Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Possible Rootkit

This is a discussion on Possible Rootkit within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, guys! I might have a problem here. I've been trying to fix it since last night, but haven't had


 
 
Thread Tools Search this Thread
Old 06-25-2018, 11:28 AM   #1
Registered Member
 
Join Date: Jun 2018
Posts: 7
OS:



Hi, guys! I might have a problem here. I've been trying to fix it since last night, but haven't had any luck. My issue is probably a little complex, because it could be a little "old", but I'll try to explain everything.

1. 1-2 months ago I had a problem with my Windows. It started to freeze to a horrible level. Just so you have an idea, I took like 8 hours just to turn it off. I decided to format it, and it wouldn't let me go back to the last image, so I ended up formatting it to the moment when I bought it. This problem with getting back to the last image might be important soon enough.

2. Last night I was on one of my neurotic moments and decided to "profoundly scan" my notebook with my avg. It found a rootkit (Or so it says) on my windows.old folder. It's a hidden file. I can't even open this specific folder where the rootkit is. Just in case you need it, the path to it is: C:\Windows.old\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8830.7600.0_x64__8wekyb3d8bbwe\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OFFREL.DLL

3. Here's the catch: Months ago, I seemed to have had a OS and/or HD problem. I couldn't even go back to my last image. And now, the way I see it, the problem seems to be either a true rootkit problem, or a OS/HD problem still. I actually don't know. My area is not security, and I still don't have a lot of experience with development (Which is my area) as well, so I'm kinda of at a loss here.

4. What I did try was to scan in everyway with avg (It's never able to do anything with the file), I tried to delete the windows.old folder with the cleanmgr thing (The folder doesn't even show up - It doesn't matter if I open the tool as an administrator or open normally and then ask for it to show old windows files), I tried to run the OTL tool (It doesn't do anything. I think I tried twice), I tried to take control of the folder with cmd and then delete it (I manage to get partial control of it, or so the cmd says, but then I can't delete it, because it says the folders inside it are not empty - Which is odd, because the folder size is 0 when I check it). In short: Nothing is working.

5. Guys, I feel like I should tell you this. I tried to use the DDS as the rules tell me to, but it has a compatibility issue. Basically the link on the rules thread isn't that of a DDS for my version. So I'd be thankful if you guys could direct me to a DDS download link, so I can search for my version there. I searched a lot here in the forums, but couldn't find it. As soon as I can get it running on my notebook, I'll post the texts generated by it.

I thank you already!
hiei_jagan is offline  
Sponsored Links
Advertisement
 
Old 06-25-2018, 12:06 PM   #2
Moderator, Editor, Articles Team
 
Deejay100six's Avatar
 
Join Date: Nov 2007
Location: Doncaster, Great Britain
Posts: 11,824
OS: Windows 7 Professional SP1

My System


Hi, and welcome to TSF.

Please try to download from this page; https://www.bleepingcomputer.com/download/dds/

If that still doesn't work, stand by and I'm sure one of our analysts will be along soon.
__________________
Regards, Dave.


Submit New Articles Here

Help us to help you by posting your System Specs
Deejay100six is offline  
Old 06-25-2018, 12:21 PM   #3
Registered Member
 
Join Date: Jun 2018
Posts: 7
OS:



Thank you so much for answering!
I'm having the same issue with the DDS. My Windows is 8.1 and DDS is for other 3 versions
Could you recommend me another tool?
hiei_jagan is offline  
Sponsored Links
Advertisement
 
Old 06-25-2018, 12:44 PM   #4
Moderator, Editor, Articles Team
 
Deejay100six's Avatar
 
Join Date: Nov 2007
Location: Doncaster, Great Britain
Posts: 11,824
OS: Windows 7 Professional SP1

My System


I could but only trained analysts are allowed to post that kind of advice, I was just trying to help you post your logs.

Be advised that this part of the forum is usually very busy so some patience will be required but someone will be along to assist you when they can.

If you have no response within 72 hours, you may reply to your own thread with 'Bump please', this will result in your thread moving to the top of the forum making it more visible.

Good luck.
__________________
Regards, Dave.


Submit New Articles Here

Help us to help you by posting your System Specs
Deejay100six is offline  
Old 06-25-2018, 12:53 PM   #5
Registered Member
 
Join Date: Jun 2018
Posts: 7
OS:



Once again: Thank you so much!
I'm gonna wait for someone else to answer me. Thank you for the advice and support, man! You're great!
hiei_jagan is offline  
Old 06-25-2018, 09:22 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Quote:
And now, the way I see it, the problem seems to be either a true rootkit problem, or a OS/HD problem still
As Windows.old involves a previous install, it won't affect your current install. So it appears you have an OS/HD problem.

It is doubtful you have a rootkit. Again, even if there was one there, it wouldn't affect your current install.

Did you try all the methods here for deleting that folder?

https://www.eightforums.com/threads/...indows-8.2527/

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-26-2018, 01:04 PM   #7
Registered Member
 
Join Date: Jun 2018
Posts: 7
OS:



Hi! I've tried the windows.old folder tips, but couldn't get anywhere. The first two options won't work, and the last one doesn't give me a drive letter for the windows.old folder (Actually, only one gets a letter, the C one. Around 3-4 get no letter at all). Not only that, but the folder has a size of 0, so I couldn't really find out what drive letter is set to it, even if there was one.

Regarding the files, I noticed a huge chunk of them is in Portuguese (Which is my native language). I didn't notice if the tools gave me the options to change them. I'll copy/paste/attach them here anyway, but if you want me try it again in English (If there is an option), or want me to translate anything, let me know.

AdwCleaner[C00].txt

# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build: 06-05-2018
# Database: 2018-06-25.3
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-26-2018
# Duration: 00:00:04
# OS: Windows 8.1 Single Language
# Cleaned: 2
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Conduit
Deleted HKLM\Software\Wow6432Node\Conduit

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Not Deleted Ask Brasil

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1347 octets] - [26/06/2018 16:36:32]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

--------------------------------------------------------------------------

FRST.txt

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 20.06.2018
Executado por Neto (administrador) em NETO-NOTEBOOK (26-06-2018 16:43:24)
Executando a partir de C:\Users\Neto\Desktop
Perfis Carregados: Neto (Perfis Disponíveis: Neto & Administrator)
Platform: Windows 8.1 Single Language (Update) (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\WINDOWS\SysWOW64\esif_uf.exe
(Intel Corporation) C:\WINDOWS\Temp\DPTF\esif_assist.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Validity Sensors, Inc.) C:\WINDOWS\System32\valWBFPolicyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(Intel Corporation) C:\WINDOWS\System32\igfxHK.exe
() C:\WINDOWS\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2878728 2014-09-23] (ELAN Microelectronics Corp.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3090592 2012-06-03] (Dell Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7640944 2014-09-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2014-09-01] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322712 2014-10-09] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [291568 2018-06-24] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1587885285-1548320126-1433991152-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3201312 2018-06-08] (Valve Corporation)
HKU\S-1-5-21-1587885285-1548320126-1433991152-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\Neto\Desktop\dds.scr

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{BA161F6E-841D-4807-91F0-F7F74E765FBE}: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{C63D6CD5-68EA-4F14-BD83-62EAE4E7F62B}: [DhcpNameServer] 10.42.0.251 10.42.0.252

Internet Explorer:
==================
HKU\S-1-5-21-1587885285-1548320126-1433991152-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-1587885285-1548320126-1433991152-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-1587885285-1548320126-1433991152-1001 -> DefaultScope {1A97A260-E490-46FF-9D0A-6DCA7CDFC63F} URL =
SearchScopes: HKU\S-1-5-21-1587885285-1548320126-1433991152-1001 -> {1A97A260-E490-46FF-9D0A-6DCA7CDFC63F} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-06-16] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-16] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-16] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-06-16] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-25] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Neto\AppData\Local\Google\Chrome\User Data\Default [2018-06-26]
CHR Extension: (Slides) - C:\Users\Neto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-25]
CHR Extension: (Docs) - C:\Users\Neto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-25]
CHR Extension: (Google Drive) - C:\Users\Neto\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-05-25]
CHR Extension: (YouTube) - C:\Users\Neto\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-25]
CHR Extension: (Easy AdBlock) - C:\Users\Neto\AppData\Local\Google\Chrome\User Data\Default\Extensions\enlmiihbdlkpihokdgndjhahhkfmfcga [2018-06-10]
CHR Extension: (Sheets) - C:\Users\Neto\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-25]
CHR Extension: (Google Docs Offline) - C:\Users\Neto\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-05-25]
CHR Extension: (AVG SafePrice) - C:\Users\Neto\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2018-06-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Neto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-25]
CHR Extension: (Gmail) - C:\Users\Neto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-05-25]
CHR Extension: (Chrome Media Router) - C:\Users\Neto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-15]
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [323512 2018-06-24] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe [7829784 2018-06-24] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8654504 2018-06-12] (Microsoft Corporation)
S2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [75120 2015-01-22] (Dell)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [190840 2014-11-13] (Dell Inc.)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1037568 2014-08-07] (Intel Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18584 2014-10-09] (Intel Corporation)
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [121288 2014-08-13] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [328296 2014-10-29] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-06-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268968 2017-10-24] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-09-04] (Realtek Semiconductor)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-07-17] (Validity Sensors, Inc.) [Arquivo não assinado]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2015-05-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-05-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758760 2017-10-24] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [189544 2018-06-24] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [222288 2018-06-24] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsha.sys [194224 2018-06-24] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\System32\drivers\avgbloga.sys [339048 2018-06-24] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniva.sys [51952 2018-06-24] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [39352 2018-06-24] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [152016 2018-06-24] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [104256 2018-06-24] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [78352 2018-06-24] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1020112 2018-06-24] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [455464 2018-06-24] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [203544 2018-06-24] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [373944 2018-06-24] (AVG Technologies CZ, s.r.o.)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [41824 2014-08-07] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [215848 2014-08-07] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [219592 2014-08-13] (Intel Corporation)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw04.sys [3557896 2017-10-29] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [38048 2014-09-05] (NVIDIA Corporation)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [423128 2013-07-24] (Realsil Semiconductor Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [35320 2015-05-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [258368 2015-05-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114496 2015-05-29] (Microsoft Corporation)
U3 McMPFSvc; não ImagePath

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2018-06-26 16:43 - 2018-06-26 16:44 - 000017833 _____ C:\Users\Neto\Desktop\FRST.txt
2018-06-26 16:43 - 2018-06-26 16:43 - 000000000 ____D C:\FRST
2018-06-26 16:37 - 2018-06-26 16:37 - 000003082 _____ C:\WINDOWS\System32\Tasks\AdwCleaner_onReboot
2018-06-26 16:35 - 2018-06-26 16:37 - 000000000 ____D C:\AdwCleaner
2018-06-26 16:34 - 2018-06-26 16:35 - 002412544 _____ (Farbar) C:\Users\Neto\Desktop\FRST64.exe
2018-06-26 16:33 - 2018-06-26 16:34 - 007372496 _____ (Malwarebytes) C:\Users\Neto\Desktop\AdwCleaner.exe
2018-06-26 03:51 - 2018-06-26 04:22 - 000000000 ____D C:\Users\Neto\Downloads\Marvels.Luke.Cage.S02E01.XviD-AFG
2018-06-26 03:51 - 2018-06-26 03:51 - 000009670 _____ C:\Users\Neto\Downloads\Marvels.Luke.Cage.S02E01.XviD-AFG.torrent
2018-06-25 17:52 - 2018-06-25 17:52 - 000005156 _____ C:\Users\Neto\Downloads\WhatsApp Image 2018-04-19 at 20.53.11.jpeg
2018-06-25 13:59 - 2018-06-25 14:07 - 000551778 _____ C:\WINDOWS\ntbtlog.txt
2018-06-25 01:17 - 2018-06-25 14:41 - 000000430 _____ C:\Users\Neto\Desktop\Caminho Rootkit.txt
2018-06-24 19:52 - 2018-06-24 19:52 - 000379120 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2018-06-24 19:42 - 2018-06-24 20:23 - 000000000 ____D C:\WINDOWS\AutoKMS
2018-06-24 19:40 - 2018-06-24 19:40 - 000000000 ____D C:\ProgramData\Microsoft Toolkit
2018-06-24 15:57 - 2018-06-24 16:22 - 000000000 ____D C:\Users\Neto\Downloads\The.End.Of.The.*******.World.S01E08.XviD-AFG
2018-06-24 04:13 - 2018-06-24 15:57 - 000000000 ____D C:\Users\Neto\Downloads\The.End.Of.The.*******.World.S01E07.XviD-AFG
2018-06-24 03:51 - 2018-06-24 04:12 - 000000000 ____D C:\Users\Neto\Downloads\The.End.Of.The.*******.World.S01E06.XviD-AFG
2018-06-24 03:01 - 2018-06-24 03:22 - 000000000 ____D C:\Users\Neto\Downloads\The.End.Of.The.*******.World.S01E05.XviD-AFG
2018-06-24 02:22 - 2018-06-24 02:30 - 000000000 ____D C:\Users\Neto\Downloads\The.End.Of.The.*******.World.S01E04.XviD-AFG
2018-06-24 01:49 - 2018-06-24 01:57 - 000000000 ____D C:\Users\Neto\Downloads\The.End.Of.The.*******.World.S01E03.XviD-AFG
2018-06-24 01:15 - 2018-06-24 01:26 - 000000000 ____D C:\Users\Neto\Downloads\The.End.Of.The.*******.World.S01E02.XviD-AFG
2018-06-24 00:57 - 2018-06-24 01:02 - 000000000 ____D C:\Users\Neto\Downloads\The.End.of.the.*******.World.S01E01.HDTV.x264-PLUTONiUM
2018-06-24 00:35 - 2018-06-24 00:43 - 000000000 ____D C:\Users\Neto\Downloads\The.End.of.the.*******.World.S01E01.XviD-AFG
2018-06-19 01:49 - 2018-06-19 01:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitnami
2018-06-19 01:19 - 2018-06-19 01:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2018-06-19 01:16 - 2018-06-19 06:27 - 000000000 ____D C:\xampp
2018-06-18 23:54 - 2018-06-18 23:54 - 000000000 ____D C:\Users\Neto\Documents\Modelos Personalizados do Office
2018-06-17 10:49 - 2018-06-17 10:49 - 000000000 ____D C:\Users\Neto\Documents\PCSX2
2018-06-17 10:33 - 2015-08-22 10:42 - 000901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-06-17 10:33 - 2015-08-22 10:42 - 000066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-06-17 10:33 - 2015-08-22 10:42 - 000022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-06-17 10:33 - 2015-08-22 10:42 - 000019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-06-17 10:33 - 2015-08-22 10:42 - 000017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-06-17 10:33 - 2015-08-22 10:42 - 000017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-06-17 10:33 - 2015-08-22 10:42 - 000016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-06-17 10:33 - 2015-08-22 10:42 - 000015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-06-17 10:33 - 2015-08-22 10:42 - 000014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-06-17 10:33 - 2015-08-22 10:42 - 000013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-06-17 10:33 - 2015-08-22 10:42 - 000012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-06-17 10:33 - 2015-08-22 10:42 - 000012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-06-17 10:33 - 2015-08-22 10:42 - 000012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-06-17 10:33 - 2015-08-22 10:42 - 000012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-06-17 10:33 - 2015-08-22 10:42 - 000012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-06-17 10:33 - 2015-08-22 10:42 - 000012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-06-17 10:33 - 2015-08-22 10:35 - 000984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-06-17 10:33 - 2015-08-22 10:35 - 000063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2018-06-17 10:33 - 2015-08-22 10:35 - 000020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2018-06-17 10:33 - 2015-08-22 10:35 - 000019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-06-17 10:33 - 2015-08-22 10:35 - 000017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2018-06-17 10:33 - 2015-08-22 10:35 - 000017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-06-17 10:33 - 2015-08-22 10:35 - 000016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-06-17 10:33 - 2015-08-22 10:35 - 000015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-06-17 10:33 - 2015-08-22 10:35 - 000014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2018-06-17 10:33 - 2015-08-22 10:35 - 000013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-06-17 10:33 - 2015-08-22 10:35 - 000012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2018-06-17 10:33 - 2015-08-22 10:35 - 000012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-06-17 10:33 - 2015-08-22 10:35 - 000012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-06-17 10:33 - 2015-08-22 10:35 - 000012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-06-17 10:33 - 2015-08-22 10:35 - 000012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-06-17 10:33 - 2015-08-22 10:35 - 000012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-06-17 10:26 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2018-06-17 10:26 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2018-06-17 10:26 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2018-06-17 10:26 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2018-06-17 10:26 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2018-06-17 10:26 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2018-06-17 10:26 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2018-06-17 10:26 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2018-06-17 10:26 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2018-06-17 10:26 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2018-06-17 10:26 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2018-06-17 10:26 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2018-06-17 10:26 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2018-06-17 10:26 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2018-06-17 10:26 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2018-06-17 10:26 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2018-06-17 10:26 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2018-06-17 10:26 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2018-06-17 10:26 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2018-06-17 10:26 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2018-06-17 10:26 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2018-06-17 10:26 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2018-06-17 10:26 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2018-06-17 10:26 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2018-06-17 10:26 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2018-06-17 10:26 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2018-06-17 10:26 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2018-06-17 10:26 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2018-06-17 10:26 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2018-06-17 10:26 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2018-06-17 10:26 - 2009-09-04 17:29 - 000523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2018-06-17 10:26 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2018-06-17 10:26 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2018-06-17 10:26 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2018-06-17 10:26 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2018-06-17 10:26 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2018-06-17 10:26 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2018-06-17 10:26 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2018-06-17 10:26 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2018-06-17 10:26 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2018-06-17 10:26 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2018-06-17 10:26 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2018-06-17 10:26 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2018-06-17 10:26 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll
2018-06-17 10:26 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2018-06-17 10:26 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll
2018-06-17 10:26 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2018-06-17 10:26 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2018-06-17 10:26 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2018-06-17 10:26 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2018-06-17 10:26 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2018-06-17 10:26 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2018-06-17 10:26 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2018-06-17 10:26 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2018-06-17 10:26 - 2008-10-10 04:52 - 005631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2018-06-17 10:26 - 2008-10-10 04:52 - 004379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2018-06-17 10:26 - 2008-10-10 04:52 - 002605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2018-06-17 10:26 - 2008-10-10 04:52 - 002036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2018-06-17 10:26 - 2008-10-10 04:52 - 000519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2018-06-17 10:26 - 2008-10-10 04:52 - 000452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2018-06-17 10:26 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2018-06-17 10:26 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2018-06-17 10:26 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2018-06-17 10:26 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2018-06-17 10:26 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2018-06-17 10:26 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2018-06-17 10:26 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2018-06-17 10:26 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2018-06-17 10:26 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2018-06-17 10:26 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2018-06-17 10:26 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2018-06-17 10:26 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2018-06-17 10:26 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2018-06-17 10:26 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2018-06-17 10:26 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2018-06-17 10:26 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2018-06-17 10:26 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2018-06-17 10:26 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2018-06-17 10:26 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2018-06-17 10:26 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2018-06-17 10:26 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2018-06-17 10:26 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2018-06-17 10:26 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2018-06-17 10:26 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2018-06-17 10:26 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2018-06-17 10:26 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2018-06-17 10:26 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2018-06-17 10:26 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2018-06-17 10:26 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2018-06-17 10:26 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2018-06-17 10:26 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2018-06-17 10:26 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2018-06-17 10:26 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2018-06-17 10:26 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2018-06-17 10:26 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2018-06-17 10:26 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2018-06-17 10:26 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2018-06-17 10:26 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2018-06-17 10:26 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2018-06-17 10:26 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2018-06-17 10:26 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2018-06-17 10:26 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2018-06-17 10:26 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2018-06-17 10:26 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2018-06-17 10:26 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2018-06-17 10:26 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2018-06-17 10:26 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2018-06-17 10:26 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2018-06-17 10:26 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2018-06-17 10:26 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2018-06-17 10:26 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2018-06-17 10:26 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2018-06-17 10:26 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2018-06-17 10:26 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2018-06-17 10:26 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2018-06-17 10:26 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2018-06-17 10:26 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2018-06-17 10:26 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2018-06-17 10:26 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2018-06-17 10:26 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2018-06-17 10:26 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2018-06-17 10:26 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2018-06-17 10:26 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2018-06-17 10:26 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2018-06-17 10:26 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2018-06-17 10:26 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2018-06-17 10:26 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2018-06-17 10:26 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2018-06-17 10:26 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2018-06-17 10:26 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2018-06-17 10:26 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2018-06-17 10:26 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2018-06-17 10:26 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2018-06-17 10:26 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2018-06-17 10:26 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2018-06-17 10:26 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2018-06-17 10:26 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2018-06-17 10:26 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2018-06-17 10:26 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2018-06-17 10:26 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2018-06-17 10:26 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2018-06-17 10:26 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2018-06-17 10:26 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2018-06-17 10:26 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2018-06-17 10:26 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2018-06-17 10:26 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2018-06-17 10:26 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2018-06-17 10:26 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2018-06-17 10:26 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2018-06-17 10:26 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2018-06-17 10:26 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2018-06-17 10:26 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2018-06-17 10:26 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2018-06-17 10:26 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2018-06-17 10:26 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2018-06-17 10:26 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2018-06-17 10:26 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2018-06-17 10:26 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2018-06-17 10:26 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2018-06-17 10:26 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2018-06-17 10:26 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2018-06-17 10:26 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2018-06-17 10:26 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2018-06-17 10:26 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2018-06-17 10:26 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2018-06-17 10:26 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2018-06-17 10:26 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2018-06-17 10:26 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2018-06-17 10:26 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2018-06-17 10:26 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2018-06-17 10:26 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2018-06-17 10:26 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2018-06-17 10:26 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2018-06-17 10:26 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2018-06-17 10:26 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2018-06-17 10:26 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2018-06-17 10:12 - 2018-06-17 10:26 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2018-06-17 10:12 - 2018-06-17 10:26 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2018-06-17 10:08 - 2018-06-17 10:27 - 000000000 ____D C:\Program Files (x86)\PCSX2 1.4.0
2018-06-17 10:08 - 2018-06-17 10:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2018-06-16 20:27 - 2018-06-16 20:27 - 000003188 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1587885285-1548320126-1433991152-1001
2018-06-16 20:27 - 2018-06-16 20:27 - 000003180 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2018-06-16 20:27 - 2018-06-16 20:27 - 000002307 _____ C:\Users\Neto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2018-06-16 20:27 - 2018-06-16 20:27 - 000002254 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2018-06-16 20:27 - 2018-06-16 20:27 - 000002254 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2018-06-16 20:27 - 2018-06-16 20:27 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2018-06-16 20:26 - 2018-06-16 20:26 - 000000000 ____D C:\Users\Neto\AppData\Roaming\Skype
2018-06-16 20:26 - 2018-06-16 20:26 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-06-16 20:25 - 2018-06-16 20:25 - 000002470 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-06-16 20:25 - 2018-06-16 20:25 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-06-16 20:25 - 2018-06-16 20:25 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-06-16 20:25 - 2018-06-16 20:25 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-06-16 20:25 - 2018-06-16 20:25 - 000002406 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-06-16 20:25 - 2018-06-16 20:25 - 000002402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-06-16 20:25 - 2018-06-16 20:25 - 000002386 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-06-16 20:25 - 2018-06-16 20:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office
2018-06-16 19:34 - 2018-06-16 19:34 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-06-11 22:36 - 2018-06-11 22:41 - 000000000 ____D C:\Users\Neto\AppData\Local\Ubisoft Game Launcher
2018-06-11 22:36 - 2018-06-11 22:36 - 000000000 ____D C:\Users\Neto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2018-06-11 22:36 - 2018-06-11 22:36 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2018-06-09 12:48 - 2018-06-09 15:33 - 000000000 ____D C:\Users\Neto\Downloads\Sense8.S02E12.XviD-AFG
2018-06-09 08:35 - 2018-06-09 09:39 - 000000000 ____D C:\Users\Neto\Downloads\Gotham.S04E22.XviD-AFG
2018-06-09 07:39 - 2018-06-09 08:35 - 000000000 ____D C:\Users\Neto\Downloads\Gotham.S04E21.XviD-AFG
2018-06-09 06:05 - 2018-06-09 06:51 - 000000000 ____D C:\Users\Neto\Downloads\Gotham.S04E20.XviD-AFG
2018-06-09 05:00 - 2018-06-09 05:46 - 000000000 ____D C:\Users\Neto\Downloads\Gotham.S04E19.XviD-AFG
2018-06-09 04:44 - 2018-06-09 05:01 - 000000000 ____D C:\Users\Neto\Downloads\Gotham.S04E18.XviD-AFG
2018-06-09 03:11 - 2018-06-09 03:54 - 000000000 ____D C:\Users\Neto\Downloads\Gotham.S04E17.PROPER.XviD-AFG
2018-06-08 16:57 - 2018-06-09 02:24 - 000000000 ____D C:\Users\Neto\Downloads\Gotham.S04E16.XviD-AFG
2018-06-08 15:31 - 2018-06-08 16:09 - 000000000 ____D C:\Users\Neto\Downloads\Gotham.S04E15.XviD-AFG
2018-06-08 14:30 - 2018-06-08 14:44 - 000000000 ____D C:\Users\Neto\Downloads\Gotham.S04E14.XviD-AFG
2018-06-08 12:40 - 2018-06-08 13:44 - 000000000 ____D C:\Users\Neto\Downloads\Gotham.S04E13.XviD-AFG
2018-06-08 12:27 - 2018-06-08 12:39 - 000000000 ____D C:\Users\Neto\Downloads\Gotham.S04E12.XviD-AFG
2018-06-08 08:44 - 2018-06-08 09:35 - 000000000 ____D C:\Users\Neto\Downloads\Gotham.S04E11.XviD-AFG
2018-06-08 07:39 - 2018-06-08 08:50 - 000000000 ____D C:\Users\Neto\Downloads\Gotham.S04E10.XviD-AFG
2018-06-08 06:01 - 2018-06-08 06:56 - 000000000 ____D C:\Users\Neto\Downloads\Gotham.S04E09.XviD-AFG
2018-06-08 05:15 - 2018-06-08 06:00 - 000000000 ____D C:\Users\Neto\Downloads\Gotham.S04E08.XviD-AFG
2018-06-08 04:16 - 2018-06-08 05:15 - 000000000 ____D C:\Users\Neto\Downloads\Gotham.S04E07.XviD-AFG
2018-06-07 14:08 - 2018-06-07 18:50 - 000000000 ____D C:\Users\Neto\Downloads\Gotham.S04E06.XviD-AFG
2018-06-07 13:52 - 2018-06-07 18:02 - 000000000 ____D C:\Users\Neto\Downloads\Gotham.S04E05.XviD-AFG
2018-06-07 13:39 - 2018-06-07 17:08 - 000000000 ____D C:\Users\Neto\Downloads\Gotham.S04E04.XviD-AFG
2018-06-07 13:31 - 2018-06-07 16:20 - 000000000 ____D C:\Users\Neto\Downloads\Gotham.S04E03.XviD-AFG
2018-06-07 13:23 - 2018-06-07 15:22 - 000000000 ____D C:\Users\Neto\Downloads\Gotham.S04E02.XviD-AFG
2018-06-07 13:08 - 2018-06-07 14:27 - 000000000 ____D C:\Users\Neto\Downloads\Gotham.S04E01.XviD-AFG
2018-06-03 07:54 - 2018-06-05 00:13 - 000000000 ____D C:\Users\Neto\Downloads\Now.You.See.Me.2.2016.BDRip.XviD.AC3-EVO
2018-05-31 19:37 - 2018-05-31 19:41 - 000000042 _____ C:\WINDOWS\system32\kms.txt
2018-05-31 07:24 - 2018-05-31 22:25 - 000000000 ____D C:\Users\Neto\Downloads\A.Dark.Song.2016.BRRip.XviD.AC3-EVO
2018-05-29 19:44 - 2018-05-29 19:44 - 000641696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2018-05-29 19:44 - 2018-05-29 19:44 - 000389296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2018-05-29 19:44 - 2018-05-29 19:44 - 000331432 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2018-05-29 19:44 - 2018-05-29 19:44 - 000087728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2018-05-29 19:33 - 2018-05-29 19:33 - 000440128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2018-05-29 19:33 - 2018-05-29 19:33 - 000263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2018-05-29 19:33 - 2018-05-29 19:33 - 000242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2018-05-29 19:33 - 2018-05-29 19:33 - 000083792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2018-05-28 03:14 - 2018-05-28 03:14 - 000000000 ____D C:\Users\Neto\AppData\Roaming\WinRAR
2018-05-28 03:13 - 2018-05-28 03:14 - 000000000 ____D C:\Users\Neto\Documents\Games
2018-05-27 20:36 - 2018-05-27 20:36 - 000000000 ____D C:\Users\Neto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-05-27 20:36 - 2018-05-27 20:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-05-27 20:36 - 2018-05-27 20:36 - 000000000 ____D C:\Program Files\WinRAR
2018-05-27 19:15 - 2018-05-27 19:15 - 000000000 ____D C:\Program Files\Common Files\Intel
2018-05-27 19:15 - 2018-05-27 19:15 - 000000000 ____D C:\Program Files (x86)\Cisco
2018-05-27 18:52 - 2018-05-27 19:10 - 157357808 _____ (Dell Inc.) C:\Users\Neto\Downloads\Intel-3160-7260-3165-7265-Wi-Fi-Driver_5TJF1_WIN_20.10.1.1190_A00.EXE

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2018-06-26 16:43 - 2018-05-25 21:54 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1587885285-1548320126-1433991152-1001
2018-06-26 16:39 - 2018-05-26 19:06 - 000000000 ____D C:\Program Files (x86)\Steam
2018-06-26 16:38 - 2015-05-29 00:53 - 000000000 ____D C:\ProgramData\McAfee
2018-06-26 16:38 - 2013-08-22 11:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-06-26 15:53 - 2018-05-25 23:51 - 000004162 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2018-06-26 05:20 - 2018-05-26 16:18 - 000000000 ____D C:\Users\Neto\AppData\Roaming\qBittorrent
2018-06-25 23:57 - 2018-05-25 21:43 - 000000000 ____D C:\Users\Neto\AppData\Local\Packages
2018-06-25 21:30 - 2013-08-22 12:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-06-25 18:56 - 2018-05-25 22:55 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-25 18:14 - 2018-05-25 23:02 - 000000000 ____D C:\Users\Neto\Documents\Important Files
2018-06-25 14:49 - 2013-08-22 12:36 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-06-25 14:49 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\Inf
2018-06-25 13:45 - 2013-08-22 10:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2018-06-24 21:47 - 2014-11-21 23:43 - 001800588 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-06-24 21:47 - 2014-11-21 22:52 - 000777374 _____ C:\WINDOWS\system32\prfh0416.dat
2018-06-24 21:47 - 2014-11-21 22:52 - 000159450 _____ C:\WINDOWS\system32\prfc0416.dat
2018-06-24 19:52 - 2018-05-25 23:51 - 001020112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2018-06-24 19:52 - 2018-05-25 23:51 - 000455464 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2018-06-24 19:52 - 2018-05-25 23:51 - 000373944 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2018-06-24 19:52 - 2018-05-25 23:51 - 000203544 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2018-06-24 19:52 - 2018-05-25 23:51 - 000189544 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2018-06-24 19:52 - 2018-05-25 23:51 - 000152016 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2018-06-24 19:52 - 2018-05-25 23:51 - 000104256 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2018-06-24 19:52 - 2018-05-25 23:51 - 000078352 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2018-06-24 19:52 - 2018-05-25 23:51 - 000039352 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2018-06-24 19:51 - 2018-05-25 23:51 - 000339048 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys
2018-06-24 19:51 - 2018-05-25 23:51 - 000222288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys
2018-06-24 19:51 - 2018-05-25 23:51 - 000194224 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys
2018-06-24 19:51 - 2018-05-25 23:51 - 000051952 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys
2018-06-23 04:02 - 2018-05-25 21:41 - 000000000 ____D C:\Users\Neto
2018-06-22 18:35 - 2018-05-26 16:44 - 000000000 ____D C:\Users\Neto\AppData\Roaming\BSplayer
2018-06-21 03:51 - 2015-05-29 00:31 - 000000000 ____D C:\Users\Administrator
2018-06-19 01:11 - 2013-08-22 11:44 - 000476304 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-06-17 10:33 - 2013-08-22 12:20 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-17 10:10 - 2015-05-29 00:33 - 000000000 ____D C:\ProgramData\Package Cache
2018-06-16 20:26 - 2015-05-29 00:49 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-06-16 20:26 - 2013-08-22 12:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-06-16 19:34 - 2013-08-22 12:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-06-07 08:56 - 2018-05-26 00:45 - 000004554 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-06-07 08:56 - 2018-05-26 00:45 - 000004396 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-06-07 08:56 - 2013-08-22 12:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-06-07 08:56 - 2013-08-22 12:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-06-01 10:31 - 2018-05-25 21:42 - 000000000 ____D C:\Users\Neto\AppData\Local\NVIDIA Corporation
2018-06-01 10:31 - 2018-05-25 21:42 - 000000000 ____D C:\Users\Neto\AppData\Local\NVIDIA
2018-05-31 18:38 - 2015-05-29 00:48 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2018-05-31 18:38 - 2015-05-29 00:31 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-05-31 18:35 - 2018-05-25 21:50 - 000000000 ____D C:\ProgramData\softthinks
2018-05-30 17:35 - 2018-05-25 22:02 - 000000136 _____ C:\WINDOWS\ODBC.INI
2018-05-27 19:15 - 2015-05-29 00:33 - 000000000 ____D C:\ProgramData\Intel
2018-05-27 19:15 - 2015-05-29 00:33 - 000000000 ____D C:\Program Files (x86)\Intel
2018-05-27 19:13 - 2015-05-29 00:33 - 000000000 ____D C:\Program Files\Intel
2018-05-27 19:11 - 2015-05-29 05:03 - 000000000 ____D C:\ProgramData\Dell

Alguns arquivos em TEMP:
====================
2018-06-25 14:47 - 2014-08-08 19:26 - 000851136 _____ (McAfee, Inc.) C:\Users\Neto\AppData\Local\Temp\0322981529948863mcinst.exe

==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2015-05-29 00:21

==================== Fim de FRST.txt ============================
Attached Files
File Type: txt Addition.txt (28.8 KB, 15 views)
hiei_jagan is offline  
Old 06-26-2018, 10:33 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You recently downloaded software that bypasses activation of illegal copies of MS Windows, Office, or both.

It appears you are running a pirated copy of MS Office, correct?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-27-2018, 01:17 AM   #9
Registered Member
 
Join Date: Jun 2018
Posts: 7
OS:



No no. This is a trial version of MS Office. I can use it for a month for free.

PS: I just remembered something. Before I had to format my notebook, I mentioned to one of my friends I didn't have a MS Office on my notebook because I didn't have the money to buy a license, and he recommended me to download a free package (Not pirate; actually free) of one of these Office-like things. It's called WPS.
It has a huge load of ads, which made me uninstall it at some point.

I didn't think the ads could have viruses. But now that I think about it... Maybe that's where I got the rootkit?
hiei_jagan is offline  
Old 06-27-2018, 01:53 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Please go to: VirusTotal
  • Click the Upload and scan file button.
  • Please copy/paste the following bolded text into the 'File name:' box:

    C:\windows\autokms\autokms.exe

  • Click Open
  • This will scan the file. Please be patient.
  • Once scanned, copy and paste the URL from your browser address bar in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-27-2018, 02:31 PM   #11
Registered Member
 
Join Date: Jun 2018
Posts: 7
OS:



It says the file doesn't exist, so it does nothing. I went to the folder and it is indeed empty. What is this autokms thing?
hiei_jagan is offline  
Old 06-27-2018, 04:04 PM   #12
Registered Member
 
Join Date: Jun 2018
Posts: 7
OS:



I've just done a research and it seems this file is connected to pirated Windows. I don't know why this folder is in my OS. My OS is original, my Office is original (Trial, but original). I've never used a pirated version of Office, which is precisely the reason why I went after the WPS to begin with. See those downloaded series and movies? They're all on Netflix. My family has an account/subscription, my internet is horrible, and I prefer downloading things there are on Netflix (Since what I'm watching won't stop running every minute), the same way roms can be downloaded when you own their physical copy.
But it does seem like you are taking me as a bad person, which, as you might understand, is not something I'm very comfortable with.

Either way, I sincerely thank you for the information about the rootkit being inactive. I really wanted, above all, to have the windows.old folder deleted, because even though it shows its size is 0, it's obviously not. It's eating away my HD capacity, because I can't delete it. AND it has a rootkit in it, inactive or not. But I understand you being suspicious.

I'm closing this thread. You did help me with the rootkit. I can keep trying deleting the windows.old folder on my own.

Once again: Thank you, Chemist. I'm sorry if I said something rude; it really isn't my intention.
hiei_jagan is offline  
Old 06-28-2018, 04:59 AM   #13
Team Manager - Hardware
Acting Manager, Security Center
 
Rich-M's Avatar
 
Join Date: May 2007
Location: NE Pennsylvania
Posts: 14,471
OS: Windows 10 Professional

My System


I am not a big believer in CCleaner and always suggest no one use Reg Cleaner in it but have used it to get rid of stubborn "Old Windows" folders:
https://www.windows10forums.com/thre...ndows-old.204/
I am sure no offense taken as to piracy hiei, we have to ask and point out as forum rules forbid working with those but we also assume nothing in doing so.
__________________


All PC's are not the same. Posting your PC specs will help us to assist you quicker and more effectively.
Rich-M is offline  
 

Tags
rootkit

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
I think I have a rootkit
Hello Techs. There is something wrong with my computer. It doesn't boot with a usb connection plugged in such as storage device etc. etc. It only goes to error page where I have 30 seconds or whatever to select how I would like to boot windows and which operating system etc. It will do this until I...
delaney14 Virus/Trojan/Spyware Help 14 04-24-2011 09:03 AM
Need help w mbr rootkit
Hi thanks for any help in advance- I think there is a mbr rootkit virus on my computer that is being detected by avast antivirus and after 3 attempts to delete it and boot-time scans, it is still show warnings that there is a rootkit on my system. Also, I keep getting a windows error saying "Host...
mb394 Resolved HJT Threads 12 03-23-2011 06:37 PM
Can't see the C & D drive in disk management! Please help.
Disk manager can't locate C & D drive, only DVD/CD drive. Win Explorer shows both drives are OK. I think it is possibly infected with a virus as i also encountered a few Blue Screen of Deaths (BSOD). I wanted to do a full reformat, but could not do so as i can't locate my C & D drives. The...
seanfoo2005 Resolved HJT Threads 33 03-21-2011 05:16 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 06:59 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts