2016-01-18 08:46 - 2015-10-14 09:34 - 00151988 __RSH C:\WINDOWS\system32\resENU.cui 2016-01-18 08:46 - 2015-10-14 09:34 - 00150228 __RSH C:\WINDOWS\system32\resCHT.cui 2016-01-18 08:46 - 2015-10-14 09:34 - 00149364 __RSH C:\WINDOWS\system32\resCHS.cui 2016-01-18 08:46 - 2015-10-14 09:33 - 00002582 _____ C:\WINDOWS\system32\iglhxs64.vp 2016-01-18 08:28 - 2015-10-08 09:16 - 00185600 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverW8x64.sys 2016-01-18 08:27 - 2015-11-19 00:16 - 00935168 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys 2016-01-18 08:27 - 2015-11-19 00:16 - 00082544 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll 2016-01-18 08:25 - 2015-07-10 10:46 - 00053024 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\bcmsmbsp.sys 2016-01-18 08:24 - 2015-11-18 11:11 - 00245432 _____ (Qualcomm®Atheros®) C:\WINDOWS\system32\BtContextMenu.dll 2016-01-18 08:24 - 2015-11-18 11:11 - 00072392 _____ (Qualcomm®Atheros®) C:\WINDOWS\system32\BtContextMenu.dll.muien-US 2016-01-18 08:24 - 2015-11-18 11:11 - 00046908 _____ C:\WINDOWS\system32\Drivers\AthrBT_0x31010000.dfu 2016-01-18 08:24 - 2015-11-18 11:11 - 00041996 _____ C:\WINDOWS\system32\Drivers\AthrBT_0x31010100.dfu 2016-01-18 08:24 - 2015-09-24 13:08 - 09890008 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll 2016-01-18 08:24 - 2009-09-08 23:23 - 00051712 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\flashud.sys 2016-01-18 08:23 - 2016-01-18 10:27 - 00000000 ____D C:\Users\JacJefferson\AppData\Roaming\DRPSu 2016-01-17 21:44 - 2016-01-17 21:44 - 00000000 ____D C:\Program Files\Common Files\DESIGNER 2016-01-13 01:28 - 2016-01-18 12:43 - 00000000 ____D C:\SUPERDelete 2016-01-13 01:17 - 2016-01-13 01:17 - 00000000 ____D C:\Users\JacJefferson\AppData\Roaming\SUPERAntiSpyware.com 2016-01-13 01:16 - 2016-01-23 00:41 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2016-01-13 01:16 - 2016-01-13 01:16 - 00001859 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2016-01-13 01:16 - 2016-01-13 01:16 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2016-01-13 01:16 - 2016-01-13 01:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2016-01-12 17:09 - 2016-01-04 22:07 - 00377592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL 2016-01-12 17:09 - 2016-01-04 22:06 - 01991120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL 2016-01-12 17:09 - 2016-01-04 22:06 - 01270104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll 2016-01-12 17:09 - 2016-01-04 22:06 - 01063504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll 2016-01-12 17:09 - 2016-01-04 22:04 - 02641928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL 2016-01-12 17:09 - 2016-01-04 22:04 - 01150816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-01-12 17:09 - 2016-01-04 22:04 - 00862056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll 2016-01-12 17:09 - 2016-01-04 22:04 - 00787720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL 2016-01-12 17:09 - 2016-01-04 22:04 - 00751992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL 2016-01-12 17:09 - 2016-01-04 22:04 - 00115704 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL 2016-01-12 17:09 - 2016-01-04 22:04 - 00083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll 2016-01-12 17:09 - 2016-01-04 21:50 - 00345080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL 2016-01-12 17:09 - 2016-01-04 21:50 - 00205072 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL 2016-01-12 17:09 - 2016-01-04 21:30 - 02459096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL 2016-01-12 17:09 - 2016-01-04 21:30 - 02162064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL 2016-01-12 17:09 - 2016-01-04 21:30 - 01106872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll 2016-01-12 17:09 - 2016-01-04 21:30 - 00882208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll 2016-01-12 17:09 - 2016-01-04 21:30 - 00368776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL 2016-01-12 17:09 - 2016-01-04 21:28 - 00714808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll 2016-01-12 17:09 - 2016-01-04 21:28 - 00696192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL 2016-01-12 17:09 - 2016-01-04 21:28 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL 2016-01-12 17:09 - 2016-01-04 21:28 - 00107952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL 2016-01-12 17:09 - 2016-01-04 21:28 - 00072808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll 2016-01-12 17:09 - 2016-01-04 21:18 - 21873152 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-01-12 17:09 - 2016-01-04 21:15 - 24592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-01-12 17:09 - 2016-01-04 21:10 - 00305776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL 2016-01-12 17:09 - 2016-01-04 21:10 - 00188032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL 2016-01-12 17:09 - 2016-01-04 21:09 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2016-01-12 17:09 - 2016-01-04 21:02 - 01672192 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll 2016-01-12 17:09 - 2016-01-04 20:57 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-01-12 17:09 - 2016-01-04 20:51 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL 2016-01-12 17:09 - 2016-01-04 20:51 - 01009664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL 2016-01-12 17:09 - 2016-01-04 20:51 - 00634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL 2016-01-12 17:09 - 2016-01-04 20:51 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL 2016-01-12 17:09 - 2016-01-04 20:43 - 19324928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-01-12 17:09 - 2016-01-04 20:32 - 01541632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll 2016-01-12 17:09 - 2016-01-04 20:31 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll 2016-01-12 17:09 - 2016-01-04 20:30 - 18802176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-01-12 17:09 - 2016-01-04 20:26 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2016-01-12 17:09 - 2016-01-04 20:20 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL 2016-01-12 17:09 - 2016-01-04 20:19 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL 2016-01-12 17:09 - 2016-01-04 20:19 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL 2016-01-12 17:09 - 2016-01-04 20:19 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL 2016-01-12 17:08 - 2016-01-04 22:07 - 02463704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2016-01-12 17:08 - 2016-01-04 22:06 - 08022368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-01-12 17:08 - 2016-01-04 22:06 - 00119800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL 2016-01-12 17:08 - 2016-01-04 22:04 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2016-01-12 17:08 - 2016-01-04 22:04 - 01591848 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2016-01-12 17:08 - 2016-01-04 22:04 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2016-01-12 17:08 - 2016-01-04 22:04 - 00779928 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll 2016-01-12 17:08 - 2016-01-04 22:04 - 00772448 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-01-12 17:08 - 2016-01-04 22:04 - 00667856 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll 2016-01-12 17:08 - 2016-01-04 22:04 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL 2016-01-12 17:08 - 2016-01-04 22:04 - 00249464 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL 2016-01-12 17:08 - 2016-01-04 22:04 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2016-01-12 17:08 - 2016-01-04 22:04 - 00233992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll 2016-01-12 17:08 - 2016-01-04 22:04 - 00090912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll 2016-01-12 17:08 - 2016-01-04 21:59 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll 2016-01-12 17:08 - 2016-01-04 21:52 - 00441696 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-01-12 17:08 - 2016-01-04 21:50 - 01817064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll 2016-01-12 17:08 - 2016-01-04 21:50 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-01-12 17:08 - 2016-01-04 21:50 - 00723648 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-01-12 17:08 - 2016-01-04 21:50 - 00251544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL 2016-01-12 17:08 - 2016-01-04 21:31 - 01365576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2016-01-12 17:08 - 2016-01-04 21:30 - 02152744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2016-01-12 17:08 - 2016-01-04 21:30 - 00232896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL 2016-01-12 17:08 - 2016-01-04 21:30 - 00100712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL 2016-01-12 17:08 - 2016-01-04 21:29 - 00208688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll 2016-01-12 17:08 - 2016-01-04 21:28 - 02445128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2016-01-12 17:08 - 2016-01-04 21:28 - 00645144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2016-01-12 17:08 - 2016-01-04 21:28 - 00635312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll 2016-01-12 17:08 - 2016-01-04 21:28 - 00497896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll 2016-01-12 17:08 - 2016-01-04 21:28 - 00277400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL 2016-01-12 17:08 - 2016-01-04 21:28 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2016-01-12 17:08 - 2016-01-04 21:28 - 00082096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll 2016-01-12 17:08 - 2016-01-04 21:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll 2016-01-12 17:08 - 2016-01-04 21:15 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL 2016-01-12 17:08 - 2016-01-04 21:15 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll 2016-01-12 17:08 - 2016-01-04 21:15 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll 2016-01-12 17:08 - 2016-01-04 21:10 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfh264enc.dll 2016-01-12 17:08 - 2016-01-04 21:10 - 00278424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL 2016-01-12 17:08 - 2016-01-04 21:09 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2016-01-12 17:08 - 2016-01-04 21:02 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll 2016-01-12 17:08 - 2016-01-04 21:02 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll 2016-01-12 17:08 - 2016-01-04 21:01 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax 2016-01-12 17:08 - 2016-01-04 21:00 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2016-01-12 17:08 - 2016-01-04 21:00 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-01-12 17:08 - 2016-01-04 20:59 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-01-12 17:08 - 2016-01-04 20:57 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll 2016-01-12 17:08 - 2016-01-04 20:57 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2016-01-12 17:08 - 2016-01-04 20:56 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-01-12 17:08 - 2016-01-04 20:51 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL 2016-01-12 17:08 - 2016-01-04 20:44 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll 2016-01-12 17:08 - 2016-01-04 20:44 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll 2016-01-12 17:08 - 2016-01-04 20:42 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL 2016-01-12 17:08 - 2016-01-04 20:38 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfh264enc.dll 2016-01-12 17:08 - 2016-01-04 20:32 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll 2016-01-12 17:08 - 2016-01-04 20:31 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax 2016-01-12 17:08 - 2016-01-04 20:29 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2016-01-12 17:08 - 2016-01-04 20:29 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-01-12 17:08 - 2016-01-04 20:24 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-01-12 17:08 - 2016-01-04 20:19 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL 2016-01-10 05:09 - 2016-01-10 05:09 - 00000000 ___HD C:\WINDOWS\AxInstSV 2016-01-10 03:57 - 2016-01-10 03:57 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo 2016-01-10 03:57 - 2016-01-10 03:57 - 00000000 ____D C:\WINDOWS\Downloaded Installations 2016-01-10 03:56 - 2016-01-10 03:56 - 00001287 _____ C:\Users\Public\Desktop\SHAREit.lnk 2016-01-10 03:56 - 2016-01-10 03:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo 2016-01-08 05:46 - 2016-01-08 05:46 - 00000728 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® HD Graphics Control Panel.lnk 2016-01-08 05:37 - 2016-01-08 05:37 - 00000000 ____D C:\ProgramData\IntelDLM 2016-01-07 15:18 - 2016-01-07 15:18 - 00004540 _____ C:\Users\JacJefferson\Desktop\NVIDIA System Information 01-08-2016 04-18-07.txt 2016-01-07 15:05 - 2016-01-07 15:05 - 00000000 ____D C:\Users\JacJefferson\AppData\Roaming\CyberLink 2016-01-07 15:05 - 2016-01-07 15:05 - 00000000 ____D C:\Users\JacJefferson\AppData\Local\Power2Go 2016-01-07 15:00 - 2016-01-07 15:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite 2016-01-07 14:57 - 2016-01-08 08:23 - 00000000 ____D C:\ProgramData\CyberLink 2016-01-07 14:44 - 2016-01-07 14:44 - 00000000 ____D C:\Users\JacJefferson\AppData\Roaming\ASUS 2016-01-07 14:41 - 2016-01-08 08:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asus Drivers Download Utility 2016-01-07 14:41 - 2016-01-08 08:23 - 00000000 ____D C:\Program Files\Asus Drivers Download Utility 2016-01-05 00:15 - 2016-01-05 00:15 - 00000000 ____D C:\Users\JacJefferson\AppData\Local\Lenovo 2016-01-05 00:14 - 2016-01-05 00:14 - 00000000 ____D C:\Program Files (x86)\Lenovo 2016-01-04 03:04 - 2016-01-04 05:27 - 00000000 ____D C:\Users\JacJefferson\Desktop\tropicana 2015-12-29 01:37 - 2015-12-29 01:37 - 00000000 _____ C:\Users\JacJefferson\systeminfo ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-28 01:01 - 2015-05-14 07:48 - 00000000 ____D C:\Users\JacJefferson\AppData\Roaming\Skype 2016-01-28 00:56 - 2015-06-10 03:52 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-01-28 00:52 - 2015-08-25 15:17 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C5A4667B-6E95-4A17-95C1-799C060D9CCE} 2016-01-28 00:50 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-01-28 00:45 - 2015-09-21 06:38 - 00000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2016-01-28 00:35 - 2015-05-13 09:03 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-01-28 00:34 - 2015-06-05 23:57 - 00000000 ____D C:\Users\JacJefferson\AppData\Local\CrashDumps 2016-01-28 00:25 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-01-28 00:24 - 2015-08-09 23:57 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture 2016-01-27 23:32 - 2015-05-13 09:03 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-01-27 23:22 - 2015-09-21 06:38 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2016-01-27 23:22 - 2015-08-10 00:00 - 00000000 __SHD C:\Users\JacJefferson\IntelGraphicsProfiles 2016-01-27 23:22 - 2015-05-13 00:52 - 00217328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-01-27 23:19 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-01-27 08:03 - 2015-07-10 04:05 - 00786432 ___SH C:\WINDOWS\system32\config\BBI 2016-01-27 06:04 - 2015-07-10 06:04 - 00000000 ___HD C:\Program Files\WindowsApps 2016-01-27 05:48 - 2015-05-13 07:03 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-01-27 05:43 - 2015-08-09 19:50 - 00000000 ____D C:\Users\JacJefferson 2016-01-27 05:02 - 2015-07-10 06:02 - 00000000 ____D C:\WINDOWS\INF 2016-01-27 03:43 - 2015-12-04 10:33 - 00000000 ____D C:\Program Files (x86)\Samsung 2016-01-27 03:43 - 2015-06-21 16:53 - 00000000 ____D C:\Users\JacJefferson\AppData\Roaming\Samsung 2016-01-27 03:43 - 2012-10-23 09:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-01-27 03:30 - 2015-06-09 19:39 - 00000000 _____ C:\Recovery.txt 2016-01-27 03:27 - 2015-08-09 19:50 - 00000000 ____D C:\Users\UpdatusUser 2016-01-27 03:09 - 2015-05-13 00:52 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-01-27 03:05 - 2015-05-13 09:36 - 00000000 ____D C:\Users\JacJefferson\AppData\Roaming\Spotify 2016-01-27 03:00 - 2015-05-13 09:40 - 00000000 ____D C:\Users\JacJefferson\AppData\Local\Spotify 2016-01-27 01:16 - 2015-05-13 00:46 - 00000000 ____D C:\ProgramData\Package Cache 2016-01-26 09:18 - 2015-05-15 18:32 - 00000000 ___RD C:\Users\JacJefferson\Google Drive 2016-01-26 05:37 - 2015-12-22 13:51 - 00000000 ____D C:\Users\JacJefferson\AppData\Roaming\.purple 2016-01-26 04:36 - 2015-07-14 01:20 - 00000000 ____D C:\Users\JacJefferson\AppData\Local\gtk-2.0 2016-01-24 13:50 - 2015-06-10 02:16 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2016-01-24 13:45 - 2015-05-13 00:13 - 00000000 ____D C:\Users\JacJefferson\AppData\Local\Packages 2016-01-24 07:50 - 2015-06-13 08:34 - 00000000 ____D C:\KMPlayer 2016-01-23 03:00 - 2015-09-27 18:19 - 00000000 ___RD C:\Users\JacJefferson\Dropbox 2016-01-23 03:00 - 2015-09-21 06:38 - 00000000 ____D C:\Users\JacJefferson\AppData\Local\Dropbox 2016-01-23 00:41 - 2015-07-10 06:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2016-01-22 22:02 - 2015-05-13 00:52 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-01-21 15:08 - 2015-05-14 07:47 - 00000000 ____D C:\ProgramData\Skype 2016-01-20 06:06 - 2015-08-09 20:06 - 00774730 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-01-20 02:48 - 2015-05-13 22:37 - 00000000 ____D C:\Users\JacJefferson\AppData\Local\ElevatedDiagnostics 2016-01-20 00:16 - 2015-05-13 09:54 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-01-20 00:10 - 2015-05-13 09:54 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-01-19 23:56 - 2015-06-10 03:52 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2016-01-19 22:20 - 2015-07-10 07:20 - 00351360 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-01-19 22:16 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-01-19 08:31 - 2015-09-05 16:29 - 00003656 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask 2016-01-19 08:21 - 2015-05-18 00:44 - 00774730 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2016-01-19 08:06 - 2015-05-14 03:49 - 00007614 _____ C:\Users\JacJefferson\AppData\Local\Resmon.ResmonCfg 2016-01-19 04:45 - 2015-08-10 03:40 - 00000000 ___DC C:\WINDOWS\Panther 2016-01-19 04:45 - 2015-06-08 02:09 - 00000000 ____D C:\Users\JacJefferson\Desktop\Tweaking Utils 2016-01-19 04:45 - 2015-06-03 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Frog SEO Spider 2016-01-19 03:56 - 2015-06-25 09:42 - 00000873 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-01-19 03:55 - 2015-05-13 09:03 - 00000000 ____D C:\Program Files (x86)\Google 2016-01-18 23:02 - 2015-05-18 00:38 - 00000463 _____ C:\DelFix.txt 2016-01-18 11:05 - 2015-11-03 04:22 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-01-18 09:55 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\System 2016-01-18 09:35 - 2015-08-09 19:47 - 00000000 ____D C:\ProgramData\NVIDIA 2016-01-18 09:32 - 2015-08-09 19:47 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2016-01-18 09:25 - 2015-08-09 19:47 - 00000000 ____D C:\WINDOWS\system32\DAX2 2016-01-18 09:25 - 2015-06-07 22:07 - 00003194 _____ C:\WINDOWS\System32\Tasks\RTKCPL 2016-01-18 09:24 - 2015-08-09 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2016-01-18 08:58 - 2015-08-09 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\sda 2016-01-17 21:44 - 2015-07-10 06:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-01-17 21:44 - 2015-07-10 06:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2016-01-17 21:42 - 2015-12-07 05:51 - 00000000 ____D C:\Program Files\Microsoft Office 2016-01-14 09:00 - 2015-11-18 02:46 - 00001217 _____ C:\Users\Public\Desktop\Avira Launcher.lnk 2016-01-14 08:59 - 2015-11-18 02:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-01-12 23:28 - 2015-10-25 07:34 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-01-12 23:28 - 2015-10-25 07:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-01-12 21:39 - 2015-10-25 07:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-01-10 03:30 - 2015-09-30 11:52 - 00003628 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher 2016-01-08 08:27 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB 2016-01-08 08:27 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\en-GB 2016-01-08 08:27 - 2012-10-23 09:28 - 00000000 ____D C:\ProgramData\P4G 2016-01-08 08:25 - 2015-07-10 04:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2016-01-08 08:25 - 2015-07-10 04:05 - 00000000 ____D C:\WINDOWS\servicing 2016-01-08 08:24 - 2015-12-28 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-01-08 08:24 - 2012-08-04 12:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS 2016-01-08 08:03 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\registration 2016-01-08 07:58 - 2015-08-09 19:46 - 00000000 ____D C:\Program Files (x86)\ASUS 2016-01-08 07:39 - 2015-08-09 23:58 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat 2016-01-08 05:46 - 2015-05-29 19:32 - 00000716 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk 2016-01-08 05:46 - 2015-05-14 10:31 - 00000000 ____D C:\Program Files (x86)\Intel 2016-01-08 05:46 - 2012-10-23 09:11 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2016-01-02 20:40 - 2015-07-10 06:06 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-01-02 20:40 - 2015-07-10 06:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2015-09-14 01:06 - 2015-09-14 01:06 - 0209702 _____ () C:\Users\JacJefferson\AppData\Local\ars.cache 2015-09-14 01:06 - 2015-09-14 01:06 - 0549069 _____ () C:\Users\JacJefferson\AppData\Local\census.cache 2015-09-14 00:33 - 2015-09-14 00:33 - 0000036 _____ () C:\Users\JacJefferson\AppData\Local\housecall.guid.cache 2015-08-31 07:44 - 2015-08-31 07:44 - 0000743 _____ () C:\Users\JacJefferson\AppData\Local\recently-used.xbel 2015-05-14 03:49 - 2016-01-19 08:06 - 0007614 _____ () C:\Users\JacJefferson\AppData\Local\Resmon.ResmonCfg 2015-09-14 00:47 - 2015-09-14 00:47 - 0000010 _____ () C:\Users\JacJefferson\AppData\Local\sponge.last.runtime.cache 2015-08-09 19:47 - 2015-08-09 19:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2012-08-04 12:37 - 2012-07-30 01:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd 2012-08-04 12:37 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2016-01-07 14:58 - 2016-01-07 15:00 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2016-01-07 14:58 - 2016-01-07 14:58 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Some files in TEMP: ==================== C:\Users\JacJefferson\AppData\Local\Temp\avgnt.exe C:\Users\JacJefferson\AppData\Local\Temp\sfamcc00001.dll C:\Users\JacJefferson\AppData\Local\Temp\sfareca00001.dll C:\Users\JacJefferson\AppData\Local\Temp\sfextra.dll C:\Users\JacJefferson\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-01-21 16:00 ==================== End of FRST.txt ============================
  17. So I just installed the application and the system is smooth and low on resources (in a good way) like always, normally. So Like MBAM and MBAE's excellent compatibility with Anti-Virus software, MBAR is also safe to run alongside other stuff. Currently I am running MBAR along with the following, simultaneously Zemana Anti-KeyloggerWindows Defender in Windows 10MBAMMBAEWhat configuration do you have and did you encounter any issues?
  18. Hello. The other day i got a random popup as i was chilling on my pc and it said that i had to restart my pc because some MBAR modules were corrupted/missing. I didn't give it much attention so i restarted my pc. And boom. It enters recovery mode and cannot normal OR safe mode boot anymore...I checked the logs from the recovery mode and it said that the mbamswissarmy.sys is missing. Why do you guys install such files in windows directories and also, why the hell cannot my pc start, i mean, my windows installation is on C: and the problem appeared on the D: drive...(it's a partition though, maybe that's the answer lol). Anyways, can you guys provide a solid solution to this? I cannot afford to lose the data on my pc
  19. MBAR crashes while scanning the Registry and Directory data. I can't complete the scan. Anyone know how to fix this?
  20. After installing MBAR 1.07.0.1009 and executing the application, I am able to update the definitions successfully to today's date and then when I start a full scan (all objects selected) it says Initializing and then blue screens my system. (Windows 7 64bit SP1 - Lenovo T430s). Never had this issue with any previous versions of MBAR. Any ideas what changed between 1008 and 1009 that is causing this issue?
  21. I just did a clean install of windows 7. I then installed malwarebytes anti-malware and anti-rootkit. The Malwarebytes anti-malware opens perfectly fine. It updates and scans well. The anti-rootkit is causing me problems however. It doesn't open at all. I tried opening as administrator but all it does is have a loading icon, then a few seconds later freezes my whole computer. I can't control+alt+delete or move my mouse at all. Everything is just frozen. Malwarebytes anti-malware didn't detect any issues either.
  22. I wanted to get a second opinion from you guys on some results from the Malwarebytes Anti-Rootkit scanner we have used on several Windows machines on our network. We noticed some issues with odd behavior on our network, and got them cleaned up we believe for the most part with MSE and Malwarebytes Malware Scanner (not mbar). To be extra thorough we decided to scan some of the Windows servers with the MWB Anti-Rootkit scanner for extra assurance. We found a handful of computers with positive results from MBAR. All of the results came up with "Unknown.rootkit.Driver" across a variety of files in C:\windows\system32\drivers, which MBAR reported as "Forged File". However we took the files and uploaded them to virustotal.com which is run by Kaspersky which checks the hashes of the files against known good file. All of the positive results we got were for Windows 2003 Servers, no other servers appear to be yeilding results from mbar. My questions are this: -How does mbar classify files as a "forged file"? -Are there ways these files can be coming up as good on virustotal.com but still be infected with rootkits? -Does anyone here with the know how still believe these infections are legit? The mbar results for one of these servers are below: --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1007 © Malwarebytes Corporation 2011-2012 OS version: 5.2.3790 Windows Server 2003 Service Pack 2 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_13 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 2.327000 GHz Memory total: 2142724096, free: 1236303872 Downloaded database version: v2013.11.22.09 Downloaded database version: v2013.10.11.02 ======================================= Initializing... ------------ Kernel report ------------ 11/22/2013 09:46:17 ------------ Loaded modules ----------- \WINDOWS\system32\ntkrnlpa.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS intelide.sys MountMgr.sys ftdisk.sys dmload.sys dmio.sys volsnap.sys PartMgr.sys xevtchn.sys \WINDOWS\system32\DRIVERS\XENUTIL.SYS xenvif.sys atapi.sys perc2.sys \WINDOWS\system32\drivers\SCSIPORT.SYS xenvbd.sys scsifilt.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltmgr.sys MpFilter.sys Dfs.sys KSecDD.sys Ntfs.sys NDIS.sys xennet.sys r1vssfltr.sys r1fltr.sys Mup.sys crcdisk.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\fdc.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\cirrus.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\watchdog.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\xeniface.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_xenvbd.sys \SystemRoot\System32\Drivers\dump_XENUTIL.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\parvdm.sys \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\system32\DRIVERS\srv.sys \SystemRoot\System32\Drivers\TDTCP.SYS \SystemRoot\System32\Drivers\RDPWD.SYS \SystemRoot\System32\RDPDD.dll \SystemRoot\System32\cirrus.dll \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff89ffd9a8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Scsi\xenvbd1Port2Path0Target0Lun0\ Lower Device Object: 0xffffffff89f09030 Lower Device Driver Name: \Driver\xenvbd\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff89ffd9a8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff89f0ab80, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff89ffd9a8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff89faccf8, DeviceName: Unknown, DriverName: \Driver\scsifilt\ DevicePointer: 0xffffffff89f09030, DeviceName: \Device\Scsi\xenvbd1Port2Path0Target0Lun0\, DriverName: \Driver\xenvbd\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 512, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 512, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 512, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Read File: File "C:\WINDOWS\system32\drivers\smb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\smb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\smclib.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sonydcam.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\sonydcam.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\srv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\srv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\storport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\storport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\stream.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\stream.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\swenum.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tape.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\tape.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tcpip.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\tcpip.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tcpip6.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\tcpip6.sys" is compressed (flags = 1) File C:\WINDOWS\SYSTEM32\drivers\tcpip6.sys --> [Forged file] Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\tcpip6.sys Read File: File "C:\WINDOWS\system32\drivers\tcpip6.sys" is compressed (flags = 1) Infected: C:\WINDOWS\SYSTEM32\drivers\tcpip6.sys --> [unknown.Rootkit.Driver] Read File: File "C:\WINDOWS\system32\drivers\tdi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\tdi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tdpipe.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\tdpipe.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tdtcp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\tdtcp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\termdd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\termdd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tunmp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\tunmp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\uagp35.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\udfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\udfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\uliagpkx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\uliagpkx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\fastfat.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\fastfat.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\fdc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\fips.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\fips.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\flpydisk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\fltmgr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\fltmgr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\fsvga.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\fs_rec.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\fs_rec.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ftdisk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\gagp30kx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hdaudbus.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hdaudio.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\hdaudio.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hidclass.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hidparse.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hidusb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hpcisss.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\hpcisss.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\http.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\http.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\i8042prt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\imapi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\imapi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\acpi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\acpiec.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\afd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\afd.sys" is compressed (flags = 1) File C:\WINDOWS\SYSTEM32\drivers\afd.sys --> [Forged file] Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\afd.sys Read File: File "C:\WINDOWS\system32\drivers\afd.sys" is compressed (flags = 1) Infected: C:\WINDOWS\SYSTEM32\drivers\afd.sys --> [unknown.Rootkit.Driver] Read File: File "C:\WINDOWS\system32\drivers\amdide.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\amdide.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\amdk6.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\amdk6.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\amdk7.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\amdk7.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\amdk8.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\arc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\arc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\asyncmac.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\asyncmac.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atapi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati2mpad.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ati2mpad.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmarpc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmarpc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmarps.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmarps.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmepvc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmlane.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmlane.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\atmuni.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\audstub.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\audstub.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mouhid.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mountmgr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\mountmgr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\MpFilter.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\MpFilter.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mqac.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\mqac.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mrxdav.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\mrxdav.sys" is compressed (flags = 1) File C:\WINDOWS\SYSTEM32\drivers\mrxdav.sys --> [Forged file] Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\mrxdav.sys Read File: File "C:\WINDOWS\system32\drivers\mrxdav.sys" is compressed (flags = 1) Infected: C:\WINDOWS\SYSTEM32\drivers\mrxdav.sys --> [unknown.Rootkit.Driver] Read File: File "C:\WINDOWS\system32\drivers\mrxsmb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\mrxsmb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\msfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\msfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\msgpc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\msgpc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mssmbios.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mup.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\mup.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ndis.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ndis.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ndistapi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ndistapi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ndisuio.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ndisuio.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ndiswan.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ndiswan.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ndproxy.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ndproxy.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\netbios.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\netbios.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\netbt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\netbt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nmnt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\nmnt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\npfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\npfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ntfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ntfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rasl2tp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rasl2tp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\raspppoe.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\raspppoe.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\raspptp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\raspptp.sys" is compressed (flags = 1) File C:\WINDOWS\SYSTEM32\drivers\raspptp.sys --> [Forged file] Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\raspptp.sys Read File: File "C:\WINDOWS\system32\drivers\raspptp.sys" is compressed (flags = 1) Infected: C:\WINDOWS\SYSTEM32\drivers\raspptp.sys --> [unknown.Rootkit.Driver] Read File: File "C:\WINDOWS\system32\drivers\raspti.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\raspti.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rawwan.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rdbss.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rdbss.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rdpcdd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rdpcdd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rdpdr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rdpdr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rdpwd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rdpwd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\redbook.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\redbook.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rmcast.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rmcast.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rndismp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rndismp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rndismpx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rootmdm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\RTL8139.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\RTL8139.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sacdrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\sacdrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\scsifilt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\scsifilt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\scsiport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\scsiport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\secdrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\secdrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\serenum.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\serial.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\beep.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\beep.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\intelide.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\intelide.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mouclass.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\null.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\null.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rasacd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\rasacd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sfloppy.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\update.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\update.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usb8023.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usb8023.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usb8023x.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbcamd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbcamd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbcamd2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbcamd2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbccgp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbccid.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbccid.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbhub.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbintel.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbintel.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbohci.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbuhci.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\vdmindvd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\vga.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\vga.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\videoprt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\videoprt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\volsnap.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wanarp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\wanarp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\watchdog.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\watchdog.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wlbs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\wlbs.sys" is compressed (flags = 1) File C:\WINDOWS\SYSTEM32\drivers\wlbs.sys --> [Forged file] Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\wlbs.sys Read File: File "C:\WINDOWS\system32\drivers\wlbs.sys" is compressed (flags = 1) Infected: C:\WINDOWS\SYSTEM32\drivers\wlbs.sys --> [unknown.Rootkit.Driver] Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\wmilib.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wpdusb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\wpdusb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ws2ifsl.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\xeniface.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\xeniface.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\xennet.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\xennet.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\xenutil.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\xenutil.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\xenvbd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\xenvbd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\xenvif.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\xenvif.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\xevtchn.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\xevtchn.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nv_agp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\nv_agp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnkipx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnkipx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnknb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwlnkspx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwrdr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\nwrdr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\oprghdlr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\p3.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\p3.sys" is compressed (flags = 1) File C:\WINDOWS\SYSTEM32\drivers\p3.sys --> [Forged file] Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\p3.sys Read File: File "C:\WINDOWS\system32\drivers\p3.sys" is compressed (flags = 1) Infected: C:\WINDOWS\SYSTEM32\drivers\p3.sys --> [unknown.Rootkit.Driver] Read File: File "C:\WINDOWS\system32\drivers\parport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\partmgr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\partmgr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\parvdm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\parvdm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\pci.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\pciide.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\pciidex.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\pcmcia.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\perc2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\perc2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\perc2cin.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\perc2cin.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\perc2evt.exe" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\perc2evt.exe" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\processr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\psched.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\psched.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ptilink.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ptilink.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\r1fltr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\r1fltr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\r1vssfltr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\r1vssfltr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bridge.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\bridge.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\cbidf2k.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cdfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\cdfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cdrom.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cirrus.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\cirrus.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\classpnp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\classpnp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\crcdisk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\crcdisk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\crusoe.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\crusoe.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\dfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\dfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\disk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\diskdump.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\diskdump.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\dmboot.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\dmboot.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\dmio.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\dmio.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\dmload.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\dxapi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\dxapi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\dxgthk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\dxgthk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\e1000325.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\e1000325.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\intelppm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ip6fw.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ip6fw.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ipfltdrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ipnat.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ipnat.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ipsec.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ipsec.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\isapnp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\kbdclass.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\kbdhid.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ks.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\SYSTEM32\drivers\ks.sys" is compressed (flags = 1) File C:\WINDOWS\SYSTEM32\drivers\ks.sys --> [Forged file] Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\ks.sys Read File: File "C:\WINDOWS\system32\drivers\ks.sys" is compressed (flags = 1) Infected: C:\WINDOWS\SYSTEM32\drivers\ks.sys --> [unknown.Rootkit.Driver] Too many forged files. Probable DDA driver failure. Driver scan terminated, results discarded. Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 6FEB239E Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 64197 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 64260 Numsec = 20563200 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 20627460 Numsec = 266084595 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 214758850560 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-419430880-419450880)... Done! Read File: File "C:\WINDOWS\system32\config\AppEvent.Evt" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\SecEvent.Evt" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\SysEvent.Evt" is compressed (flags = 1) Read File: File "C:\Documents and Settings\******\Cookies\index.dat" is compressed (flags = 1) Read File: File "C:\WINDOWS\WindowsUpdate.log" is compressed (flags = 1) Read File: File "C:\Documents and Settings\******\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1) Scan finished Thanks, Security_Concerned
  23. Every time I try to run Malwarebytes Anti-Rootkit (mbar.exe), my computer instantly crashes and displays the infamous blue screen of death. It says something about mbam and chameleon, but I don't quite recall and, at this point, I'm tired of intentionally crashing my computer whilst troubleshooting. It might be important to note that running MBAR in Safe Mode does not result in a crash. Does anybody know the solution?
  24. I run malwarebytes as a routine check-up on a regular basis on my XP computer and this time it popped up a malware file called adware.domianIQ which it killed off. So I ran spybot S&D to confirm nothing else was missed and it popped up a directory folder under my application data called "conduit", which it said was related to the win32.downloader.gen malware. It did not actually find that malware file, and the folder was deleted. (The folder appeared to have been created around 2010) I decided to run malwarebytes anti-rootkit as well to doublecheck everything was OK, and I've used it before even though it still says it's a beta version, it's never caused me any problems. The report from that program came up clean, but I began reading other posts here and at other forums and decided to use the program "roguekiller" as a way to double-check the rootkit situation as I have seen having more than one program for each aspect of cleaning often is better than one. The roguekiller program found some questionable things and it corrected what it could. It removed all the local 127.0.0.1 website redirects which one of my security programs placed in my hosts file at some time to block access to all those sites, and I think this could have been left alone. Nothing else terribly serious like an actual rootkit file. But what really concerns me is all the unknown SSDT hooks it found which I thought it would correct, but it just removed the ones that refered to mbamchameleon after I hit the "delete button". I only know a little bit about rootkits and I was told that they use these types of hooks to bury themselves into the windows kernel, and this many unknown hooks really looks suspicious to me. Several other hooks were listed as related to symantec (which must be norton internet security finding a way to protect itself) and under the category "legit" it labeled these hooks as "true", so the only ones it prints in these reports are the hooks it labeled as "false" under their "legit" heading: ¤¤¤ Driver : [LOADED] ¤¤¤ [Address] SSDT[12] : NtAlertResumeThread @ 0x80635F32 -> HOOKED (Unknown @ 0x8A78B3A0) [Address] SSDT[13] : NtAlertThread @ 0x80581F8C -> HOOKED (Unknown @ 0x8A7A3AC8) [Address] SSDT[17] : NtAllocateVirtualMemory @ 0x8056FBB6 -> HOOKED (Unknown @ 0x8A785008) [Address] SSDT[19] : NtAssignProcessToJobObject @ 0x805A975C -> HOOKED (Unknown @ 0x8A7AC080) [Address] SSDT[31] : NtConnectPort @ 0x80591DCA -> HOOKED (Unknown @ 0x8AA5BB28) [Address] SSDT[43] : NtCreateMutant @ 0x8057D470 -> HOOKED (Unknown @ 0x8A05D680) [Address] SSDT[52] : NtCreateSymbolicLinkObject @ 0x805A86E8 -> HOOKED (Unknown @ 0x8A7CB060) [Address] SSDT[53] : NtCreateThread @ 0x805840DD -> HOOKED (Unknown @ 0x8A66F528) [Address] SSDT[57] : NtDebugActiveProcess @ 0x80660711 -> HOOKED (Unknown @ 0x8A7AC160) [Address] SSDT[68] : NtDuplicateObject @ 0x8057E299 -> HOOKED (Unknown @ 0x8A0FE3F0) [Address] SSDT[83] : NtFreeVirtualMemory @ 0x805700B0 -> HOOKED (Unknown @ 0x8A7C5148) [Address] SSDT[89] : NtImpersonateAnonymousToken @ 0x80599621 -> HOOKED (Unknown @ 0x8A05D770) [Address] SSDT[91] : NtImpersonateThread @ 0x80586AD6 -> HOOKED (Unknown @ 0x8A78B2C0) [Address] SSDT[97] : NtLoadDriver @ 0x805B9849 -> HOOKED (Unknown @ 0x8A820228) [Address] SSDT[108] : unknown @ 0x8057C120 -> HOOKED (Unknown @ 0x8A7C5068) [Address] SSDT[114] : NtOpenEvent @ 0x8058F5DD -> HOOKED (Unknown @ 0x8A77D1A0) [Address] SSDT[122] : NtOpenProcess @ 0x8057964C -> HOOKED (C:\WINDOWS\SYSTEM32\DRIVERS\mbamchameleon.sys @ 0xB3F08C4C) [Address] SSDT[123] : NtOpenProcessToken @ 0x805774B2 -> HOOKED (Unknown @ 0x8A75F138) [Address] SSDT[125] : NtOpenSection @ 0x8057CF33 -> HOOKED (Unknown @ 0x8A7D81A0) [Address] SSDT[128] : NtOpenThread @ 0x805B13C6 -> HOOKED (C:\WINDOWS\SYSTEM32\DRIVERS\mbamchameleon.sys @ 0xB3F08D3C) [Address] SSDT[137] : NtProtectVirtualMemory @ 0x80583D91 -> HOOKED (Unknown @ 0x8A7CB150) [Address] SSDT[206] : NtResumeThread @ 0x80584754 -> HOOKED (Unknown @ 0x8A7A3BA8) [Address] SSDT[213] : NtSetContextThread @ 0x806340DB -> HOOKED (Unknown @ 0x8A7D1110) [Address] SSDT[228] : NtSetInformationProcess @ 0x80573B37 -> HOOKED (Unknown @ 0x8A7D1008) [Address] SSDT[240] : NtSetSystemInformation @ 0x805E5EDD -> HOOKED (Unknown @ 0x8A7D8078) [Address] SSDT[253] : NtSuspendProcess @ 0x80635E77 -> HOOKED (Unknown @ 0x8A77D0E0) [Address] SSDT[254] : NtSuspendThread @ 0x80635D93 -> HOOKED (Unknown @ 0x8A77F0F0) [Address] SSDT[257] : NtTerminateProcess @ 0x8058C3F5 -> HOOKED (Unknown @ 0x8A7D6050) [Address] SSDT[258] : unknown @ 0x805815E5 -> HOOKED (Unknown @ 0x8A77F008) [Address] SSDT[267] : NtUnmapViewOfSection @ 0x8057BCA8 -> HOOKED (Unknown @ 0x8A7DE138) [Address] SSDT[277] : NtWriteVirtualMemory @ 0x805869E5 -> HOOKED (Unknown @ 0x8A785098) [Address] Shadow SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8AB9A158) [Address] Shadow SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8A7F3E50) [Address] Shadow SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8A7F3F00) [Address] Shadow SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x8A75CB70) [Address] Shadow SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8AB94518) [Address] Shadow SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x8A79D530) [Address] Shadow SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x8ABFF900) [Address] Shadow SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8A01C220) [Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8AC0A098) [Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x89FCC6C8) After the delete button, I see hooks to the mbamchameleon have been removed, but not all these others: ¤¤¤ Driver : [LOADED] ¤¤¤ [Address] SSDT[12] : NtAlertResumeThread @ 0x80635F32 -> HOOKED (Unknown @ 0x8A859118) [Address] SSDT[13] : NtAlertThread @ 0x80581F8C -> HOOKED (Unknown @ 0x8A859008) [Address] SSDT[17] : NtAllocateVirtualMemory @ 0x8056FBB6 -> HOOKED (Unknown @ 0x8A7D4150) [Address] SSDT[19] : NtAssignProcessToJobObject @ 0x805A975C -> HOOKED (Unknown @ 0x8A89E0F8) [Address] SSDT[31] : NtConnectPort @ 0x80591DCA -> HOOKED (Unknown @ 0x8AA39548) [Address] SSDT[43] : NtCreateMutant @ 0x8057D470 -> HOOKED (Unknown @ 0x8A839090) [Address] SSDT[52] : NtCreateSymbolicLinkObject @ 0x805A86E8 -> HOOKED (Unknown @ 0x8A8510E8) [Address] SSDT[53] : NtCreateThread @ 0x805840DD -> HOOKED (Unknown @ 0x8A7D6A00) [Address] SSDT[57] : NtDebugActiveProcess @ 0x80660711 -> HOOKED (Unknown @ 0x8A844050) [Address] SSDT[68] : NtDuplicateObject @ 0x8057E299 -> HOOKED (Unknown @ 0x8A7F5108) [Address] SSDT[83] : NtFreeVirtualMemory @ 0x805700B0 -> HOOKED (Unknown @ 0x8A850108) [Address] SSDT[89] : NtImpersonateAnonymousToken @ 0x80599621 -> HOOKED (Unknown @ 0x8A839160) [Address] SSDT[91] : NtImpersonateThread @ 0x80586AD6 -> HOOKED (Unknown @ 0x8A859058) [Address] SSDT[97] : NtLoadDriver @ 0x805B9849 -> HOOKED (Unknown @ 0x8AA39510) [Address] SSDT[108] : unknown @ 0x8057C120 -> HOOKED (Unknown @ 0x8A875008) [Address] SSDT[114] : NtOpenEvent @ 0x8058F5DD -> HOOKED (Unknown @ 0x8A839058) [Address] SSDT[122] : NtOpenProcess @ 0x8057964C -> HOOKED (Unknown @ 0x8A7F92C0) [Address] SSDT[123] : NtOpenProcessToken @ 0x805774B2 -> HOOKED (Unknown @ 0x8A7F7198) [Address] SSDT[125] : NtOpenSection @ 0x8057CF33 -> HOOKED (Unknown @ 0x8A881058) [Address] SSDT[128] : NtOpenThread @ 0x805B13C6 -> HOOKED (Unknown @ 0x8A7F5008) [Address] SSDT[137] : NtProtectVirtualMemory @ 0x80583D91 -> HOOKED (Unknown @ 0x8A851008) [Address] SSDT[206] : NtResumeThread @ 0x80584754 -> HOOKED (Unknown @ 0x8A8430E0) [Address] SSDT[213] : NtSetContextThread @ 0x806340DB -> HOOKED (Unknown @ 0x8A880160) [Address] SSDT[228] : NtSetInformationProcess @ 0x80573B37 -> HOOKED (Unknown @ 0x8A875080) [Address] SSDT[240] : NtSetSystemInformation @ 0x805E5EDD -> HOOKED (Unknown @ 0x8A8440D0) [Address] SSDT[253] : NtSuspendProcess @ 0x80635E77 -> HOOKED (Unknown @ 0x8A8810D8) [Address] SSDT[254] : NtSuspendThread @ 0x80635D93 -> HOOKED (Unknown @ 0x8A8431A0) [Address] SSDT[257] : NtTerminateProcess @ 0x8058C3F5 -> HOOKED (Unknown @ 0x8A7F3320) [Address] SSDT[258] : unknown @ 0x805815E5 -> HOOKED (Unknown @ 0x8A8800A0) [Address] SSDT[267] : NtUnmapViewOfSection @ 0x8057BCA8 -> HOOKED (Unknown @ 0x8A6EF198) [Address] SSDT[277] : NtWriteVirtualMemory @ 0x805869E5 -> HOOKED (Unknown @ 0x8A850008) [Address] Shadow SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8A84AF00) [Address] Shadow SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8A03F0E0) [Address] Shadow SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8A057438) [Address] Shadow SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x8A16D4D8) [Address] Shadow SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8A0574F8) [Address] Shadow SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x8A057C88) [Address] Shadow SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x8A057A60) [Address] Shadow SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8A057970) [Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8A822758) [Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8A09A830) The MBR for my drive is intact and OK according to roguekiller. I ran TDDSKiller next to see what that brought up and all it showed were 9 questionable unsigned files and I quarantined 7 of them before I delete them as I'd like to research them a bit further. (The default option available was just "skip", not "cure" as I've been told comes up when a dangerous rootkit file is found.) 01:17:09.0328 0904 Scan finished 01:17:09.0328 0904 ============================================================ 01:17:09.0437 0896 Detected object count: 9 01:17:09.0437 0896 Actual detected object count: 9 01:20:50.0390 0896 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user 01:20:50.0390 0896 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 01:20:50.0468 0896 C:\WINDOWS\system32\drivers\aslm75.sys - copied to quarantine 01:20:50.0468 0896 aslm75 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 01:20:50.0562 0896 C:\WINDOWS\system32\HPZinw12.dll - copied to quarantine 01:20:50.0562 0896 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 01:20:50.0625 0896 C:\WINDOWS\system32\HPZipm12.dll - copied to quarantine 01:20:50.0625 0896 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 01:20:50.0703 0896 C:\WINDOWS\system32\Drivers\PxHelp20.sys - copied to quarantine 01:20:50.0703 0896 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 01:20:50.0750 0896 C:\WINDOWS\system32\Drivers\Scutum50.sys - copied to quarantine 01:20:50.0750 0896 Scutum50 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 01:20:50.0828 0896 C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS - copied to quarantine 01:20:50.0828 0896 TVICHW32 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 01:20:50.0828 0896 yukonx86 ( UnsignedFile.Multi.Generic ) - skipped by user 01:20:50.0828 0896 yukonx86 ( UnsignedFile.Multi.Generic ) - User select action: Skip 01:20:50.0875 0896 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 01:20:50.0875 0896 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine 01:20:50.0890 0896 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine 01:20:50.0890 0896 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine 01:20:50.0890 0896 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine 01:20:50.0937 0896 \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine 01:20:50.0937 0896 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine The two I left alone were an Adobe License manager file for Adobe software I purchased and a yukon86 file for the old yukon marvel ethernet card I still use. But when I quarantined these 7 files, my Norton Internet Security popped up and suddenly said something related to the TDSS file system was malware, it flagged a file called tsk.0004.dta as something it calls ws.malware.2. Looking at Symantec site, it describes this as a common threat signature which is dangerous, but does not say exactly what it is or was. It's been tagged because of their "heuristic function" which thinks it looks like other knoww malware I guess. It was removed from my computer. So at this point I'm wondering if I'm OK or not. I still run XP and the computer has been working fine, I have not noticed any pop up windows or misdirects on web pages, and if I never ran the RogueKiller program, I may have never even been concerned as the 2 other anti-rootkit removal programs did their thing and did not report finding any serious files that needed curing. I'd appreciate any feedback from this forum, I know there are other programs out there that are supposed to identify the hooks and even give me a way to delete them, but I'm not sure where to turn or what software would be best to use. If these hooks are somehow legit, I'd really like to confirm that too. Thanks.
  25. Hello, How do you plan to let people beta testing MBAR know when you update the program? I believe the program will let you know when newer definitions are available, but what about updates to the program itself? Thanks much!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.