Cameron Posted February 26, 2017 ID:1104449 Share Posted February 26, 2017 I have been having trouble with backdoors for the last year now and I have tried alot of programs for fixing it. I need some help with removing it. I have already reset my computer factory mode 6 times now in the last 6 months and its been bothering me to figure out how to get rid of it, I need to figure out what is causing it to come back on each save. If anybody can give me suggestions or advice on this it would be greatly appreciated it seems every time you try to remove them or get to the original folder its empty and it replaces itself if its removed. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 26, 2017 Root Admin ID:1104469 Share Posted February 26, 2017 Hello @Cameron and Let me get some logs please so that we can see what's going on. Please read the following and post back the 3 requested logs as an attachment. Diagnostic Logs Thanks Link to post Share on other sites More sharing options...
Cameron Posted March 5, 2017 Author ID:1106586 Share Posted March 5, 2017 I wasnt able to use malware bytes because it has disabled it I tried to run malwarebytes and it wouldn't open at all. I used adwcleaner and it didnt seem to pick it up # AdwCleaner v6.044 - Logfile created 05/03/2017 at 18:00:57 # Updated on 28/02/2017 by Malwarebytes # Database : 2017-03-02.1 [Server] # Operating System : Windows 8.1 (X64) # Username : john - CAMERON # Running from : C:\Users\john\Desktop\adwcleaner_6.044.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** Folder Found: C:\ProgramData\0796b087-ac46-4625-9dce-49f51dc0dbbc Folder Found: C:\ProgramData\909a80eb-79d9-4231-9d06-8484d62860cf ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** No infected shortcut found. ***** [ Scheduled Tasks ] ***** No malicious task found. ***** [ Registry ] ***** Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\solvusoft.com Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.solvusoft.com Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\solvusoft.com Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.solvusoft.com ***** [ Web browsers ] ***** No malicious Firefox based browser items found. No malicious Chromium based browser items found. ************************* C:\AdwCleaner\AdwCleaner[S0].txt - [1432 Bytes] - [05/03/2017 18:00:57] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1505 Bytes] ########## Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 6, 2017 Root Admin ID:1106610 Share Posted March 6, 2017 I need the requested FRST logs please. Thank you Link to post Share on other sites More sharing options...
Cameron Posted March 6, 2017 Author ID:1106763 Share Posted March 6, 2017 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017 Ran by john (administrator) on CAMERON (06-03-2017 18:36:59) Running from C:\Users\john\Downloads Loaded Profiles: john (Available Profiles: john) Platform: Windows 8.1 (Update) (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft) C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe (Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe (Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (Microsoft Corporation) C:\ProgramData\Intel.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Duplex Secure Ltd.) C:\ProgramData\reverseSystem.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe () C:\Program Files\Elgato\SoundCapture\SoundCapture.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Professionalism) C:\Users\john\AppData\Roaming\Intel\Intel.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe () C:\Users\john\AppData\Local\Temp\RarSFX12\Graphics.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Mojang) C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe (Mojang) C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe (Oracle Corporation) C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\ui\updateui.exe (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-13] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Elgato Sound Capture] => C:\Program Files\Elgato\SoundCapture\SoundCapture.exe [1288704 2016-11-23] () HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation) HKLM\...\RunOnce: [reverseSystem] => cmd /c "start "reverseSystem" "C:\Program Files (x86)\reverseSystem\Reverse.exe" Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-918212172-721134584-3793019280-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation) HKU\S-1-5-21-918212172-721134584-3793019280-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.) HKU\S-1-5-21-918212172-721134584-3793019280-1002\...\Run: [javasched] => C:\Users\john\AppData\Roaming\Microsoft\Windows\Templates\Slideshows\SlideshowService.exe [98816 2017-01-24] () IFEO\AvastSvc.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\AvastUI.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\avcenter.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\avconfig.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\avgcsrvx.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\avgidsagent.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\avgnt.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\avgrsx.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\avguard.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\avgui.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\avgwdsvc.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\avp.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\avscan.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\bdagent.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\blindman.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\ccuac.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\ComboFix.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\egui.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\hijackthis.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\instup.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\keyscrambler.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\mbam.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\mbamgui.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\mbampt.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\mbamscheduler.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\mbamservice.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\MSASCui.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\rstrui.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\SDFiles.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\SDMain.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\SDWinSec.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\spybotsd.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\wireshark.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\zlclient.exe: [Debugger] C:\Windows\System32\svchost.exe ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-08-07] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel.lnk.lnk [2017-02-19] ShortcutTarget: Intel.lnk.lnk -> C:\Users\john\AppData\Roaming\Intel\Intel.exe (Professionalism) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 142.166.166.166 Tcpip\..\Interfaces\{C985647F-55E2-4DA5-9C82-CC0F024A5368}: [DhcpNameServer] 192.168.2.1 142.166.166.166 Internet Explorer: ================== HKU\S-1-5-21-918212172-721134584-3793019280-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.ca/ HKU\S-1-5-21-918212172-721134584-3793019280-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB SearchScopes: HKU\S-1-5-21-918212172-721134584-3793019280-1002 -> DefaultScope {EB7E1C9D-CD6C-466E-8B7C-05595947D37B} URL = SearchScopes: HKU\S-1-5-21-918212172-721134584-3793019280-1002 -> {EB7E1C9D-CD6C-466E-8B7C-05595947D37B} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2017-01-12] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2017-01-12] (Oracle Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2017-01-12] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-01-12] (Oracle Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-11] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-11] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-12] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-12] (Google Inc.) Chrome: ======= CHR Profile: C:\Users\john\AppData\Local\Google\Chrome\User Data\Default [2017-03-06] CHR Extension: (Google Slides) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-12] CHR Extension: (Google Docs) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-12] CHR Extension: (Google Drive) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-12] CHR Extension: (YouTube) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-12] CHR Extension: (Google Sheets) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-12] CHR Extension: (Google Docs Offline) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-12] CHR Extension: (Chrome Web Store Payments) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18] CHR Extension: (Gmail) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-12] CHR Extension: (Chrome Media Router) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-08-07] (Broadcom Corporation.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2017-01-25] () R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe [141704 2015-02-04] (Microsoft) R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell) R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [77648 2016-12-22] (Dell Inc.) R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-06-23] (Dell Inc.) R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-06-23] (Dell Inc.) S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.) R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-02-19] (Intel Corporation) R3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-01-17] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-14] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2020240 2015-01-23] (SoftThinks SAS) R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.) R2 TermService; C:\Windows\system32\rdpwrap.dll [116736 2017-02-15] (Stas'M Corp.) [File not signed] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-08-08] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-08-08] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-08-07] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7545008 2015-08-07] (Broadcom Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink) R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32464 2016-06-23] (Dell Computer Corporation) R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2016-06-23] (Dell Computer Corporation) R3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [43488 2015-11-06] (UB658) R3 ElgatoVAD; C:\Windows\system32\DRIVERS\ElgatoVAD.sys [29848 2016-09-20] (Elgato Systems GmbH) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2017-01-05] (NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-08-08] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-08-08] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-08-08] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-07-04 19:42 - 2018-07-04 19:42 - 00000000 __RHD C:\Users\Public\AccountPictures 2018-07-04 05:49 - 2018-07-04 05:49 - 00000000 ___HD C:\$SysReset 2018-07-04 03:10 - 2017-03-06 16:26 - 818053120 ___SH C:\hiberfil.sys 2018-07-04 03:10 - 2017-03-06 16:26 - 268435456 ___SH C:\swapfile.sys 2018-07-04 03:10 - 2017-03-06 16:26 - 00000000 ___SH C:\pagefile.sys 2018-07-04 03:10 - 2017-03-03 17:33 - 00000000 __SHD C:\System Volume Information 2017-03-06 18:29 - 2017-03-06 18:30 - 00043491 _____ C:\Users\john\Downloads\Addition.txt 2017-03-06 18:28 - 2017-03-06 18:36 - 00020476 _____ C:\Users\john\Downloads\FRST.txt 2017-03-06 18:28 - 2017-03-06 18:36 - 00000000 ____D C:\FRST 2017-03-06 18:28 - 2017-03-06 18:28 - 02423808 _____ (Farbar) C:\Users\john\Downloads\FRST64.exe 2017-03-06 18:27 - 2017-03-06 18:27 - 01765888 _____ (Farbar) C:\Users\john\Downloads\FRST.exe 2017-03-05 19:02 - 2017-03-05 19:02 - 00008926 _____ C:\Users\john\Downloads\Sildurs basic shaders v1.051 Motionblur.zip 2017-03-05 18:56 - 2017-03-05 18:56 - 00173752 _____ C:\Users\john\Downloads\SEUS-v11.0.zip 2017-03-05 18:53 - 2017-03-05 18:53 - 00067728 _____ C:\Users\john\Downloads\_SEUS-Standard-1.7.10.zip 2017-03-05 18:49 - 2017-03-05 18:49 - 00134433 _____ C:\Users\john\Downloads\Continuum-§91.3-§f§2Low§f-§4Ultra§f.zip 2017-03-05 18:49 - 2017-03-05 18:49 - 00134433 _____ C:\Users\john\Downloads\Continuum-§91.3-§f§2Low§f-§4Ultra§f (1).zip 2017-03-05 18:45 - 2017-03-05 18:45 - 00079483 _____ C:\Users\john\Downloads\SEUS-v10.2-Preview-1-Ultra (1).zip 2017-03-05 18:40 - 2017-03-05 18:40 - 00079483 _____ C:\Users\john\Downloads\SEUS-v10.2-Preview-1-Ultra.zip 2017-03-05 18:38 - 2017-03-05 18:38 - 00067728 _____ C:\Users\john\Downloads\SEUS-v10.1-Standard.zip 2017-03-05 18:38 - 2017-03-05 18:38 - 00067725 _____ C:\Users\john\Downloads\SEUS-v10.1-Ultra-Motion-Blur.zip 2017-03-05 18:00 - 2017-03-05 18:00 - 04031440 _____ C:\Users\john\Desktop\adwcleaner_6.044.exe 2017-03-05 18:00 - 2017-03-05 18:00 - 00000000 ____D C:\AdwCleaner 2017-03-05 17:59 - 2017-03-05 18:00 - 04031440 _____ C:\Users\john\Downloads\adwcleaner_6.044.exe 2017-03-05 17:54 - 2017-03-05 17:54 - 00001885 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-03-05 17:54 - 2017-03-05 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-03-05 17:54 - 2017-03-05 17:54 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-03-05 17:54 - 2017-03-05 17:54 - 00000000 ____D C:\Program Files\Malwarebytes 2017-03-05 17:54 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-03-05 17:53 - 2017-03-05 17:54 - 57131432 _____ (Malwarebytes ) C:\Users\john\Downloads\mb3-setup-SEMFD.100SEM-3.0.6.1469-1075.exe 2017-03-05 03:11 - 2017-03-05 03:12 - 12441654 _____ C:\Users\john\Desktop\www.bmp 2017-03-03 17:35 - 2017-03-03 17:35 - 00000000 ____D C:\Users\john\ISOS 2017-03-03 17:34 - 2017-03-03 17:34 - 00000000 ____D C:\Users\john\New folder 2017-03-03 17:33 - 2017-03-03 17:33 - 00000000 ____D C:\Users\john\Documents\Dolphin Emulator 2017-03-03 17:32 - 2017-03-03 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin 2017-03-03 17:32 - 2017-03-03 17:33 - 00000000 ____D C:\Program Files\Dolphin 2017-03-03 17:32 - 2017-03-03 17:32 - 00000810 _____ C:\Users\Public\Desktop\Dolphin.lnk 2017-03-03 17:31 - 2017-03-03 17:31 - 19327064 _____ C:\Users\john\Desktop\dolphin-x64-5.0.exe 2017-03-03 17:30 - 2017-03-03 17:31 - 19327064 _____ C:\Users\john\Downloads\dolphin-x64-5.0.exe 2017-02-28 21:01 - 2017-02-28 21:02 - 00308281 _____ C:\Users\john\Downloads\XRay-47.jar 2017-02-28 16:06 - 2017-02-28 16:06 - 02426274 _____ C:\Users\john\Downloads\1212 - Super Mario Advance 4 - Super Mario Bros 3 (U)(Independent).zip 2017-02-26 19:45 - 2017-02-28 20:34 - 00000222 _____ C:\Users\john\Desktop\New Text Document (5).txt 2017-02-26 13:54 - 2017-02-26 13:54 - 41166439 _____ C:\Users\john\Downloads\Steel Grey 2 ver.1.rar 2017-02-26 13:23 - 2017-02-26 13:23 - 01464826 _____ C:\Users\john\Downloads\worldedit-forge-mc1.10.2-6.1.4-dist.jar 2017-02-26 13:13 - 2017-02-26 13:13 - 25717836 _____ C:\Users\john\Downloads\[1.10.2] [1.4] Project Pokemon Resource Pack Without Music.zip 2017-02-26 13:10 - 2017-02-26 13:11 - 27425526 _____ C:\Users\john\Downloads\1.8 Pokeballers Pack.zip 2017-02-26 13:05 - 2017-02-26 13:05 - 10964437 _____ C:\Users\john\Downloads\Custom-NPCs-Mod-1.10.2.jar 2017-02-26 12:56 - 2017-02-26 12:56 - 00000090 _____ C:\Users\john\Desktop\New Text Document (4).txt 2017-02-26 12:53 - 2015-06-22 03:01 - 00027840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll 2017-02-26 12:53 - 2015-06-22 03:00 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll 2017-02-26 12:51 - 2017-02-26 12:51 - 27227946 _____ C:\Users\john\Desktop\PixelmonLauncherBeta-2.1.4.zip 2017-02-26 12:51 - 2017-02-26 12:51 - 00000000 ____D C:\Users\john\AppData\Roaming\Ikara Software Limited 2017-02-26 12:50 - 2017-02-26 12:51 - 27227946 _____ C:\Users\john\Downloads\PixelmonLauncherBeta-2.1.4.zip 2017-02-26 12:41 - 2017-02-26 12:42 - 382122629 _____ C:\Users\john\Downloads\Pixelmon-1.10.2-5.0.1-universal.jar 2017-02-26 12:37 - 2017-02-26 12:37 - 01987653 _____ C:\Users\john\Downloads\OptiFine_1.10.2_HD_U_D6.jar 2017-02-26 12:36 - 2017-02-26 12:36 - 04594901 _____ C:\Users\john\Downloads\forge-1.10.2-12.18.3.2239-installer.jar 2017-02-25 21:22 - 2017-02-25 21:30 - 00000052 _____ C:\Users\john\Desktop\wwww.txt 2017-02-25 20:49 - 2017-02-25 20:49 - 01324556 _____ C:\Users\john\Downloads\1.8-SpaceCore-0.8.jar 2017-02-25 20:49 - 2017-02-25 20:49 - 01324556 _____ C:\Users\john\Desktop\1.8-SpaceCore-0.8.jar 2017-02-25 20:49 - 2017-02-25 20:49 - 00029606 _____ C:\Users\john\Downloads\1.8-Text_Formatting-2.3.0.jar 2017-02-25 20:49 - 2017-02-25 20:49 - 00029606 _____ C:\Users\john\Desktop\1.8-Text_Formatting-2.3.0.jar 2017-02-25 20:48 - 2017-02-25 20:48 - 01444345 _____ C:\Users\john\Downloads\worldedit-forge-mc1.8.9-6.1.1.jar 2017-02-25 20:48 - 2017-02-25 20:48 - 01444345 _____ C:\Users\john\Desktop\worldedit-forge-mc1.8.9-6.1.1.jar 2017-02-25 20:46 - 2017-02-25 20:46 - 00116042 _____ C:\Users\john\Desktop\PixelExtras-1.8.9-2.1.4-universal.jar 2017-02-25 20:46 - 2017-02-25 20:46 - 00083309 _____ C:\Users\john\Downloads\Gameshark-1.8.9-4.1.1-universal.jar 2017-02-25 20:46 - 2017-02-25 20:46 - 00083309 _____ C:\Users\john\Desktop\Gameshark-1.8.9-4.1.1-universal.jar 2017-02-25 20:46 - 2017-02-25 20:46 - 00052758 _____ C:\Users\john\Downloads\NuzlockeMod-1.8.9-2.0.2-universal.jar 2017-02-25 20:46 - 2017-02-25 20:46 - 00052758 _____ C:\Users\john\Desktop\NuzlockeMod-1.8.9-2.0.2-universal.jar 2017-02-25 20:46 - 2017-02-25 20:46 - 00023244 _____ C:\Users\john\Downloads\WonderTrade-1.8.9-4.3.1-universal.jar 2017-02-25 20:46 - 2017-02-25 20:46 - 00023244 _____ C:\Users\john\Desktop\WonderTrade-1.8.9-4.3.1-universal.jar 2017-02-25 20:46 - 2017-02-25 20:46 - 00010008 _____ C:\Users\john\Downloads\TrainerCommands-1.8.9-2.1.1-universal.jar 2017-02-25 20:46 - 2017-02-25 20:46 - 00010008 _____ C:\Users\john\Desktop\TrainerCommands-1.8.9-2.1.1-universal.jar 2017-02-25 20:46 - 2017-02-25 20:46 - 00008809 _____ C:\Users\john\Downloads\SafePlace-1.8.9-2.1.0-universal.jar 2017-02-25 20:46 - 2017-02-25 20:46 - 00008809 _____ C:\Users\john\Desktop\SafePlace-1.8.9-2.1.0-universal.jar 2017-02-25 20:45 - 2017-02-25 20:46 - 00116042 _____ C:\Users\john\Downloads\PixelExtras-1.8.9-2.1.4-universal.jar 2017-02-25 20:42 - 2017-02-25 20:42 - 00100968 _____ C:\Users\john\Downloads\TooManyItems2015_02_14_1.8_Forge.jar 2017-02-25 20:42 - 2017-02-25 20:42 - 00100968 _____ C:\Users\john\Desktop\TooManyItems2015_02_14_1.8_Forge.jar 2017-02-25 20:41 - 2017-02-25 20:41 - 10964514 _____ C:\Users\john\Downloads\CustomNpcs_1.8.9(29oct16).jar 2017-02-25 20:41 - 2017-02-25 20:41 - 10964514 _____ C:\Users\john\Desktop\CustomNpcs_1.8.9(29oct16).jar 2017-02-25 20:40 - 2017-02-25 20:40 - 01355850 _____ C:\Users\john\Downloads\worldedit-forge-mc1.8-6.1.jar 2017-02-25 20:40 - 2017-02-25 20:40 - 01355850 _____ C:\Users\john\Desktop\worldedit-forge-mc1.8-6.1.jar 2017-02-25 20:38 - 2017-02-25 20:38 - 04086577 _____ C:\Users\john\Downloads\forge-1.8.9-11.15.1.1902-1.8.9-installer.jar 2017-02-25 20:38 - 2017-02-25 20:38 - 04086577 _____ C:\Users\john\Desktop\forge-1.8.9-11.15.1.1902-1.8.9-installer.jar 2017-02-25 20:38 - 2017-02-25 20:38 - 01725497 _____ C:\Users\john\Downloads\OptiFine_1.8.9_HD_U_H6.jar 2017-02-25 20:38 - 2017-02-25 20:38 - 01725497 _____ C:\Users\john\Desktop\OptiFine_1.8.9_HD_U_H6.jar 2017-02-25 20:34 - 2017-02-25 20:34 - 00000000 ____D C:\Users\john\Desktop\www 2017-02-25 20:31 - 2017-02-25 20:31 - 30620801 _____ C:\Users\john\Downloads\PixIsland17_pixelmon.zip 2017-02-25 20:30 - 2017-02-25 20:13 - 85957207 _____ C:\Users\john\Desktop\PixelmonAdventureMap.zip 2017-02-25 20:30 - 2017-02-25 20:12 - 383235069 _____ C:\Users\john\Desktop\Pixelmon-1.8.9-4.3.1-universal.jar 2017-02-25 20:12 - 2017-02-25 20:13 - 85957207 _____ C:\Users\john\Downloads\PixelmonAdventureMap.zip 2017-02-25 20:10 - 2017-02-25 20:12 - 383235069 _____ C:\Users\john\Downloads\Pixelmon-1.8.9-4.3.1-universal.jar 2017-02-25 20:10 - 2017-02-25 20:11 - 00126924 _____ C:\Users\john\Downloads\PixelExtras-1.10.2-2.2.4-universal.jar 2017-02-25 20:10 - 2017-02-25 20:10 - 00025982 _____ C:\Users\john\Downloads\WonderTrade-1.10.2-4.4.5-universal.jar 2017-02-25 20:10 - 2017-02-25 20:10 - 00009983 _____ C:\Users\john\Downloads\TrainerCommands-1.10.2-2.1.4-universal.jar 2017-02-25 20:10 - 2017-02-25 20:10 - 00005707 _____ C:\Users\john\Downloads\PixelmonEconomyBridge-1.10.2-1.2.2.jar 2017-02-25 19:19 - 2017-01-20 15:09 - 00057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys 2017-02-24 18:58 - 2017-03-06 16:38 - 00000000 ____D C:\Users\john\Desktop\Backgrounds 2017-02-24 17:58 - 2017-02-24 17:58 - 03188734 _____ C:\Users\john\Downloads\1929 - Rave Master - Special Attack Force (U)(Floppy).zip 2017-02-23 23:19 - 2017-02-23 23:19 - 12441654 _____ C:\Users\john\Desktop\New Bitmap Image (4).bmp 2017-02-23 23:19 - 2017-02-23 23:19 - 06220854 _____ C:\Users\john\Desktop\New Bitmap Image (3).bmp 2017-02-23 19:14 - 2017-02-23 19:15 - 00266320 _____ C:\Windows\Minidump\022317-12375-01.dmp 2017-02-23 19:10 - 2017-02-23 19:10 - 00419984 _____ C:\Windows\Minidump\022317-14125-01.dmp 2017-02-22 21:27 - 2017-02-22 21:26 - 29170616 _____ C:\Users\john\Desktop\Reflex_Engine (5).zip 2017-02-22 21:26 - 2017-03-03 17:06 - 00000000 ____D C:\Users\john\Desktop\New folder (2) 2017-02-22 21:25 - 2017-02-22 21:28 - 06971584 _____ (Tim Kosse) C:\Users\john\Downloads\FileZilla_3.24.1_win64-setup.exe 2017-02-22 21:25 - 2017-02-22 21:26 - 29170616 _____ C:\Users\john\Downloads\Reflex_Engine (5).zip 2017-02-22 16:16 - 2017-02-22 16:17 - 00000032 _____ C:\Users\john\Documents\Delay.txt 2017-02-21 15:49 - 2017-02-21 15:49 - 00419984 _____ C:\Windows\Minidump\022117-17000-01.dmp 2017-02-20 17:07 - 2017-02-20 17:07 - 00000222 _____ C:\Users\john\Desktop\Pinball Arcade.url 2017-02-20 16:16 - 2017-02-20 16:16 - 00411792 _____ C:\Windows\Minidump\022017-21750-01.dmp 2017-02-19 14:06 - 2017-02-19 14:06 - 05324916 _____ C:\Users\john\Downloads\1637 - Pokemon Leaf Green (U)(Independent).zip 2017-02-19 13:42 - 2017-02-19 13:42 - 05324444 _____ C:\Users\john\Downloads\1695 - Pokemon Fire Red (U)(Independent).zip 2017-02-19 00:02 - 2017-02-19 00:02 - 00004442 _____ C:\Users\john\Downloads\MinVerChk.rar 2017-02-18 16:50 - 2017-02-18 16:50 - 00411768 _____ C:\Windows\Minidump\021817-22468-01.dmp 2017-02-17 17:37 - 2017-02-17 17:37 - 00527704 _____ C:\Users\john\Downloads\vbatrade.zip 2017-02-17 17:29 - 2017-02-28 16:06 - 00000000 ____D C:\Users\john\Desktop\VBA 2017-02-17 17:28 - 2017-02-17 17:28 - 06976137 _____ C:\Users\john\Downloads\1986 - Pokemon Emerald (U)(TrashMan).zip 2017-02-17 17:27 - 2017-02-17 17:27 - 01380476 _____ (None) C:\Users\john\Downloads\VisualBoyAdvance-1.8.0-511.exe 2017-02-17 17:25 - 2017-02-17 17:25 - 00266320 _____ C:\Windows\Minidump\021717-18984-01.dmp 2017-02-17 15:58 - 2017-02-17 15:59 - 00411792 _____ C:\Windows\Minidump\021717-22531-01.dmp 2017-02-16 17:07 - 2017-02-16 17:08 - 00411792 _____ C:\Windows\Minidump\021617-20953-01.dmp 2017-02-15 23:55 - 2017-02-15 23:56 - 00051015 _____ C:\Windows\system32\rdpwrap.ini 2017-02-15 23:55 - 2017-02-15 23:55 - 00116736 _____ (Stas'M Corp.) C:\Windows\system32\rdpwrap.dll 2017-02-15 13:01 - 2017-02-15 13:01 - 00000000 ____D C:\ProgramData\0796b087-ac46-4625-9dce-49f51dc0dbbc 2017-02-15 12:53 - 2017-02-15 12:53 - 06220854 _____ C:\Users\john\Desktop\New Bitmap Image (2).bmp 2017-02-15 12:53 - 2017-02-15 12:53 - 00000000 _____ C:\Users\john\Desktop\New Text Document (3).txt 2017-02-15 12:51 - 2017-02-15 12:51 - 00411784 _____ C:\Windows\Minidump\021517-14234-01.dmp 2017-02-14 16:58 - 2017-02-23 21:33 - 00000124 _____ C:\Users\john\Desktop\dummy names.txt 2017-02-14 16:33 - 2017-02-14 21:48 - 1139256088 _____ C:\Users\john\Downloads\Unconfirmed 680546.crdownload 2017-02-14 16:15 - 2017-02-14 16:13 - 1038090240 _____ C:\Users\john\Desktop\[Downloadgameps3.com]B1022W9.part01.rar 2017-02-14 16:07 - 2017-02-14 16:13 - 1038090240 _____ C:\Users\john\Downloads\[Downloadgameps3.com]B1022W9.part01.rar 2017-02-14 12:47 - 2017-02-14 12:48 - 00411792 _____ C:\Windows\Minidump\021417-23468-01.dmp 2017-02-13 21:54 - 2017-02-13 21:54 - 00000000 ____D C:\Program Files (x86)\Dell Product Registration 2017-02-11 18:12 - 2017-02-19 21:27 - 00000000 __SHD C:\Users\john\AppData\Roaming\Intel 2017-02-11 18:12 - 2017-02-11 18:12 - 01792000 __RSH (Microsoft Corporation) C:\ProgramData\Intel.exe 2017-02-10 21:57 - 2017-02-10 21:57 - 00000000 ____D C:\Users\john\AppData\Roaming\Sony Creative Software Inc 2017-02-09 22:47 - 2017-02-09 22:49 - 59941955 _____ C:\Users\john\Documents\niggercensoredershot.mp4 2017-02-09 16:08 - 2017-02-15 13:02 - 00000167 _____ C:\Windows\SysWOW64\DLC_Debug_log.txt 2017-02-09 16:08 - 2017-02-09 16:08 - 00001983 _____ C:\Users\Public\Desktop\Dell Help & Support.lnk 2017-02-09 16:04 - 2017-02-09 16:04 - 00000000 ____D C:\ProgramData\909a80eb-79d9-4231-9d06-8484d62860cf 2017-02-09 13:59 - 2017-02-09 13:58 - 14580709 _____ C:\Users\john\Desktop\Reflex_Engine (4).zip 2017-02-09 13:58 - 2017-02-09 13:58 - 14580709 _____ C:\Users\john\Downloads\Reflex_Engine (4).zip 2017-02-09 01:55 - 2017-02-09 01:55 - 00011672 _____ C:\Users\john\Desktop\finishfindsng.veg 2017-02-08 23:56 - 2017-02-08 23:56 - 00171834 _____ C:\Users\john\Downloads\Jiggy Menu 4.2.zip 2017-02-08 23:56 - 2017-02-08 23:56 - 00171834 _____ C:\Users\john\Desktop\Jiggy Menu 4.2.zip 2017-02-08 20:41 - 2017-02-08 20:41 - 00286785 _____ C:\Users\john\Desktop\Non-Host By BISOON Ver 1.0.3.rar 2017-02-05 15:11 - 2017-02-05 15:11 - 00005271 _____ C:\Users\john\Downloads\JR JS Menu Base STABLE.rar 2017-02-05 15:11 - 2017-02-05 15:11 - 00005271 _____ C:\Users\john\Desktop\JR JS Menu Base STABLE.rar 2017-02-05 15:10 - 2017-02-05 15:09 - 00008004 _____ C:\Users\john\Desktop\Confusion-Menubase.rar 2017-02-05 15:09 - 2017-02-05 15:09 - 00008004 _____ C:\Users\john\Downloads\Confusion-Menubase.rar 2017-02-05 14:51 - 2017-02-05 14:51 - 00006694 _____ C:\Users\john\Downloads\Phantom.rar 2017-02-05 14:51 - 2017-02-05 14:51 - 00006694 _____ C:\Users\john\Desktop\Phantom.rar 2017-02-05 14:46 - 2017-02-05 14:46 - 00006502 _____ C:\Users\john\Downloads\Menu Base By StraightCFW.rar 2017-02-05 14:46 - 2017-02-05 14:46 - 00006502 _____ C:\Users\john\Desktop\Menu Base By StraightCFW.rar 2017-02-05 14:31 - 2017-02-05 14:31 - 00009350 _____ C:\Users\john\Downloads\Menu Base By CMT Frosty.zip 2017-02-05 14:31 - 2017-02-05 14:31 - 00009350 _____ C:\Users\john\Desktop\Menu Base By CMT Frosty.zip 2017-02-05 14:27 - 2017-02-05 14:27 - 00016840 _____ C:\Users\john\Downloads\Midnight (SOURCE).rar 2017-02-05 14:27 - 2017-02-05 14:27 - 00016840 _____ C:\Users\john\Desktop\Midnight (SOURCE).rar 2017-02-04 17:32 - 2017-02-04 17:32 - 14564776 _____ C:\Users\john\Downloads\Reflex_Engine (3).zip 2017-02-04 00:55 - 2017-02-05 02:14 - 00034640 _____ C:\Users\john\Desktop\Untitled.veg 2017-02-04 00:55 - 2017-02-04 00:55 - 00017104 _____ C:\Users\john\Desktop\Untitled.veg.bak ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-07-04 19:42 - 2013-08-22 10:06 - 00000000 ___RD C:\Users\Public 2018-07-04 19:40 - 2013-08-22 09:55 - 00262144 ___SH C:\Users\Default\NTUSER.DAT 2018-07-04 05:57 - 2013-08-22 12:06 - 00262144 _____ C:\Windows\system32\config\BCD-Template 2017-03-06 18:33 - 2017-01-18 00:01 - 00000000 ____D C:\Users\john\AppData\Roaming\Skype 2017-03-06 17:03 - 2013-08-22 12:06 - 00000000 ____D C:\Windows\rescache 2017-03-06 16:39 - 2017-01-12 18:54 - 00000000 ____D C:\Users\john\AppData\Roaming\.minecraft 2017-03-06 16:36 - 2017-01-22 20:36 - 00000000 ____D C:\Users\john\AppData\Local\CrashDumps 2017-03-06 16:36 - 2017-01-13 16:22 - 00001356 _____ C:\Users\john\Desktop\nativelog.txt 2017-03-06 16:34 - 2017-01-21 21:40 - 00003276 _____ C:\Windows\System32\Tasks\reverseSystem 2017-03-06 16:34 - 2015-08-07 21:58 - 00000000 ____D C:\ProgramData\NVIDIA 2017-03-06 16:33 - 2017-01-21 21:40 - 00000000 _RSHD C:\Program Files (x86)\reverseSystem 2017-03-06 16:33 - 2017-01-12 18:39 - 00000000 ___RD C:\Users\john\OneDrive 2017-03-06 16:33 - 2017-01-12 18:33 - 00000000 ____D C:\Users\john 2017-03-06 16:31 - 2014-11-21 01:12 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI 2017-03-06 16:31 - 2013-08-22 10:06 - 00000000 ____D C:\Windows\Inf 2017-03-06 16:29 - 2015-08-07 22:01 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2017-03-06 16:26 - 2013-08-22 11:15 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-03-05 23:55 - 2017-01-12 18:40 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-918212172-721134584-3793019280-1002 2017-03-05 17:55 - 2017-01-17 21:36 - 00089600 ___SH C:\Users\john\Documents\Thumbs.db 2017-03-05 17:41 - 2017-01-19 22:45 - 00000000 ____D C:\Users\john\AppData\Roaming\tor 2017-03-05 17:41 - 2013-08-22 09:55 - 00262144 ___SH C:\Windows\system32\config\BBI 2017-03-05 03:12 - 2017-01-12 20:17 - 00708608 ___SH C:\Users\john\Desktop\Thumbs.db 2017-03-03 17:33 - 2017-01-17 17:20 - 00000000 ____D C:\Users\john\AppData\Roaming\FileZilla 2017-03-03 17:11 - 2017-01-12 18:52 - 00000000 ____D C:\Program Files (x86)\Steam 2017-03-03 17:06 - 2017-01-21 20:01 - 00000032 _____ C:\Users\john\Desktop\_Key.txt 2017-03-03 17:05 - 2017-01-21 20:01 - 00000032 _____ C:\Users\john\_Key.txt 2017-03-02 16:09 - 2017-01-19 22:45 - 01515506 ___SH C:\Users\john\AppData\Roaming\sound.exe 2017-03-02 16:09 - 2017-01-12 19:55 - 00000000 ____D C:\Users\john\Desktop\Synergy PS Edition 2017-02-27 17:38 - 2017-01-12 20:01 - 00000000 ____D C:\Users\john\AppData\Local\Pokemon Showdown 2017-02-26 12:54 - 2013-08-22 11:50 - 00000000 ____D C:\Windows\CbsTemp 2017-02-25 19:20 - 2017-01-12 22:12 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-02-25 19:20 - 2017-01-12 22:12 - 00003742 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-02-25 19:20 - 2017-01-12 22:12 - 00001430 _____ C:\Users\Public\Desktop\GeForce Experience.lnk 2017-02-25 19:20 - 2015-08-07 21:57 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2017-02-25 19:19 - 2017-01-12 22:12 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-02-25 19:19 - 2017-01-12 22:12 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-02-25 19:19 - 2017-01-12 22:12 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-02-25 19:19 - 2017-01-12 22:12 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-02-25 19:19 - 2017-01-12 22:12 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-02-25 19:19 - 2015-08-07 21:57 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2017-02-25 19:19 - 2015-08-07 21:57 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-02-25 18:28 - 2017-01-12 20:17 - 00010752 ___SH C:\Users\john\Downloads\Thumbs.db 2017-02-23 22:23 - 2015-08-07 22:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2017-02-23 19:14 - 2017-01-13 16:20 - 687362035 _____ C:\Windows\MEMORY.DMP 2017-02-23 19:14 - 2017-01-13 16:20 - 00000000 ____D C:\Windows\Minidump 2017-02-22 16:17 - 2015-08-07 21:52 - 00000000 ____D C:\Program Files (x86)\Intel 2017-02-21 20:59 - 2017-01-26 19:52 - 00000000 ____D C:\Users\john\Desktop\thumbnails 2017-02-20 17:07 - 2017-01-12 19:03 - 00000000 ____D C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2017-02-17 16:01 - 2017-01-18 00:01 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-02-17 16:01 - 2017-01-18 00:01 - 00000000 ____D C:\ProgramData\Skype 2017-02-15 13:02 - 2015-08-07 22:00 - 00000000 ____D C:\Program Files\Dell 2017-02-15 13:02 - 2015-08-07 21:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-02-13 21:54 - 2015-08-07 22:05 - 00000000 ____D C:\Windows\System32\Tasks\Dell 2017-02-13 15:48 - 2013-08-22 12:06 - 00000000 ____D C:\Windows\AppReadiness 2017-02-11 23:35 - 2017-01-21 20:06 - 00000000 ____D C:\Users\john\Desktop\supremacy 2017-02-11 18:12 - 2017-01-21 21:39 - 00000000 ____D C:\Windows\System32\Tasks\Update 2017-02-10 17:15 - 2017-01-12 18:53 - 00000000 ____D C:\Program Files (x86)\Minecraft 2017-02-08 16:21 - 2013-08-22 11:14 - 00346744 _____ C:\Windows\system32\FNTCACHE.DAT 2017-02-07 22:00 - 2015-08-08 00:16 - 00000000 ____D C:\ProgramData\Dell 2017-02-07 20:51 - 2013-08-22 12:06 - 00000000 ____D C:\Windows\system32\NDF 2017-02-06 17:44 - 2017-01-12 18:50 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-06 17:44 - 2017-01-12 18:50 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk ==================== Files in the root of some directories ======= 2017-01-19 22:45 - 2017-03-02 16:09 - 1515506 ___SH () C:\Users\john\AppData\Roaming\sound.exe 2015-08-07 21:41 - 2015-08-07 21:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2017-02-11 18:12 - 2017-02-11 18:12 - 1792000 __RSH (Microsoft Corporation) C:\ProgramData\Intel.exe 2017-01-21 21:39 - 2017-01-21 21:39 - 1642496 __RSH (Duplex Secure Ltd.) C:\ProgramData\reverseSystem.exe 2015-08-07 21:57 - 2015-08-07 21:57 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2015-08-07 21:54 - 2015-08-07 21:55 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2015-08-07 21:56 - 2015-08-07 21:57 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log 2015-08-07 21:55 - 2015-08-07 21:56 - 0000113 _____ () C:\ProgramData\{E1646825-D391-42A0-93AA-27FA810DA093}.log Files to move or delete: ==================== C:\ProgramData\Intel.exe C:\ProgramData\reverseSystem.exe Some files in TEMP: ==================== 2017-03-02 23:36 - 2017-03-02 23:36 - 2361344 _____ () C:\Users\john\AppData\Local\Temp\14946.exe 2017-02-20 17:16 - 2017-02-20 17:16 - 1870582 _____ () C:\Users\john\AppData\Local\Temp\44386.exe 2017-03-02 20:28 - 2017-03-02 20:28 - 2361344 _____ () C:\Users\john\AppData\Local\Temp\58698.exe 2017-02-22 19:38 - 2017-02-22 19:38 - 1870582 _____ () C:\Users\john\AppData\Local\Temp\61816.exe 2017-02-20 22:59 - 2017-02-20 22:59 - 1870582 _____ () C:\Users\john\AppData\Local\Temp\76826.exe 2017-02-25 20:43 - 2017-02-25 20:43 - 0019968 ____N (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-1166850043072500450.dll 2017-03-02 22:34 - 2017-03-02 22:34 - 0019968 ____N (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-1302885260238068270.dll 2017-02-26 12:44 - 2017-02-26 12:44 - 0019968 _____ (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-1438455700959402313.dll 2017-02-28 19:26 - 2017-02-28 19:26 - 0019968 _____ (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-1439522279484369698.dll 2017-03-05 15:23 - 2017-03-05 15:23 - 0019968 _____ (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-1671789174206147869.dll 2017-02-28 21:02 - 2017-02-28 21:02 - 0019968 ____N (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-1803322288335480689.dll 2017-02-28 20:33 - 2017-02-28 20:33 - 0019968 ____N (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-2070222785730164128.dll 2017-02-26 17:45 - 2017-02-26 17:45 - 0019968 ____N (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-2103183873625260984.dll 2017-03-02 16:15 - 2017-03-02 16:15 - 0019968 ____N (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-225274964427993576.dll 2017-02-25 21:48 - 2017-02-25 21:48 - 0019968 _____ (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-2331652004007139158.dll 2017-02-25 21:04 - 2017-02-25 21:04 - 0019968 _____ (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-2448441917821561885.dll 2017-03-03 20:46 - 2017-03-03 20:46 - 0019968 ____N (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-2685042560840848765.dll 2017-02-26 12:54 - 2017-02-26 12:54 - 0019968 _____ (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-2700927778927748137.dll 2017-03-01 19:35 - 2017-03-01 19:35 - 0019968 _____ (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-2849092246216639779.dll 2017-02-26 12:56 - 2017-02-26 12:56 - 0019968 ____N (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-3135882798243273672.dll 2017-02-26 13:02 - 2017-02-26 13:02 - 0019968 ____N (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-3152090997002206636.dll 2017-02-26 15:26 - 2017-02-26 15:26 - 0019968 ____N (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-3318525423453660932.dll 2017-02-25 21:44 - 2017-02-25 21:44 - 0019968 _____ (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-344299595260689026.dll 2017-02-25 20:50 - 2017-02-25 20:50 - 0019968 _____ (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-3451884505603187170.dll 2017-02-26 12:46 - 2017-02-26 12:46 - 0019968 _____ (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-3523059862139731392.dll 2017-02-28 16:05 - 2017-02-28 16:05 - 0019968 _____ (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-3751696989777607073.dll 2017-02-26 13:23 - 2017-02-26 13:23 - 0019968 ____N (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-3928058813530631486.dll 2017-02-26 12:48 - 2017-02-26 12:48 - 0019968 _____ (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-4283672039292329325.dll 2017-02-25 20:47 - 2017-02-25 20:47 - 0019968 ____N (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-4305518300649724992.dll 2017-03-05 13:00 - 2017-03-05 13:00 - 0019968 ____N (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-4389541572016986044.dll 2017-03-05 18:49 - 2017-03-05 18:49 - 0019968 ____N (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-4475820093579204674.dll 2017-03-04 16:48 - 2017-03-04 16:48 - 0019968 _____ (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-4834824788724229003.dll 2017-02-28 19:26 - 2017-02-28 19:26 - 0019968 _____ (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-4878037650682893674.dll 2017-03-04 23:31 - 2017-03-04 23:31 - 0019968 ____N (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-5228798245401662351.dll 2017-03-01 19:29 - 2017-03-01 19:29 - 0019968 _____ (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-5231663601130390135.dll 2017-02-27 16:14 - 2017-02-27 16:14 - 0019968 ____N (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-6387942969386237933.dll 2017-02-26 13:05 - 2017-02-26 13:05 - 0019968 ____N (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-6771159432310763709.dll 2017-02-26 15:49 - 2017-02-26 15:49 - 0019968 ____N (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-6855596048660157912.dll 2017-02-25 20:54 - 2017-02-25 20:54 - 0019968 _____ (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-7190247854476416660.dll 2017-03-05 19:05 - 2017-03-05 19:05 - 0019968 _____ (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-7621605869830807178.dll 2017-02-25 21:51 - 2017-02-25 21:51 - 0019968 ____N (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-7768875902285990952.dll 2017-02-25 21:06 - 2017-02-25 21:06 - 0019968 _____ (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-777643468148882117.dll 2017-02-25 20:47 - 2017-02-25 20:47 - 0019968 ____N (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-8069569091937052362.dll 2017-03-06 16:36 - 2017-03-06 16:36 - 0019968 _____ (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-8215687249963915878.dll 2017-03-05 18:43 - 2017-03-05 18:43 - 0019968 _____ (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-8359241589010584360.dll 2017-03-04 10:14 - 2017-03-04 10:14 - 0019968 ____N (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-8390557005288025526.dll 2017-02-25 20:49 - 2017-02-25 20:49 - 0019968 ____N (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-8698994507151466699.dll 2017-03-05 17:59 - 2017-03-05 17:59 - 0019968 ____N (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-8784939232940091369.dll 2017-02-25 20:56 - 2017-02-25 20:56 - 0019968 _____ (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-9144946432373195266.dll 2017-02-28 20:21 - 2017-02-28 20:21 - 0019968 _____ (Red Hat®, Inc.) C:\Users\john\AppData\Local\Temp\jansi-64-941646436977605550.dll 2015-08-07 21:58 - 2014-02-16 03:05 - 1191936 _____ (NVIDIA Corporation) C:\Users\john\AppData\Local\Temp\nvSCPAPI.dll 2015-08-07 21:58 - 2014-02-16 03:05 - 1375264 _____ (NVIDIA Corporation) C:\Users\john\AppData\Local\Temp\nvSCPAPI64.dll 2017-01-12 22:17 - 2014-02-16 03:02 - 0813344 _____ (NVIDIA Corporation) C:\Users\john\AppData\Local\Temp\nvStInst.exe 2017-01-12 22:12 - 2017-01-05 21:37 - 0253376 _____ (NVIDIA Corporation) C:\Users\john\AppData\Local\Temp\NvTelemetryAPI32.dll 2017-01-12 22:12 - 2017-01-05 21:37 - 0334272 _____ (NVIDIA Corporation) C:\Users\john\AppData\Local\Temp\NvTelemetryAPI64.dll 2017-03-05 20:11 - 2017-03-05 20:11 - 2361344 _____ () C:\Users\john\AppData\Local\Temp\xm.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-03-06 16:56 ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 6, 2017 Root Admin ID:1106766 Share Posted March 6, 2017 Don't mean to be a pain, but the forum software does not always write the logs correctly. Can you please attach both logs. I need the FRST and the ADDITIONS.txt logs. Thank you again Ron Link to post Share on other sites More sharing options...
Cameron Posted March 7, 2017 Author ID:1106812 Share Posted March 7, 2017 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017 Ran by john (06-03-2017 18:37:22) Running from C:\Users\john\Downloads Windows 8.1 (Update) (X64) (2017-01-12 22:05:00) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= 123 (S-1-5-21-918212172-721134584-3793019280-1005 - Limited - Enabled) Administrator (S-1-5-21-918212172-721134584-3793019280-500 - Administrator - Disabled) Guest (S-1-5-21-918212172-721134584-3793019280-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-918212172-721134584-3793019280-1004 - Limited - Enabled) john (S-1-5-21-918212172-721134584-3793019280-1002 - Administrator - Enabled) => C:\Users\john ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ansel (Version: 376.33 - NVIDIA Corporation) Hidden Arma 2: DayZ Mod (HKLM\...\Steam App 224580) (Version: - Bohemia Interactive) Arma 2: Operation Arrowhead (HKLM\...\Steam App 33930) (Version: - Bohemia Interactive) Arma 2: Operation Arrowhead Beta (Obsolete) (HKLM\...\Steam App 219540) (Version: - ) BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - ) Black Ops 2 - GSC Studio (HKLM-x32\...\{909C0DF9-6BBE-42BD-8FB2-0ADEBA3459B6}_is1) (Version: 16.2.15.0 - iMCS Productions) Car Mechanic Simulator 2015 (HKLM\...\Steam App 320300) (Version: - Red Dot Games) Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden ControlConsole API version 2.60 (HKLM-x32\...\{E6C0F5ED-B5EA-451D-8CB1-57902AA188DE}_is1) (Version: 2.60 - Enstone) Counter-Strike: Source (HKLM\...\Steam App 240) (Version: - Valve) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.0.66 - Dell Inc.) Dell Customer Connect (HKLM-x32\...\{2A07BB79-284C-4C61-B8D5-4E146FAC91FB}) (Version: 1.0.0.8 - Dell Inc.) Dell Data Vault (Version: 4.3.9.0 - Dell Inc.) Hidden Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP) Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.) Dell Help & Support (HKLM-x32\...\InstallShield_{E8669F4E-F2BE-48A9-B5A5-0BC12CA4CB4F}) (Version: 2.4.18.0 - Dell Inc.) Dell Help & Support (Version: 2.4.18.0 - Dell Inc.) Hidden Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.) Dell SupportAssistAgent (HKLM-x32\...\{27130E51-9555-408B-8134-7BFF54EDE27B}) (Version: 1.3.0.72 - Dell) Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.) Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team) Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.6.0 - Dropbox, Inc.) DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 6.30.223.227 - Dell Inc.) Elgato Game Capture HD (HKLM\...\{766E579C-27F4-42F5-BDA1-9396A2E5FC7A}) (Version: 3.50.102.2102 - Elgato Systems GmbH) FileZilla Client 3.24.0 (HKU\S-1-5-21-918212172-721134584-3793019280-1002\...\FileZilla Client) (Version: 3.24.0 - Tim Kosse) Fistful of Frags (HKLM\...\Steam App 265630) (Version: - Fistful of Frags Team) FreeStyle2: Street Basketball (HKLM\...\Steam App 339610) (Version: - Joycity) Game Capture HD v1.0.0.1 (HKLM-x32\...\Software_Elgato_Game Capture HD) (Version: 1.0.0.1 - Elgato Systems) Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Grand Theft Auto IV (HKLM\...\Steam App 12210) (Version: - Rockstar North) Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{AD6B46F2-FE21-496F-BE90-BE19AABE353C}) (Version: 2.2.12 - Intel Corporation) Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Left 4 Dead (HKLM\...\Steam App 500) (Version: - Valve) Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA 3D Vision Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.33 - NVIDIA Corporation) NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation) NVIDIA Graphics Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.33 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden Pinball Arcade (HKLM\...\Steam App 238260) (Version: - FarSight Studios) Pokemon Showdown (HKLM-x32\...\Pokemon Showdown) (Version: - "Pokemon Showdown") Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.) SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.) SNOW (HKLM\...\Steam App 244930) (Version: - Poppermost Productions) Spintires (HKLM\...\Steam App 263280) (Version: - Oovee® Game Studios) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Unturned (HKLM\...\Steam App 304930) (Version: - Smartly Dressed Games) Vegas Pro 13.0 (64-bit) (HKLM\...\{D264BD11-6A9B-11E4-A4F7-F04DA23A5C58}) (Version: 13.0.428 - Sony) Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9800 - Broadcom Corporation) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {08BBCA20-AF9C-4B44-9042-43406F3E1FC2} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {1C60549B-DFC9-4FA8-A1BB-856DA53434E4} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe [2017-01-12] () <==== ATTENTION Task: {2CEFE896-9D86-4FBB-8260-6257BBADABC0} - System32\Tasks\Update\af385df1-772f-4223-8de9-6f46d652ce22 => C:\ProgramData\reverseSystem.exe [2017-01-21] (Duplex Secure Ltd.) <==== ATTENTION Task: {32BF7EAC-B224-4C5C-890C-A5CD7675721D} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc) Task: {3E0B9EAB-DC0B-41D5-99C9-599928AC9140} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-01] () Task: {5193BB58-D1B2-44F2-B7A9-9AB71B90CBC1} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-01-17] () Task: {5742CAEB-6B2A-4339-B7DB-0F56E9EAC200} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-09-09] (Dell Inc.) Task: {5AC13E82-6562-4B05-9799-ED044750AF55} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation) Task: {622B04CF-75A4-4EDC-AA2A-73D60CADB8D6} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe Task: {6E6B0B06-30BB-41B8-A761-55B5C84C0B43} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe Task: {72A90DD6-FEA3-49F5-8114-0517E8CC3E20} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.) Task: {80065051-E64A-4FEB-83C4-19DC3879FC4A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-12] (Google Inc.) Task: {89097711-6E9F-4332-8BD6-53F2B84480EA} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation) Task: {8D1D0A0F-6C4F-4402-9DB1-C5FCD6E16A70} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-20] (NVIDIA Corporation) Task: {93CE0EF5-4BDE-4D9B-8110-547D847A50EC} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation) Task: {ACB72BC9-55EB-4B5D-AB04-AE4083808E30} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc) Task: {ACDA8DE3-989E-4010-9EFA-01670821CA6E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-12] (Google Inc.) Task: {C6223F19-7491-4118-BDC9-65584811D91D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-20] (NVIDIA Corporation) Task: {D3EE38FE-85A8-405A-89B8-C6A6273F7ADB} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe Task: {DC454022-90F7-487D-93DD-61ED44A264B4} - System32\Tasks\Update\d977276b-e010-48cf-ba8f-f6f2968d97bd => C:\ProgramData\Intel.exe [2017-02-11] (Microsoft Corporation) <==== ATTENTION Task: {E14BE094-610E-43BB-A01C-4403396F7D23} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2015-05-07] (CyberLink) Task: {EDF149EF-762E-4913-8FEB-B14EEF06E7C8} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-01-17] () Task: {EEB1A664-7D42-4A8A-9AF6-2F1907E0D787} - System32\Tasks\reverseSystem => C:\Program Files (x86)\reverseSystem\Reverse.exe [2017-01-21] (Duplex Secure Ltd.) Task: {F01E6464-AE95-40F5-9753-B22A65A2BA4C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation) Task: {F2C83DFE-44D2-46AE-BEDE-F82917295817} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-08-07 21:57 - 2016-12-11 15:17 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-06-03 14:16 - 2014-06-03 14:16 - 00049408 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll 2017-01-12 22:12 - 2017-01-20 15:09 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll 2017-01-12 22:12 - 2017-01-20 15:09 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2015-08-07 21:56 - 2014-04-14 20:29 - 00253776 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2016-11-23 13:45 - 2016-11-23 13:45 - 01288704 _____ () C:\Program Files\Elgato\SoundCapture\SoundCapture.exe 2017-03-06 16:35 - 2016-11-04 15:58 - 01158144 _____ () C:\Users\john\AppData\Local\Temp\RarSFX12\Graphics.exe 2017-03-06 16:35 - 2016-11-03 18:03 - 02235392 _____ () C:\Users\john\AppData\Local\Temp\RarSFX12\cuda_tromp.dll 2017-03-06 16:35 - 2016-11-03 18:01 - 02235392 _____ () C:\Users\john\AppData\Local\Temp\RarSFX12\cuda_tromp_75.dll 2017-03-06 16:35 - 2016-11-03 18:03 - 00045056 _____ () C:\Users\john\AppData\Local\Temp\RarSFX12\cpu_tromp_SSE2.dll 2017-01-13 15:40 - 2017-01-13 15:40 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll 2017-03-06 16:36 - 2017-03-06 16:36 - 00317440 _____ () C:\Users\john\AppData\Local\Temp\7525-dc8c-c54d-b45d\lwjgl64.dll 2017-03-06 16:36 - 2017-03-06 16:36 - 00382464 _____ () C:\Users\john\AppData\Local\Temp\7525-dc8c-c54d-b45d\OpenAL64.dll 2014-01-17 11:36 - 2014-01-17 11:36 - 00174368 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe 2017-02-06 17:44 - 2017-02-01 06:17 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll 2017-02-06 17:44 - 2017-02-01 06:17 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll 2015-03-16 12:58 - 2015-03-16 12:58 - 00155528 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll 2014-02-19 20:21 - 2014-02-19 20:21 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2017-01-12 22:12 - 2017-01-20 15:09 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2017-01-12 22:12 - 2017-01-20 15:09 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll 2017-01-12 22:12 - 2017-01-20 15:09 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-01-12 22:12 - 2017-01-20 15:08 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll 2015-08-07 21:55 - 2014-12-08 03:58 - 00627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll 2014-12-08 16:58 - 2014-12-08 16:58 - 00016856 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll 2017-01-12 22:12 - 2017-01-20 10:06 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node 2017-01-12 22:12 - 2017-01-20 10:06 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node 2017-01-12 22:12 - 2017-01-20 10:06 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node 2017-01-12 22:12 - 2017-01-20 10:06 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node 2017-01-12 22:12 - 2017-01-20 10:06 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node 2017-01-12 22:12 - 2017-01-20 10:06 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node 2017-01-12 22:12 - 2017-01-20 10:06 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node 2017-01-12 22:12 - 2017-01-20 10:06 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node 2017-02-10 17:15 - 2017-02-10 17:15 - 05912064 _____ () C:\Program Files (x86)\Minecraft\game\launcher.dll 2017-02-10 17:15 - 2017-02-10 17:15 - 63805440 _____ () C:\Program Files (x86)\Minecraft\game\libcef.dll 2017-02-10 17:15 - 2017-02-10 17:15 - 01872896 _____ () C:\Program Files (x86)\Minecraft\game\libglesv2.dll 2017-02-10 17:15 - 2017-02-10 17:15 - 00078848 _____ () C:\Program Files (x86)\Minecraft\game\libegl.dll 2014-01-17 11:36 - 2014-01-17 11:36 - 00041248 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32api.pyd 2014-01-17 11:36 - 2014-01-17 11:36 - 00059680 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\pywintypes27.dll 2014-01-17 11:36 - 2014-01-17 11:36 - 00119072 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\pythoncom27.dll 2014-01-17 11:36 - 2014-01-17 11:36 - 00562464 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\urlmon.dll 2014-01-17 11:36 - 2014-01-17 11:36 - 00401184 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iertutil.dll 2014-01-17 11:36 - 2014-01-17 11:36 - 00411936 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\WININET.dll 2014-01-17 11:37 - 2014-01-17 11:37 - 00020256 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_multiprocessing.pyd 2014-01-17 11:36 - 2014-01-17 11:36 - 00025376 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32service.pyd 2014-01-17 11:36 - 2014-01-17 11:36 - 00022816 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\servicemanager.pyd 2014-01-17 11:36 - 2014-01-17 11:36 - 00018208 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32event.pyd 2014-01-17 11:37 - 2014-01-17 11:37 - 00027424 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_socket.pyd 2014-01-17 11:37 - 2014-01-17 11:37 - 00277280 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_ssl.pyd 2014-01-17 11:37 - 2014-01-17 11:37 - 00113952 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_hashlib.pyd 2014-01-17 11:36 - 2014-01-17 11:36 - 00016672 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\select.pyd 2014-01-17 11:37 - 2014-01-17 11:37 - 00040736 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_ctypes.pyd 2014-01-17 11:36 - 2014-01-17 11:36 - 00336160 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_bsddb.pyd 2014-01-17 11:36 - 2014-01-17 11:36 - 00023328 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32process.pyd 2014-01-17 11:36 - 2014-01-17 11:36 - 00020256 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32ts.pyd 2014-01-17 11:36 - 2014-01-17 11:36 - 00018720 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32profile.pyd 2014-01-17 11:36 - 2014-01-17 11:36 - 00042784 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32security.pyd 2014-01-17 11:36 - 2014-01-17 11:36 - 00023328 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32evtlog.pyd 2014-01-17 11:36 - 2014-01-17 11:36 - 00024864 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32inet.pyd 2014-01-17 11:36 - 2014-01-17 11:36 - 00021280 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\EnvironmentID.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:55 - 2013-08-22 09:55 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-918212172-721134584-3793019280-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\john\Desktop\Backgrounds\space_flight_sky_shadow_82966_1920x1080.jpg DNS Servers: 192.168.2.1 - 142.166.166.166 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKU\S-1-5-21-918212172-721134584-3793019280-1002\...\StartupApproved\StartupFolder: => "sound.vbs" HKU\S-1-5-21-918212172-721134584-3793019280-1002\...\StartupApproved\StartupFolder: => "Zfly.exe" HKU\S-1-5-21-918212172-721134584-3793019280-1002\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-918212172-721134584-3793019280-1002\...\StartupApproved\Run: => "sound" HKU\S-1-5-21-918212172-721134584-3793019280-1002\...\StartupApproved\Run: => "javasched" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{4BD9E933-FDCF-4D1D-9829-0166A6D562A6}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector12\PDR10.EXE FirewallRules: [{E5ED27AB-D81F-43B3-A003-00995919CDA4}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe FirewallRules: [{60EADD0E-2D1D-4B36-AF5C-EA463649EDAB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{89CFA6F4-7530-4FA5-90F4-0C628FF85D48}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{170BDC31-FBFC-4ED7-9139-D00545B98CF9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{87472526-E4C0-4190-ABEC-ED3C763DE6C0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{17E8E0B3-0BDC-4344-BFF9-6CC141838D1C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{3B592512-089C-4C9D-B451-42D6A375C30C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{4F3141C2-70EA-4505-BE01-71F3400F2D41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fistful of Frags\sdk\hl2.exe FirewallRules: [{4FE32736-8CF4-4D4D-878E-4D89CB709F06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fistful of Frags\sdk\hl2.exe FirewallRules: [{5DBED684-BA40-4E6D-BAFE-55828BBA7FB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FreeStyle2\LauncherSteam.exe FirewallRules: [{104C2534-C449-478B-896E-CB83CF60DE5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FreeStyle2\LauncherSteam.exe FirewallRules: [{ACC5F81F-47DE-49B2-8380-E99599FB1B16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [{18AE30AB-EAEE-4DB7-A27F-8CE33BEED6C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [{E6BCB3C9-A9DA-4D53-95AE-6FC4DAA68361}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe FirewallRules: [{06EFF55B-6537-4688-9F0D-DA56A3CDE7A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe FirewallRules: [{9B719CFC-9179-49D2-93C3-F562A790E323}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{6F59BF1A-04A0-4205-8E7F-B8D4DD397A76}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{4874C2AB-3B1C-45A6-BBF4-1D2AC0194DBD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{CB603F89-2D87-475F-A2BB-ADA0139E6A9C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{AFFD89D5-91B9-4744-B317-ABCFB40CE35C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{F1B30739-0DAE-4D41-A935-2D0873CB46F4}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{CD7F7E94-F4AF-407F-B484-8B2A5104BBAE}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{3C2C2BC5-DA39-4D35-B3E0-4A4A42C5E1E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe FirewallRules: [{DD037CF0-C850-4E77-A1DE-5B8C51D08089}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe FirewallRules: [{A6383514-1329-4C35-98AA-6C34C3F9C5FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe FirewallRules: [{5EE6DE85-6690-4760-891F-6B41DA3C5631}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe FirewallRules: [{26AFD473-9C3F-401F-8F80-76357DC511C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Car Mechanic Simulator 2015\cms2015.exe FirewallRules: [{401B18C1-BF08-45B8-B9FE-87C0CC57703C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Car Mechanic Simulator 2015\cms2015.exe FirewallRules: [{D3540502-D2AA-46BD-9481-6BEB19497463}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\Expansion\beta\Arma2OA.exe FirewallRules: [{9D524B48-FB3D-4EF4-932A-B739FD509353}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\Expansion\beta\Arma2OA.exe FirewallRules: [{29A49499-3D42-496B-BF22-BDA2C81D3D63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exe FirewallRules: [{EA7AB30F-A2C1-4324-99BE-ED7740E3D332}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead\left4dead.exe FirewallRules: [TCP Query User{E8D17F42-A8F5-4DB7-948B-CB4EE1760023}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{C1A43E2E-EFE6-4CBC-93B9-FCBEB5BE8F37}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{FA296D98-259E-4455-980B-EA423665C1E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spintires\SpinTires.exe FirewallRules: [{CCCC897F-A121-434B-B44D-947338277E7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spintires\SpinTires.exe FirewallRules: [{E749F1E0-A7FD-43B7-8763-9EA4FABB7958}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe FirewallRules: [{249A8BED-4E66-4BA5-9AA2-E057FBE57966}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe FirewallRules: [TCP Query User{FCC136E9-30C1-48C6-82E2-1378E60FCD0C}C:\program files (x86)\steam\steamapps\common\snow\bin32\playsnow.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\snow\bin32\playsnow.exe FirewallRules: [UDP Query User{327A3C63-BF57-4A06-A420-8AEB23EFEE6E}C:\program files (x86)\steam\steamapps\common\snow\bin32\playsnow.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\snow\bin32\playsnow.exe FirewallRules: [TCP Query User{6167A397-27FD-4526-9847-6383F3B232F7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{11E63525-1CBC-4046-B8E1-C1B5E3BD5F36}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{F55CA63D-9D36-4626-A53D-4485614D6850}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe FirewallRules: [{D6129F94-F614-4298-88DE-EA133C3BBCC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe FirewallRules: [{A4DE5F13-D815-4779-9904-0B52F8E54F49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe FirewallRules: [{6C6D03D9-649C-4810-A8CB-A52F50ED1C51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe FirewallRules: [{DF409B5D-E610-4BA8-980C-BAA05D58E3E1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{A86FBCBB-0D30-4DCF-931C-7E0A31356891}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SNOW\Bin64\playSNOW.exe FirewallRules: [{7A73B47D-C63E-44E9-8C99-BC26E4D179DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SNOW\Bin64\playSNOW.exe ==================== Restore Points ========================= 15-02-2017 13:00:51 Dell Update: Dell Help & Support 26-02-2017 12:52:35 Windows Update 03-03-2017 17:33:00 Installed DirectX ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/06/2017 04:36:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Bluetooth Headset Helper.exe, version: 12.0.0.9800, time stamp: 0x538e150f Faulting module name: Bluetooth Headset Helper.exe, version: 12.0.0.9800, time stamp: 0x538e150f Exception code: 0xc0000409 Fault offset: 0x0000736e Faulting process id: 0x246c Faulting application start time: 0x01d296b52b7fcebc Faulting application path: C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe Faulting module path: C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe Report Id: 6b2e89ea-02a8-11e7-82af-acd1b8d9a5e8 Faulting package full name: Faulting package-relative application ID: Error: (03/05/2017 06:49:19 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program javaw.exe version 8.0.25.18 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 30dc Start Time: 01d295fda9a2c393 Termination Time: 41 Application Path: C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe Report Id: c4926099-01f1-11e7-82ae-acd1b8d9a5e8 Faulting package full name: Faulting package-relative application ID: Error: (03/05/2017 06:37:12 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program adwcleaner_6.044.exe version 6.0.4.4 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 66c Start Time: 01d295f7a95711eb Termination Time: 4294967295 Application Path: C:\Users\john\Desktop\adwcleaner_6.044.exe Report Id: 149a7660-01f0-11e7-82ae-acd1b8d9a5e8 Faulting package full name: Faulting package-relative application ID: Error: (03/05/2017 05:52:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Bluetooth Headset Helper.exe, version: 12.0.0.9800, time stamp: 0x538e150f Faulting module name: Bluetooth Headset Helper.exe, version: 12.0.0.9800, time stamp: 0x538e150f Exception code: 0xc0000409 Fault offset: 0x0000736e Faulting process id: 0x2074 Faulting application start time: 0x01d295f699419da1 Faulting application path: C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe Faulting module path: C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe Report Id: d8ad35a5-01e9-11e7-82ae-acd1b8d9a5e8 Faulting package full name: Faulting package-relative application ID: Error: (03/05/2017 05:01:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Bluetooth Headset Helper.exe, version: 12.0.0.9800, time stamp: 0x538e150f Faulting module name: Bluetooth Headset Helper.exe, version: 12.0.0.9800, time stamp: 0x538e150f Exception code: 0xc0000409 Fault offset: 0x0000736e Faulting process id: 0x8504 Faulting application start time: 0x01d295ef7aa9c1ed Faulting application path: C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe Faulting module path: C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe Report Id: b9abf4bb-01e2-11e7-82ab-acd1b8d9a5e8 Faulting package full name: Faulting package-relative application ID: Error: (03/05/2017 03:24:05 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 5bb0 Start Time: 01d295e116a43a20 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: 0fb87cf2-01d5-11e7-82ab-acd1b8d9a5e8 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (03/05/2017 12:19:00 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9 Faulting module name: Flash.ocx, version: 17.0.0.188, time stamp: 0x553bb1c6 Exception code: 0xc0000005 Fault offset: 0x00810c30 Faulting process id: 0x16f40 Faulting application start time: 0x01d2955d7fb4bab8 Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx Report Id: aa47aeb1-0156-11e7-82aa-acd1b8d9a5e8 Faulting package full name: Faulting package-relative application ID: Error: (03/04/2017 11:36:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9 Faulting module name: nvwgf2um.dll, version: 21.21.13.7633, time stamp: 0x584d94ca Exception code: 0xc0000005 Fault offset: 0x008940fa Faulting process id: 0x15498 Faulting application start time: 0x01d29556f50d83a7 Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\Windows\SYSTEM32\nvwgf2um.dll Report Id: acf72147-0150-11e7-82aa-acd1b8d9a5e8 Faulting package full name: Faulting package-relative application ID: Error: (03/04/2017 01:00:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Bluetooth Headset Helper.exe, version: 12.0.0.9800, time stamp: 0x538e150f Faulting module name: Bluetooth Headset Helper.exe, version: 12.0.0.9800, time stamp: 0x538e150f Exception code: 0xc0000409 Fault offset: 0x0000736e Faulting process id: 0x5e18 Faulting application start time: 0x01d295049e15edd9 Faulting application path: C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe Faulting module path: C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe Report Id: dd6ba424-00f7-11e7-82aa-acd1b8d9a5e8 Faulting package full name: Faulting package-relative application ID: Error: (03/03/2017 05:01:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Bluetooth Headset Helper.exe, version: 12.0.0.9800, time stamp: 0x538e150f Faulting module name: Bluetooth Headset Helper.exe, version: 12.0.0.9800, time stamp: 0x538e150f Exception code: 0xc0000409 Fault offset: 0x0000736e Faulting process id: 0x2060 Faulting application start time: 0x01d2945d23d8a07d Faulting application path: C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe Faulting module path: C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe Report Id: 63996099-0050-11e7-82a9-acd1b8d9a5e8 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (03/06/2017 04:26:43 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:47:59 PM on 2017-03-05 was unexpected. Error: (03/05/2017 05:46:40 PM) (Source: DCOM) (EventID: 10010) (User: CAMERON) Description: The server {3FCB7074-EC9E-4AAF-9BE3-C0E356942366} did not register with DCOM within the required timeout. Error: (03/05/2017 05:43:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Superfetch service terminated with the following error: The handle is invalid. Error: (03/05/2017 05:43:25 PM) (Source: DCOM) (EventID: 10010) (User: CAMERON) Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout. Error: (03/05/2017 05:43:25 PM) (Source: DCOM) (EventID: 10010) (User: CAMERON) Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout. Error: (03/05/2017 05:43:25 PM) (Source: DCOM) (EventID: 10010) (User: CAMERON) Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout. Error: (03/05/2017 05:43:25 PM) (Source: DCOM) (EventID: 10010) (User: CAMERON) Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout. Error: (03/05/2017 05:43:20 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C} did not register with DCOM within the required timeout. Error: (03/05/2017 05:41:43 PM) (Source: DCOM) (EventID: 10010) (User: CAMERON) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (03/05/2017 05:40:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Dell SupportAssist Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 32767 milliseconds: Run the configured recovery program. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz Percentage of memory in use: 53% Total physical RAM: 16335.2 MB Available physical RAM: 7520.48 MB Total Virtual: 32719.2 MB Available Virtual: 20819.66 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:1851.35 GB) (Free:1071.48 GB) NTFS Drive i: () (Removable) (Total:15.2 GB) (Free:10.1 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1863 GB) (Disk ID: D46372E2) Partition: GPT. ======================================================== Disk: 5 (Size: 15.2 GB) (Disk ID: 83C4E412) Partition 1: (Not Active) - (Size=15.2 GB) - (Type=0C) ==================== End of Addition.txt ============================ Also whenever i open task manager it sometimes has a window pop up named debug and it says "TASKMGR FOUND" and then it says something like "DISBANDON" or "EXECUTE" (i cant fully remember what one" Also when i start up my pc sometimes this app called divine starts up. Also sometimes i start my pc up and it opens Nephron a bunch of times until it starts to slow down my computer and i have to restart it. Its been very obvious my pc has been effected by something and i dont want to lose everything all over again Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 7, 2017 Root Admin ID:1106829 Share Posted March 7, 2017 Please download Malwarebytes Anti-Rootkit from HERE If needed there is a self help tutorial here: MBAR tutorial Unzip the contents to a folder in a convenient location. Open the folder where the contents were unzipped and run mbar.exe Follow the instructions in the wizard to update and allow the program to scan your computer for threats. Click on the Cleanup button to remove any threats and reboot if prompted to do so. Wait while the system shuts down and the cleanup process is performed. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process. When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt Link to post Share on other sites More sharing options...
Cameron Posted March 7, 2017 Author ID:1107011 Share Posted March 7, 2017 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.3.9200 Windows 8.1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17801 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 3.592000 GHz Memory total: 17128693760, free: 14370258944 Initializing... ====================== Driver version: 0.3.0.4 ------------ Kernel report ------------ 03/07/2017 16:55:40 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\Drivers\WppRecorder.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\iaStorA.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\system32\drivers\WdFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\wfplwfs.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\intelpep.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\CLVirtualDrive.sys \SystemRoot\system32\DRIVERS\ahcache.sys \SystemRoot\System32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\System32\drivers\ucx01000.sys \SystemRoot\system32\DRIVERS\TeeDriverx64.sys \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\Rt630x64.sys \SystemRoot\system32\DRIVERS\bcmwl63a.sys \SystemRoot\System32\drivers\vwifibus.sys \SystemRoot\System32\drivers\intelppm.sys \SystemRoot\System32\drivers\UEFI.sys \SystemRoot\system32\drivers\nvvad64v.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\System32\drivers\nvvhci.sys \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\system32\drivers\DellProf.sys \SystemRoot\system32\drivers\DDDriver64Dcsa.sys \SystemRoot\System32\drivers\iwdbus.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\system32\DRIVERS\ElgatoVAD.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\System32\drivers\USBSTOR.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\System32\drivers\hidusb.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\System32\drivers\mouhid.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\system32\drivers\bcbtums.sys \SystemRoot\system32\DRIVERS\btwampfl.sys \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\System32\Drivers\RtsUStor.sys \SystemRoot\System32\Drivers\ElgatoGC658.sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\System32\drivers\kbdhid.sys \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\BthLEEnum.sys \SystemRoot\system32\DRIVERS\rfcomm.sys \SystemRoot\system32\DRIVERS\BthEnum.sys \SystemRoot\system32\DRIVERS\bthpan.sys \SystemRoot\System32\drivers\btwavdt.sys \SystemRoot\system32\drivers\btwaudio.sys \SystemRoot\system32\DRIVERS\btwl2cap.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_iaStorA.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\System32\drivers\condrv.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\System32\drivers\rdpvideominiport.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\System32\drivers\WpdUpFltr.sys \SystemRoot\System32\drivers\rdpdr.sys \SystemRoot\system32\Drivers\WdNisDrv.sys \SystemRoot\system32\DRIVERS\cdfs.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys ----------- End ----------- Done! Scan started Database versions: main: v2014.11.18.05 rootkit: v2014.11.12.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffe001243fa060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe001243fab20, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe001243fa060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffffe00122264e50, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffe00122264320, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffe00123014060, DeviceName: \Device\00000036\, DriverName: \Driver\iaStorA\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthLEEnum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BthLEEnum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BTHUSB.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBAUDIO.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1) Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: D46372E2 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 1253349096 GPT Header CurrentLba = 1 BackupLba 3907029167 GPT Header FirstUsableLba 34 LastUsableLba 3907029134 GPT Header Guid e582b68-863f-4c74-a2bc-dedd4373dbf5 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 1253349096 Backup GPT header CurrentLba = 3907029167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 3907029134 Backup GPT header Guid e582b68-863f-4c74-a2bc-dedd4373dbf5 Backup GPT header Contains 128 partition entries starting at LBA 3907029135 Backup GPT header Partition entry size = 128 Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID e6e9030e-9c79-4707-9c36-4447a6186687 FirstLBA 2048 Last LBA 1026047 Attributes 0 Partition Name EFI system partition GPT Partition 0 is bootable Partition 1 Type 796badd3-6bbf-4d9f-b631-466eb71a4965 Partition ID 760bdb64-326a-4ca4-b7fb-9136cffcbc5 FirstLBA 1026048 Last LBA 1107967 Attributes 1 Partition Name Basic data partition Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID 6aaae8ca-d2ee-4550-bdf2-5cd36c726c14 FirstLBA 1107968 Last LBA 1370111 Attributes 0 Partition Name Microsoft reserved partition Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID c5beba18-18c0-4437-80da-76744d3a1ade FirstLBA 1370112 Last LBA 5564415 Attributes 1 Partition Name Basic data partition Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 4115a6a0-3b2a-47fe-92b6-40d0b784ed6 FirstLBA 5564416 Last LBA 3888126160 Attributes 0 Partition Name Basic data partition Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID f5eac68b-6523-4462-8ef4-835d612face6 FirstLBA 3888128000 Last LBA 3889063935 Attributes 1 Partition Name Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 9a0c2ef5-af11-4b78-9e43-e5ebfaaae32 FirstLBA 3889063936 Last LBA 3907027119 Attributes 1 Partition Name Microsoft recovery partition Disk Size: 2000398934016 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffe00128027770, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe00128026040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe00128027770, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ DevicePointer: 0xffffe0012802b660, DeviceName: \Device\00000048\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 83C4E412 Partition information: Partition 0 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 1000 Numsec = 31947800 Partition is not bootable Partition file system is FAT32 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 16357785600 bytes Sector size: 512 bytes Done! Physical Sector Size: 0 Drive: 2, DevicePointer: 0xffffe001281e0770, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe001281de040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe001281e0770, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\ DevicePointer: 0xffffe001281e8630, DeviceName: \Device\00000059\, DriverName: \Driver\RSUSBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xffffe001281de770, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe001281b6040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe001281de770, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\ DevicePointer: 0xffffe001281e7ac0, DeviceName: \Device\0000005a\, DriverName: \Driver\RSUSBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xffffe001281b6770, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe001281ddb20, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe001281b6770, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\ DevicePointer: 0xffffe001281e6ac0, DeviceName: \Device\0000005b\, DriverName: \Driver\RSUSBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xffffe001281b5060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe001281b5b20, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe001281b5060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\ DevicePointer: 0xffffe001281e5ac0, DeviceName: \Device\0000005c\, DriverName: \Driver\RSUSBSTOR\ ------------ End ---------- File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BASICRENDER.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHLEENUM.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\COMPOSITEBUS.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\SPACEPORT.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1) File "C:\Windows\System32\BthHFSrv.dll" is compressed (flags = 1) File "C:\Windows\System32\hidclass.sys" is compressed (flags = 1) File "C:\Windows\System32\hidparse.sys" is compressed (flags = 1) File "C:\Windows\System32\CIRCoInst.dll" is compressed (flags = 1) File "C:\Windows\System32\fsquirt.exe" is compressed (flags = 1) File "C:\Windows\System32\hidusb.sys" is compressed (flags = 1) File "C:\Windows\System32\iscsilog.dll" is compressed (flags = 1) File "C:\Windows\System32\streamci.dll" is compressed (flags = 1) File "C:\Windows\System32\SysFxUI.dll" is compressed (flags = 1) File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1) Infected: C:\Users\john\AppData\Roaming\sound.exe --> [Trojan.Agent] Infected: C:\ProgramData\Intel.exe --> [Trojan.Agent] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avcenter.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avconfig.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgcsrvx.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgnt.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgrsx.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avguard.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgui.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgwdsvc.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avscan.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\blindman.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ccuac.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ComboFix.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\keyscrambler.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbam.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamgui.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbampt.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamscheduler.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamservice.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MpCmdRun.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCui.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msseces.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rstrui.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDFiles.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDMain.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDWinSec.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\wireshark.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\zlclient.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTSVC.EXE|Debugger --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTSVC.EXE --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTUI.EXE|Debugger --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGIDSAGENT.EXE|Debugger --> [Hijack.Security] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE|Debugger --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BDAGENT.EXE|Debugger --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EGUI.EXE|Debugger --> [Security.Hijack] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\INSTUP.EXE|Debugger --> [Hijack.Security] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avcenter.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avconfig.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgcsrvx.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgnt.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgrsx.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avguard.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgui.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgwdsvc.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avscan.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\blindman.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ccuac.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ComboFix.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\keyscrambler.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbam.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamgui.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbampt.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamscheduler.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamservice.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MpCmdRun.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCui.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msseces.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rstrui.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDFiles.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDMain.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDWinSec.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\wireshark.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\zlclient.exe --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTSVC.EXE|Debugger --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTSVC.EXE --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTUI.EXE|Debugger --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGIDSAGENT.EXE|Debugger --> [Hijack.Security] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE|Debugger --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BDAGENT.EXE|Debugger --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EGUI.EXE|Debugger --> [Security.Hijack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\INSTUP.EXE|Debugger --> [Hijack.Security] Scan finished Creating System Restore point... Cleaning up... Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.3.9200 Windows 8.1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17801 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 3.592000 GHz Memory total: 17128693760, free: 15224377344 ======================================= Initializing... Driver version: 0.3.0.4 ------------ Kernel report ------------ 03/07/2017 17:12:17 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\Drivers\WppRecorder.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\Drivers\cng.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\System32\drivers\imofugc.sys \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\iaStorA.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\system32\drivers\WdFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\wfplwfs.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\intelpep.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\CLVirtualDrive.sys \SystemRoot\system32\DRIVERS\ahcache.sys \SystemRoot\System32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\System32\drivers\ucx01000.sys \SystemRoot\system32\DRIVERS\TeeDriverx64.sys \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\Rt630x64.sys \SystemRoot\system32\DRIVERS\bcmwl63a.sys \SystemRoot\System32\drivers\vwifibus.sys \SystemRoot\System32\drivers\intelppm.sys \SystemRoot\System32\drivers\UEFI.sys \SystemRoot\system32\drivers\nvvad64v.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\System32\drivers\nvvhci.sys \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\system32\drivers\DellProf.sys \SystemRoot\system32\drivers\DDDriver64Dcsa.sys \SystemRoot\System32\drivers\iwdbus.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\system32\DRIVERS\ElgatoVAD.sys \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\System32\drivers\hidusb.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\system32\drivers\bcbtums.sys \SystemRoot\system32\DRIVERS\btwampfl.sys \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\System32\Drivers\RtsUStor.sys \SystemRoot\System32\Drivers\ElgatoGC658.sys \SystemRoot\System32\drivers\USBSTOR.SYS \SystemRoot\System32\drivers\mouhid.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\drivers\kbdhid.sys \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\BthLEEnum.sys \SystemRoot\system32\DRIVERS\rfcomm.sys \SystemRoot\system32\DRIVERS\BthEnum.sys \SystemRoot\system32\DRIVERS\bthpan.sys \SystemRoot\System32\drivers\btwavdt.sys \SystemRoot\system32\drivers\btwaudio.sys \SystemRoot\system32\DRIVERS\btwl2cap.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_iaStorA.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\System32\drivers\condrv.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\System32\drivers\rdpvideominiport.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\System32\drivers\WpdUpFltr.sys \SystemRoot\System32\drivers\rdpdr.sys \SystemRoot\system32\Drivers\WdNisDrv.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys ----------- End ----------- Done! Scan started Database versions: main: v2014.11.18.05 rootkit: v2014.11.12.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffe001c55f8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe001c55f8b20, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe001c55f8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffffe001c420ca10, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffe001c34662d0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffe001c420c060, DeviceName: \Device\00000036\, DriverName: \Driver\iaStorA\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthLEEnum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BthLEEnum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BTHUSB.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBAUDIO.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1) Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: D46372E2 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 1253349096 GPT Header CurrentLba = 1 BackupLba 3907029167 GPT Header FirstUsableLba 34 LastUsableLba 3907029134 GPT Header Guid e582b68-863f-4c74-a2bc-dedd4373dbf5 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 1253349096 Backup GPT header CurrentLba = 3907029167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 3907029134 Backup GPT header Guid e582b68-863f-4c74-a2bc-dedd4373dbf5 Backup GPT header Contains 128 partition entries starting at LBA 3907029135 Backup GPT header Partition entry size = 128 Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID e6e9030e-9c79-4707-9c36-4447a6186687 FirstLBA 2048 Last LBA 1026047 Attributes 0 Partition Name EFI system partition GPT Partition 0 is bootable Partition 1 Type 796badd3-6bbf-4d9f-b631-466eb71a4965 Partition ID 760bdb64-326a-4ca4-b7fb-9136cffcbc5 FirstLBA 1026048 Last LBA 1107967 Attributes 1 Partition Name Basic data partition Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID 6aaae8ca-d2ee-4550-bdf2-5cd36c726c14 FirstLBA 1107968 Last LBA 1370111 Attributes 0 Partition Name Microsoft reserved partition Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID c5beba18-18c0-4437-80da-76744d3a1ade FirstLBA 1370112 Last LBA 5564415 Attributes 1 Partition Name Basic data partition Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 4115a6a0-3b2a-47fe-92b6-40d0b784ed6 FirstLBA 5564416 Last LBA 3888126160 Attributes 0 Partition Name Basic data partition Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID f5eac68b-6523-4462-8ef4-835d612face6 FirstLBA 3888128000 Last LBA 3889063935 Attributes 1 Partition Name Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 9a0c2ef5-af11-4b78-9e43-e5ebfaaae32 FirstLBA 3889063936 Last LBA 3907027119 Attributes 1 Partition Name Microsoft recovery partition Disk Size: 2000398934016 bytes Sector size: 512 bytes Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xffffe001c9a36770, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe001c9a355b0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe001c9a36770, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ DevicePointer: 0xffffe001c9a1e060, DeviceName: \Device\00000059\, DriverName: \Driver\RSUSBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xffffe001c9a33060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe001c9a63040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe001c9a33060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\ DevicePointer: 0xffffe001c9a11060, DeviceName: \Device\0000005a\, DriverName: \Driver\RSUSBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xffffe001c9a5c060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe001c9a31040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe001c9a5c060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\ DevicePointer: 0xffffe001c9a66060, DeviceName: \Device\0000005b\, DriverName: \Driver\RSUSBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xffffe001c9a63770, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe001c9a33b20, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe001c9a63770, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\ DevicePointer: 0xffffe001c9a65060, DeviceName: \Device\0000005c\, DriverName: \Driver\RSUSBSTOR\ ------------ End ---------- Physical Sector Size: 512 Drive: 5, DevicePointer: 0xffffe001c9a64770, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe001c9a1bb20, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe001c9a64770, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\ DevicePointer: 0xffffe001c9a2db10, DeviceName: \Device\0000005d\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 5 Scanning MBR on drive 5... Inspecting partition table: MBR Signature: 55AA Disk Signature: 83C4E412 Partition information: Partition 0 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 1000 Numsec = 31947800 Partition is not bootable Partition file system is FAT32 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 16357785600 bytes Sector size: 512 bytes Done! File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BASICRENDER.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHLEENUM.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\COMPOSITEBUS.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\SPACEPORT.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1) File "C:\Windows\System32\BthHFSrv.dll" is compressed (flags = 1) File "C:\Windows\System32\hidclass.sys" is compressed (flags = 1) File "C:\Windows\System32\hidparse.sys" is compressed (flags = 1) File "C:\Windows\System32\CIRCoInst.dll" is compressed (flags = 1) File "C:\Windows\System32\fsquirt.exe" is compressed (flags = 1) File "C:\Windows\System32\hidusb.sys" is compressed (flags = 1) File "C:\Windows\System32\iscsilog.dll" is compressed (flags = 1) File "C:\Windows\System32\streamci.dll" is compressed (flags = 1) File "C:\Windows\System32\SysFxUI.dll" is compressed (flags = 1) File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1) Scan Interrupted Scan was aborted. ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-5-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-5-0-1000-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-5-r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.3.9200 Windows 8.1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17801 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 3.592000 GHz Memory total: 17128693760, free: 13899030528 Downloaded database version: v2017.03.07.08 Downloaded database version: v2017.02.27.01 Downloaded database version: v2017.03.05.01 Initializing... ====================== Driver version: 0.3.0.4 ------------ Kernel report ------------ 03/07/2017 17:27:18 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\Drivers\WppRecorder.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\Drivers\cng.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\System32\drivers\imofugc.sys \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\iaStorA.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\system32\drivers\WdFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\wfplwfs.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\intelpep.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\CLVirtualDrive.sys \SystemRoot\system32\DRIVERS\ahcache.sys \SystemRoot\System32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\System32\drivers\ucx01000.sys \SystemRoot\system32\DRIVERS\TeeDriverx64.sys \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\Rt630x64.sys \SystemRoot\system32\DRIVERS\bcmwl63a.sys \SystemRoot\System32\drivers\vwifibus.sys \SystemRoot\System32\drivers\intelppm.sys \SystemRoot\System32\drivers\UEFI.sys \SystemRoot\system32\drivers\nvvad64v.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\System32\drivers\nvvhci.sys \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\system32\drivers\DellProf.sys \SystemRoot\system32\drivers\DDDriver64Dcsa.sys \SystemRoot\System32\drivers\iwdbus.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\system32\DRIVERS\ElgatoVAD.sys \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\System32\drivers\hidusb.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\system32\drivers\bcbtums.sys \SystemRoot\system32\DRIVERS\btwampfl.sys \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\System32\Drivers\RtsUStor.sys \SystemRoot\System32\Drivers\ElgatoGC658.sys \SystemRoot\System32\drivers\USBSTOR.SYS \SystemRoot\System32\drivers\mouhid.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\drivers\kbdhid.sys \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\BthLEEnum.sys \SystemRoot\system32\DRIVERS\rfcomm.sys \SystemRoot\system32\DRIVERS\BthEnum.sys \SystemRoot\system32\DRIVERS\bthpan.sys \SystemRoot\System32\drivers\btwavdt.sys \SystemRoot\system32\drivers\btwaudio.sys \SystemRoot\system32\DRIVERS\btwl2cap.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_iaStorA.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\System32\drivers\condrv.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\System32\drivers\rdpvideominiport.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\System32\drivers\WpdUpFltr.sys \SystemRoot\System32\drivers\rdpdr.sys \SystemRoot\system32\Drivers\WdNisDrv.sys \SystemRoot\system32\DRIVERS\cdfs.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys ----------- End ----------- Done! Scan started Database versions: main: v2017.03.07.08 rootkit: v2017.02.27.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffe001c55f8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe001c55f8b20, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe001c55f8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffffe001c420ca10, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffe001c34662d0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffe001c420c060, DeviceName: \Device\00000036\, DriverName: \Driver\iaStorA\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthLEEnum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BthLEEnum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BTHUSB.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBAUDIO.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1) Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: D46372E2 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 1253349096 GPT Header CurrentLba = 1 BackupLba 3907029167 GPT Header FirstUsableLba 34 LastUsableLba 3907029134 GPT Header Guid e582b68-863f-4c74-a2bc-dedd4373dbf5 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 1253349096 Backup GPT header CurrentLba = 3907029167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 3907029134 Backup GPT header Guid e582b68-863f-4c74-a2bc-dedd4373dbf5 Backup GPT header Contains 128 partition entries starting at LBA 3907029135 Backup GPT header Partition entry size = 128 Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID e6e9030e-9c79-4707-9c36-4447a6186687 FirstLBA 2048 Last LBA 1026047 Attributes 0 Partition Name EFI system partition GPT Partition 0 is bootable Partition 1 Type 796badd3-6bbf-4d9f-b631-466eb71a4965 Partition ID 760bdb64-326a-4ca4-b7fb-9136cffcbc5 FirstLBA 1026048 Last LBA 1107967 Attributes 1 Partition Name Basic data partition Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID 6aaae8ca-d2ee-4550-bdf2-5cd36c726c14 FirstLBA 1107968 Last LBA 1370111 Attributes 0 Partition Name Microsoft reserved partition Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID c5beba18-18c0-4437-80da-76744d3a1ade FirstLBA 1370112 Last LBA 5564415 Attributes 1 Partition Name Basic data partition Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 4115a6a0-3b2a-47fe-92b6-40d0b784ed6 FirstLBA 5564416 Last LBA 3888126160 Attributes 0 Partition Name Basic data partition Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID f5eac68b-6523-4462-8ef4-835d612face6 FirstLBA 3888128000 Last LBA 3889063935 Attributes 1 Partition Name Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 9a0c2ef5-af11-4b78-9e43-e5ebfaaae32 FirstLBA 3889063936 Last LBA 3907027119 Attributes 1 Partition Name Microsoft recovery partition Disk Size: 2000398934016 bytes Sector size: 512 bytes Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xffffe001c9a36770, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe001c9a355b0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe001c9a36770, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ DevicePointer: 0xffffe001c9a1e060, DeviceName: \Device\00000059\, DriverName: \Driver\RSUSBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xffffe001c9a33060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe001c9a63040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe001c9a33060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\ DevicePointer: 0xffffe001c9a11060, DeviceName: \Device\0000005a\, DriverName: \Driver\RSUSBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xffffe001c9a5c060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe001c9a31040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe001c9a5c060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\ DevicePointer: 0xffffe001c9a66060, DeviceName: \Device\0000005b\, DriverName: \Driver\RSUSBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xffffe001c9a63770, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe001c9a33b20, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe001c9a63770, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\ DevicePointer: 0xffffe001c9a65060, DeviceName: \Device\0000005c\, DriverName: \Driver\RSUSBSTOR\ ------------ End ---------- Physical Sector Size: 512 Drive: 5, DevicePointer: 0xffffe001c9a64770, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe001c9a1bb20, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe001c9a64770, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\ DevicePointer: 0xffffe001c9a2db10, DeviceName: \Device\0000005d\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 5 Scanning MBR on drive 5... Inspecting partition table: MBR Signature: 55AA Disk Signature: 83C4E412 Partition information: Partition 0 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 1000 Numsec = 31947800 Partition is not bootable Partition file system is FAT32 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 16357785600 bytes Sector size: 512 bytes Done! File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BASICRENDER.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHLEENUM.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\COMPOSITEBUS.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\SPACEPORT.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1) File "C:\Windows\System32\BthHFSrv.dll" is compressed (flags = 1) Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{0E22831C-8140-4202-85BB-971BF59B9032}\dllhost.exe --> [Backdoor.Zyklon] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DLLHOST.EXE --> [Backdoor.Zyklon] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DLLHOST.EXE --> [Backdoor.Zyklon] Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{14F6226D-EAD3-48BE-8758-CC66C420DEEC}\wscript.exe --> [Backdoor.Zyklon] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WSCRIPT.EXE --> [Backdoor.Zyklon] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WSCRIPT.EXE --> [Backdoor.Zyklon] Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{1951F1EF-81A9-44D7-9CBB-ED95D466826E}\taskmgr.exe --> [Backdoor.Zyklon] Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{1EBA1F3B-608D-4E03-9B76-368E4CCA8FEF}\System.exe --> [Backdoor.Zyklon] Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{3C8A6C35-339C-40F7-B346-AB860F620130}\WerFault.exe --> [Backdoor.Zyklon] Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{5F2E058F-4549-45B8-A018-CB77CD51581E}\svchost.exe --> [Backdoor.Zyklon] Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{60328A11-EFB4-42DB-B200-AB7CCBAB1B11}\mstask.exe --> [Backdoor.Zyklon] Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{665B9AB5-BFE5-47E3-A6B1-CA52730F7E4C}\config.exe --> [Backdoor.Zyklon] Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{69EF324B-E2B8-4494-8C8D-B5D9A75903F8}\taskeng.exe --> [Backdoor.Zyklon] Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{6F53C0DC-126B-4AF5-B091-55A3EBE1A500}\services.exe --> [Backdoor.Zyklon] Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{7985E70C-704D-431E-B4FB-CA28BD94607A}\winlogon.exe --> [Backdoor.Zyklon] Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{8BC9F6E2-1E1E-435E-A589-F74C7B5437D3}\Skype.exe --> [Backdoor.Zyklon] Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{8F116B90-A6EC-452A-BF93-894F3FC6D242}\Java.exe --> [Backdoor.Zyklon] Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{98267415-F78E-4F87-A50B-9244C83DF68F}\svchost.exe --> [Backdoor.Zyklon] Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{A4728E95-11B8-42C3-A4EE-28C683968F66}\taskmgr.exe --> [Backdoor.Zyklon] Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{A479B548-8D3D-408C-BDB5-9C1C8718D7C2}\taskhost.exe --> [Backdoor.Zyklon] Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{ABAC5B4C-95E4-4DCF-ADC3-B03AC02CF965}\explorer.exe --> [Backdoor.Zyklon] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EXPLORER.EXE --> [Backdoor.Zyklon] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EXPLORER.EXE --> [Backdoor.Zyklon] Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{ACDCB7E6-48D2-46AE-B929-7C7C6959D824}\dllhost.exe --> [Backdoor.Zyklon] Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{B1010CA3-EEBB-4639-A293-1B0D6EB8014C}\csrss.exe --> [Backdoor.Zyklon] Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{BEB3331A-9254-4CD7-8626-E25766FD7E4D}\explorer.exe --> [Backdoor.Zyklon] Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{D0034287-8B42-4BF6-83C7-4ACA348B9C81}\cleanmgr.exe --> [Backdoor.Zyklon] Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{3DDC4472-1299-42B4-B966-A95CF7EB7E78}\taskmgr.exe --> [Backdoor.Zyklon] Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{4926130E-F605-47FD-BD2E-C314FFC6EB82}\svchost.exe --> [Backdoor.Zyklon] Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{53C4BB8B-A822-4FF5-977C-466764970432}\System.exe --> [Backdoor.Zyklon] Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{5AAB9970-38A3-47FE-BA5A-3D294B16DCDF}\wscript.exe --> [Backdoor.Zyklon] Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{5D1B8451-E52D-40D9-89F9-69154EE0AC8D}\Skype.exe --> [Backdoor.Zyklon] Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{DCA3773E-8F62-49DD-89E6-BBE1B6BE8591}\explorer.exe --> [Backdoor.Zyklon] Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{DD347ACA-B3A7-4F54-80C6-85A90DB5C32B}\svchost.exe --> [Backdoor.Zyklon] Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{F77B9D3C-834E-4272-8747-7A8C62FD72B7}\explorer.exe --> [Backdoor.Zyklon] Infected: C:\Users\john\AppData\Local\Microsoft\Windows\{F80B868E-A06A-4AD9-B1B7-A8926FC0CCB5}\svchost.exe --> [Backdoor.Zyklon] File "C:\Windows\System32\hidclass.sys" is compressed (flags = 1) File "C:\Windows\System32\hidparse.sys" is compressed (flags = 1) File "C:\Windows\System32\CIRCoInst.dll" is compressed (flags = 1) File "C:\Windows\System32\fsquirt.exe" is compressed (flags = 1) File "C:\Windows\System32\hidusb.sys" is compressed (flags = 1) File "C:\Windows\System32\iscsilog.dll" is compressed (flags = 1) File "C:\Windows\System32\streamci.dll" is compressed (flags = 1) File "C:\Windows\System32\SysFxUI.dll" is compressed (flags = 1) File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1) Infected: C:\Users\john\AppData\Local\Temp\58698.exe --> [RiskWare.BitCoinMiner] Infected: C:\Users\john\AppData\Local\Temp\xm.exe --> [RiskWare.BitCoinMiner] Infected: C:\Users\john\AppData\Local\Temp\14946.exe --> [RiskWare.BitCoinMiner] File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8A294A78ACC58A4AB3877B3CCA3FC1FCC7E8A76D.bin.VE0" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8A294A78ACC58A4AB3877B3CCA3FC1FCC7E8A76D.bin.VE0" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8A294A78ACC58A4AB3877B3CCA3FC1FCC7E8A76D.bin.VE0" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8A294A78ACC58A4AB3877B3CCA3FC1FCC7E8A76D.bin.VE0" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8A294A78ACC58A4AB3877B3CCA3FC1FCC7E8A76D.bin.VE0" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8A294A78ACC58A4AB3877B3CCA3FC1FCC7E8A76D.bin.VE0" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8A294A78ACC58A4AB3877B3CCA3FC1FCC7E8A76D.bin.VE0" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8A294A78ACC58A4AB3877B3CCA3FC1FCC7E8A76D.bin.VE0" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8A294A78ACC58A4AB3877B3CCA3FC1FCC7E8A76D.bin.VE0" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8A294A78ACC58A4AB3877B3CCA3FC1FCC7E8A76D.bin.VE1" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8A294A78ACC58A4AB3877B3CCA3FC1FCC7E8A76D.bin.VF" is compressed (flags = 1) Infected: C:\Users\john\AppData\Roaming\Microsoft\Windows\Templates\minerd.exe --> [RiskWare.BitCoinMiner] Infected: HKU\S-1-5-21-918212172-721134584-3793019280-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|javasched --> [Trojan.Agent.TPL] Infected: C:\Users\john\AppData\Roaming\Microsoft\Windows\Templates\Slideshows\SlideshowService.exe --> [Trojan.Agent.TPL] Scan finished Creating System Restore point... Cleaning up... Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.3.9200 Windows 8.1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17801 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 3.592000 GHz Memory total: 17128693760, free: 15350673408 Initializing... ====================== Driver version: 0.3.0.4 ------------ Kernel report ------------ 03/07/2017 17:44:53 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\Drivers\WppRecorder.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\Drivers\cng.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\System32\drivers\imofugc.sys \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\iaStorA.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\system32\drivers\WdFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\wfplwfs.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\intelpep.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\CLVirtualDrive.sys \SystemRoot\system32\DRIVERS\ahcache.sys \SystemRoot\System32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\System32\drivers\ucx01000.sys \SystemRoot\system32\DRIVERS\TeeDriverx64.sys \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\Rt630x64.sys \SystemRoot\system32\DRIVERS\bcmwl63a.sys \SystemRoot\System32\drivers\vwifibus.sys \SystemRoot\System32\drivers\intelppm.sys \SystemRoot\System32\drivers\UEFI.sys \SystemRoot\system32\drivers\nvvad64v.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\System32\drivers\nvvhci.sys \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\system32\drivers\DellProf.sys \SystemRoot\system32\drivers\DDDriver64Dcsa.sys \SystemRoot\System32\drivers\iwdbus.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\system32\DRIVERS\ElgatoVAD.sys \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\System32\drivers\hidusb.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\System32\drivers\kbdhid.sys \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\System32\drivers\mouhid.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\Drivers\RtsUStor.sys \SystemRoot\System32\Drivers\ElgatoGC658.sys \SystemRoot\System32\drivers\USBSTOR.SYS \SystemRoot\system32\drivers\bcbtums.sys \SystemRoot\system32\DRIVERS\btwampfl.sys \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\system32\DRIVERS\BthLEEnum.sys \SystemRoot\system32\DRIVERS\rfcomm.sys \SystemRoot\system32\DRIVERS\BthEnum.sys \SystemRoot\system32\DRIVERS\bthpan.sys \SystemRoot\System32\drivers\btwavdt.sys \SystemRoot\system32\drivers\btwaudio.sys \SystemRoot\system32\DRIVERS\btwl2cap.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_iaStorA.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\System32\drivers\condrv.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\System32\drivers\rdpvideominiport.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\System32\drivers\WpdUpFltr.sys \SystemRoot\system32\Drivers\WdNisDrv.sys \SystemRoot\System32\drivers\rdpdr.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys ----------- End ----------- Done! Scan started Database versions: main: v2017.03.07.08 rootkit: v2017.02.27.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffe000cbfd8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe000cbfd8b20, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe000cbfd8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffffe000c9e67a60, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffe000ca331e50, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffe000ca3f3220, DeviceName: \Device\00000036\, DriverName: \Driver\iaStorA\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthLEEnum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BthLEEnum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BTHUSB.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBAUDIO.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1) Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: D46372E2 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 1253349096 GPT Header CurrentLba = 1 BackupLba 3907029167 GPT Header FirstUsableLba 34 LastUsableLba 3907029134 GPT Header Guid e582b68-863f-4c74-a2bc-dedd4373dbf5 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 1253349096 Backup GPT header CurrentLba = 3907029167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 3907029134 Backup GPT header Guid e582b68-863f-4c74-a2bc-dedd4373dbf5 Backup GPT header Contains 128 partition entries starting at LBA 3907029135 Backup GPT header Partition entry size = 128 Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID e6e9030e-9c79-4707-9c36-4447a6186687 FirstLBA 2048 Last LBA 1026047 Attributes 0 Partition Name EFI system partition GPT Partition 0 is bootable Partition 1 Type 796badd3-6bbf-4d9f-b631-466eb71a4965 Partition ID 760bdb64-326a-4ca4-b7fb-9136cffcbc5 FirstLBA 1026048 Last LBA 1107967 Attributes 1 Partition Name Basic data partition Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID 6aaae8ca-d2ee-4550-bdf2-5cd36c726c14 FirstLBA 1107968 Last LBA 1370111 Attributes 0 Partition Name Microsoft reserved partition Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID c5beba18-18c0-4437-80da-76744d3a1ade FirstLBA 1370112 Last LBA 5564415 Attributes 1 Partition Name Basic data partition Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 4115a6a0-3b2a-47fe-92b6-40d0b784ed6 FirstLBA 5564416 Last LBA 3888126160 Attributes 0 Partition Name Basic data partition Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID f5eac68b-6523-4462-8ef4-835d612face6 FirstLBA 3888128000 Last LBA 3889063935 Attributes 1 Partition Name Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 9a0c2ef5-af11-4b78-9e43-e5ebfaaae32 FirstLBA 3889063936 Last LBA 3907027119 Attributes 1 Partition Name Microsoft recovery partition Disk Size: 2000398934016 bytes Sector size: 512 bytes Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xffffe000cf68b060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe000cf68bb20, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe000cf68b060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ DevicePointer: 0xffffe000cf657ac0, DeviceName: \Device\0000005c\, DriverName: \Driver\RSUSBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xffffe000cf682060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe000c9e66b20, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe000cf682060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\ DevicePointer: 0xffffe000cf657520, DeviceName: \Device\0000005d\, DriverName: \Driver\RSUSBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xffffe000cf6bf060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe000cf68e040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe000cf6bf060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\ DevicePointer: 0xffffe000cf690060, DeviceName: \Device\0000005e\, DriverName: \Driver\RSUSBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xffffe000cf68a060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe000cf682b20, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe000cf68a060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\ DevicePointer: 0xffffe000cf68f060, DeviceName: \Device\0000005f\, DriverName: \Driver\RSUSBSTOR\ ------------ End ---------- Physical Sector Size: 512 Drive: 5, DevicePointer: 0xffffe000cf6ab770, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe000cf6af040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe000cf6ab770, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\ DevicePointer: 0xffffe000cf6b8b10, DeviceName: \Device\00000060\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 5 Scanning MBR on drive 5... Inspecting partition table: MBR Signature: 55AA Disk Signature: 83C4E412 Partition information: Partition 0 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 1000 Numsec = 31947800 Partition is not bootable Partition file system is FAT32 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 16357785600 bytes Sector size: 512 bytes Done! File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BASICRENDER.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHLEENUM.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\COMPOSITEBUS.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\SPACEPORT.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1) File "C:\Windows\System32\BthHFSrv.dll" is compressed (flags = 1) File "C:\Windows\System32\hidclass.sys" is compressed (flags = 1) File "C:\Windows\System32\hidparse.sys" is compressed (flags = 1) File "C:\Windows\System32\CIRCoInst.dll" is compressed (flags = 1) File "C:\Windows\System32\fsquirt.exe" is compressed (flags = 1) File "C:\Windows\System32\hidusb.sys" is compressed (flags = 1) File "C:\Windows\System32\iscsilog.dll" is compressed (flags = 1) File "C:\Windows\System32\streamci.dll" is compressed (flags = 1) File "C:\Windows\System32\SysFxUI.dll" is compressed (flags = 1) File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8A294A78ACC58A4AB3877B3CCA3FC1FCC7E8A76D.bin.VE0" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8A294A78ACC58A4AB3877B3CCA3FC1FCC7E8A76D.bin.VE0" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8A294A78ACC58A4AB3877B3CCA3FC1FCC7E8A76D.bin.VE0" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8A294A78ACC58A4AB3877B3CCA3FC1FCC7E8A76D.bin.VE0" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8A294A78ACC58A4AB3877B3CCA3FC1FCC7E8A76D.bin.VE0" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8A294A78ACC58A4AB3877B3CCA3FC1FCC7E8A76D.bin.VE0" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8A294A78ACC58A4AB3877B3CCA3FC1FCC7E8A76D.bin.VE0" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8A294A78ACC58A4AB3877B3CCA3FC1FCC7E8A76D.bin.VE0" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8A294A78ACC58A4AB3877B3CCA3FC1FCC7E8A76D.bin.VE0" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8A294A78ACC58A4AB3877B3CCA3FC1FCC7E8A76D.bin.VE1" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8A294A78ACC58A4AB3877B3CCA3FC1FCC7E8A76D.bin.VF" is compressed (flags = 1) Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-5-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-5-0-1000-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-5-r.mbam... Removal finished Link to post Share on other sites More sharing options...
Cameron Posted March 7, 2017 Author ID:1107014 Share Posted March 7, 2017 I ran this software 4 different times and 4 different scans each had given different results, First time it found 80 and i cleaned that, restarted and scanned again, found 40 threats i cleaned it then after it restarted i did it a third time, 37 threats were found and i cleaned it and restarted it, the final time it says 0 threats were found (sorry for the extra work though) Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2014.11.18.05 rootkit: v2014.11.12.01 Windows 8.1 x64 NTFS Internet Explorer 11.0.9600.17801 john :: CAMERON [administrator] 2017-03-07 4:55:47 PM mbar-log-2017-03-07 (16-55-47).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 324360 Time elapsed: 11 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 64 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avcenter.exe (Security.Hijack) -> Delete on reboot. [74c9ac9165174aec4d65e809e61dcb35] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avconfig.exe (Security.Hijack) -> Delete on reboot. [53ea0a33ccb06bcb4372a74a7d86de22] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgcsrvx.exe (Security.Hijack) -> Delete on reboot. [56e7da63582466d07e4971808083768a] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgnt.exe (Security.Hijack) -> Delete on reboot. [76c70934c6b60333399720d10ef59070] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgrsx.exe (Security.Hijack) -> Delete on reboot. [62db34096616ce68636f1ed32bd8c937] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avguard.exe (Security.Hijack) -> Delete on reboot. [90adc974a5d7fe38efecfcf54fb4966a] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgui.exe (Security.Hijack) -> Delete on reboot. [6ecf0f2e8bf1fd39e7f5737e9d66b947] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgwdsvc.exe (Security.Hijack) -> Delete on reboot. [3b029aa3473590a61cc6e1104db6c33d] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avscan.exe (Security.Hijack) -> Delete on reboot. [231ad865bbc139fd36d67a78758ebd43] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\blindman.exe (Security.Hijack) -> Delete on reboot. [221ba39a4d2f72c4d7c38dc51fe4827e] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ccuac.exe (Security.Hijack) -> Delete on reboot. [3409132a275543f3a5d2e8b0f50fdf21] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ComboFix.exe (Security.Hijack) -> Delete on reboot. [60dda796f7851e1807b0b43e47bcf010] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe (Security.Hijack) -> Delete on reboot. [d766a79623596fc7decbac472dd6b64a] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\keyscrambler.exe (Security.Hijack) -> Delete on reboot. [9aa3de5fde9ef442da9cdeba01037f81] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbam.exe (Security.Hijack) -> Delete on reboot. [023bd36aaece23133e46b93bdb28c23e] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamgui.exe (Security.Hijack) -> Delete on reboot. [c578fb42a7d5e94d9c38c5d936cd8779] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbampt.exe (Security.Hijack) -> Delete on reboot. [83ba83ba57252b0b4aabfba6a65eeb15] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamscheduler.exe (Security.Hijack) -> Delete on reboot. [0e2fae8fc8b45adc572f740125dec53b] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamservice.exe (Security.Hijack) -> Delete on reboot. [ea53f5487309c0763b4a2cc851b2ec14] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MpCmdRun.exe (Security.Hijack) -> Delete on reboot. [4fee0d30bcc0ab8bba072ec6bd46d030] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCui.exe (Security.Hijack) -> Delete on reboot. [73ca8bb24a32d26413c021d35fa412ee] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [a8950f2e116bd2647a6ccf25778c619f] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msseces.exe (Security.Hijack) -> Delete on reboot. [ac911b22aece74c29b514ea621e2fb05] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rstrui.exe (Security.Hijack) -> Delete on reboot. [f647df5eb0cc96a00e62bd3909fa1be5] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDFiles.exe (Security.Hijack) -> Delete on reboot. [d46974c990eca78f53791b4628db946c] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDMain.exe (Security.Hijack) -> Delete on reboot. [a29ba598b9c38ea8f2dbd28f32d1c43c] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDWinSec.exe (Security.Hijack) -> Delete on reboot. [46f787b690ec8fa7d0fe2839fa0915eb] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe (Security.Hijack) -> Delete on reboot. [d96470cd2f4d191dc19f97df52b234cc] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\wireshark.exe (Security.Hijack) -> Delete on reboot. [a09d3eff7ffd7abccaaed8c0848056aa] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\zlclient.exe (Security.Hijack) -> Delete on reboot. [112ca59864181422f251d2269e65dc24] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTSVC.EXE (Security.Hijack) -> Delete on reboot. [72cbf14c522a290de8c6ed04778c6b95] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE (Security.Hijack) -> Delete on reboot. [231ad36a473572c49a64a94856ad916f] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avcenter.exe (Security.Hijack) -> Delete on reboot. [b38a310cf08c979fecc6cc25c53ef20e] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avconfig.exe (Security.Hijack) -> Delete on reboot. [8bb2bb82512b59ddf8bdfaf7a95afd03] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgcsrvx.exe (Security.Hijack) -> Delete on reboot. [0a338eaf8cf0a5919037aa470cf76d93] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgnt.exe (Security.Hijack) -> Delete on reboot. [ce6f9e9fa1db3df9c10f8c65b54ee020] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgrsx.exe (Security.Hijack) -> Delete on reboot. [b28bbd80e59764d230a2e70a5ea52dd3] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avguard.exe (Security.Hijack) -> Delete on reboot. [182555e8730963d312c9ad44f2115aa6] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgui.exe (Security.Hijack) -> Delete on reboot. [330a8db0ceae0e28409c16db2cd7da26] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgwdsvc.exe (Security.Hijack) -> Delete on reboot. [261707365527290d687a04ed7a8935cb] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avscan.exe (Security.Hijack) -> Delete on reboot. [c776a598bbc16bcbef1db73b60a31de3] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\blindman.exe (Security.Hijack) -> Delete on reboot. [f5486dd0fd7ffa3c504afd5556adae52] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ccuac.exe (Security.Hijack) -> Delete on reboot. [df5e0d3084f847ef0b6c2a6ec341c23e] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ComboFix.exe (Security.Hijack) -> Delete on reboot. [b08d94a9bbc12d09dfd8fcf6917223dd] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe (Security.Hijack) -> Delete on reboot. [8eaf2419e993cd693c6d42b13ec5d22e] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\keyscrambler.exe (Security.Hijack) -> Delete on reboot. [c5789aa3a5d71125accacfc9719349b7] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbam.exe (Security.Hijack) -> Delete on reboot. [d56857e682faba7cfa8a9064689bcb35] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamgui.exe (Security.Hijack) -> Delete on reboot. [3b02ac91b0cc2e08ffd57c227390f010] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbampt.exe (Security.Hijack) -> Delete on reboot. [bc8149f4ccb0b18514e1346d61a38a76] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamscheduler.exe (Security.Hijack) -> Delete on reboot. [e85595a829530e2892f4cbaacb38768a] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamservice.exe (Security.Hijack) -> Delete on reboot. [132a3a031666fd39daab8c68a65d857b] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MpCmdRun.exe (Security.Hijack) -> Delete on reboot. [e5583d002a52c67020a1698bc43f8d73] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCui.exe (Security.Hijack) -> Delete on reboot. [b4898db0384456e0ffd44da755aea65a] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [53eac27b6d0f4de9db0bd61ee41fd32d] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msseces.exe (Security.Hijack) -> Delete on reboot. [49f450ede9938baba349dd1704ff7c84] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rstrui.exe (Security.Hijack) -> Delete on reboot. [122b42fb186486b0b0c094620ff45aa6] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDFiles.exe (Security.Hijack) -> Delete on reboot. [1924073691ebc76f517b11505ba81ae6] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDMain.exe (Security.Hijack) -> Delete on reboot. [de5fae8fb5c72d09329bbda40ef547b9] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDWinSec.exe (Security.Hijack) -> Delete on reboot. [3508a19cf9839b9b7a54372a0201cf31] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe (Security.Hijack) -> Delete on reboot. [132afd409ae2e452afb16e08f21247b9] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\wireshark.exe (Security.Hijack) -> Delete on reboot. [a09d7dc0c1bbb2842c4c5b3d35cf43bd] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\zlclient.exe (Security.Hijack) -> Delete on reboot. [64d95de0ef8d96a083c0b5435fa42cd4] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTSVC.EXE (Security.Hijack) -> Delete on reboot. [69d4fd40dd9ff640c2ecab46927145bb] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE (Security.Hijack) -> Delete on reboot. [63dafc41e29a3df9d82634bd09fae31d] Registry Values Detected: 14 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTSVC.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\System32\svchost.exe -> Delete on reboot. [72cbf14c522a290de8c6ed04778c6b95] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTUI.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\System32\svchost.exe -> Delete on reboot. [c07d75c8bebee94d832da948e1223dc3] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGIDSAGENT.EXE|Debugger (Hijack.Security) -> Data: C:\Windows\System32\svchost.exe -> Delete on reboot. [320be7568cf021159d9c6a0531d2a35d] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\System32\svchost.exe -> Delete on reboot. [231ad36a473572c49a64a94856ad916f] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BDAGENT.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\System32\svchost.exe -> Delete on reboot. [320b42fb80fcb1858ca742b06b98cc34] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EGUI.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\System32\svchost.exe -> Delete on reboot. [94a9a09d5923181e46cfa84b946f44bc] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\INSTUP.EXE|Debugger (Hijack.Security) -> Data: C:\Windows\System32\svchost.exe -> Delete on reboot. [1c21a697324aa98d97a386e9f11256aa] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTSVC.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\System32\svchost.exe -> Delete on reboot. [69d4fd40dd9ff640c2ecab46927145bb] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTUI.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\System32\svchost.exe -> Delete on reboot. [f8452b125626b1856d439c55be45bf41] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGIDSAGENT.EXE|Debugger (Hijack.Security) -> Data: C:\Windows\System32\svchost.exe -> Delete on reboot. [80bd3d007b0134021029125de91aa957] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\System32\svchost.exe -> Delete on reboot. [63dafc41e29a3df9d82634bd09fae31d] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BDAGENT.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\System32\svchost.exe -> Delete on reboot. [44f989b44b31a3935bd8cd253dc649b7] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EGUI.EXE|Debugger (Security.Hijack) -> Data: C:\Windows\System32\svchost.exe -> Delete on reboot. [221bfb428def4aec48cd0ae921e227d9] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\INSTUP.EXE|Debugger (Hijack.Security) -> Data: C:\Windows\System32\svchost.exe -> Delete on reboot. [46f79ca17309cd692119adc261a249b7] Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\john\AppData\Roaming\sound.exe (Trojan.Agent) -> Delete on reboot. [2716ca73bdbf50e62ebdfca90bf89769] C:\ProgramData\Intel.exe (Trojan.Agent) -> Delete on reboot. [b489cc71adcf57df1b9ac1c160a4669a] Physical Sectors Detected: 0 (No malicious items detected) (end) that was the first time i ran this 2nd time running it Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2014.11.18.05 rootkit: v2014.11.12.01 Windows 8.1 x64 NTFS Internet Explorer 11.0.9600.17801 john :: CAMERON [administrator] 2017-03-07 5:12:30 PM mbar-log-2017-03-07 (17-12-30).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 319600 Time elapsed: 13 minute(s), 43 second(s) [aborted] Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) the third time running it Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2017.03.07.08 rootkit: v2017.02.27.01 Windows 8.1 x64 NTFS Internet Explorer 11.0.9600.17801 john :: CAMERON [administrator] 2017-03-07 5:27:24 PM mbar-log-2017-03-07 (17-27-24).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 298190 Time elapsed: 11 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 6 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DLLHOST.EXE (Backdoor.Zyklon) -> Delete on reboot. [ec489631a3055fd7a5e7cbf105fb9769] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DLLHOST.EXE (Backdoor.Zyklon) -> Delete on reboot. [ec489631a3055fd7a5e7cbf105fb9769] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WSCRIPT.EXE (Backdoor.Zyklon) -> Delete on reboot. [4be97255c3e59c9ac8c4506c19e7b947] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WSCRIPT.EXE (Backdoor.Zyklon) -> Delete on reboot. [4be97255c3e59c9ac8c4506c19e7b947] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EXPLORER.EXE (Backdoor.Zyklon) -> Delete on reboot. [e74de1e6c5e387af0884259757a90ef2] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EXPLORER.EXE (Backdoor.Zyklon) -> Delete on reboot. [e74de1e6c5e387af0884259757a90ef2] Registry Values Detected: 1 HKU\S-1-5-21-918212172-721134584-3793019280-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|javasched (Trojan.Agent.TPL) -> Data: C:\Users\john\AppData\Roaming\Microsoft\Windows\Templates\Slideshows\SlideshowService.exe -> Delete on reboot. [f341e0e72e7a999d21a13b8102fe9967] Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 35 C:\Users\john\AppData\Local\Microsoft\Windows\{0E22831C-8140-4202-85BB-971BF59B9032}\dllhost.exe (Backdoor.Zyklon) -> Delete on reboot. [ec489631a3055fd7a5e7cbf105fb9769] C:\Users\john\AppData\Local\Microsoft\Windows\{14F6226D-EAD3-48BE-8758-CC66C420DEEC}\wscript.exe (Backdoor.Zyklon) -> Delete on reboot. [4be97255c3e59c9ac8c4506c19e7b947] C:\Users\john\AppData\Local\Microsoft\Windows\{1951F1EF-81A9-44D7-9CBB-ED95D466826E}\taskmgr.exe (Backdoor.Zyklon) -> Delete on reboot. [a1932b9cdccc1a1c0c731f933ac60000] C:\Users\john\AppData\Local\Microsoft\Windows\{1EBA1F3B-608D-4E03-9B76-368E4CCA8FEF}\System.exe (Backdoor.Zyklon) -> Delete on reboot. [61d37d4aeabe3bfb5a32e8d458a86c94] C:\Users\john\AppData\Local\Microsoft\Windows\{3C8A6C35-339C-40F7-B346-AB860F620130}\WerFault.exe (Backdoor.Zyklon) -> Delete on reboot. [5ed6a5226543ba7ceaa24d6f748cc13f] C:\Users\john\AppData\Local\Microsoft\Windows\{5F2E058F-4549-45B8-A018-CB77CD51581E}\svchost.exe (Backdoor.Zyklon) -> Delete on reboot. [a68e794e4761de58a6e610ac837d54ac] C:\Users\john\AppData\Local\Microsoft\Windows\{60328A11-EFB4-42DB-B200-AB7CCBAB1B11}\mstask.exe (Backdoor.Zyklon) -> Delete on reboot. [ff3519ae396f75c11973992380801ee2] C:\Users\john\AppData\Local\Microsoft\Windows\{665B9AB5-BFE5-47E3-A6B1-CA52730F7E4C}\config.exe (Backdoor.Zyklon) -> Delete on reboot. [a88c5671b4f40333156ad8daa759956b] C:\Users\john\AppData\Local\Microsoft\Windows\{69EF324B-E2B8-4494-8C8D-B5D9A75903F8}\taskeng.exe (Backdoor.Zyklon) -> Delete on reboot. [fb391cab5d4b54e285073d7f000057a9] C:\Users\john\AppData\Local\Microsoft\Windows\{6F53C0DC-126B-4AF5-B091-55A3EBE1A500}\services.exe (Backdoor.Zyklon) -> Delete on reboot. [c56f45821197b086cac2a21a49b7d52b] C:\Users\john\AppData\Local\Microsoft\Windows\{7985E70C-704D-431E-B4FB-CA28BD94607A}\winlogon.exe (Backdoor.Zyklon) -> Delete on reboot. [2a0a8047377195a1018b0bb1aa56649c] C:\Users\john\AppData\Local\Microsoft\Windows\{8BC9F6E2-1E1E-435E-A589-F74C7B5437D3}\Skype.exe (Backdoor.Zyklon) -> Delete on reboot. [9c989f28693fef474e31c7ebaf517e82] C:\Users\john\AppData\Local\Microsoft\Windows\{8F116B90-A6EC-452A-BF93-894F3FC6D242}\Java.exe (Backdoor.Zyklon) -> Delete on reboot. [46eebb0c10983ff7127a3c80ca36af51] C:\Users\john\AppData\Local\Microsoft\Windows\{98267415-F78E-4F87-A50B-9244C83DF68F}\svchost.exe (Backdoor.Zyklon) -> Delete on reboot. [38fc00c7c7e1c57108847943b44c5da3] C:\Users\john\AppData\Local\Microsoft\Windows\{A4728E95-11B8-42C3-A4EE-28C683968F66}\taskmgr.exe (Backdoor.Zyklon) -> Delete on reboot. [1d17e9debbedbf77ace0ccf0926ef30d] C:\Users\john\AppData\Local\Microsoft\Windows\{A479B548-8D3D-408C-BDB5-9C1C8718D7C2}\taskhost.exe (Backdoor.Zyklon) -> Delete on reboot. [9a9a5a6d594f91a5b9c60da5817f0ef2] C:\Users\john\AppData\Local\Microsoft\Windows\{ABAC5B4C-95E4-4DCF-ADC3-B03AC02CF965}\explorer.exe (Backdoor.Zyklon) -> Delete on reboot. [e74de1e6c5e387af0884259757a90ef2] C:\Users\john\AppData\Local\Microsoft\Windows\{ACDCB7E6-48D2-46AE-B929-7C7C6959D824}\dllhost.exe (Backdoor.Zyklon) -> Delete on reboot. [c37109be901867cf5636526aa858e31d] C:\Users\john\AppData\Local\Microsoft\Windows\{B1010CA3-EEBB-4639-A293-1B0D6EB8014C}\csrss.exe (Backdoor.Zyklon) -> Delete on reboot. [270d923568405adca3e9fac2f90755ab] C:\Users\john\AppData\Local\Microsoft\Windows\{BEB3331A-9254-4CD7-8626-E25766FD7E4D}\explorer.exe (Backdoor.Zyklon) -> Delete on reboot. [4be94186d1d773c37b118a32c23ed030] C:\Users\john\AppData\Local\Microsoft\Windows\{D0034287-8B42-4BF6-83C7-4ACA348B9C81}\cleanmgr.exe (Backdoor.Zyklon) -> Delete on reboot. [161e1daa9513ff37dfad2894758b28d8] C:\Users\john\AppData\Local\Microsoft\Windows\{3DDC4472-1299-42B4-B966-A95CF7EB7E78}\taskmgr.exe (Backdoor.Zyklon) -> Delete on reboot. [3df73097aff94cea9af20ab257a99769] C:\Users\john\AppData\Local\Microsoft\Windows\{4926130E-F605-47FD-BD2E-C314FFC6EB82}\svchost.exe (Backdoor.Zyklon) -> Delete on reboot. [5fd5d8efc2e6c76fd0bcdae2aa56fc04] C:\Users\john\AppData\Local\Microsoft\Windows\{53C4BB8B-A822-4FF5-977C-466764970432}\System.exe (Backdoor.Zyklon) -> Delete on reboot. [3103794ed3d549ed4e3ee6d6c8387987] C:\Users\john\AppData\Local\Microsoft\Windows\{5AAB9970-38A3-47FE-BA5A-3D294B16DCDF}\wscript.exe (Backdoor.Zyklon) -> Delete on reboot. [df55497eaff92d091478ccf0f30dba46] C:\Users\john\AppData\Local\Microsoft\Windows\{5D1B8451-E52D-40D9-89F9-69154EE0AC8D}\Skype.exe (Backdoor.Zyklon) -> Delete on reboot. [5adae0e7654314227e01ecc620e0847c] C:\Users\john\AppData\Local\Microsoft\Windows\{DCA3773E-8F62-49DD-89E6-BBE1B6BE8591}\explorer.exe (Backdoor.Zyklon) -> Delete on reboot. [fc383097e4c458de94f84379827eed13] C:\Users\john\AppData\Local\Microsoft\Windows\{DD347ACA-B3A7-4F54-80C6-85A90DB5C32B}\svchost.exe (Backdoor.Zyklon) -> Delete on reboot. [ca6ab2152f7922143f4dcdeff30d03fd] C:\Users\john\AppData\Local\Microsoft\Windows\{F77B9D3C-834E-4272-8747-7A8C62FD72B7}\explorer.exe (Backdoor.Zyklon) -> Delete on reboot. [58dc1bacf1b735015e2ee0dca65a20e0] C:\Users\john\AppData\Local\Microsoft\Windows\{F80B868E-A06A-4AD9-B1B7-A8926FC0CCB5}\svchost.exe (Backdoor.Zyklon) -> Delete on reboot. [c76d06c1c2e655e1721a2a92ca366b95] C:\Users\john\AppData\Local\Temp\58698.exe (RiskWare.BitCoinMiner) -> Delete on reboot. [35ff4a7db5f342f4313fa02b1be63cc4] C:\Users\john\AppData\Local\Temp\xm.exe (RiskWare.BitCoinMiner) -> Delete on reboot. [e054d5f22d7b9c9af47cd3f8cc355ba5] C:\Users\john\AppData\Local\Temp\14946.exe (RiskWare.BitCoinMiner) -> Delete on reboot. [5fd52b9c5a4e56e07df3b5165fa22cd4] C:\Users\john\AppData\Roaming\Microsoft\Windows\Templates\minerd.exe (RiskWare.BitCoinMiner) -> Delete on reboot. [b2822d9a58507db90abdedd77f81a25e] C:\Users\john\AppData\Roaming\Microsoft\Windows\Templates\Slideshows\SlideshowService.exe (Trojan.Agent.TPL) -> Delete on reboot. [f341e0e72e7a999d21a13b8102fe9967] Physical Sectors Detected: 0 (No malicious items detected) (end) the final time i ran it it detected nothing Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2017.03.07.08 rootkit: v2017.02.27.01 Windows 8.1 x64 NTFS Internet Explorer 11.0.9600.17801 john :: CAMERON [administrator] 2017-03-07 5:45:14 PM mbar-log-2017-03-07 (17-45-14).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 297684 Time elapsed: 16 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) i ran it a total of 4 times and 3 of the times it found 80 then i cleaned it, then 40 then i cleaned it, then 30 and i cleaned it, it now says 0 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 8, 2017 Root Admin ID:1107065 Share Posted March 8, 2017 Great, that's good. Let's run some other scans, but please do not copy/paste. Please ATTACH your logs. Please restart the computer first and then run the following steps and post back the logs when ready.STEP 01 Please download Junkware Removal Tool to your desktop. Shutdown your antivirus to avoid any conflicts. Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP. The tool will open and start scanning your system. Please be patient as this can take a while to complete. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next reply message When completed make sure to re-enable your antivirus STEP 02 Fix with AdwCleaner Please download AdwCleaner by Xplode and save the file to your Desktop. Right-click on icon and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan. When finished, please click Clean. Your PC should reboot now. After reboot, logfile will be opened. Copy its content into your next reply. Note: Reports will be saved in your system partition, usually at C:\Adwcleaner STEP 03 Download Sophos Free Virus Removal Tool and save it to your desktop. Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View Log file (bottom left-hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found, please confirm that result. STEP 04 Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Link to post Share on other sites More sharing options...
Cameron Posted March 8, 2017 Author ID:1107151 Share Posted March 8, 2017 Every time i restart it opens up Reverse.exe - Application Error The application was unable to start correctly (0xc0000005) Click OK to close the application. Link to post Share on other sites More sharing options...
Cameron Posted March 8, 2017 Author ID:1107152 Share Posted March 8, 2017 Its almost impossible to scan because it wont stop opening Link to post Share on other sites More sharing options...
Cameron Posted March 8, 2017 Author ID:1107172 Share Posted March 8, 2017 It couldnt clean the Troj/Ransom-AIB Link to post Share on other sites More sharing options...
Cameron Posted March 8, 2017 Author ID:1107176 Share Posted March 8, 2017 SophosVirusRemovalTool.log FRST.txt Addition.txt JRT.txt Link to post Share on other sites More sharing options...
Cameron Posted March 8, 2017 Author ID:1107179 Share Posted March 8, 2017 AdwCleaner[C0].txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 9, 2017 Root Admin ID:1107231 Share Posted March 9, 2017 Okay, please run the following Please download the attached fixlist.txt file and save it to the Desktop.NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. fixlist.txt Thanks Link to post Share on other sites More sharing options...
Cameron Posted March 9, 2017 Author ID:1107255 Share Posted March 9, 2017 Fixlog.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 10, 2017 Root Admin ID:1107471 Share Posted March 10, 2017 Please Run TFC by OldTimer to clear temporary files: Download TFC from here and save it to your desktop. http://oldtimer.geekstogo.com/TFC.exe Close any open programs and Internet browsers. Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning. Please be patient as clearing out temp files may take a while. Once it completes you may be prompted to restart your computer, please do so. Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files. Next, Please visit each of the following sites and let's reset all of your browsers back to defaults to prevent unexpected issues. If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in. Internet ExplorerHow to reset Internet Explorer settings Firefox Click on Help / Troubleshooting Information then click on the Reset Firefox button. Chrome I would like to reset Chrome back to defaults to completely clear out what is going on with Chrome. You can keep your “Bookmarks” if you want to keep them, but you have to export them first – >> Export Bookmarks << – Everything else should be removed. Then I need you to go to >> Google Sync << and sign into your account. Scroll down until you see the “reset sync” button and click on the button At the prompt click on “Ok”. .Reset Your Browser Settings . In the top-right corner of the browser window, click the “Chrome Menu” icon (Three horizontal lines) Select “Settings”. At the bottom, click “Show advanced settings…” Scroll down until you see “Reset settings”, Then click on the button “Reset Settings”. In the dialog that appears, click “Reset”. .Close Chrome and restart it and check it out for me please Link to post Share on other sites More sharing options...
Cameron Posted March 12, 2017 Author ID:1107908 Share Posted March 12, 2017 Hey i ran into an issue now, one of these apps changed my ip address and i have purchased things that i cant change that ip on, Basically if i dont fix my ip its going to never let me use them until i reset it back, anyway of fixing this problem? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 13, 2017 Root Admin ID:1108145 Share Posted March 13, 2017 You would need to talk with your ISP if it's your Public IP as almost all of those are Dynamic and change. If you mean the local IP of your own router, yes you can set it to manual and pick that IP. What is the IP? Link to post Share on other sites More sharing options...
Cameron Posted April 8, 2017 Author ID:1115958 Share Posted April 8, 2017 After about a month i ran into a similar issue again. Nearly everytime my pc starts up it is very slow to the point that if i click something it takes nearly a minute to load, my mouse moves very slow and everything is choppy also whenever i shutdown or restart it says "this app is preventing you from shutting down" occasionally it starts up normal speed and all im not entirely sure whats going on anymore Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 9, 2017 Root Admin ID:1116165 Share Posted April 9, 2017 Please run the following. https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/ Post back the logs when ready. Ron Link to post Share on other sites More sharing options...
Cameron Posted April 12, 2017 Author ID:1116765 Share Posted April 12, 2017 Ok here is what i got (5 things found) mbar-log-2017-04-11 (20-53-46).txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 12, 2017 Root Admin ID:1116768 Share Posted April 12, 2017 Let me have you run the following again then. Please restart the computer first and then run the following steps and post back the logs when ready.STEP 01 Please download Junkware Removal Tool to your desktop. Shutdown your antivirus to avoid any conflicts. Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP. The tool will open and start scanning your system. Please be patient as this can take a while to complete. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next reply message When completed make sure to re-enable your antivirus STEP 02 Fix with AdwCleaner Please download AdwCleaner by Xplode and save the file to your Desktop. Right-click on icon and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan. When finished, please click Clean. Your PC should reboot now. After reboot, logfile will be opened. Copy its content into your next reply. Note: Reports will be saved in your system partition, usually at C:\Adwcleaner STEP 03 Download Sophos Free Virus Removal Tool and save it to your desktop. Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View Log file (bottom left-hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found, please confirm that result. STEP 04 Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Link to post Share on other sites More sharing options...
Recommended Posts