Author Topic: File Type Question  (Read 19712 times)

0 Members and 1 Guest are viewing this topic.

Offline Ozzie

  • Full Member
  • ***
  • Posts: 55
    • View Profile
File Type Question
« on: January 24, 2017, 03:12:47 PM »
Yesterday, this problem started on my Windows 10 system.  I would go to open a Word document (which for some odd reason did not show the normal Word logo) and would get a box popup asking what program to use to open the file.  When I looked close at the name of the
"document" it ended with "OSIRIS.File."  What kind of file is this.  Several of the Word documents I use on a daily basis have been changed to this.  I don't understand what is going on.  I did do a search on this forum and nothing came up.  Help, please.

Offline Pete!

  • Hero Member
  • *****
  • Posts: 5171
    • View Profile
Re: File Type Question
« Reply #1 on: January 24, 2017, 03:32:45 PM »
Have you been getting any of that spam with fake invoices & etc attached?

https://www.bleepingcomputer.com/news/security/locky-ransomware-switches-to-egyptian-mythology-with-the-osiris-extension/

Even if you have a reliable backup, I'd suggest getting some help cleaning things up, before making another move.

Offline Ozzie

  • Full Member
  • ***
  • Posts: 55
    • View Profile
Re: File Type Question
« Reply #2 on: January 24, 2017, 04:22:37 PM »
I believe I did get one of those yesterday or the day before.  How do I get help or where should I go to get help?  I had a computer ruined a few years ago due to such maliciousness.  Don't want to go through that again.  Thanks for responding.

Offline Ozzie

  • Full Member
  • ***
  • Posts: 55
    • View Profile
Re: File Type Question
« Reply #3 on: January 24, 2017, 04:28:05 PM »
I just finished reading the article at that link you posted, and I definitely got that "ransom" notation.  OMG.  I don't understand how I even got this darned thing. 

Offline MikeW

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 554
    • View Profile
Re: File Type Question
« Reply #4 on: January 24, 2017, 04:28:41 PM »
Win 7 Home Premium  IE11 MSE  Mbam Pro

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7197
  • Liverpool FC - YNWA
    • View Profile
Re: File Type Question
« Reply #5 on: January 24, 2017, 05:05:43 PM »
Do you have your Word documents backed up somewhere?
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline Ozzie

  • Full Member
  • ***
  • Posts: 55
    • View Profile
Re: File Type Question
« Reply #6 on: January 24, 2017, 06:20:12 PM »
I went to the link you posted, MikeW.  However, my computer will not allow the download of Security Analysis.  I did turn off the protection on my computer and tried to download, but again, the computer would not allow download.

Offline Ozzie

  • Full Member
  • ***
  • Posts: 55
    • View Profile
Re: File Type Question
« Reply #7 on: January 24, 2017, 06:22:37 PM »
Winchester73, I do have all of my Word documents on an external drive, but evidently it got the virus, too, when I hooked it up to my computer.  During the hectic last few weeks, I have not backed up my files to another external drive I use for that.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19326
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: File Type Question
« Reply #8 on: January 24, 2017, 07:00:44 PM »
As you have seen in the article that Pete linked to at Bleeping Computer, there is no method of decrypting those files.  Other than following the Locky Ransomware (Zepto) Support and Help Topic - _HELP_instructions.html - Ransomware Help & Tech Support topic at Bleeping Computer, I do not believe there is anything else you can do.  However, I have contacted quietman7 in case he has any additional advice.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline DonnaB

  • Malware Experts
  • Hero Member
  • *****
  • Posts: 810
  • Ms. Congeniality
    • View Profile
Re: File Type Question
« Reply #9 on: January 25, 2017, 12:05:28 AM »
While we are waiting for quietman7's additional advice, do note that in Pete's link, just before the Comments section, it states:

Quote
The only way to recover encrypted files is via a backup, or if you are incredibly lucky, through Shadow Volume Copies. Though Locky does attempt to remove Shadow Volume Copies, in rare cases ransomware infections fail to do so for whatever reason. Due to this, if you do not have a viable backup, I always suggest people try as a last resort to restore encrypted files from Shadow Volume Copies as well.

My son (sigh..) was incredibly lucky... Shadow Explorer worked for me.

"To achieve the impossible, it is precisely the unthinkable that must be thought."
Tom Robbins

Offline Pete!

  • Hero Member
  • *****
  • Posts: 5171
    • View Profile
Re: File Type Question
« Reply #10 on: January 25, 2017, 01:44:01 PM »
While we are waiting for quietman7's additional advice, do note that in Pete's link, just before the Comments section, it states:

Quote
The only way to recover encrypted files is via a backup, or if you are incredibly lucky, through Shadow Volume Copies. Though Locky does attempt to remove Shadow Volume Copies, in rare cases ransomware infections fail to do so for whatever reason. Due to this, if you do not have a viable backup, I always suggest people try as a last resort to restore encrypted files from Shadow Volume Copies as well.

My son (sigh..) was incredibly lucky... Shadow Explorer worked for me.
After reading those articles, I fooled around for a while...
In Windows 10, the only way I could reliably find Shadow Volume Copies, was by using Shadow Explorer.

The next thing I did was disconnect my external hard drive, and resolve to break the habit of leaving it (and the 'backup' thumb drive) plugged in while I'm not actively backing up anything.

I'm not suggesting that Ozzie attempt any recovery at this point without better advice than I could give.
Is there some way you guys can determine if the ransomware is still active on his machine?

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7197
  • Liverpool FC - YNWA
    • View Profile
Re: File Type Question
« Reply #11 on: January 25, 2017, 01:50:08 PM »
However, my computer will not allow the download of Security Analysis.

Were you able to download the first tool mentioned (FRST)? 

If so, please post the FRST.txt and Addition.txt logs here.
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline Ozzie

  • Full Member
  • ***
  • Posts: 55
    • View Profile
Re: File Type Question
« Reply #12 on: January 25, 2017, 04:39:14 PM »
Here is the FIRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017
Ran by nepta (administrator) on WIN-9VDBKK3EQVE (24-01-2017 14:27:19)
Running from C:\Users\nepta\Downloads
Loaded Profiles: nepta (Available Profiles: nepta)
Platform: Windows 10 Pro Insider Preview Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthService.exe
(Data Perceptions / PowerProgrammer) C:\Windows\SysWOW64\WebUpdateSvc4.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1701.10102.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-26] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-11] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [670992 2016-12-03] (Microsoft Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2867712 2017-01-09] (Dominik Reichl)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\Run: [Xmarks] => C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe [1178680 2014-11-06] (Xmarks.com)
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\Run: [*yqxemyqtyq<*>] => "C:\Users\nepta\AppData\Local\f1076\0380a.bat" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\MountPoints2: {edf8497a-1cec-11e5-b697-d0df9ade1364} - "J:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\Users\nepta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-10-26]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6ff00289-07bc-4525-b980-f42fe61bf48b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b032e560-a487-42e4-87fd-5ee82da6afb3}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.charter.net/
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001 -> DefaultScope {DC97778D-7A6D-49A2-AD94-DB64E8FCFD01} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001 -> {DC97778D-7A6D-49A2-AD94-DB64E8FCFD01} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-22] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-22] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-22] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-22] (Google Inc.)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default [2017-01-24]
CHR Extension: (Google Slides) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-13]
CHR Extension: (Google Docs) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-13]
CHR Extension: (Google Drive) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-13]
CHR Extension: (YouTube) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-13]
CHR Extension: (Google Search) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-13]
CHR Extension: (Adobe Acrobat) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-20]
CHR Extension: (Google Sheets) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-13]
CHR Extension: (Google Docs Offline) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Gmail) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-13]
CHR Extension: (Chrome Media Router) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2255064 2015-08-27] (Broadcom Corporation.)
S3 DevicesFlowUserSvc; C:\WINDOWS\System32\DevicesFlowBroker.dll [785920 2016-12-03] (Microsoft Corporation)
S3 DevicesFlowUserSvc_53d50; C:\WINDOWS\system32\svchost.exe [41856 2016-12-03] (Microsoft Corporation)
S3 DevicesFlowUserSvc_53d50; C:\WINDOWS\SysWOW64\svchost.exe [35128 2016-12-03] (Microsoft Corporation)
R2 DusmSvc; C:\WINDOWS\System32\dusmsvc.dll [289280 2016-12-03] (Microsoft Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-11] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
S3 IpxlatCfgSvc; C:\WINDOWS\System32\IpxlatCfg.dll [67584 2016-12-03] (Microsoft Corporation)
S3 NaturalAuthentication; C:\WINDOWS\System32\NaturalAuth.dll [226304 2016-12-03] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-11] (NVIDIA Corporation)
S3 PrintWorkflowUserSvc; C:\WINDOWS\System32\Windows.Graphics.Internal.Printing.Workflow.dll [164352 2016-12-03] (Microsoft Corporation)
S3 PrintWorkflowUserSvc; C:\WINDOWS\SysWOW64\Windows.Graphics.Internal.Printing.Workflow.dll [122880 2016-12-03] (Microsoft Corporation)
R3 PrintWorkflowUserSvc_53d50; C:\WINDOWS\system32\svchost.exe [41856 2016-12-03] (Microsoft Corporation)
R3 PrintWorkflowUserSvc_53d50; C:\WINDOWS\SysWOW64\svchost.exe [35128 2016-12-03] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-26] (Realtek Semiconductor)
R2 SecurityHealthService; C:\WINDOWS\system32\SecurityHealthService.exe [192272 2016-12-03] (Microsoft Corporation)
S3 SEMgrSvc; C:\WINDOWS\system32\SEMgrSvc.dll [1231360 2016-12-03] (Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3385120 2016-12-03] (Microsoft Corporation)
S3 spectrum; C:\WINDOWS\system32\spectrum.exe [1177600 2016-12-03] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [349632 2016-12-03] (Microsoft Corporation)
R2 WebUpdate4; C:\WINDOWS\SysWOW64\WebUpdateSvc4.exe [262360 2008-09-15] (Data Perceptions / PowerProgrammer)
S3 WFDSConMgrSvc; C:\WINDOWS\System32\wfdsconmgrsvc.dll [547840 2016-12-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [97032 2016-12-03] (Microsoft Corporation)
S3 wlpasvc; C:\WINDOWS\System32\lpasvc.dll [1270784 2016-12-03] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [170712 2015-08-27] (Broadcom Corporation.)
R2 CldFlt; C:\WINDOWS\System32\drivers\cldflt.sys [225792 2016-12-03] (Microsoft Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] ()
S3 mausbhost; C:\WINDOWS\System32\drivers\mausbhost.sys [266000 2016-12-03] (Microsoft Corporation)
S3 mausbip; C:\WINDOWS\System32\drivers\mausbip.sys [45840 2016-12-03] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [104960 2016-12-03] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhdcwu.inf_amd64_16f6c9b501baeb7d\nvlddmkm.sys [13754936 2016-08-24] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 pmem; C:\WINDOWS\System32\drivers\pmem.sys [98304 2016-12-03] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2016-12-03] (Realtek                                            )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [26896 2016-12-03] ()
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [42184 2015-07-22] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-22] (Synaptics Incorporated)
S3 SpatialGraphFilter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [30480 2016-12-03] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [40768 2016-12-03] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [285968 2016-12-03] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117008 2016-12-03] (Microsoft Corporation)
S3 WinNat; C:\WINDOWS\System32\drivers\winnat.sys [206336 2016-12-03] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
U0 aswVmm; no ImagePath
S3 MBAMFarflt; \??\C:\WINDOWS\system32\drivers\farflt.sys [X]
S3 MBAMWebProtection; \??\C:\WINDOWS\system32\drivers\mwac.sys [X]

========================== Drivers MD5 =======================

C:\WINDOWS\System32\drivers\1394ohci.sys B6B5715C00CDAF6EA8FCE10192C0DD60
C:\WINDOWS\System32\drivers\3ware.sys 875409FBC36CA23E29CB374297521777
C:\WINDOWS\System32\drivers\ACPI.sys 95336F4BCB3A656F12EE4416D52C3CE0
C:\WINDOWS\System32\drivers\AcpiDev.sys 3A632ABDB610D7A5F67D6BD9008DADD3
C:\WINDOWS\System32\Drivers\acpiex.sys D8BE8561D707673B733D9F4766E3824B
C:\WINDOWS\System32\drivers\acpipagr.sys D8913EDFFBFAF0A1F0167868059A23AB
C:\WINDOWS\System32\drivers\acpipmi.sys BB6E0D8E9A3CAE0BB3C2EF25F5FF1023
C:\WINDOWS\System32\drivers\acpitime.sys 97589768A7EC21C5774128B285C3F921
C:\WINDOWS\System32\drivers\ADP80XX.SYS 31530EEA17C1014C23C2E33E4292C3FF
C:\WINDOWS\system32\drivers\afd.sys 217DD7520639EF4AD4E15CDA0ECB4A3E
C:\WINDOWS\System32\DRIVERS\ahcache.sys 2776F121DFB81C3894331DF5093736D1
C:\WINDOWS\System32\drivers\amdk8.sys 22D6FDBBF1963C80534EAD13C9F3AE18
C:\WINDOWS\System32\drivers\amdppm.sys 9FC614D6962567A7E1950E136A388678
C:\WINDOWS\System32\drivers\amdsata.sys F2C0602DE431E8AD783F66CD9CEFB728
C:\WINDOWS\System32\drivers\amdsbs.sys 1556369EAEAF5E534CD67D445829925A
C:\WINDOWS\System32\drivers\amdxata.sys A6BAEFC3A4B4AED1F8130F27D4F5E370
C:\WINDOWS\System32\drivers\appid.sys 9A15CB990F7BAA046632DB21AFAA1BC4
C:\WINDOWS\System32\drivers\applockerfltr.sys C3D21A9CE7397931566A7781EB97E5F8
C:\WINDOWS\system32\drivers\AppvStrm.sys 4645CC07F4B2A034384E82CCDA905573
C:\WINDOWS\system32\drivers\AppvVemgr.sys E397604A8B0A5ED7D960C68E618817A4
C:\WINDOWS\system32\drivers\AppvVfs.sys 13D8FEC773D0D3234B5B2789030D6B75
C:\WINDOWS\System32\drivers\arcsas.sys 968443EAC4643519ADFA713B42ED414C
C:\WINDOWS\System32\drivers\asyncmac.sys C11B04E361FCE65D9730B25B4EA86E72
C:\WINDOWS\System32\drivers\atapi.sys BC39F6DF7FD82AD5E8FF5EFBC3882130
C:\WINDOWS\System32\drivers\bxvbda.sys BEC4B9C505737EAFF327CFB5CBD76048
C:\WINDOWS\System32\drivers\BasicDisplay.sys 718C5E816C288B9C426718B9D8A9C883
C:\WINDOWS\System32\drivers\BasicRender.sys 13B89D39D2EBDCC2EDF066BF0EABE2E9
C:\WINDOWS\system32\drivers\bcbtums.sys F8FE7E12F8151E0A17C23CF840599F9A
C:\WINDOWS\system32\DRIVERS\bcmwl664.sys FDE8C8DC07E75347E4C6B455A0964217
C:\WINDOWS\System32\drivers\bcmfn2.sys 739D089777D2B66DBE7201E5EA4BA2D7
C:\Windows\System32\Drivers\Beep.sys 4635413B72423030CF6962DCFD078430
C:\WINDOWS\System32\DRIVERS\bowser.sys 9DFD75818DD3FDD3E989BADD749996B0
C:\WINDOWS\System32\drivers\BthAvrcpTg.sys 2536718E0B1D168BC1283032163A97B3
C:\WINDOWS\System32\drivers\BthEnum.sys DDEBAE05DC7AC00B47E8C9F19217AEAE
C:\WINDOWS\System32\drivers\bthhfenum.sys ED60A6ECD139BCEF3DD6170489FD5184
C:\WINDOWS\System32\drivers\BthHFHid.sys E39D84CC157AD271560E83C4C1F0B102
C:\WINDOWS\System32\drivers\bthmodem.sys 8C9492F148DFC92AD1683013CA52EB53
C:\WINDOWS\System32\drivers\bthpan.sys 4B097C3C8300C08875768E0D472AB3CB
C:\WINDOWS\system32\DRIVERS\BTHport.sys 437F5778BF1A0F14E56A4D9892B51950
C:\WINDOWS\system32\DRIVERS\BTHUSB.sys 6351C549E5E41C8C6D77926AFA91EA4C
C:\WINDOWS\system32\DRIVERS\btwampfl.sys BC279FCEE9FC8CBF991D5DE539771AA9
C:\WINDOWS\System32\drivers\buttonconverter.sys 841C2C25A31E1ECCE8D7B808522A8CF6
C:\WINDOWS\System32\drivers\capimg.sys 1534B7D9B3B1459E6D0D7941FB47208B
C:\WINDOWS\System32\DRIVERS\cdfs.sys 00F971E30B396F9B5D93A56828D96917
C:\WINDOWS\System32\drivers\cdrom.sys 3326B6FDAD21619AB0FE860158D01D42
C:\WINDOWS\System32\drivers\cht4sx64.sys 6A4453CD310F86CC34E8F011E8C9D2FA
C:\WINDOWS\System32\drivers\cht4vx64.sys C4AE64F58E33B3F2093002F410388980
C:\WINDOWS\System32\drivers\circlass.sys E24A0C159528B3B0C49212F7971B5723
C:\WINDOWS\System32\drivers\cldflt.sys A8EBE359474FDF6ABBAF81BA62657042
C:\WINDOWS\System32\drivers\CLFS.sys DCF7D8A57B05656A833657E1D1755C30
C:\WINDOWS\System32\drivers\registry.sys 443B5094DEC7EC7FF40B6C326B26A312
C:\WINDOWS\System32\drivers\CmBatt.sys 14E734125C318DC506479E3A5C1BE0F5
C:\WINDOWS\System32\Drivers\cng.sys A6D7985026AE7D9F0B0097E4A3CF6768
C:\WINDOWS\System32\DRIVERS\cnghwassist.sys 06C1D9A26A9F3E02A513CFF40F719C50
C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_f06bcc22f978b867\CompositeBus.sys 1DD6C63B2E0FC1A3E455FB529607CD64
C:\WINDOWS\System32\drivers\condrv.sys 023B6318EA32B936155DE481ABA24962
C:\WINDOWS\System32\drivers\csc.sys 46EA67C969153A3BB1BA3928EBEC0995
C:\WINDOWS\System32\drivers\dam.sys C4613B7DAA6FC3CFA7C490BEE247C157
C:\WINDOWS\System32\drivers\dc3d.sys A4700D1F78539C0ED32FA50E64F9C692
C:\WINDOWS\System32\Drivers\dfsc.sys BDBB66C12EF1BE875ACA3AFD4B2ECC72
C:\WINDOWS\System32\drivers\disk.sys 5B365E6526128C5E86DB99B10AB966B6
C:\WINDOWS\System32\drivers\dmvsc.sys 93700A6E954248CAFCF3CCA1C5749867
C:\WINDOWS\system32\DRIVERS\drmkaud.sys 7D6FF0451F078AB756A11509558BCE7C
C:\WINDOWS\System32\drivers\dxgkrnl.sys 549A202BCF0B53B2969EA856E055900C
C:\WINDOWS\System32\drivers\evbda.sys D940068F290A8121A07C8C24A1BB19F1
C:\WINDOWS\System32\drivers\EhStorClass.sys 6B404F92034152BA0B1DC9A55F0649E4
C:\WINDOWS\System32\drivers\EhStorTcgDrv.sys 875505AD1ADF8EECA073CCABAAA1526C
C:\WINDOWS\System32\drivers\errdev.sys 4DBA7C262EED0B87AD67771B6DE1E03C
C:\WINDOWS\system32\drivers\mbae64.sys 4D7F3114147C31390262F19F74E5BF07
C:\Windows\System32\Drivers\exfat.sys F7F83B31733860E3E9E34F7C96D291D7
C:\Windows\System32\Drivers\fastfat.sys 1161C5EDFF4BF8A4319FC144172C458E
C:\WINDOWS\System32\drivers\fdc.sys B5F2F1F61B9A8534708F43954D526481
C:\WINDOWS\System32\drivers\filecrypt.sys B3CD1CFC649E1A3298FB8D99D464045D
C:\WINDOWS\System32\drivers\fileinfo.sys 0C75FC03C55CA6D26F6F027EFCC73769
C:\WINDOWS\System32\drivers\filetrace.sys 70EAC8A8C13E69EC5DF6B344B21EA24D
C:\WINDOWS\System32\drivers\flpydisk.sys 627A07E4CF086632BBB325588EDAC0AD
C:\WINDOWS\System32\drivers\fltmgr.sys AC56045957799AC1C8EB9CEC641D6147
C:\WINDOWS\System32\drivers\FsDepends.sys 6F73FE32863AA4F0B9222389D6A8E044
C:\Windows\System32\Drivers\Fs_Rec.sys 3EC807A07934C95077E62C6EA2A06636
C:\WINDOWS\System32\DRIVERS\fvevol.sys BF70A88CCF6DF97DDEFB375C56E8492D
C:\WINDOWS\System32\drivers\vmgencounter.sys B634E32D9894147B5E05DF781BA2EBAA
C:\WINDOWS\System32\drivers\genericusbfn.sys B836FCD5C45BB4B95EE5AF02A75FBDDD
C:\WINDOWS\System32\Drivers\msgpioclx.sys 0014F0AAAF2D666C569DC3AA2FF7DD45
C:\WINDOWS\System32\drivers\gpuenergydrv.sys B085C3B3256463356B1EFB2574173282
C:\WINDOWS\System32\drivers\HDAudBus.sys AD1082CB4FE6AE6D163FE6B92E6B4BC8
C:\WINDOWS\System32\drivers\HidBatt.sys E18BB39E08874EEC7D2B9E34FDA09FF6
C:\WINDOWS\System32\drivers\hidbth.sys FFFC6F090DA53EBD38A0CAC61B0F3FAC
C:\WINDOWS\System32\drivers\hidi2c.sys 8F4B64D8AE358A50B3B31F934ED6A241
C:\WINDOWS\System32\drivers\hidinterrupt.sys 809F0A23BBD32641012953DF5A1CE27A
C:\WINDOWS\System32\drivers\hidir.sys A78FDE4C933EA4C667BA5E42C2E8A1B1
C:\WINDOWS\System32\drivers\hidusb.sys 61C3E77887741C6800A2BB6BC4589909
C:\WINDOWS\System32\drivers\HpSAMD.sys FC822C522317C49CAF67013F2750F17B
C:\WINDOWS\System32\drivers\HTTP.sys B32F5042676694CF6E0411D501EC9B9D
C:\WINDOWS\System32\drivers\hvservice.sys A9F9A493C8C68EA94E607902B28A392D
C:\WINDOWS\System32\drivers\hwpolicy.sys 25DED6F0F6F13B7D97DD1390C7F22774
C:\WINDOWS\System32\drivers\hyperkbd.sys F861829049889EEA6EAFB02D1153732F
C:\WINDOWS\System32\drivers\i8042prt.sys 10E4EFB8E9EB9BC677582CE72FE7C826
C:\WINDOWS\System32\drivers\iagpio.sys C6B8743B213F06AA60943D8366FE968F
C:\WINDOWS\System32\drivers\iai2c.sys 9A2A2F3C69B9A30B6E78536F6D258BAD
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys 5A0E850F8CD17791A3E6A3CF81D0CA28
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys 7508F1096803385D6376BFD0BD473AC4
C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\WINDOWS\System32\drivers\iaStorAV.sys 32FEF09BB643359B2DEEECF66F8708A7
C:\WINDOWS\System32\drivers\iaStorV.sys 914AA50F695598D85CD8256FD1AE960C
C:\WINDOWS\System32\drivers\ibbus.sys AF9B316F26E46D0830919CFCD2AB6FC3
C:\WINDOWS\System32\drivers\IndirectKmd.sys C18F478D8EA5BD8487250BCAC6C551B3
C:\WINDOWS\system32\drivers\RTKVHD64.sys 622868E4BAE8FBCD22CB1A5901A2C824
C:\WINDOWS\System32\drivers\intelide.sys A2705BE3B67CCFCF6D28DD5BAE57B5F8
C:\WINDOWS\System32\drivers\intelpep.sys 6F4517610E2889C578759DBDE9C44356
C:\WINDOWS\System32\drivers\intelppm.sys 16CFC91A9A0B11F1116FC72FC41E135A
C:\WINDOWS\System32\drivers\iorate.sys F1D847EFB9543A115911F19956B7BD3C
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 90B5AF4E960EE80F5CFEB43B5F8768E7
C:\WINDOWS\System32\drivers\IPMIDrv.sys 1E0B4530D1E44F4397B4BB1175D2CD70
C:\WINDOWS\System32\drivers\ipnat.sys 1C130E6E94B89DA57B35D20A36F5CC6B
C:\WINDOWS\system32\drivers\irda.sys DEB565D690F5D6F88F02CBCAE31A6E97
C:\WINDOWS\System32\drivers\irenum.sys 8A76A5A0AA00378BAE36A84C914B5BD7
C:\WINDOWS\System32\drivers\isapnp.sys 25F1B9685BB538F53E729882BA0F48B1
C:\WINDOWS\System32\drivers\msiscsi.sys 32E401731761379FC51BA90C7CF35FE3
C:\WINDOWS\System32\drivers\kbdclass.sys C87CEBC21AAB4BFD6B47097D5E94DE18
C:\WINDOWS\System32\drivers\kbdhid.sys AE7D99D84F1A1EB6E32D5BB7229F88C6
C:\WINDOWS\System32\drivers\kdnic.sys 8EA16E8BEC49D6C045C28838CFEE6279
C:\WINDOWS\System32\Drivers\ksecdd.sys BB10E8405232B48A8E9ED82159D7236C
C:\WINDOWS\System32\Drivers\ksecpkg.sys F35B5ADE0858AFC13EB92B09A0536AFC
C:\WINDOWS\system32\drivers\ksthunk.sys 0EB4F71957F4BFB33DE4DEC9453A4E3E
C:\WINDOWS\System32\drivers\lltdio.sys 01752F1B760656EBF1B0C4A80205098F
C:\WINDOWS\System32\drivers\lsi_sas.sys A79C806DF3DAE4A385E63D7DC27D7313
C:\WINDOWS\System32\drivers\lsi_sas2i.sys 0E904AFB58B956D72DDD25FE48545CA2
C:\WINDOWS\System32\drivers\lsi_sas3i.sys 04B6B6746EAD66521F021FA267A0D555
C:\WINDOWS\System32\drivers\lsi_sss.sys E08CD60062BEF59149CDBC579CC3B483
C:\WINDOWS\system32\drivers\luafv.sys 6265EAF9AE76D31C64CED58883EA021B
C:\WINDOWS\System32\drivers\mausbhost.sys B0EF5FCC4237E9FE485BE88257018C50
C:\WINDOWS\System32\drivers\mausbip.sys EBD6159C8F7D9AEC041F74851EF49A44
C:\WINDOWS\System32\drivers\megasas.sys 738A822D8ADC4FF1A2D8911AF08F59B2
C:\WINDOWS\System32\drivers\MegaSas2i.sys A886AA5C5CB14F23CA7ED0D3E497E369
C:\WINDOWS\System32\drivers\megasr.sys 67F7CE18F38F8CA31E7F6A42649ED4F8
C:\WINDOWS\System32\drivers\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\WINDOWS\System32\drivers\mlx4_bus.sys 9B3C67248229D35B2238B1B763A42EA4
C:\WINDOWS\system32\drivers\mmcss.sys 30FC7CA681F154F460BAE577C14F0DB2
C:\WINDOWS\System32\drivers\modem.sys BE1F753C48FC23B93BDABCCA320DE81E
C:\WINDOWS\System32\drivers\monitor.sys 3FC3EFE54A6C2C9F6D3FDD6539C4BB26
C:\WINDOWS\System32\drivers\mouclass.sys A400E64627BC1505EA2F2CDBFC86FAB3
C:\WINDOWS\System32\drivers\mouhid.sys AD5A4D65A968AEBCAAD05454F7BFE96A
C:\WINDOWS\System32\drivers\mountmgr.sys 05840C86A221C2A7E6755AB145366EB2
C:\WINDOWS\System32\drivers\mpsdrv.sys B5D78625FD7DBF065B0C5B1406DC0384
C:\WINDOWS\system32\drivers\mrxdav.sys B9919496D6DCFFAB2A77C929AD287613
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys B572A4275354104AFC02DAB009E5B4F6
C:\WINDOWS\System32\DRIVERS\mrxsmb10.sys B04B378637F655DA09F0E23B170D47A4
C:\WINDOWS\System32\DRIVERS\mrxsmb20.sys 1ABDF9C902B027C2C2E6686FAE96173D
C:\WINDOWS\System32\drivers\bridge.sys 4FB1266788E8E08570655521791466C8
C:\Windows\System32\Drivers\Msfs.sys 0261F991B8FE3BE5864FC0C6BF27CC0C
C:\WINDOWS\System32\drivers\msgpiowin32.sys 6D1E26845AC230E09CBB0B8409072509
C:\WINDOWS\System32\drivers\mshidkmdf.sys 7C095521AE1BD263FF8F2BCF81492C1B
C:\WINDOWS\System32\drivers\mshidumdf.sys A723C5C371495DEF4FBC2BB8826DBEF7
C:\WINDOWS\System32\drivers\msisadrv.sys D2C2193399B1CF395DE8DBC72AFD4762
C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys AF3B513D4AF183DC05DDE30E155AC9D1
C:\WINDOWS\System32\drivers\mslldp.sys 5D82D59B7CB42D5BB7CB90D4E26A37E4
C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys 80940E4E2D69C5F2EC765FF096D27062
C:\WINDOWS\system32\DRIVERS\MSPQM.sys CD1EA1109A70F207EBF2FD2D03314DD9
C:\Windows\System32\Drivers\MsRPC.sys 7F049F7F19F8376FC36D76A64B41A017
C:\WINDOWS\System32\drivers\mssecflt.sys 203F2FB1B247D732B7106239C954E851
C:\WINDOWS\System32\drivers\mssmbios.sys D4922AA75C7022C38D113FD235384A4F
C:\WINDOWS\system32\DRIVERS\MSTEE.sys F79CA7DD2CD9C9D9B91C450F1C7321B2
C:\WINDOWS\System32\drivers\MTConfig.sys 5C5F6CA9C06981C8099F7B299E89CF32
C:\WINDOWS\System32\Drivers\mup.sys 7E1E28C38F1BA8F0C79C29A9E155A90A
C:\WINDOWS\System32\drivers\mvumis.sys 014979DF493D1371FC9AFC8012DC0545
C:\WINDOWS\System32\DRIVERS\nwifi.sys 531A48B861C8F999E9749F4DE0171841
C:\WINDOWS\System32\drivers\ndfltr.sys EAE693008ED94FBF5FE1A73220E9A8C8
C:\WINDOWS\System32\drivers\ndis.sys E03308F839E2753CE6494DFF3BAD500B
C:\WINDOWS\System32\drivers\ndiscap.sys 0DAE7E8D362CE0097CF40DA32283FDB9
C:\WINDOWS\System32\drivers\NdisImPlatform.sys 5B6D6225F69BAA58C765CB65EEF43A1E
C:\WINDOWS\System32\DRIVERS\ndistapi.sys 2EBB613CD5743A6A49236E823F4053AC
C:\WINDOWS\System32\drivers\ndisuio.sys 076A1A0A0F18D6D003BB79F32097412B
C:\WINDOWS\System32\drivers\NdisVirtualBus.sys 7AF21637D3C55524A4D8FE858D9194AA
C:\WINDOWS\System32\drivers\ndiswan.sys BB02978ADE135A9FA5C440577C186BFE
C:\WINDOWS\System32\DRIVERS\ndiswan.sys BB02978ADE135A9FA5C440577C186BFE
C:\WINDOWS\System32\DRIVERS\NDProxy.sys DD0DDA216AFE98F51BB0DCBF68B93063
C:\WINDOWS\System32\drivers\Ndu.sys 2BB247904B1A1A95F77D34E785BFBD49
C:\WINDOWS\System32\drivers\NetAdapterCx.sys 43B86F4F98DC6C6E942304FB360AC316
C:\WINDOWS\System32\drivers\netbios.sys 2E25D3C2E1F3FF75F489009988120CA2
C:\WINDOWS\System32\DRIVERS\netbt.sys 12641C55E0E7C5D2268A9826E362D818
C:\Windows\System32\Drivers\Npfs.sys 92FF25B3FCE4FB33DD4A3B797758E524
C:\WINDOWS\System32\drivers\npsvctrig.sys 1E114C1228585073A23FA11486ACE810
C:\WINDOWS\System32\drivers\nsiproxy.sys E043F6560A2C8C1D1FFD4B51670057F5
C:\Windows\System32\Drivers\NTFS.sys 012905E46BD1FAEDC5DA2DC24CC5865B
C:\Windows\System32\Drivers\Null.sys 08A773F4D6C0C8C1A6E1FD8BB4765BB1
C:\WINDOWS\system32\drivers\nvhda64v.sys 705386E3D1D814B974FFA4BE996C2B19
C:\WINDOWS\System32\DriverStore\FileRepository\nvhdcwu.inf_amd64_16f6c9b501baeb7d\nvlddmkm.sys CC2128714FAF80CBE743C2BE2FC8D5DF
C:\WINDOWS\System32\drivers\nvraid.sys 167F46E17590CF61A0BCE89DFFF360A7
C:\WINDOWS\System32\drivers\nvstor.sys 55E3079ACED5A68E845623A2776CDA02
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys 60C9EC53F9CFBFBE38E9C79B88A6B19F
C:\WINDOWS\system32\drivers\nvvad64v.sys 35DFC12FD7E44B7CB8CCD7E5A2B3975A
C:\WINDOWS\System32\drivers\parport.sys 2925C723017C8445E8646678C28CFACE
C:\WINDOWS\System32\drivers\partmgr.sys 3E02EEB83F84896E38CC49E2E9588350
C:\WINDOWS\System32\drivers\pci.sys AD6F3A9765BD338CDB650A4BFE2B2CEA
C:\WINDOWS\System32\drivers\pciide.sys D9D3431CCD13BBD40B999EF1831FD665
C:\WINDOWS\System32\drivers\pcmcia.sys 2C7FF889F326AE2CF5010A3AB7D51CC7
C:\WINDOWS\System32\drivers\pcw.sys E2B6F68067142CA8CD72706278CD31CB
C:\WINDOWS\System32\drivers\pdc.sys 4F9E0A266C6CF21006979E4EB9D984EB
C:\WINDOWS\System32\drivers\peauth.sys 8512FBA31C6CFCD5BD27F4E7DD97E885
C:\WINDOWS\System32\drivers\percsas2i.sys FB21E4CE28062F467C763FA9DED65A1A
C:\WINDOWS\System32\drivers\percsas3i.sys F029FE8E9A4CF37AE4A88B6FDC40D7C5
C:\WINDOWS\System32\drivers\pmem.sys 928DB776F95A674E78ECDF73AA69C0F3
C:\WINDOWS\System32\drivers\raspptp.sys E499A4CDF79A43C7859071C2A019ABD9
C:\WINDOWS\System32\drivers\processr.sys 0698E158307B39E789B72F24761EE6BC
C:\WINDOWS\System32\drivers\pacer.sys 1558C63AA19AD27BB4A629A50E6D2608
C:\WINDOWS\system32\drivers\qwavedrv.sys 068B1CF6A6D3B8D056C88887AEC5B282
C:\WINDOWS\System32\DRIVERS\rasacd.sys 20640EE38085414F696581C8D7B365EB
C:\WINDOWS\System32\drivers\AgileVpn.sys 6BED76071338740585A37AF937340934
C:\WINDOWS\System32\drivers\rasl2tp.sys 8F077329CD1A4F6EAD50C9D9D5CD5034
C:\WINDOWS\System32\DRIVERS\raspppoe.sys CACE4D4673E9BA77F2C07E549F2189CB
C:\WINDOWS\System32\drivers\rassstp.sys 9498178B4481D1079D507A3385ED35B4
C:\WINDOWS\System32\DRIVERS\rdbss.sys C04C096DF6E45148C02FA30E1D68FF04
C:\WINDOWS\System32\drivers\rdpbus.sys 6DE67E8A3039E1B64D637B16D114EC95
C:\WINDOWS\System32\drivers\rdpdr.sys 62275196A6C88985F9AC6C107FDB01FF
C:\WINDOWS\System32\drivers\rdpvideominiport.sys 1A3841ED296BB396C66C0A17E6D7DE8C
C:\WINDOWS\System32\drivers\rdyboost.sys 6F0382CEB29982B328F0E0FD7F996872
C:\Windows\System32\Drivers\ReFSv1.sys 599C3BDDF8477106F6E2F88B94C8B9A5
C:\WINDOWS\System32\drivers\rfcomm.sys E0B672E986F8550E3AC6C27510A3F6F6
C:\WINDOWS\System32\drivers\rspndr.sys 43B1CA9B33BDC2F1437F6ADD93516FC5
C:\WINDOWS\System32\drivers\rt640x64.sys AB7C0639DF052528C2CB06D0EAE115EC
C:\WINDOWS\System32\drivers\vms3cap.sys 4CC386DC5C3495BF837368A9D279D562
C:\WINDOWS\System32\drivers\sbp2port.sys E8490BF2C3E83FE8428F6FD5CF8360F1
C:\WINDOWS\System32\DRIVERS\scfilter.sys E280477F80D08A5835F3549DCF561490
C:\WINDOWS\System32\drivers\scmbus.sys 2F71968C12A7AFBEC62285BC9D6E3D55
C:\WINDOWS\System32\drivers\sdbus.sys 6A7433CE0071F0A171456613CBFD2817
C:\WINDOWS\System32\drivers\SDFRd.sys 26D76101B30E33DF3D2ED598776FD942
C:\WINDOWS\System32\drivers\sdstor.sys D8B200F1E1355088F160658261D8E72C
C:\WINDOWS\System32\drivers\SerCx.sys A6ABADF8AFECB9611A057EF53DE0AD8E
C:\WINDOWS\System32\drivers\SerCx2.sys 32F45508C994968075AD9A1B708B3A9C
C:\WINDOWS\System32\drivers\serenum.sys 8EAE634879262ABCA59C3EA6596CD240
C:\WINDOWS\System32\drivers\serial.sys 2B8B5CA027B4B338AD28AA34AD38F69F
C:\WINDOWS\System32\drivers\sermouse.sys 370344596044213E4FA42099B96BAD3B
C:\WINDOWS\System32\drivers\sfloppy.sys 96318788468672BFD67E75FD8C24FB79
C:\WINDOWS\System32\drivers\SiSRaid2.sys 7BC97CD775A4D1C6BB4EF5B657798690
C:\WINDOWS\System32\drivers\sisraid4.sys 8E49013D06FBEB7531B2922206D069F0
C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys C584D941C2F915B27FAEE9B407744641
C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys 8A6571231D93C08434A56E19E33A35CB
C:\WINDOWS\System32\drivers\spaceport.sys 58719C907CEFAA0BE2CFA1423A251FE9
C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys 9D32663DDDDA8A8BD717ABFF89093F9A
C:\WINDOWS\System32\drivers\SpbCx.sys 06C9DFCC4E40FBBC0CE2B977BB1000DE
C:\WINDOWS\System32\DRIVERS\srv.sys C68D9F5492A01132B5CA53FE5062128E
C:\WINDOWS\System32\DRIVERS\srv2.sys 5595589455D9F3E4790021F51DB0893C
C:\WINDOWS\System32\DRIVERS\srvnet.sys E77E4A6B29A897A39F97CCBDF81EB700
C:\WINDOWS\System32\drivers\stexstor.sys A132FD7C7339648CF4429EA79BE8346B
C:\WINDOWS\system32\DRIVERS\serscan.sys 57119780A42B5E364065310E94522D2D
C:\WINDOWS\System32\drivers\storahci.sys 2179E507BAF874D7221F1C869A10DE33
C:\WINDOWS\System32\drivers\vmstorfl.sys EB4996D50E108AB4B9F74D14B13205DB
C:\WINDOWS\System32\drivers\stornvme.sys 9EAE58FB4026EC686620D73AC25ED4A1
C:\WINDOWS\System32\drivers\storqosflt.sys 448D59AE6060D1F799738C4E06522243
C:\WINDOWS\System32\drivers\storufs.sys B33FFB7BC1834724CF16C1B27B413ED7
C:\WINDOWS\System32\drivers\storvsc.sys 5F4715C5159296DCE43D6196DBBFDBA7
C:\WINDOWS\System32\drivers\swenum.sys C4B244287121CB158BD674ECCB45F8F5
C:\WINDOWS\System32\drivers\Synth3dVsc.sys 42BB0E1CFE497D09F5758F4FC900573C
C:\WINDOWS\System32\drivers\tcpip.sys 4D9D24AB87B8119CDBED2A12B2A0F095
C:\WINDOWS\System32\drivers\tcpip.sys 4D9D24AB87B8119CDBED2A12B2A0F095
C:\WINDOWS\System32\drivers\tcpipreg.sys 1ADEB608E059B37280C7D17F4F09DA37
C:\WINDOWS\system32\DRIVERS\tdx.sys D508F0FE80E6F59D022B426C60795E49
C:\WINDOWS\System32\drivers\terminpt.sys 0DE58AE90E69A196A7571B875A2AB8DE
C:\WINDOWS\System32\drivers\tpm.sys 8E5712E9D65316D999772EB13415C20F
C:\WINDOWS\System32\drivers\tsusbflt.sys 8DDEA98ACA8E03F71F666466FA17A81A
C:\WINDOWS\System32\drivers\TsUsbGD.sys B99F97056B726D8A9F582020E27861CF
C:\WINDOWS\System32\drivers\tsusbhub.sys 310CC5A9E6FDDD268D6C677B89AAFC2B
C:\WINDOWS\System32\drivers\tunnel.sys 30EC43B7776AF44BB1AFC6BE112EF089
C:\WINDOWS\System32\drivers\uaspstor.sys 0954B446EA35655C9727A8113ADAA1AD
C:\WINDOWS\System32\Drivers\UcmCx.sys 3DBDBFE349B5B577218825C3F52D8168
C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys 752A47B3F73FA656D11669CCD606D158
C:\WINDOWS\System32\drivers\UcmUcsi.sys AE31318FA016E346EE987BBBDEFA7B57
C:\WINDOWS\System32\drivers\ucx01000.sys 6D6D06DB7D994CCE6DDD968FD1532EFA
C:\WINDOWS\System32\drivers\udecx.sys 9DBCA53B2C2F94DC2C9A806752433923
C:\WINDOWS\System32\DRIVERS\udfs.sys 74F73DE6E9D1EB5AD11E053F2B3FA18B
C:\WINDOWS\System32\drivers\UEFI.sys 7C9B307F84B41692044EFECB5467EF96
C:\WINDOWS\system32\drivers\UevAgentDriver.sys EB2867BF0CBCFE2D74BC0FC70A1606C5
C:\WINDOWS\System32\drivers\ufx01000.sys E6FCBE7C9BD4A0FB2F692F1919D4B8C9
C:\WINDOWS\System32\drivers\UfxChipidea.sys A6A16F7A5AFCEE786460843D536A9F54
C:\WINDOWS\System32\drivers\ufxsynopsys.sys 2719170C42543484884180F832930557
C:\WINDOWS\System32\drivers\umbus.sys 7CB8B57B6523B9065E9DCFA25D83C8CB
C:\WINDOWS\System32\drivers\umpass.sys DAD50661FBF85D0CE3BFE6B89196D4E2
C:\WINDOWS\System32\drivers\urschipidea.sys 45360850AC69499211FD75ADAD91AB1C
C:\WINDOWS\System32\drivers\urscx01000.sys 0125761BEE90D1D6D55A215EDC6E445A
C:\WINDOWS\System32\drivers\urssynopsys.sys EB66E8CFEFBE5D1289CC550CCC01DCD6
C:\WINDOWS\System32\Drivers\usbaapl64.sys F957092C63CD71D85903CA0D8370F473
C:\WINDOWS\System32\drivers\usbccgp.sys EDB6BA8FEB162B6C5CCE093202473A14
C:\WINDOWS\System32\drivers\usbcir.sys 9B29694B23A00B3F4F57A43BA6505DF8
C:\WINDOWS\System32\drivers\usbehci.sys 7B4FE03651D611CD60489F95D8432524
C:\WINDOWS\System32\drivers\usbhub.sys E073593D0D3B28FEC2B4D38FD9ED5435
C:\WINDOWS\System32\drivers\UsbHub3.sys 9467B95BA82906B8DCA3B056AEE611AA
C:\WINDOWS\System32\drivers\usbohci.sys 6F57F59FAF195FF0EF02C26055AA3E29
C:\WINDOWS\System32\drivers\usbprint.sys A11654FDD04C9411884AFE7D90984921
C:\WINDOWS\System32\drivers\usbser.sys 790CF59C26CAF066C116CE3EB599F77D
C:\WINDOWS\System32\drivers\USBSTOR.SYS F6D95B2B2390ED2081657094740B488D
C:\WINDOWS\System32\drivers\usbuhci.sys 591202AC0B9A95061FC8D5F3E7804758
C:\WINDOWS\System32\drivers\USBXHCI.SYS 9FC9564AE9D24E01F97EFF2FCD52955E
C:\WINDOWS\System32\drivers\vdrvroot.sys 5AB1EBA528554BF6F30E0BB008239B33
C:\WINDOWS\System32\drivers\VerifierExt.sys DBD18035920A8D1E627F889D23E5AD1D
C:\WINDOWS\System32\drivers\vhdmp.sys A36FA9AA3F7E101DB606E73E030FBF7F
C:\WINDOWS\System32\drivers\vhf.sys CA25A82C98DE77B5E49586910F324288
C:\WINDOWS\System32\drivers\vmbus.sys 0C623C4965DC2DF4CC91A037CE5D73EF
C:\WINDOWS\System32\drivers\VMBusHID.sys F9B1D0146C9033D941FB65C9C040CE85
C:\WINDOWS\System32\drivers\vmgid.sys 50C1B4D7B7CE6E8F28E8A5AD931CAC94
C:\WINDOWS\System32\drivers\volmgr.sys 8CC96218A69A62C3B31BE2057B2F41F3
C:\WINDOWS\System32\drivers\volmgrx.sys 49918D35612CCD1C231AED13BEE085DA
C:\WINDOWS\System32\drivers\volsnap.sys D4940069222A8933334E93EEB54DD7C0
C:\WINDOWS\System32\drivers\volume.sys E37562651E0F51E7ECBB89CA4BA21920
C:\WINDOWS\System32\drivers\vpci.sys 55182CDC6521EEC067E675EB43578DE0
C:\WINDOWS\System32\drivers\vsmraid.sys 0F0D4AEFB0AF6657A5FA2794DCB7C058
C:\WINDOWS\System32\drivers\vstxraid.sys CD9097571AF259A21FCB618259F94EB5
C:\WINDOWS\System32\drivers\vwifibus.sys D2C7ADB2D659265C0D96DCED5C89825B
C:\WINDOWS\System32\drivers\vwififlt.sys B8861050E4BB7F448D94AD2F0A6C6833
C:\WINDOWS\System32\drivers\vwifimp.sys ED92C45E0E91BF4F2FCB6F3524404837
C:\WINDOWS\System32\drivers\wacompen.sys F603604F23B6871042238ACDDAD6F6CE
C:\WINDOWS\System32\DRIVERS\wanarp.sys 41FEFED24ECEB5FDC1B0767AC98582F6
C:\WINDOWS\System32\DRIVERS\wanarp.sys 41FEFED24ECEB5FDC1B0767AC98582F6
C:\WINDOWS\system32\drivers\wcifs.sys 14704C95C2B8A5F7EDA9248FD373D509
C:\WINDOWS\system32\drivers\wcnfs.sys 1E2369802053928A0691FEA7EAA53D9E
C:\WINDOWS\System32\drivers\WdBoot.sys 9A1277BABCE45257F71306D6EBF8BB5F
C:\WINDOWS\System32\drivers\wdcsam64.sys A556768CC1FA4F36022BEE2F0EDE2566
C:\WINDOWS\System32\drivers\Wdf01000.sys 128C8DA9796B4E5E662BEA89A50265A0
C:\WINDOWS\System32\drivers\WdFilter.sys 5AACBDEF1A0766DC785300E2D7339E49
C:\WINDOWS\System32\DRIVERS\wdiwifi.sys AE9C1C222016EF8C80A517F08F4FCFEE
C:\WINDOWS\System32\Drivers\WdNisDrv.sys D913F8FD2D4733257F118A1CC0A97A08
C:\WINDOWS\System32\drivers\wfplwfs.sys 9A306B5FA7CBCD427016AC1807B18CEC
C:\WINDOWS\System32\drivers\wimmount.sys 7690DBB9D8D63792A27661F96B91D287
C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys A9B63B5B4C5FE7E85BEC9D6180D2A50D
C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys 7231CBFBBE0F45B8E1D35AE35153DE8E
C:\WINDOWS\System32\drivers\winmad.sys 8098CCE470A942277025E3430EB88B5A
C:\WINDOWS\System32\drivers\winnat.sys 8E80F260BF9F6945815369BBDE0C33DE
C:\WINDOWS\System32\drivers\WinUSB.SYS 2835728D4043921C6DC61E4682803D88
C:\WINDOWS\System32\drivers\winverbs.sys 323B9485CFECAA618AB29D1508E06A22
C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys 3A627A24EAC6CEC3BA59548AA70BAD6E
C:\WINDOWS\System32\drivers\wmiacpi.sys A4597AC92C7355438D612131C2A80A0B
C:\Windows\System32\Drivers\Wof.sys C954CEBD4729419AF33234FC6C982844
C:\WINDOWS\System32\drivers\WpdUpFltr.sys 0013228FB25DBBA6F08DB07D85D71F4C
C:\WINDOWS\system32\drivers\ws2ifsl.sys 573F0549359CB8874F7CB114C8E8C8C9
C:\WINDOWS\System32\drivers\WSDPrint.sys 15A6F04D9FC17804A79BD17BE0EC2A0E
C:\WINDOWS\system32\DRIVERS\WSDScan.sys F778D436DC6D43AE0CFE8C8E1A147E31
C:\WINDOWS\System32\drivers\WudfPf.sys E02FA22B6FF182F8F38A0954A163313F
C:\WINDOWS\System32\drivers\WUDFRd.sys 95B0B2CDC99D6CC345132196A2746F1F
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys 95B0B2CDC99D6CC345132196A2746F1F
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys 95B0B2CDC99D6CC345132196A2746F1F
C:\WINDOWS\System32\drivers\xboxgip.sys 06417C1742A8087175BF15D74BD7BB33
C:\WINDOWS\System32\drivers\xinputhid.sys E70800BE5C59FB0B6B6797BB3066A27B

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: NaturalAuthentication -> C:\Windows\System32\NaturalAuth.dll (Microsoft Corporation)

==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-24 14:05 - 2017-01-24 14:05 - 00899072 _____ C:\Users\nepta\Downloads\RGSA (1).exe
2017-01-24 14:02 - 2017-01-24 14:02 - 00899072 _____ C:\Users\nepta\Downloads\RGSA.exe
2017-01-24 12:06 - 2017-01-24 12:06 - 15309536 _____ C:\Users\nepta\Downloads\Shortcut.txt
2017-01-24 12:04 - 2017-01-24 12:05 - 00000000 ____D C:\Users\nepta\Desktop\Computer Safety
2017-01-24 11:51 - 2017-01-24 12:18 - 00036096 _____ C:\Users\nepta\Downloads\Addition.txt
2017-01-24 11:49 - 2017-01-24 14:27 - 00046031 _____ C:\Users\nepta\Downloads\FRST.txt
2017-01-24 11:48 - 2017-01-24 14:27 - 00000000 ____D C:\FRST
2017-01-24 11:48 - 2017-01-24 11:48 - 02420736 _____ (Farbar) C:\Users\nepta\Downloads\FRST64.exe
2017-01-24 11:46 - 2017-01-24 11:46 - 00000677 _____ C:\Users\nepta\Documents\JRT.txt
2017-01-24 11:43 - 2017-01-24 11:43 - 01663040 _____ (Malwarebytes) C:\Users\nepta\Downloads\JRT.exe
2017-01-24 11:35 - 2017-01-24 11:35 - 00002804 _____ C:\Users\nepta\Documents\AdwCleaner[C0].txt
2017-01-24 11:28 - 2017-01-24 11:28 - 03988944 _____ C:\Users\nepta\Downloads\adwcleaner_6.042.exe
2017-01-24 10:44 - 2017-01-24 10:44 - 00002199 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
2017-01-24 10:43 - 2017-01-24 10:43 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-23 18:42 - 2017-01-23 18:42 - 00262980 _____ C:\Users\Default\346FD420--07CA--C4B7--E85FD803--727890ACE0A1.osiris
2017-01-23 18:42 - 2017-01-23 18:42 - 00193119 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--CF90E303--65ED10CF88FB.osiris
2017-01-23 18:42 - 2017-01-23 18:42 - 00008182 _____ C:\Users\Default\OSIRIS-3301.htm
2017-01-23 18:39 - 2017-01-23 18:39 - 29959946 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--BE26AA4B--CF25A2172F96.osiris
2017-01-23 18:39 - 2017-01-23 18:39 - 25213821 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--2B70DB5F--4A70C7AB15DA.osiris
2017-01-23 18:38 - 2017-01-23 18:38 - 41374933 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--AA21D825--B842BA2D897D.osiris
2017-01-23 18:37 - 2017-01-23 18:37 - 46018057 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--6E4AB255--08D69A25B053.osiris
2017-01-23 18:37 - 2017-01-23 18:37 - 41374933 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--DFCC9C66--25198C9FFA5C.osiris
2017-01-23 18:37 - 2017-01-23 18:37 - 28953558 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--FBD668B4--B751D4DAF8DD.osiris
2017-01-23 18:37 - 2017-01-23 18:37 - 28953558 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--70B87FDD--C33F5092EB06.osiris
2017-01-23 18:37 - 2017-01-23 18:37 - 25095206 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--82D3F454--210A65AAB9AB.osiris
2017-01-23 18:37 - 2017-01-23 18:37 - 23980926 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--56FC4376--79BD00769549.osiris
2017-01-23 18:37 - 2017-01-23 18:37 - 07536366 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--2FBF91BD--CCAA1C513BF3.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 41582785 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--9C2A7755--E502C80F6584.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 30744728 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--8056258D--A1DE2E690211.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 27298594 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--264D8F57--73AB38580C98.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 09990619 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--B8B612EB--35E1302E7A3C.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 09990619 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--5608A18B--DF337B9460EF.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 02460209 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--2F652B9A--25B605136306.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 01958945 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--EE970CC1--C4692A85C1A2.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 01958945 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--D1A7A2E0--565F4C3D1CB4.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 01958945 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--6DB08FBA--C0E08A171383.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 01958945 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--3A355786--9BE8644D1A31.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 01579410 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--9ABC5C68--665F17091DA5.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 15128434 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--F7291DEC--5E34A385E7A8.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 00988737 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--E9D448CF--210F03092E36.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 00469638 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--163230B8--D8CA59F41122.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 00445405 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--56B7F313--89362D541756.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 00044856 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--69A7E0E0--23E844A48EBA.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 00007406 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--D8A6E0E8--61AE7785B475.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 00007405 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--B34CDB5D--8884AD5718CB.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 00000858 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--899D6694--EACAB78BEEC1.osiris
2017-01-23 18:33 - 2017-01-23 18:33 - 02520029 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--673FD8FF--12D57944DD6B.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00086254 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--D0FF1078--BD81D0ED6955.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00058504 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--793B4CB0--4AB32B7C2E94.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00053537 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--87C2A923--043B1F1AAD10.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00039681 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--92B20262--7E76A3E4D302.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00039681 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--8E5A826F--1F4F7E86E8C3.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00032444 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--8BA056DD--34CFA7DE9309.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00030384 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--A5151F4F--B7D5B4BDECCB.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00030384 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--40E6D0A5--68B5DDE2D087.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00030379 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--C4D0B96F--B83B9F7AEB80.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00030379 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--35A3F77E--FF2FCA20930F.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00024279 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--41435011--A543D335277F.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00015570 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--0902712C--CF3A3457598B.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00012207 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--5BA43B3D--262E7202CD73.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00001949 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--4C3F846F--CFC8C858A588.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00000836 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--AB57ADDA--F04D3A3FD3FE.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00000836 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--A0170279--EB8749F5C833.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 03166721 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--DFEF78F6--5E980E2C90C1.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 01943890 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--5B5297EC--95A2C297DE7E.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 01498406 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--B180C704--4A1F6ADE2E3D.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 00546681 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--94A3ADEC--2BD0819A41B7.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 00526190 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--71DADE63--DC4EFFB80D71.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 00362360 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--8BE6B147--FF24103CFB83.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 00353810 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--66875EB9--E5E7944079B8.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 00296951 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--2D430664--EE1E67387DEE.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 00177872 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--497CE82D--962B8C209ECD.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 09043690 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--80FCDCC6--15379852C6D8.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 08623627 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--8D5ACE86--5EEA930EBAC5.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 04373426 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--353008E6--A3A4ED90EEDA.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 04172693 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--B15C0994--52B597901016.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01798329 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--84153FE5--5BDFE4E012FA.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01578348 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--1E955960--7FFD366B5516.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01405762 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--1ECB6F88--FF5B0F7B2C59.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01400156 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--FA47FDE0--FF7C2E694589.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01298090 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--52F3871B--148414730D44.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01254210 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--CF2411FD--DA7DD13FFB16.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01182224 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--280F024F--9AE621864DE9.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01146780 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--2FBCC45A--5ECBF4000E96.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00575251 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--D1AD2871--AEACCE67CBC7.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00542165 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--C912F4E0--A03AAA705425.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00420031 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--4527B604--C8AA7B17F17E.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00376783 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--492EE856--0E9EBF0F0482.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00341801 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--55B93532--96FEEDC8E872.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00331443 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--A4B04E44--1C53546520B3.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00327038 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--68F3A070--DE6ABBA895D4.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00322633 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--04E7748D--40965F06C7EA.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00246257 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--21500705--169346388EA0.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00143601 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--C7F3D3C4--23D9BB2A5E6F.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00117474 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--4F24D05D--85A92D0F5DD7.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00105459 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--255AAF14--5220241FC421.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00040341 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--FE19C4A7--819D6BE6DF86.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00040341 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--958EB74C--28BB85530583.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00012816 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--6F107895--DA13C0DC5328.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00011496 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--DF647321--17973BFB4372.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00011496 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--B79D8B73--7DF6C387D76E.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00011496 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--31C144C7--709FF9167980.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00000836 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--347AC254--D41761DBB110.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 08056634 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--35D83685--9F405848E1DC.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 05325636 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--942B9237--8D3D6C0D01BA.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00848265 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--E3B1C311--0CC2650C0A02.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00848264 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--31473CE8--CC738BBBA8CA.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00777576 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--04F5F495--4DB47017250E.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00707871 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--A9B80FBB--47C9BA760F23.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00707871 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--63A6FEC3--592AB0170702.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00494283 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--354C0F22--6CAB2FE09158.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00483600 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--6B84FB04--942CD40439FD.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00346341 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--213204F3--06B89D58A1CF.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00324030 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--7702C78B--8CCD6F862170.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00279818 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--8C2D22C8--D856E9E17B45.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00279818 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--46E053E1--7AE19CECE0D9.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00222237 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--3DA45503--FD3B00CF7E25.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00215019 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--09E359A0--B68F0EE76339.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00125051 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--281F97D7--615AAB8F75B5.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00065348 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--B07C2A12--78E63110415D.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00065348 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--639E9CCF--0B560B94E397.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00065348 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--0C490097--241557D592C7.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00008182 _____ C:\ProgramData\OSIRIS-a761.htm
2017-01-23 18:21 - 2017-01-23 18:21 - 00003592 _____ C:\ProgramData\346FD420--07CA--C4B7--4928A8E6--FA91EDB292F1.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00671364 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--FB6A95E8--07FA92E86296.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00671362 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--A662DF21--ECE0E35B5B26.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00669737 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--396323E0--971D2F1DF23F.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00668258 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--30A92CFA--AFB48099F7A1.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00634590 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--91A2F770--4D5715896E9E.osiris
2017-01-23 18:20 - 2017-01-23 1

Offline Ozzie

  • Full Member
  • ***
  • Posts: 55
    • View Profile
Re: File Type Question
« Reply #13 on: January 25, 2017, 04:40:11 PM »
Here is the Addition:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017
Ran by nepta (administrator) on WIN-9VDBKK3EQVE (24-01-2017 14:27:19)
Running from C:\Users\nepta\Downloads
Loaded Profiles: nepta (Available Profiles: nepta)
Platform: Windows 10 Pro Insider Preview Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthService.exe
(Data Perceptions / PowerProgrammer) C:\Windows\SysWOW64\WebUpdateSvc4.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1701.10102.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-26] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-11] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [670992 2016-12-03] (Microsoft Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2867712 2017-01-09] (Dominik Reichl)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\Run: [Xmarks] => C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe [1178680 2014-11-06] (Xmarks.com)
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\Run: [*yqxemyqtyq<*>] => "C:\Users\nepta\AppData\Local\f1076\0380a.bat" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\...\MountPoints2: {edf8497a-1cec-11e5-b697-d0df9ade1364} - "J:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\Users\nepta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-10-26]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6ff00289-07bc-4525-b980-f42fe61bf48b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b032e560-a487-42e4-87fd-5ee82da6afb3}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.charter.net/
HKU\S-1-5-21-3155403222-1004678540-3907824167-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001 -> DefaultScope {DC97778D-7A6D-49A2-AD94-DB64E8FCFD01} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3155403222-1004678540-3907824167-1001 -> {DC97778D-7A6D-49A2-AD94-DB64E8FCFD01} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-22] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-22] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-22] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-22] (Google Inc.)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default [2017-01-24]
CHR Extension: (Google Slides) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-13]
CHR Extension: (Google Docs) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-13]
CHR Extension: (Google Drive) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-13]
CHR Extension: (YouTube) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-13]
CHR Extension: (Google Search) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-13]
CHR Extension: (Adobe Acrobat) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-20]
CHR Extension: (Google Sheets) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-13]
CHR Extension: (Google Docs Offline) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Gmail) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-13]
CHR Extension: (Chrome Media Router) - C:\Users\nepta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2255064 2015-08-27] (Broadcom Corporation.)
S3 DevicesFlowUserSvc; C:\WINDOWS\System32\DevicesFlowBroker.dll [785920 2016-12-03] (Microsoft Corporation)
S3 DevicesFlowUserSvc_53d50; C:\WINDOWS\system32\svchost.exe [41856 2016-12-03] (Microsoft Corporation)
S3 DevicesFlowUserSvc_53d50; C:\WINDOWS\SysWOW64\svchost.exe [35128 2016-12-03] (Microsoft Corporation)
R2 DusmSvc; C:\WINDOWS\System32\dusmsvc.dll [289280 2016-12-03] (Microsoft Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-11] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
S3 IpxlatCfgSvc; C:\WINDOWS\System32\IpxlatCfg.dll [67584 2016-12-03] (Microsoft Corporation)
S3 NaturalAuthentication; C:\WINDOWS\System32\NaturalAuth.dll [226304 2016-12-03] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-11] (NVIDIA Corporation)
S3 PrintWorkflowUserSvc; C:\WINDOWS\System32\Windows.Graphics.Internal.Printing.Workflow.dll [164352 2016-12-03] (Microsoft Corporation)
S3 PrintWorkflowUserSvc; C:\WINDOWS\SysWOW64\Windows.Graphics.Internal.Printing.Workflow.dll [122880 2016-12-03] (Microsoft Corporation)
R3 PrintWorkflowUserSvc_53d50; C:\WINDOWS\system32\svchost.exe [41856 2016-12-03] (Microsoft Corporation)
R3 PrintWorkflowUserSvc_53d50; C:\WINDOWS\SysWOW64\svchost.exe [35128 2016-12-03] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-26] (Realtek Semiconductor)
R2 SecurityHealthService; C:\WINDOWS\system32\SecurityHealthService.exe [192272 2016-12-03] (Microsoft Corporation)
S3 SEMgrSvc; C:\WINDOWS\system32\SEMgrSvc.dll [1231360 2016-12-03] (Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3385120 2016-12-03] (Microsoft Corporation)
S3 spectrum; C:\WINDOWS\system32\spectrum.exe [1177600 2016-12-03] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [349632 2016-12-03] (Microsoft Corporation)
R2 WebUpdate4; C:\WINDOWS\SysWOW64\WebUpdateSvc4.exe [262360 2008-09-15] (Data Perceptions / PowerProgrammer)
S3 WFDSConMgrSvc; C:\WINDOWS\System32\wfdsconmgrsvc.dll [547840 2016-12-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [97032 2016-12-03] (Microsoft Corporation)
S3 wlpasvc; C:\WINDOWS\System32\lpasvc.dll [1270784 2016-12-03] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [170712 2015-08-27] (Broadcom Corporation.)
R2 CldFlt; C:\WINDOWS\System32\drivers\cldflt.sys [225792 2016-12-03] (Microsoft Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] ()
S3 mausbhost; C:\WINDOWS\System32\drivers\mausbhost.sys [266000 2016-12-03] (Microsoft Corporation)
S3 mausbip; C:\WINDOWS\System32\drivers\mausbip.sys [45840 2016-12-03] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [104960 2016-12-03] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhdcwu.inf_amd64_16f6c9b501baeb7d\nvlddmkm.sys [13754936 2016-08-24] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 pmem; C:\WINDOWS\System32\drivers\pmem.sys [98304 2016-12-03] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2016-12-03] (Realtek                                            )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [26896 2016-12-03] ()
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [42184 2015-07-22] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-22] (Synaptics Incorporated)
S3 SpatialGraphFilter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [30480 2016-12-03] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [40768 2016-12-03] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [285968 2016-12-03] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117008 2016-12-03] (Microsoft Corporation)
S3 WinNat; C:\WINDOWS\System32\drivers\winnat.sys [206336 2016-12-03] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
U0 aswVmm; no ImagePath
S3 MBAMFarflt; \??\C:\WINDOWS\system32\drivers\farflt.sys [X]
S3 MBAMWebProtection; \??\C:\WINDOWS\system32\drivers\mwac.sys [X]

========================== Drivers MD5 =======================

C:\WINDOWS\System32\drivers\1394ohci.sys B6B5715C00CDAF6EA8FCE10192C0DD60
C:\WINDOWS\System32\drivers\3ware.sys 875409FBC36CA23E29CB374297521777
C:\WINDOWS\System32\drivers\ACPI.sys 95336F4BCB3A656F12EE4416D52C3CE0
C:\WINDOWS\System32\drivers\AcpiDev.sys 3A632ABDB610D7A5F67D6BD9008DADD3
C:\WINDOWS\System32\Drivers\acpiex.sys D8BE8561D707673B733D9F4766E3824B
C:\WINDOWS\System32\drivers\acpipagr.sys D8913EDFFBFAF0A1F0167868059A23AB
C:\WINDOWS\System32\drivers\acpipmi.sys BB6E0D8E9A3CAE0BB3C2EF25F5FF1023
C:\WINDOWS\System32\drivers\acpitime.sys 97589768A7EC21C5774128B285C3F921
C:\WINDOWS\System32\drivers\ADP80XX.SYS 31530EEA17C1014C23C2E33E4292C3FF
C:\WINDOWS\system32\drivers\afd.sys 217DD7520639EF4AD4E15CDA0ECB4A3E
C:\WINDOWS\System32\DRIVERS\ahcache.sys 2776F121DFB81C3894331DF5093736D1
C:\WINDOWS\System32\drivers\amdk8.sys 22D6FDBBF1963C80534EAD13C9F3AE18
C:\WINDOWS\System32\drivers\amdppm.sys 9FC614D6962567A7E1950E136A388678
C:\WINDOWS\System32\drivers\amdsata.sys F2C0602DE431E8AD783F66CD9CEFB728
C:\WINDOWS\System32\drivers\amdsbs.sys 1556369EAEAF5E534CD67D445829925A
C:\WINDOWS\System32\drivers\amdxata.sys A6BAEFC3A4B4AED1F8130F27D4F5E370
C:\WINDOWS\System32\drivers\appid.sys 9A15CB990F7BAA046632DB21AFAA1BC4
C:\WINDOWS\System32\drivers\applockerfltr.sys C3D21A9CE7397931566A7781EB97E5F8
C:\WINDOWS\system32\drivers\AppvStrm.sys 4645CC07F4B2A034384E82CCDA905573
C:\WINDOWS\system32\drivers\AppvVemgr.sys E397604A8B0A5ED7D960C68E618817A4
C:\WINDOWS\system32\drivers\AppvVfs.sys 13D8FEC773D0D3234B5B2789030D6B75
C:\WINDOWS\System32\drivers\arcsas.sys 968443EAC4643519ADFA713B42ED414C
C:\WINDOWS\System32\drivers\asyncmac.sys C11B04E361FCE65D9730B25B4EA86E72
C:\WINDOWS\System32\drivers\atapi.sys BC39F6DF7FD82AD5E8FF5EFBC3882130
C:\WINDOWS\System32\drivers\bxvbda.sys BEC4B9C505737EAFF327CFB5CBD76048
C:\WINDOWS\System32\drivers\BasicDisplay.sys 718C5E816C288B9C426718B9D8A9C883
C:\WINDOWS\System32\drivers\BasicRender.sys 13B89D39D2EBDCC2EDF066BF0EABE2E9
C:\WINDOWS\system32\drivers\bcbtums.sys F8FE7E12F8151E0A17C23CF840599F9A
C:\WINDOWS\system32\DRIVERS\bcmwl664.sys FDE8C8DC07E75347E4C6B455A0964217
C:\WINDOWS\System32\drivers\bcmfn2.sys 739D089777D2B66DBE7201E5EA4BA2D7
C:\Windows\System32\Drivers\Beep.sys 4635413B72423030CF6962DCFD078430
C:\WINDOWS\System32\DRIVERS\bowser.sys 9DFD75818DD3FDD3E989BADD749996B0
C:\WINDOWS\System32\drivers\BthAvrcpTg.sys 2536718E0B1D168BC1283032163A97B3
C:\WINDOWS\System32\drivers\BthEnum.sys DDEBAE05DC7AC00B47E8C9F19217AEAE
C:\WINDOWS\System32\drivers\bthhfenum.sys ED60A6ECD139BCEF3DD6170489FD5184
C:\WINDOWS\System32\drivers\BthHFHid.sys E39D84CC157AD271560E83C4C1F0B102
C:\WINDOWS\System32\drivers\bthmodem.sys 8C9492F148DFC92AD1683013CA52EB53
C:\WINDOWS\System32\drivers\bthpan.sys 4B097C3C8300C08875768E0D472AB3CB
C:\WINDOWS\system32\DRIVERS\BTHport.sys 437F5778BF1A0F14E56A4D9892B51950
C:\WINDOWS\system32\DRIVERS\BTHUSB.sys 6351C549E5E41C8C6D77926AFA91EA4C
C:\WINDOWS\system32\DRIVERS\btwampfl.sys BC279FCEE9FC8CBF991D5DE539771AA9
C:\WINDOWS\System32\drivers\buttonconverter.sys 841C2C25A31E1ECCE8D7B808522A8CF6
C:\WINDOWS\System32\drivers\capimg.sys 1534B7D9B3B1459E6D0D7941FB47208B
C:\WINDOWS\System32\DRIVERS\cdfs.sys 00F971E30B396F9B5D93A56828D96917
C:\WINDOWS\System32\drivers\cdrom.sys 3326B6FDAD21619AB0FE860158D01D42
C:\WINDOWS\System32\drivers\cht4sx64.sys 6A4453CD310F86CC34E8F011E8C9D2FA
C:\WINDOWS\System32\drivers\cht4vx64.sys C4AE64F58E33B3F2093002F410388980
C:\WINDOWS\System32\drivers\circlass.sys E24A0C159528B3B0C49212F7971B5723
C:\WINDOWS\System32\drivers\cldflt.sys A8EBE359474FDF6ABBAF81BA62657042
C:\WINDOWS\System32\drivers\CLFS.sys DCF7D8A57B05656A833657E1D1755C30
C:\WINDOWS\System32\drivers\registry.sys 443B5094DEC7EC7FF40B6C326B26A312
C:\WINDOWS\System32\drivers\CmBatt.sys 14E734125C318DC506479E3A5C1BE0F5
C:\WINDOWS\System32\Drivers\cng.sys A6D7985026AE7D9F0B0097E4A3CF6768
C:\WINDOWS\System32\DRIVERS\cnghwassist.sys 06C1D9A26A9F3E02A513CFF40F719C50
C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_f06bcc22f978b867\CompositeBus.sys 1DD6C63B2E0FC1A3E455FB529607CD64
C:\WINDOWS\System32\drivers\condrv.sys 023B6318EA32B936155DE481ABA24962
C:\WINDOWS\System32\drivers\csc.sys 46EA67C969153A3BB1BA3928EBEC0995
C:\WINDOWS\System32\drivers\dam.sys C4613B7DAA6FC3CFA7C490BEE247C157
C:\WINDOWS\System32\drivers\dc3d.sys A4700D1F78539C0ED32FA50E64F9C692
C:\WINDOWS\System32\Drivers\dfsc.sys BDBB66C12EF1BE875ACA3AFD4B2ECC72
C:\WINDOWS\System32\drivers\disk.sys 5B365E6526128C5E86DB99B10AB966B6
C:\WINDOWS\System32\drivers\dmvsc.sys 93700A6E954248CAFCF3CCA1C5749867
C:\WINDOWS\system32\DRIVERS\drmkaud.sys 7D6FF0451F078AB756A11509558BCE7C
C:\WINDOWS\System32\drivers\dxgkrnl.sys 549A202BCF0B53B2969EA856E055900C
C:\WINDOWS\System32\drivers\evbda.sys D940068F290A8121A07C8C24A1BB19F1
C:\WINDOWS\System32\drivers\EhStorClass.sys 6B404F92034152BA0B1DC9A55F0649E4
C:\WINDOWS\System32\drivers\EhStorTcgDrv.sys 875505AD1ADF8EECA073CCABAAA1526C
C:\WINDOWS\System32\drivers\errdev.sys 4DBA7C262EED0B87AD67771B6DE1E03C
C:\WINDOWS\system32\drivers\mbae64.sys 4D7F3114147C31390262F19F74E5BF07
C:\Windows\System32\Drivers\exfat.sys F7F83B31733860E3E9E34F7C96D291D7
C:\Windows\System32\Drivers\fastfat.sys 1161C5EDFF4BF8A4319FC144172C458E
C:\WINDOWS\System32\drivers\fdc.sys B5F2F1F61B9A8534708F43954D526481
C:\WINDOWS\System32\drivers\filecrypt.sys B3CD1CFC649E1A3298FB8D99D464045D
C:\WINDOWS\System32\drivers\fileinfo.sys 0C75FC03C55CA6D26F6F027EFCC73769
C:\WINDOWS\System32\drivers\filetrace.sys 70EAC8A8C13E69EC5DF6B344B21EA24D
C:\WINDOWS\System32\drivers\flpydisk.sys 627A07E4CF086632BBB325588EDAC0AD
C:\WINDOWS\System32\drivers\fltmgr.sys AC56045957799AC1C8EB9CEC641D6147
C:\WINDOWS\System32\drivers\FsDepends.sys 6F73FE32863AA4F0B9222389D6A8E044
C:\Windows\System32\Drivers\Fs_Rec.sys 3EC807A07934C95077E62C6EA2A06636
C:\WINDOWS\System32\DRIVERS\fvevol.sys BF70A88CCF6DF97DDEFB375C56E8492D
C:\WINDOWS\System32\drivers\vmgencounter.sys B634E32D9894147B5E05DF781BA2EBAA
C:\WINDOWS\System32\drivers\genericusbfn.sys B836FCD5C45BB4B95EE5AF02A75FBDDD
C:\WINDOWS\System32\Drivers\msgpioclx.sys 0014F0AAAF2D666C569DC3AA2FF7DD45
C:\WINDOWS\System32\drivers\gpuenergydrv.sys B085C3B3256463356B1EFB2574173282
C:\WINDOWS\System32\drivers\HDAudBus.sys AD1082CB4FE6AE6D163FE6B92E6B4BC8
C:\WINDOWS\System32\drivers\HidBatt.sys E18BB39E08874EEC7D2B9E34FDA09FF6
C:\WINDOWS\System32\drivers\hidbth.sys FFFC6F090DA53EBD38A0CAC61B0F3FAC
C:\WINDOWS\System32\drivers\hidi2c.sys 8F4B64D8AE358A50B3B31F934ED6A241
C:\WINDOWS\System32\drivers\hidinterrupt.sys 809F0A23BBD32641012953DF5A1CE27A
C:\WINDOWS\System32\drivers\hidir.sys A78FDE4C933EA4C667BA5E42C2E8A1B1
C:\WINDOWS\System32\drivers\hidusb.sys 61C3E77887741C6800A2BB6BC4589909
C:\WINDOWS\System32\drivers\HpSAMD.sys FC822C522317C49CAF67013F2750F17B
C:\WINDOWS\System32\drivers\HTTP.sys B32F5042676694CF6E0411D501EC9B9D
C:\WINDOWS\System32\drivers\hvservice.sys A9F9A493C8C68EA94E607902B28A392D
C:\WINDOWS\System32\drivers\hwpolicy.sys 25DED6F0F6F13B7D97DD1390C7F22774
C:\WINDOWS\System32\drivers\hyperkbd.sys F861829049889EEA6EAFB02D1153732F
C:\WINDOWS\System32\drivers\i8042prt.sys 10E4EFB8E9EB9BC677582CE72FE7C826
C:\WINDOWS\System32\drivers\iagpio.sys C6B8743B213F06AA60943D8366FE968F
C:\WINDOWS\System32\drivers\iai2c.sys 9A2A2F3C69B9A30B6E78536F6D258BAD
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys 5A0E850F8CD17791A3E6A3CF81D0CA28
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys 7508F1096803385D6376BFD0BD473AC4
C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\WINDOWS\System32\drivers\iaStorAV.sys 32FEF09BB643359B2DEEECF66F8708A7
C:\WINDOWS\System32\drivers\iaStorV.sys 914AA50F695598D85CD8256FD1AE960C
C:\WINDOWS\System32\drivers\ibbus.sys AF9B316F26E46D0830919CFCD2AB6FC3
C:\WINDOWS\System32\drivers\IndirectKmd.sys C18F478D8EA5BD8487250BCAC6C551B3
C:\WINDOWS\system32\drivers\RTKVHD64.sys 622868E4BAE8FBCD22CB1A5901A2C824
C:\WINDOWS\System32\drivers\intelide.sys A2705BE3B67CCFCF6D28DD5BAE57B5F8
C:\WINDOWS\System32\drivers\intelpep.sys 6F4517610E2889C578759DBDE9C44356
C:\WINDOWS\System32\drivers\intelppm.sys 16CFC91A9A0B11F1116FC72FC41E135A
C:\WINDOWS\System32\drivers\iorate.sys F1D847EFB9543A115911F19956B7BD3C
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 90B5AF4E960EE80F5CFEB43B5F8768E7
C:\WINDOWS\System32\drivers\IPMIDrv.sys 1E0B4530D1E44F4397B4BB1175D2CD70
C:\WINDOWS\System32\drivers\ipnat.sys 1C130E6E94B89DA57B35D20A36F5CC6B
C:\WINDOWS\system32\drivers\irda.sys DEB565D690F5D6F88F02CBCAE31A6E97
C:\WINDOWS\System32\drivers\irenum.sys 8A76A5A0AA00378BAE36A84C914B5BD7
C:\WINDOWS\System32\drivers\isapnp.sys 25F1B9685BB538F53E729882BA0F48B1
C:\WINDOWS\System32\drivers\msiscsi.sys 32E401731761379FC51BA90C7CF35FE3
C:\WINDOWS\System32\drivers\kbdclass.sys C87CEBC21AAB4BFD6B47097D5E94DE18
C:\WINDOWS\System32\drivers\kbdhid.sys AE7D99D84F1A1EB6E32D5BB7229F88C6
C:\WINDOWS\System32\drivers\kdnic.sys 8EA16E8BEC49D6C045C28838CFEE6279
C:\WINDOWS\System32\Drivers\ksecdd.sys BB10E8405232B48A8E9ED82159D7236C
C:\WINDOWS\System32\Drivers\ksecpkg.sys F35B5ADE0858AFC13EB92B09A0536AFC
C:\WINDOWS\system32\drivers\ksthunk.sys 0EB4F71957F4BFB33DE4DEC9453A4E3E
C:\WINDOWS\System32\drivers\lltdio.sys 01752F1B760656EBF1B0C4A80205098F
C:\WINDOWS\System32\drivers\lsi_sas.sys A79C806DF3DAE4A385E63D7DC27D7313
C:\WINDOWS\System32\drivers\lsi_sas2i.sys 0E904AFB58B956D72DDD25FE48545CA2
C:\WINDOWS\System32\drivers\lsi_sas3i.sys 04B6B6746EAD66521F021FA267A0D555
C:\WINDOWS\System32\drivers\lsi_sss.sys E08CD60062BEF59149CDBC579CC3B483
C:\WINDOWS\system32\drivers\luafv.sys 6265EAF9AE76D31C64CED58883EA021B
C:\WINDOWS\System32\drivers\mausbhost.sys B0EF5FCC4237E9FE485BE88257018C50
C:\WINDOWS\System32\drivers\mausbip.sys EBD6159C8F7D9AEC041F74851EF49A44
C:\WINDOWS\System32\drivers\megasas.sys 738A822D8ADC4FF1A2D8911AF08F59B2
C:\WINDOWS\System32\drivers\MegaSas2i.sys A886AA5C5CB14F23CA7ED0D3E497E369
C:\WINDOWS\System32\drivers\megasr.sys 67F7CE18F38F8CA31E7F6A42649ED4F8
C:\WINDOWS\System32\drivers\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\WINDOWS\System32\drivers\mlx4_bus.sys 9B3C67248229D35B2238B1B763A42EA4
C:\WINDOWS\system32\drivers\mmcss.sys 30FC7CA681F154F460BAE577C14F0DB2
C:\WINDOWS\System32\drivers\modem.sys BE1F753C48FC23B93BDABCCA320DE81E
C:\WINDOWS\System32\drivers\monitor.sys 3FC3EFE54A6C2C9F6D3FDD6539C4BB26
C:\WINDOWS\System32\drivers\mouclass.sys A400E64627BC1505EA2F2CDBFC86FAB3
C:\WINDOWS\System32\drivers\mouhid.sys AD5A4D65A968AEBCAAD05454F7BFE96A
C:\WINDOWS\System32\drivers\mountmgr.sys 05840C86A221C2A7E6755AB145366EB2
C:\WINDOWS\System32\drivers\mpsdrv.sys B5D78625FD7DBF065B0C5B1406DC0384
C:\WINDOWS\system32\drivers\mrxdav.sys B9919496D6DCFFAB2A77C929AD287613
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys B572A4275354104AFC02DAB009E5B4F6
C:\WINDOWS\System32\DRIVERS\mrxsmb10.sys B04B378637F655DA09F0E23B170D47A4
C:\WINDOWS\System32\DRIVERS\mrxsmb20.sys 1ABDF9C902B027C2C2E6686FAE96173D
C:\WINDOWS\System32\drivers\bridge.sys 4FB1266788E8E08570655521791466C8
C:\Windows\System32\Drivers\Msfs.sys 0261F991B8FE3BE5864FC0C6BF27CC0C
C:\WINDOWS\System32\drivers\msgpiowin32.sys 6D1E26845AC230E09CBB0B8409072509
C:\WINDOWS\System32\drivers\mshidkmdf.sys 7C095521AE1BD263FF8F2BCF81492C1B
C:\WINDOWS\System32\drivers\mshidumdf.sys A723C5C371495DEF4FBC2BB8826DBEF7
C:\WINDOWS\System32\drivers\msisadrv.sys D2C2193399B1CF395DE8DBC72AFD4762
C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys AF3B513D4AF183DC05DDE30E155AC9D1
C:\WINDOWS\System32\drivers\mslldp.sys 5D82D59B7CB42D5BB7CB90D4E26A37E4
C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys 80940E4E2D69C5F2EC765FF096D27062
C:\WINDOWS\system32\DRIVERS\MSPQM.sys CD1EA1109A70F207EBF2FD2D03314DD9
C:\Windows\System32\Drivers\MsRPC.sys 7F049F7F19F8376FC36D76A64B41A017
C:\WINDOWS\System32\drivers\mssecflt.sys 203F2FB1B247D732B7106239C954E851
C:\WINDOWS\System32\drivers\mssmbios.sys D4922AA75C7022C38D113FD235384A4F
C:\WINDOWS\system32\DRIVERS\MSTEE.sys F79CA7DD2CD9C9D9B91C450F1C7321B2
C:\WINDOWS\System32\drivers\MTConfig.sys 5C5F6CA9C06981C8099F7B299E89CF32
C:\WINDOWS\System32\Drivers\mup.sys 7E1E28C38F1BA8F0C79C29A9E155A90A
C:\WINDOWS\System32\drivers\mvumis.sys 014979DF493D1371FC9AFC8012DC0545
C:\WINDOWS\System32\DRIVERS\nwifi.sys 531A48B861C8F999E9749F4DE0171841
C:\WINDOWS\System32\drivers\ndfltr.sys EAE693008ED94FBF5FE1A73220E9A8C8
C:\WINDOWS\System32\drivers\ndis.sys E03308F839E2753CE6494DFF3BAD500B
C:\WINDOWS\System32\drivers\ndiscap.sys 0DAE7E8D362CE0097CF40DA32283FDB9
C:\WINDOWS\System32\drivers\NdisImPlatform.sys 5B6D6225F69BAA58C765CB65EEF43A1E
C:\WINDOWS\System32\DRIVERS\ndistapi.sys 2EBB613CD5743A6A49236E823F4053AC
C:\WINDOWS\System32\drivers\ndisuio.sys 076A1A0A0F18D6D003BB79F32097412B
C:\WINDOWS\System32\drivers\NdisVirtualBus.sys 7AF21637D3C55524A4D8FE858D9194AA
C:\WINDOWS\System32\drivers\ndiswan.sys BB02978ADE135A9FA5C440577C186BFE
C:\WINDOWS\System32\DRIVERS\ndiswan.sys BB02978ADE135A9FA5C440577C186BFE
C:\WINDOWS\System32\DRIVERS\NDProxy.sys DD0DDA216AFE98F51BB0DCBF68B93063
C:\WINDOWS\System32\drivers\Ndu.sys 2BB247904B1A1A95F77D34E785BFBD49
C:\WINDOWS\System32\drivers\NetAdapterCx.sys 43B86F4F98DC6C6E942304FB360AC316
C:\WINDOWS\System32\drivers\netbios.sys 2E25D3C2E1F3FF75F489009988120CA2
C:\WINDOWS\System32\DRIVERS\netbt.sys 12641C55E0E7C5D2268A9826E362D818
C:\Windows\System32\Drivers\Npfs.sys 92FF25B3FCE4FB33DD4A3B797758E524
C:\WINDOWS\System32\drivers\npsvctrig.sys 1E114C1228585073A23FA11486ACE810
C:\WINDOWS\System32\drivers\nsiproxy.sys E043F6560A2C8C1D1FFD4B51670057F5
C:\Windows\System32\Drivers\NTFS.sys 012905E46BD1FAEDC5DA2DC24CC5865B
C:\Windows\System32\Drivers\Null.sys 08A773F4D6C0C8C1A6E1FD8BB4765BB1
C:\WINDOWS\system32\drivers\nvhda64v.sys 705386E3D1D814B974FFA4BE996C2B19
C:\WINDOWS\System32\DriverStore\FileRepository\nvhdcwu.inf_amd64_16f6c9b501baeb7d\nvlddmkm.sys CC2128714FAF80CBE743C2BE2FC8D5DF
C:\WINDOWS\System32\drivers\nvraid.sys 167F46E17590CF61A0BCE89DFFF360A7
C:\WINDOWS\System32\drivers\nvstor.sys 55E3079ACED5A68E845623A2776CDA02
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys 60C9EC53F9CFBFBE38E9C79B88A6B19F
C:\WINDOWS\system32\drivers\nvvad64v.sys 35DFC12FD7E44B7CB8CCD7E5A2B3975A
C:\WINDOWS\System32\drivers\parport.sys 2925C723017C8445E8646678C28CFACE
C:\WINDOWS\System32\drivers\partmgr.sys 3E02EEB83F84896E38CC49E2E9588350
C:\WINDOWS\System32\drivers\pci.sys AD6F3A9765BD338CDB650A4BFE2B2CEA
C:\WINDOWS\System32\drivers\pciide.sys D9D3431CCD13BBD40B999EF1831FD665
C:\WINDOWS\System32\drivers\pcmcia.sys 2C7FF889F326AE2CF5010A3AB7D51CC7
C:\WINDOWS\System32\drivers\pcw.sys E2B6F68067142CA8CD72706278CD31CB
C:\WINDOWS\System32\drivers\pdc.sys 4F9E0A266C6CF21006979E4EB9D984EB
C:\WINDOWS\System32\drivers\peauth.sys 8512FBA31C6CFCD5BD27F4E7DD97E885
C:\WINDOWS\System32\drivers\percsas2i.sys FB21E4CE28062F467C763FA9DED65A1A
C:\WINDOWS\System32\drivers\percsas3i.sys F029FE8E9A4CF37AE4A88B6FDC40D7C5
C:\WINDOWS\System32\drivers\pmem.sys 928DB776F95A674E78ECDF73AA69C0F3
C:\WINDOWS\System32\drivers\raspptp.sys E499A4CDF79A43C7859071C2A019ABD9
C:\WINDOWS\System32\drivers\processr.sys 0698E158307B39E789B72F24761EE6BC
C:\WINDOWS\System32\drivers\pacer.sys 1558C63AA19AD27BB4A629A50E6D2608
C:\WINDOWS\system32\drivers\qwavedrv.sys 068B1CF6A6D3B8D056C88887AEC5B282
C:\WINDOWS\System32\DRIVERS\rasacd.sys 20640EE38085414F696581C8D7B365EB
C:\WINDOWS\System32\drivers\AgileVpn.sys 6BED76071338740585A37AF937340934
C:\WINDOWS\System32\drivers\rasl2tp.sys 8F077329CD1A4F6EAD50C9D9D5CD5034
C:\WINDOWS\System32\DRIVERS\raspppoe.sys CACE4D4673E9BA77F2C07E549F2189CB
C:\WINDOWS\System32\drivers\rassstp.sys 9498178B4481D1079D507A3385ED35B4
C:\WINDOWS\System32\DRIVERS\rdbss.sys C04C096DF6E45148C02FA30E1D68FF04
C:\WINDOWS\System32\drivers\rdpbus.sys 6DE67E8A3039E1B64D637B16D114EC95
C:\WINDOWS\System32\drivers\rdpdr.sys 62275196A6C88985F9AC6C107FDB01FF
C:\WINDOWS\System32\drivers\rdpvideominiport.sys 1A3841ED296BB396C66C0A17E6D7DE8C
C:\WINDOWS\System32\drivers\rdyboost.sys 6F0382CEB29982B328F0E0FD7F996872
C:\Windows\System32\Drivers\ReFSv1.sys 599C3BDDF8477106F6E2F88B94C8B9A5
C:\WINDOWS\System32\drivers\rfcomm.sys E0B672E986F8550E3AC6C27510A3F6F6
C:\WINDOWS\System32\drivers\rspndr.sys 43B1CA9B33BDC2F1437F6ADD93516FC5
C:\WINDOWS\System32\drivers\rt640x64.sys AB7C0639DF052528C2CB06D0EAE115EC
C:\WINDOWS\System32\drivers\vms3cap.sys 4CC386DC5C3495BF837368A9D279D562
C:\WINDOWS\System32\drivers\sbp2port.sys E8490BF2C3E83FE8428F6FD5CF8360F1
C:\WINDOWS\System32\DRIVERS\scfilter.sys E280477F80D08A5835F3549DCF561490
C:\WINDOWS\System32\drivers\scmbus.sys 2F71968C12A7AFBEC62285BC9D6E3D55
C:\WINDOWS\System32\drivers\sdbus.sys 6A7433CE0071F0A171456613CBFD2817
C:\WINDOWS\System32\drivers\SDFRd.sys 26D76101B30E33DF3D2ED598776FD942
C:\WINDOWS\System32\drivers\sdstor.sys D8B200F1E1355088F160658261D8E72C
C:\WINDOWS\System32\drivers\SerCx.sys A6ABADF8AFECB9611A057EF53DE0AD8E
C:\WINDOWS\System32\drivers\SerCx2.sys 32F45508C994968075AD9A1B708B3A9C
C:\WINDOWS\System32\drivers\serenum.sys 8EAE634879262ABCA59C3EA6596CD240
C:\WINDOWS\System32\drivers\serial.sys 2B8B5CA027B4B338AD28AA34AD38F69F
C:\WINDOWS\System32\drivers\sermouse.sys 370344596044213E4FA42099B96BAD3B
C:\WINDOWS\System32\drivers\sfloppy.sys 96318788468672BFD67E75FD8C24FB79
C:\WINDOWS\System32\drivers\SiSRaid2.sys 7BC97CD775A4D1C6BB4EF5B657798690
C:\WINDOWS\System32\drivers\sisraid4.sys 8E49013D06FBEB7531B2922206D069F0
C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys C584D941C2F915B27FAEE9B407744641
C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys 8A6571231D93C08434A56E19E33A35CB
C:\WINDOWS\System32\drivers\spaceport.sys 58719C907CEFAA0BE2CFA1423A251FE9
C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys 9D32663DDDDA8A8BD717ABFF89093F9A
C:\WINDOWS\System32\drivers\SpbCx.sys 06C9DFCC4E40FBBC0CE2B977BB1000DE
C:\WINDOWS\System32\DRIVERS\srv.sys C68D9F5492A01132B5CA53FE5062128E
C:\WINDOWS\System32\DRIVERS\srv2.sys 5595589455D9F3E4790021F51DB0893C
C:\WINDOWS\System32\DRIVERS\srvnet.sys E77E4A6B29A897A39F97CCBDF81EB700
C:\WINDOWS\System32\drivers\stexstor.sys A132FD7C7339648CF4429EA79BE8346B
C:\WINDOWS\system32\DRIVERS\serscan.sys 57119780A42B5E364065310E94522D2D
C:\WINDOWS\System32\drivers\storahci.sys 2179E507BAF874D7221F1C869A10DE33
C:\WINDOWS\System32\drivers\vmstorfl.sys EB4996D50E108AB4B9F74D14B13205DB
C:\WINDOWS\System32\drivers\stornvme.sys 9EAE58FB4026EC686620D73AC25ED4A1
C:\WINDOWS\System32\drivers\storqosflt.sys 448D59AE6060D1F799738C4E06522243
C:\WINDOWS\System32\drivers\storufs.sys B33FFB7BC1834724CF16C1B27B413ED7
C:\WINDOWS\System32\drivers\storvsc.sys 5F4715C5159296DCE43D6196DBBFDBA7
C:\WINDOWS\System32\drivers\swenum.sys C4B244287121CB158BD674ECCB45F8F5
C:\WINDOWS\System32\drivers\Synth3dVsc.sys 42BB0E1CFE497D09F5758F4FC900573C
C:\WINDOWS\System32\drivers\tcpip.sys 4D9D24AB87B8119CDBED2A12B2A0F095
C:\WINDOWS\System32\drivers\tcpip.sys 4D9D24AB87B8119CDBED2A12B2A0F095
C:\WINDOWS\System32\drivers\tcpipreg.sys 1ADEB608E059B37280C7D17F4F09DA37
C:\WINDOWS\system32\DRIVERS\tdx.sys D508F0FE80E6F59D022B426C60795E49
C:\WINDOWS\System32\drivers\terminpt.sys 0DE58AE90E69A196A7571B875A2AB8DE
C:\WINDOWS\System32\drivers\tpm.sys 8E5712E9D65316D999772EB13415C20F
C:\WINDOWS\System32\drivers\tsusbflt.sys 8DDEA98ACA8E03F71F666466FA17A81A
C:\WINDOWS\System32\drivers\TsUsbGD.sys B99F97056B726D8A9F582020E27861CF
C:\WINDOWS\System32\drivers\tsusbhub.sys 310CC5A9E6FDDD268D6C677B89AAFC2B
C:\WINDOWS\System32\drivers\tunnel.sys 30EC43B7776AF44BB1AFC6BE112EF089
C:\WINDOWS\System32\drivers\uaspstor.sys 0954B446EA35655C9727A8113ADAA1AD
C:\WINDOWS\System32\Drivers\UcmCx.sys 3DBDBFE349B5B577218825C3F52D8168
C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys 752A47B3F73FA656D11669CCD606D158
C:\WINDOWS\System32\drivers\UcmUcsi.sys AE31318FA016E346EE987BBBDEFA7B57
C:\WINDOWS\System32\drivers\ucx01000.sys 6D6D06DB7D994CCE6DDD968FD1532EFA
C:\WINDOWS\System32\drivers\udecx.sys 9DBCA53B2C2F94DC2C9A806752433923
C:\WINDOWS\System32\DRIVERS\udfs.sys 74F73DE6E9D1EB5AD11E053F2B3FA18B
C:\WINDOWS\System32\drivers\UEFI.sys 7C9B307F84B41692044EFECB5467EF96
C:\WINDOWS\system32\drivers\UevAgentDriver.sys EB2867BF0CBCFE2D74BC0FC70A1606C5
C:\WINDOWS\System32\drivers\ufx01000.sys E6FCBE7C9BD4A0FB2F692F1919D4B8C9
C:\WINDOWS\System32\drivers\UfxChipidea.sys A6A16F7A5AFCEE786460843D536A9F54
C:\WINDOWS\System32\drivers\ufxsynopsys.sys 2719170C42543484884180F832930557
C:\WINDOWS\System32\drivers\umbus.sys 7CB8B57B6523B9065E9DCFA25D83C8CB
C:\WINDOWS\System32\drivers\umpass.sys DAD50661FBF85D0CE3BFE6B89196D4E2
C:\WINDOWS\System32\drivers\urschipidea.sys 45360850AC69499211FD75ADAD91AB1C
C:\WINDOWS\System32\drivers\urscx01000.sys 0125761BEE90D1D6D55A215EDC6E445A
C:\WINDOWS\System32\drivers\urssynopsys.sys EB66E8CFEFBE5D1289CC550CCC01DCD6
C:\WINDOWS\System32\Drivers\usbaapl64.sys F957092C63CD71D85903CA0D8370F473
C:\WINDOWS\System32\drivers\usbccgp.sys EDB6BA8FEB162B6C5CCE093202473A14
C:\WINDOWS\System32\drivers\usbcir.sys 9B29694B23A00B3F4F57A43BA6505DF8
C:\WINDOWS\System32\drivers\usbehci.sys 7B4FE03651D611CD60489F95D8432524
C:\WINDOWS\System32\drivers\usbhub.sys E073593D0D3B28FEC2B4D38FD9ED5435
C:\WINDOWS\System32\drivers\UsbHub3.sys 9467B95BA82906B8DCA3B056AEE611AA
C:\WINDOWS\System32\drivers\usbohci.sys 6F57F59FAF195FF0EF02C26055AA3E29
C:\WINDOWS\System32\drivers\usbprint.sys A11654FDD04C9411884AFE7D90984921
C:\WINDOWS\System32\drivers\usbser.sys 790CF59C26CAF066C116CE3EB599F77D
C:\WINDOWS\System32\drivers\USBSTOR.SYS F6D95B2B2390ED2081657094740B488D
C:\WINDOWS\System32\drivers\usbuhci.sys 591202AC0B9A95061FC8D5F3E7804758
C:\WINDOWS\System32\drivers\USBXHCI.SYS 9FC9564AE9D24E01F97EFF2FCD52955E
C:\WINDOWS\System32\drivers\vdrvroot.sys 5AB1EBA528554BF6F30E0BB008239B33
C:\WINDOWS\System32\drivers\VerifierExt.sys DBD18035920A8D1E627F889D23E5AD1D
C:\WINDOWS\System32\drivers\vhdmp.sys A36FA9AA3F7E101DB606E73E030FBF7F
C:\WINDOWS\System32\drivers\vhf.sys CA25A82C98DE77B5E49586910F324288
C:\WINDOWS\System32\drivers\vmbus.sys 0C623C4965DC2DF4CC91A037CE5D73EF
C:\WINDOWS\System32\drivers\VMBusHID.sys F9B1D0146C9033D941FB65C9C040CE85
C:\WINDOWS\System32\drivers\vmgid.sys 50C1B4D7B7CE6E8F28E8A5AD931CAC94
C:\WINDOWS\System32\drivers\volmgr.sys 8CC96218A69A62C3B31BE2057B2F41F3
C:\WINDOWS\System32\drivers\volmgrx.sys 49918D35612CCD1C231AED13BEE085DA
C:\WINDOWS\System32\drivers\volsnap.sys D4940069222A8933334E93EEB54DD7C0
C:\WINDOWS\System32\drivers\volume.sys E37562651E0F51E7ECBB89CA4BA21920
C:\WINDOWS\System32\drivers\vpci.sys 55182CDC6521EEC067E675EB43578DE0
C:\WINDOWS\System32\drivers\vsmraid.sys 0F0D4AEFB0AF6657A5FA2794DCB7C058
C:\WINDOWS\System32\drivers\vstxraid.sys CD9097571AF259A21FCB618259F94EB5
C:\WINDOWS\System32\drivers\vwifibus.sys D2C7ADB2D659265C0D96DCED5C89825B
C:\WINDOWS\System32\drivers\vwififlt.sys B8861050E4BB7F448D94AD2F0A6C6833
C:\WINDOWS\System32\drivers\vwifimp.sys ED92C45E0E91BF4F2FCB6F3524404837
C:\WINDOWS\System32\drivers\wacompen.sys F603604F23B6871042238ACDDAD6F6CE
C:\WINDOWS\System32\DRIVERS\wanarp.sys 41FEFED24ECEB5FDC1B0767AC98582F6
C:\WINDOWS\System32\DRIVERS\wanarp.sys 41FEFED24ECEB5FDC1B0767AC98582F6
C:\WINDOWS\system32\drivers\wcifs.sys 14704C95C2B8A5F7EDA9248FD373D509
C:\WINDOWS\system32\drivers\wcnfs.sys 1E2369802053928A0691FEA7EAA53D9E
C:\WINDOWS\System32\drivers\WdBoot.sys 9A1277BABCE45257F71306D6EBF8BB5F
C:\WINDOWS\System32\drivers\wdcsam64.sys A556768CC1FA4F36022BEE2F0EDE2566
C:\WINDOWS\System32\drivers\Wdf01000.sys 128C8DA9796B4E5E662BEA89A50265A0
C:\WINDOWS\System32\drivers\WdFilter.sys 5AACBDEF1A0766DC785300E2D7339E49
C:\WINDOWS\System32\DRIVERS\wdiwifi.sys AE9C1C222016EF8C80A517F08F4FCFEE
C:\WINDOWS\System32\Drivers\WdNisDrv.sys D913F8FD2D4733257F118A1CC0A97A08
C:\WINDOWS\System32\drivers\wfplwfs.sys 9A306B5FA7CBCD427016AC1807B18CEC
C:\WINDOWS\System32\drivers\wimmount.sys 7690DBB9D8D63792A27661F96B91D287
C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys A9B63B5B4C5FE7E85BEC9D6180D2A50D
C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys 7231CBFBBE0F45B8E1D35AE35153DE8E
C:\WINDOWS\System32\drivers\winmad.sys 8098CCE470A942277025E3430EB88B5A
C:\WINDOWS\System32\drivers\winnat.sys 8E80F260BF9F6945815369BBDE0C33DE
C:\WINDOWS\System32\drivers\WinUSB.SYS 2835728D4043921C6DC61E4682803D88
C:\WINDOWS\System32\drivers\winverbs.sys 323B9485CFECAA618AB29D1508E06A22
C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys 3A627A24EAC6CEC3BA59548AA70BAD6E
C:\WINDOWS\System32\drivers\wmiacpi.sys A4597AC92C7355438D612131C2A80A0B
C:\Windows\System32\Drivers\Wof.sys C954CEBD4729419AF33234FC6C982844
C:\WINDOWS\System32\drivers\WpdUpFltr.sys 0013228FB25DBBA6F08DB07D85D71F4C
C:\WINDOWS\system32\drivers\ws2ifsl.sys 573F0549359CB8874F7CB114C8E8C8C9
C:\WINDOWS\System32\drivers\WSDPrint.sys 15A6F04D9FC17804A79BD17BE0EC2A0E
C:\WINDOWS\system32\DRIVERS\WSDScan.sys F778D436DC6D43AE0CFE8C8E1A147E31
C:\WINDOWS\System32\drivers\WudfPf.sys E02FA22B6FF182F8F38A0954A163313F
C:\WINDOWS\System32\drivers\WUDFRd.sys 95B0B2CDC99D6CC345132196A2746F1F
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys 95B0B2CDC99D6CC345132196A2746F1F
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys 95B0B2CDC99D6CC345132196A2746F1F
C:\WINDOWS\System32\drivers\xboxgip.sys 06417C1742A8087175BF15D74BD7BB33
C:\WINDOWS\System32\drivers\xinputhid.sys E70800BE5C59FB0B6B6797BB3066A27B

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: NaturalAuthentication -> C:\Windows\System32\NaturalAuth.dll (Microsoft Corporation)

==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-24 14:05 - 2017-01-24 14:05 - 00899072 _____ C:\Users\nepta\Downloads\RGSA (1).exe
2017-01-24 14:02 - 2017-01-24 14:02 - 00899072 _____ C:\Users\nepta\Downloads\RGSA.exe
2017-01-24 12:06 - 2017-01-24 12:06 - 15309536 _____ C:\Users\nepta\Downloads\Shortcut.txt
2017-01-24 12:04 - 2017-01-24 12:05 - 00000000 ____D C:\Users\nepta\Desktop\Computer Safety
2017-01-24 11:51 - 2017-01-24 12:18 - 00036096 _____ C:\Users\nepta\Downloads\Addition.txt
2017-01-24 11:49 - 2017-01-24 14:27 - 00046031 _____ C:\Users\nepta\Downloads\FRST.txt
2017-01-24 11:48 - 2017-01-24 14:27 - 00000000 ____D C:\FRST
2017-01-24 11:48 - 2017-01-24 11:48 - 02420736 _____ (Farbar) C:\Users\nepta\Downloads\FRST64.exe
2017-01-24 11:46 - 2017-01-24 11:46 - 00000677 _____ C:\Users\nepta\Documents\JRT.txt
2017-01-24 11:43 - 2017-01-24 11:43 - 01663040 _____ (Malwarebytes) C:\Users\nepta\Downloads\JRT.exe
2017-01-24 11:35 - 2017-01-24 11:35 - 00002804 _____ C:\Users\nepta\Documents\AdwCleaner[C0].txt
2017-01-24 11:28 - 2017-01-24 11:28 - 03988944 _____ C:\Users\nepta\Downloads\adwcleaner_6.042.exe
2017-01-24 10:44 - 2017-01-24 10:44 - 00002199 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
2017-01-24 10:43 - 2017-01-24 10:43 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-23 18:42 - 2017-01-23 18:42 - 00262980 _____ C:\Users\Default\346FD420--07CA--C4B7--E85FD803--727890ACE0A1.osiris
2017-01-23 18:42 - 2017-01-23 18:42 - 00193119 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--CF90E303--65ED10CF88FB.osiris
2017-01-23 18:42 - 2017-01-23 18:42 - 00008182 _____ C:\Users\Default\OSIRIS-3301.htm
2017-01-23 18:39 - 2017-01-23 18:39 - 29959946 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--BE26AA4B--CF25A2172F96.osiris
2017-01-23 18:39 - 2017-01-23 18:39 - 25213821 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--2B70DB5F--4A70C7AB15DA.osiris
2017-01-23 18:38 - 2017-01-23 18:38 - 41374933 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--AA21D825--B842BA2D897D.osiris
2017-01-23 18:37 - 2017-01-23 18:37 - 46018057 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--6E4AB255--08D69A25B053.osiris
2017-01-23 18:37 - 2017-01-23 18:37 - 41374933 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--DFCC9C66--25198C9FFA5C.osiris
2017-01-23 18:37 - 2017-01-23 18:37 - 28953558 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--FBD668B4--B751D4DAF8DD.osiris
2017-01-23 18:37 - 2017-01-23 18:37 - 28953558 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--70B87FDD--C33F5092EB06.osiris
2017-01-23 18:37 - 2017-01-23 18:37 - 25095206 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--82D3F454--210A65AAB9AB.osiris
2017-01-23 18:37 - 2017-01-23 18:37 - 23980926 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--56FC4376--79BD00769549.osiris
2017-01-23 18:37 - 2017-01-23 18:37 - 07536366 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--2FBF91BD--CCAA1C513BF3.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 41582785 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--9C2A7755--E502C80F6584.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 30744728 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--8056258D--A1DE2E690211.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 27298594 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--264D8F57--73AB38580C98.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 09990619 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--B8B612EB--35E1302E7A3C.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 09990619 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--5608A18B--DF337B9460EF.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 02460209 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--2F652B9A--25B605136306.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 01958945 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--EE970CC1--C4692A85C1A2.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 01958945 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--D1A7A2E0--565F4C3D1CB4.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 01958945 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--6DB08FBA--C0E08A171383.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 01958945 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--3A355786--9BE8644D1A31.osiris
2017-01-23 18:36 - 2017-01-23 18:36 - 01579410 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--9ABC5C68--665F17091DA5.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 15128434 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--F7291DEC--5E34A385E7A8.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 00988737 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--E9D448CF--210F03092E36.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 00469638 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--163230B8--D8CA59F41122.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 00445405 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--56B7F313--89362D541756.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 00044856 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--69A7E0E0--23E844A48EBA.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 00007406 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--D8A6E0E8--61AE7785B475.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 00007405 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--B34CDB5D--8884AD5718CB.osiris
2017-01-23 18:35 - 2017-01-23 18:35 - 00000858 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--899D6694--EACAB78BEEC1.osiris
2017-01-23 18:33 - 2017-01-23 18:33 - 02520029 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--673FD8FF--12D57944DD6B.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00086254 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--D0FF1078--BD81D0ED6955.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00058504 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--793B4CB0--4AB32B7C2E94.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00053537 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--87C2A923--043B1F1AAD10.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00039681 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--92B20262--7E76A3E4D302.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00039681 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--8E5A826F--1F4F7E86E8C3.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00032444 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--8BA056DD--34CFA7DE9309.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00030384 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--A5151F4F--B7D5B4BDECCB.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00030384 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--40E6D0A5--68B5DDE2D087.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00030379 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--C4D0B96F--B83B9F7AEB80.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00030379 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--35A3F77E--FF2FCA20930F.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00024279 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--41435011--A543D335277F.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00015570 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--0902712C--CF3A3457598B.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00012207 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--5BA43B3D--262E7202CD73.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00001949 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--4C3F846F--CFC8C858A588.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00000836 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--AB57ADDA--F04D3A3FD3FE.osiris
2017-01-23 18:29 - 2017-01-23 18:29 - 00000836 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--A0170279--EB8749F5C833.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 03166721 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--DFEF78F6--5E980E2C90C1.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 01943890 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--5B5297EC--95A2C297DE7E.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 01498406 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--B180C704--4A1F6ADE2E3D.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 00546681 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--94A3ADEC--2BD0819A41B7.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 00526190 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--71DADE63--DC4EFFB80D71.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 00362360 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--8BE6B147--FF24103CFB83.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 00353810 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--66875EB9--E5E7944079B8.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 00296951 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--2D430664--EE1E67387DEE.osiris
2017-01-23 18:27 - 2017-01-23 18:27 - 00177872 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--497CE82D--962B8C209ECD.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 09043690 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--80FCDCC6--15379852C6D8.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 08623627 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--8D5ACE86--5EEA930EBAC5.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 04373426 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--353008E6--A3A4ED90EEDA.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 04172693 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--B15C0994--52B597901016.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01798329 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--84153FE5--5BDFE4E012FA.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01578348 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--1E955960--7FFD366B5516.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01405762 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--1ECB6F88--FF5B0F7B2C59.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01400156 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--FA47FDE0--FF7C2E694589.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01298090 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--52F3871B--148414730D44.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01254210 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--CF2411FD--DA7DD13FFB16.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01182224 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--280F024F--9AE621864DE9.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 01146780 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--2FBCC45A--5ECBF4000E96.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00575251 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--D1AD2871--AEACCE67CBC7.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00542165 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--C912F4E0--A03AAA705425.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00420031 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--4527B604--C8AA7B17F17E.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00376783 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--492EE856--0E9EBF0F0482.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00341801 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--55B93532--96FEEDC8E872.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00331443 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--A4B04E44--1C53546520B3.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00327038 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--68F3A070--DE6ABBA895D4.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00322633 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--04E7748D--40965F06C7EA.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00246257 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--21500705--169346388EA0.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00143601 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--C7F3D3C4--23D9BB2A5E6F.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00117474 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--4F24D05D--85A92D0F5DD7.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00105459 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--255AAF14--5220241FC421.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00040341 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--FE19C4A7--819D6BE6DF86.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00040341 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--958EB74C--28BB85530583.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00012816 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--6F107895--DA13C0DC5328.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00011496 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--DF647321--17973BFB4372.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00011496 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--B79D8B73--7DF6C387D76E.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00011496 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--31C144C7--709FF9167980.osiris
2017-01-23 18:22 - 2017-01-23 18:22 - 00000836 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--347AC254--D41761DBB110.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 08056634 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--35D83685--9F405848E1DC.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 05325636 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--942B9237--8D3D6C0D01BA.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00848265 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--E3B1C311--0CC2650C0A02.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00848264 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--31473CE8--CC738BBBA8CA.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00777576 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--04F5F495--4DB47017250E.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00707871 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--A9B80FBB--47C9BA760F23.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00707871 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--63A6FEC3--592AB0170702.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00494283 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--354C0F22--6CAB2FE09158.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00483600 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--6B84FB04--942CD40439FD.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00346341 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--213204F3--06B89D58A1CF.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00324030 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--7702C78B--8CCD6F862170.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00279818 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--8C2D22C8--D856E9E17B45.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00279818 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--46E053E1--7AE19CECE0D9.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00222237 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--3DA45503--FD3B00CF7E25.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00215019 _____ C:\Users\nepta\Desktop\346FD420--07CA--C4B7--09E359A0--B68F0EE76339.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00125051 _____ C:\Users\nepta\Documents\346FD420--07CA--C4B7--281F97D7--615AAB8F75B5.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00065348 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--B07C2A12--78E63110415D.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00065348 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--639E9CCF--0B560B94E397.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00065348 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--0C490097--241557D592C7.osiris
2017-01-23 18:21 - 2017-01-23 18:21 - 00008182 _____ C:\ProgramData\OSIRIS-a761.htm
2017-01-23 18:21 - 2017-01-23 18:21 - 00003592 _____ C:\ProgramData\346FD420--07CA--C4B7--4928A8E6--FA91EDB292F1.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00671364 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--FB6A95E8--07FA92E86296.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00671362 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--A662DF21--ECE0E35B5B26.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00669737 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--396323E0--971D2F1DF23F.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00668258 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--30A92CFA--AFB48099F7A1.osiris
2017-01-23 18:20 - 2017-01-23 18:20 - 00634590 _____ C:\Users\nepta\Downloads\346FD420--07CA--C4B7--91A2F770--4D5715896E9E.osiris
2017-01-23 18:20 - 2017-01-2

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19326
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: File Type Question
« Reply #14 on: January 25, 2017, 07:46:02 PM »
It appears that FRST doesn't recognize difference between Windows Insider builds as it shows I'm also running Windows 10 Pro Insider Preview Version 1607 even though I have the latest build installed.

Anyway, both of the logs posted are FRST.txt and, due to forum software restrictions got cut off.  Please re-open FRST.txt and copy paste from the last line posted to the end and paste as a reply.  To locate it, it would be easiest to search for 4D5715896E9E.osiris.  Then, open the Addition.txt and in a second reply, paste the contents here.

Thank you.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.