Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Toshiba Satellite laptop (Windows 10) acting slow/can't update antivirus

Started by Zyrus Campbell , Mar 25 2018 07:46 PM

Please log in to reply

18 replies to this topic

#1 Zyrus Campbell

Member

Full Member
35 posts

Posted 25 March 2018 - 07:46 PM

I have Malwarebytes installed but it won't allow me to update and therefore, won't run the scan, so I'm not able to include the log in this post. I installed Farbar RST and Security Analysis and also ran the ESET Online Scanner to get logs (see below). I hope these help. I used to use Spybot S&D as well, but it encountered the same problem that Malwarebytes was having with not being able to update. I followed instructions that I found online for checking the application's settings in Run > Services but it wouldn't let me change the status for either application. So, I'm kinda stuck. My laptop is getting increasingly slower and I'm at my wits end with how to fix it. What can I do? Any help would be greatly appreciated. I am posting the logs (that I'm able to create at the moment) below. Please let me know if you need anything else.

=============================================================================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018

Ran by zC (administrator) on ZC (25-03-2018 20:47:02)

Running from C:\Users\zC\Desktop\Antivirus

Loaded Profiles: zC (Available Profiles: zC)

Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\rtrxuilsvc.exe

(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Apache Software Foundation) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

() C:\Program Files\CyberLink\Shared files\RichVideo64.exe

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe

() C:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe

(M-Audio) C:\Program Files (x86)\M-Audio\Fast Track Pro\AudioDevMon.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe

(Apache Software Foundation) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe

(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(SweetLabs, Inc) C:\Users\zC\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\System Setting\TCrdMain_Win8.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe

() C:\Users\zC\AppData\Local\wimnpel\wimnpel.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.690\SSScheduler.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\Users\zC\AppData\Local\igfxmtc\igfxmtc.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe

(IObit) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\Pub\PubMonitor.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

() C:\Users\zC\AppData\Local\wimnpel\nvoimkz.exe

(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Farbar) C:\Users\zC\Desktop\Antivirus\Farbar Recovery Scan Tool (64x).exe

() C:\Users\zC\AppData\Local\wimnpel\nvoimkz.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18383328 2018-02-27] (Realtek Semiconductor)

HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)

HKLM\...\Run: [TCrdMain] => C:\Program Files\Toshiba\System Setting\TCrdMain_Win8.exe [511280 2015-06-24] (TOSHIBA Corporation)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)

HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [243496 2018-02-26] (AVAST Software)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-07] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160 2009-06-17] (Elaborate Bytes AG)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.)

HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [3029936 2017-09-20] (Sony Corporation)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\Run: [GoogleChromeAutoLaunch_6C7EC2962F8CF0594194777D57CC6533] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1589592 2018-03-20] (Google Inc.)

HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\Run: [HP Officejet 6500 E710n-z (NET)] => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\Run: [Chromium] => c:\users\zc\appdata\local\chromium\application\chrome.exe [1035264 2016-03-17] (The Chromium Authors)

HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10290608 2018-02-07] (Piriform Ltd)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-09-18]

ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-03-02]

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.690\SSScheduler.exe (McAfee, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-09-18]

ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)

Startup: C:\Users\zC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\landreth.lnk [2017-12-25]

ShortcutTarget: landreth.lnk -> C:\Program Files (x86)\Preoccupied\regulative.exe (No File)

Startup: C:\Users\zC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\landrethlandreth.lnk [2017-12-25]

ShortcutTarget: landrethlandreth.lnk -> C:\Program Files (x86)\horizontally\befalling.exe (No File)

BootExecute: autocheck autochk * sdnclean64.exe

GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{71c9f17f-f4f6-4294-b8bd-9eb426a210d6}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{e17d7c90-3b4a-4079-92ca-f447b5538c53}: [DhcpNameServer] 192.168.1.254

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131262938001611494&GUID=CDA14719-8E3F-41DE-AA9D-1D7961424823

HKU\S-1-5-21-3369261439-609741471-2718208431-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131262938001640164&GUID=CDA14719-8E3F-41DE-AA9D-1D7961424823

HKU\S-1-5-21-3369261439-609741471-2718208431-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba15.msn.com/?pc=TBTE

HKU\S-1-5-21-3369261439-609741471-2718208431-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://start.new.toshiba.com?cid=H15C2

SearchScopes: HKLM -> DefaultScope {BADE307F-35F2-4ECF-9736-6ED72F03EA89} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1

SearchScopes: HKLM -> {BADE307F-35F2-4ECF-9736-6ED72F03EA89} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1

SearchScopes: HKLM-x32 -> DefaultScope value is missing

SearchScopes: HKLM-x32 -> {BADE307F-35F2-4ECF-9736-6ED72F03EA89} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1

SearchScopes: HKU\S-1-5-21-3369261439-609741471-2718208431-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL =

Toolbar: HKLM - No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File

Toolbar: HKLM-x32 - No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File

FireFox:

========

FF DefaultProfile: gpb5czdw.default

FF ProfilePath: C:\Users\zC\AppData\Roaming\Mozilla\Firefox\Profiles\gpb5czdw.default [2018-03-21]

FF Homepage: Mozilla\Firefox\Profiles\gpb5czdw.default -> about:tabs

FF NewTab: Mozilla\Firefox\Profiles\gpb5czdw.default -> about:newtab

FF Session Restore: Mozilla\Firefox\Profiles\gpb5czdw.default -> is enabled.

FF Extension: (Avast SafePrice) - C:\Users\zC\AppData\Roaming\Mozilla\Firefox\Profiles\gpb5czdw.default\Extensions\sp@avast.com.xpi [2018-02-26]

FF Extension: (Avast Online Security) - C:\Users\zC\AppData\Roaming\Mozilla\Firefox\Profiles\gpb5czdw.default\Extensions\wrc@avast.com.xpi [2018-02-26]

FF Extension: (ColorZilla) - C:\Users\zC\AppData\Roaming\Mozilla\Firefox\Profiles\gpb5czdw.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}.xpi [2017-03-08]

FF Extension: (MeasureIt) - C:\Users\zC\AppData\Roaming\Mozilla\Firefox\Profiles\gpb5czdw.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2016-12-07] [Legacy]

FF Plugin: @Citrix.com/npagee64,version=10.1.122.11 -> C:\Program Files\Citrix\Secure Access Client\npagee64.dll [2013-11-26] (Citrix Systems, Inc.)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]

FF Plugin-x32: @Citrix.com/npagee,version=10.1.122.11 -> C:\Program Files\Citrix\Secure Access Client\npagee.dll [2013-11-26] (Citrix Systems, Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\zC\AppData\Roaming\mozilla\plugins\npagee.dll [2013-11-26] (Citrix Systems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\zC\AppData\Roaming\mozilla\plugins\npagee64.dll [2013-11-26] (Citrix Systems, Inc.)

Chrome:

=======

CHR DefaultProfile: Default

CHR Session Restore: Default -> is enabled.

CHR Profile: C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default [2018-03-25]

CHR Extension: (Slides) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]

CHR Extension: (Simple Pool Game) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjijhekaonkmkedfdabbageicfhhlgo [2016-04-06]

CHR Extension: (E*TRADE Browser Trading) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\adgjomjdnhlppcidahijhehhfgneaolh [2017-12-25]

CHR Extension: (SEOquake) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2018-01-29]

CHR Extension: (Word Search Puzzle) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\alcobafdkcddhiabfgnongafffchimnl [2016-04-06]

CHR Extension: (Docs) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]

CHR Extension: (Google Drive) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-06]

CHR Extension: (YouTube) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-06]

CHR Extension: (8-Ball Pool) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb [2016-12-23]

CHR Extension: (Finance Toolbar - Real Time Stock Tracker) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cichbngoomgnobmmjpagmbkimbamigie [2017-12-25]

CHR Extension: (__MSG_browserActionTitle__) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\clkkaggocmafajhbcbknhcgnbmagjohi [2016-10-13]

CHR Extension: (Word Search) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj [2016-04-06]

CHR Extension: (Client for Google Analytics™) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eambnehgniboinbhhcncaggoedccddnp [2017-12-25]

CHR Extension: (Avast SafePrice) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-03-09]

CHR Extension: (Sheets) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]

CHR Extension: (Page Analytics (by Google)) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2017-12-25]

CHR Extension: (Google Docs Offline) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-06]

CHR Extension: (Google Calendar) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2018-03-20]

CHR Extension: (Save to Google Drive) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2017-12-25]

CHR Extension: (Bookmark Manager) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2017-12-25]

CHR Extension: (Avast Online Security) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-03-06]

CHR Extension: (eCannabis.com News) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hleklbkjnimndonegalbakabcdhmhpbo [2017-12-25]

CHR Extension: (Google Keep - notes and lists) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2018-03-21]

CHR Extension: (SMhack - Social Media Management Tool) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\imggkmfffdfkcdekembcmkogdjgdicge [2017-12-25]

CHR Extension: (Unifeed | Social networks in one hub) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbjhhjplnmadgnhoiofenklhhpijiojh [2017-12-25]

CHR Extension: (Cisco WebEx Extension) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-07-15]

CHR Extension: (Reload All Tabs) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgpdljdpanfecnpindkbnikegohoobci [2016-04-06]

CHR Extension: (Google Keep Chrome Extension) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2018-03-06]

CHR Extension: (Stock Portfolio) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdoambecilccimhbonfabmoomaegehni [2017-12-25]

CHR Extension: (Google Hangouts) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2018-02-13]

CHR Extension: (Chrome Web Store Payments) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25]

CHR Extension: (Gmail) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-06]

CHR Extension: (Chrome Media Router) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-25]

CHR Profile: C:\Users\zC\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-06-21]

CHR Profile: C:\Users\zC\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-21]

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\wbskr <==== ATTENTION (Rootkit!)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9302688 2018-02-17] (Emsisoft Ltd)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-07-07] () [File not signed]

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)

R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2278152 2015-09-18] (Broadcom Corporation.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2776664 2015-08-16] (Microsoft Corporation)

R2 FastTrackProAudioDevMon; C:\Program Files (x86)\M-Audio\Fast Track Pro\AudioDevMon.exe [1688296 2015-06-10] (M-Audio)

S2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.690\McCHSvc.exe [405400 2018-02-19] (McAfee, Inc.)

R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [498096 2017-09-20] (Sony Corporation)

R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)

S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)

R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-05-04] (Synaptics Incorporated)

R2 TOSRMService; C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe [326960 2015-06-24] (TOSHIBA)

R2 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]

R2 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]

S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-08] (Microsoft Corporation)

S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-08] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [27016 2018-02-27] (Advanced Micro Devices, INC.)

S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices, Inc. )

R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2015-06-04] (Advanced Micro Devices, Inc.)

R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [137104 2018-02-27] (Advanced Micro Devices, Inc. )

R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2018-02-27] (Advanced Micro Devices)

R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [186152 2018-02-27] (Broadcom Corporation.)

S3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [11761928 2018-02-27] (Broadcom Corp)

R3 BCMWL63A; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [11761928 2018-02-27] (Broadcom Corp)

R1 epp; C:\Program Files\Emsisoft Anti-Malware\epp.sys [124552 2016-11-23] (Emsisoft Ltd)

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] ()

S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-08-31] (LogMeIn Inc.)

R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-02-26] (REALiX™)

S4 jpfo; C:\WINDOWS\System32\drivers\xtos.sys [79064 2017-12-26] (Malwarebytes)

R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2018-02-26] (Malwarebytes)

R1 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-02-26] (Malwarebytes)

S1 MpKsl11e31cfa; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FA9B35C6-0ACE-4053-90DF-CD01E0FDF25F}\MpKsl11e31cfa.sys [58120 2017-12-08] () [File not signed]

R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329184 2018-02-27] (Realtek Semiconductor Corp.)

R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010624 2018-02-27] (Realtek )

R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [42088 2018-02-27] (Synaptics Incorporated)

R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [52976 2017-08-29] ()

R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [44952 2018-02-27] (Toshiba Client Solutions Co., Ltd.)

S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2017-12-08] (Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288848 2017-12-08] (Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-08] (Microsoft Corporation)

S3 MBAMFarflt; \SystemRoot\system32\DRIVERS\farflt.sys [X]

S3 MBAMProtection; \SystemRoot\system32\DRIVERS\mbam.sys [X]

S3 MBAMWebProtection; \SystemRoot\system32\DRIVERS\mwac.sys [X]

R3 udiskMgr; system32\drivers\qtwzdg.sys [X] <==== ATTENTION

========================== Drivers MD5 =======================

C:\WINDOWS\System32\drivers\1394ohci.sys 08312DEEF0D3F8647AA53AD90A69094E

C:\WINDOWS\System32\drivers\3ware.sys 645009E711BBF117CCEE917A03FB0CDD

C:\WINDOWS\System32\drivers\ACPI.sys 91A59E1A94F1A267FA9F8F6FC9AA9497

C:\WINDOWS\System32\drivers\AcpiDev.sys 44EA35A4B397898A83BF1B9B4B8DAE35

C:\WINDOWS\System32\Drivers\acpiex.sys 91D113A1532B8AB1E25B7DE5AB3C2F83

C:\WINDOWS\System32\drivers\acpipagr.sys 620BB2682BA625DF037072D89F44F6EE

C:\WINDOWS\System32\drivers\acpipmi.sys B9805A3C479390CEAEA5AEF5E4A90A2E

C:\WINDOWS\System32\drivers\acpitime.sys ABD4EB55C661143B015BD0B9B47B235C

C:\WINDOWS\System32\drivers\ADP80XX.SYS 8C58BD711FAD5F11E8CFDBC5CED973A5

C:\WINDOWS\system32\drivers\afd.sys 6FB5A2026B16D596DEABF550E7A4BD82

C:\WINDOWS\System32\DRIVERS\ahcache.sys 56166D110D3ECFFC595E5FA02D9BA491

C:\WINDOWS\System32\drivers\AmdAS4.sys 53ED9B999459E8045A3063EBEB62FA28

C:\WINDOWS\System32\drivers\amdk8.sys 62619E31AFF88F906A7E793AC4A9FF51

C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys E8495D3C92EC6ED5A6613A870A85B79D

C:\WINDOWS\system32\DRIVERS\atikmdag.sys 095E567C365426097832AE9F7DF94464

C:\WINDOWS\system32\DRIVERS\atikmpag.sys 4666CE88F17EF3891EA8A1CED794731D

C:\WINDOWS\System32\drivers\amdkmpfd.sys A7820769AF79FF16DBF52133C00FEA80

C:\WINDOWS\System32\drivers\amdppm.sys 735142DD039BEB35632765C41FC6E397

C:\WINDOWS\System32\DRIVERS\amdpsp.sys BC394B09B3B83C46966A26B52832F7D9

C:\WINDOWS\System32\drivers\amdsata.sys F1C16AABA27E9E153AEC7BD2AB853F30

C:\WINDOWS\System32\drivers\amdsbs.sys C834D0F1ECB8473E9E6D18EE1BCEECB2

C:\WINDOWS\System32\drivers\amdxata.sys 49203D2FFE30CBB36BE66A0E70F3D954

C:\WINDOWS\System32\drivers\amd_sata.sys 25A9E15B317AFA4C98E54D987E5545C0

C:\WINDOWS\System32\drivers\amd_xata.sys A114AE7DCE3640AC860EC191246DDB08

C:\WINDOWS\System32\drivers\appid.sys 3692C75C47285D388C886D162F54C430

C:\WINDOWS\System32\drivers\applockerfltr.sys 1E085E2302D568F0CE041732B3E887B0

C:\WINDOWS\System32\drivers\arcsas.sys B42C83DE28776B80DBA1310C56DD4F74

C:\WINDOWS\System32\drivers\asyncmac.sys C2151380227CD1F7DDA2401C1F151367

C:\WINDOWS\System32\drivers\atapi.sys 6191B9B2EE0E8CB957C683B9B341CC86

C:\WINDOWS\system32\drivers\AtihdWT6.sys D1A54E20877DBE8F5772FD249B0A6F2C

C:\WINDOWS\System32\drivers\bxvbda.sys A921805C1ED3253DF48FCA4D724173EB

C:\WINDOWS\System32\drivers\bam.sys 0565247091903FA6C148EF3A9A7F4D9A

C:\WINDOWS\System32\drivers\BasicDisplay.sys 2A7267AA15E508F6D05A5B562F1FD1CE

C:\WINDOWS\System32\drivers\BasicRender.sys 2E1EE0F10FAF1250D1AC05BFB0E6BD3D

C:\WINDOWS\system32\drivers\bcbtums.sys AB1F87CBB209BE855FDC93DF2C97D2AC

C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys A0C6FAF828D8962FF9D8187E05C07BE0

C:\WINDOWS\System32\drivers\bcmfn2.sys 739D089777D2B66DBE7201E5EA4BA2D7

C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys A0C6FAF828D8962FF9D8187E05C07BE0

C:\Windows\System32\Drivers\Beep.sys EDDAA3A563E7EB71C991FE91249C7D81

C:\WINDOWS\System32\DRIVERS\bowser.sys D030A1203680D66716F4E74053468627

C:\WINDOWS\system32\drivers\BthA2DP.sys 8A99FD5859DF5B147256B1BF46A97A9E

C:\WINDOWS\System32\drivers\BthAvrcpTg.sys A4863B7B1F0DB513D6E34547BACC211A

C:\WINDOWS\System32\drivers\BthEnum.sys 82BD96D56574231AD0E9BBF293EA2E7F

C:\WINDOWS\system32\DRIVERS\BthHfAud.sys F0801BA7335BF5C8BBD33ECF1C8DA352

C:\WINDOWS\System32\drivers\bthhfenum.sys 9C9EE272C11252C651C5DE6A1AC1EDAA

C:\WINDOWS\System32\drivers\BthHFHid.sys 69734E386826ED857C889330F35B4D9C

C:\WINDOWS\system32\DRIVERS\bthl2cap.sys 338B8D45C7DFB03DB7957188E16C9661

C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys 47BF82E2A6D11279C8501E08518AB835

C:\WINDOWS\System32\drivers\bthmodem.sys A94AFAEA86F5F792BB4ECA095B231464

C:\WINDOWS\System32\drivers\bthpan.sys 4F58D8C265FFA943878CF7F922432847

C:\WINDOWS\system32\DRIVERS\BTHport.sys D970480A59C314CC344118D7B185D7E6

C:\WINDOWS\system32\DRIVERS\BTHUSB.sys 55C836530A9602255BFB4F5D9DA2B737

C:\WINDOWS\System32\drivers\bttflt.sys 39E7437FC59CDD7A303ABD514E462E8B

C:\WINDOWS\system32\DRIVERS\btwampfl.sys 241EF920E603F5153F0CB6CB697CA2B4

C:\WINDOWS\System32\drivers\buttonconverter.sys 522888590B0C19BC8128119060AE7901

C:\WINDOWS\System32\drivers\CAD.sys 2AB01CE5E233A6FBA3E91BD57772AA4B

C:\WINDOWS\System32\drivers\capimg.sys F6F97879F53AD57194C6BC8272FD73EA

C:\WINDOWS\System32\DRIVERS\cdfs.sys 9E82A95D77AC78C84BA75FF896B060BF

C:\WINDOWS\System32\drivers\cdrom.sys 6D83565C1652E80447EDEA6947FA89D7

C:\WINDOWS\System32\drivers\cht4sx64.sys D81954CE5E016FD716EDDB2B2FD9BA58

C:\WINDOWS\System32\drivers\cht4vx64.sys F9A8570805807FFD66488F0A858E1308

C:\WINDOWS\System32\drivers\circlass.sys 9798D58461706930190F1F2F6BF21D80

C:\WINDOWS\System32\drivers\cldflt.sys CC8F32D22A8616F3A38FE43B23611CC5

C:\WINDOWS\System32\drivers\CLFS.sys 59D46CE57A49353A733D162DBA65A4FA

C:\WINDOWS\System32\drivers\CmBatt.sys 2BA3BA38B5A6A667B0EAEC477276707B

C:\WINDOWS\System32\Drivers\cng.sys 58EF380A20B212FF5E0E337A2F36EBF7

C:\WINDOWS\System32\DRIVERS\cnghwassist.sys C65AF00EF12A1755E7CA370B0C71935D

C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_9c1fb8f4db31c348\CompositeBus.sys A50300498D56B2448F3593D25478D508

C:\WINDOWS\System32\drivers\condrv.sys 65602B0DB49199647FECB2D1212147BE

C:\WINDOWS\System32\drivers\dam.sys 72BE43ABD786E86AAE7EA2193201E100

C:\WINDOWS\System32\Drivers\dfsc.sys 9910E9CFF5ECDCB225F82E72CE9DE459

C:\WINDOWS\System32\drivers\disk.sys 811173C821171BB910219E53C7FD97AD

C:\WINDOWS\System32\drivers\dmvsc.sys 569FE16775E15A49DC904DE20BF8CAA0

C:\WINDOWS\System32\drivers\drmkaud.sys F4800922F4ABA619585CE320A72E6389

C:\WINDOWS\System32\drivers\dxgkrnl.sys 0DF6B436F579E1DD23C8EBD61EE749E8

C:\WINDOWS\System32\drivers\evbda.sys C99D40C97841E0A7F0F90B8629593A97

C:\WINDOWS\System32\drivers\EhStorClass.sys 260BBD6B1ED06298E509B452354EDB91

C:\WINDOWS\System32\drivers\EhStorTcgDrv.sys F3BEBDC1B9DBA32F183079EAE6244837

C:\WINDOWS\System32\Drivers\ElbyCDIO.sys 9A47AC3DFCF81D30922CDAAF1C2D579F

C:\Program Files\Emsisoft Anti-Malware\epp.sys 0E840AA66CAB02CBA9730C772BBE305B

C:\WINDOWS\System32\drivers\errdev.sys 1B63CA857FD03FD0A5A1379F2996784F

C:\WINDOWS\system32\drivers\mbae64.sys 680AF1647150CF9B061FF40E71C7396A

C:\Windows\System32\Drivers\exfat.sys F1ACA42D448E3986565EA54275EEEA65

C:\Windows\System32\Drivers\fastfat.sys 0AF4B36754A6EAE794EE4398E219A9E1

C:\WINDOWS\System32\drivers\fdc.sys 7CD8426A33F06EB72BFEC51F7C264AF8

C:\WINDOWS\System32\drivers\filecrypt.sys DE51BBBCF358188F9736F031546F9908

C:\WINDOWS\System32\drivers\fileinfo.sys 822F664952B0F8D11BB6BD2F11779602

C:\WINDOWS\System32\drivers\filetrace.sys 5A4935682A0D47A4EAC4BE3C2ACF74D6

C:\WINDOWS\System32\drivers\flpydisk.sys 60641F22D1D38EAD197C25F0339C9712

C:\WINDOWS\System32\drivers\fltmgr.sys 8F0A9F3BEBEE86A88BC82B222488B2FD

C:\WINDOWS\System32\drivers\FsDepends.sys FB55F4ACC55261B25B3FF1B5BF87F10A

C:\Windows\System32\Drivers\Fs_Rec.sys BB82CC2F51F7C3D5DCD13FA3B040D8F8

C:\WINDOWS\System32\DRIVERS\fvevol.sys 11C39CA2326F1F1DBEC11C7A3D26A6A4

C:\WINDOWS\System32\drivers\FwLnk.sys 3409348B2C139768E639021A6CF167AC

C:\WINDOWS\System32\drivers\vmgencounter.sys 3B5DDF1061930A0A891FA63DB0CB878B

C:\WINDOWS\System32\drivers\genericusbfn.sys 8B34E3F794F652082D7E8AF112F71681

C:\WINDOWS\System32\Drivers\msgpioclx.sys 127C23F4720C8902A3AB0FEE12205317

C:\WINDOWS\System32\drivers\gpuenergydrv.sys C7DEA3458E50B691E69EFF0B47CBCCDB

C:\WINDOWS\System32\drivers\Hamdrv.sys 7F79205B4EFA98F0767309479C8C01C6

C:\WINDOWS\System32\drivers\HDAudBus.sys 99A34FD1F6431A10D8C3BB50E170D0F2

C:\WINDOWS\System32\drivers\HidBatt.sys 2443FC6EEB9CF092B62127D867901B02

C:\WINDOWS\System32\drivers\hidbth.sys 205043CDC16ADE85E252DD54AE925161

C:\WINDOWS\System32\drivers\hidi2c.sys B521DDDC9038C066B1B957BF063A531A

C:\WINDOWS\System32\drivers\hidinterrupt.sys 5AC0EBFA76E93273A806176D3178E986

C:\WINDOWS\System32\drivers\hidir.sys 366AC0E05EBF5D5C375F65CD8BC7F0DF

C:\WINDOWS\System32\drivers\hidusb.sys 7CB54D02746024648FCE184FC3F941FF

C:\WINDOWS\System32\drivers\HpSAMD.sys 835FB95D85D362057A72D21A48C2C7F8

C:\WINDOWS\System32\drivers\HTTP.sys 82C0A5B7D21442D063FFAFD0B6AAC086

C:\WINDOWS\System32\drivers\hvservice.sys 9F2CFC90306532866C62BDCDFD2532AA

C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS EF558A02D734A1403583E95CCEEC2487

C:\WINDOWS\System32\Drivers\mshwnclx.sys 3737FE486929AFC48F1D10677B698E52

C:\WINDOWS\System32\drivers\hwpolicy.sys 3C65EBF7F1BFD98426C355D66876ECEE

C:\WINDOWS\System32\drivers\hyperkbd.sys 7E00234C67A322988AFEA717D5609C9E

C:\WINDOWS\System32\drivers\HyperVideo.sys FBF5BB641DE99AE1DF4835E88D4F8993

C:\WINDOWS\System32\drivers\i8042prt.sys 56FF074E50F9042FD2856AB3418F4B18

C:\WINDOWS\System32\drivers\iagpio.sys B5EC43755E62591197DE5CBBDAA9FEB7

C:\WINDOWS\System32\drivers\iai2c.sys D8CA23F9C5FEF44296FDE1E005C06EC0

C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys 7B769C9D19C013F94874C4B15D59A005

C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys E0F1B3A2A70FABE3BE1C9140BB55E607

C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys 89A869BCC0588A3009ECB875B09ECD39

C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys 2E693DF3C02A0859DB8DE25772751100

C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F

C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7

C:\WINDOWS\System32\drivers\iaStorAV.sys 435883A27A376B125BD4DF888417C85F

C:\WINDOWS\System32\drivers\iaStorV.sys 7118E4390C4ACDE61E280CE52BCAF44E

C:\WINDOWS\System32\drivers\ibbus.sys 9DBE8C359ABACE1BE1BBAB687D114506

C:\WINDOWS\System32\drivers\IndirectKmd.sys 42CAF6216A6E516DC56BA319ACC7EEC5

C:\WINDOWS\system32\drivers\RTKVHD64.sys 3481B5AE505F374A91F241ACE953B24C

C:\WINDOWS\System32\drivers\intelide.sys 40943C1CD031ACE06A8374AD56B9E5EA

C:\WINDOWS\System32\drivers\intelpep.sys 327D9CCF5492543AEF3979F9EEAD02BE

C:\WINDOWS\System32\drivers\intelppm.sys 10F2757836F41BFAEA2AE19F6FE869B2

C:\WINDOWS\System32\drivers\invdimm.sys 8387E90B551B9B7F32EDC69909591E9E

C:\WINDOWS\System32\drivers\iorate.sys E207078E0E1BB3524277DB9077E4148E

C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys FD8F64B7B345E539F2EA7F72846F83B4

C:\WINDOWS\System32\drivers\IPMIDrv.sys 8AAB863E72A4F9C578FED2EE3541545B

C:\WINDOWS\System32\drivers\ipnat.sys 7BEC2AF23F586EFF0DB4DBF4331B0C70

C:\WINDOWS\System32\drivers\ipt.sys 35A54F19E703D4FE5919F812F6CC5D0A

C:\WINDOWS\system32\drivers\irda.sys 359CDDBC825959DA28FA886B3C271B53

C:\WINDOWS\System32\drivers\irenum.sys F88664A2A82DDA456180FFF95A771765

C:\WINDOWS\System32\drivers\isapnp.sys 2296B158C43C306B0AC5B4D57EA9F0E1

C:\WINDOWS\System32\drivers\msiscsi.sys 2DC0765992CFECE3B13F3BFD20E69DCC

C:\WINDOWS\System32\drivers\xtos.sys 8C17F3795DAE9A0ECDE4B3A3B0740E5F

C:\WINDOWS\System32\drivers\kbdclass.sys E320F986BBE0CD9324EA0A193EBF29B1

C:\WINDOWS\System32\drivers\kbdhid.sys AFF5DDCC1A79217C9526FF5E01A69E89

C:\WINDOWS\System32\drivers\kdnic.sys 916E62AF3386F7A74603E5C545F6FF2D

C:\WINDOWS\System32\Drivers\ksecdd.sys 69FA8BEBADF807089FEFCD3F59CFAC1E

C:\WINDOWS\System32\Drivers\ksecpkg.sys C1081E2B36F77781167FD9401119B98E

C:\WINDOWS\system32\drivers\ksthunk.sys DD8C4726127CFE313233372D70787C37

C:\WINDOWS\System32\drivers\lltdio.sys CB5A6E117502156794F0DA9E61506006

C:\WINDOWS\System32\drivers\lsi_sas.sys 20048BEE892138A745B1C23EBB0E069F

C:\WINDOWS\System32\drivers\lsi_sas2i.sys 9EAB16572B576979D585DDEDB12417CD

C:\WINDOWS\System32\drivers\lsi_sas3i.sys 3B7B359C0870317106DF3438D4FF491D

C:\WINDOWS\System32\drivers\lsi_sss.sys 2DE03BA338A4B0ACDB416A30F1C7D56F

C:\WINDOWS\system32\drivers\luafv.sys 9A497169E145FCE2D8AA7DBC67377F64

C:\WINDOWS\System32\drivers\mausbhost.sys BF56CB9D02DEE8CA9CBA50220BE16F15

C:\WINDOWS\System32\drivers\mausbip.sys 01BDEE1FFF6D2216797DFEE4ABD937D9

C:\WINDOWS\System32\Drivers\MbamChameleon.sys 5C3083CDE45F25797F6B4310BF916394

C:\WINDOWS\System32\Drivers\mbamswissarmy.sys B047B9CE5A0D800E6D713B43D0405221

C:\WINDOWS\System32\drivers\megasas.sys C7B8B5053D646CBD30BE1BA6B487D396

C:\WINDOWS\System32\drivers\MegaSas2i.sys EB8ED3204499DDB2D3BA094A4563EE3E

C:\WINDOWS\System32\drivers\megasr.sys F1C1D4E752DE1D58295040E5BE8813AF

C:\WINDOWS\System32\drivers\mlx4_bus.sys 16B078D1089FEA98710C9D07C152DCEE

C:\WINDOWS\system32\drivers\mmcss.sys 20C57CE47B1A877C48A4B68E9A4E21FA

C:\WINDOWS\System32\drivers\modem.sys A4467A5C080318F0CCCF5ED463821F8B

C:\WINDOWS\System32\drivers\monitor.sys 78BE85C1F1C7F3AF6C87BCE127007D5A

C:\WINDOWS\System32\drivers\mouclass.sys 8E262B34A8BD184B4B3025AA8C396B00

C:\WINDOWS\System32\drivers\mouhid.sys C094A555F148495EA130D3BBC5232D5E

C:\WINDOWS\System32\drivers\mountmgr.sys 6434BC884502E95EEA2379C92DD22B60

C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FA9B35C6-0ACE-4053-90DF-CD01E0FDF25F}\MpKsl11e31cfa.sys FD4BC5A31AE7C81B7D34BB8A78371B6D

C:\WINDOWS\System32\drivers\mpsdrv.sys F36E4074C66DD31855A8D79EF0AE8066

C:\WINDOWS\system32\drivers\mrxdav.sys 215D672CB71987CD98EB2298EFB84DDC

C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 34898F29BF0E9A84E183046318D17814

C:\WINDOWS\System32\DRIVERS\mrxsmb20.sys 87FF93E7420C9068C0D5B2F3109809F4

C:\WINDOWS\System32\drivers\bridge.sys 167408B38458ECAE545C57527BC99024

C:\Windows\System32\Drivers\Msfs.sys AE111778CA6AC08862B3C713F0413333

C:\WINDOWS\System32\drivers\msgpiowin32.sys 6DDDFCAB646BBBCFC583135C4430E10F

C:\WINDOWS\System32\drivers\mshidkmdf.sys 01C6A86BEA8279E557A5056148F068BF

C:\WINDOWS\System32\drivers\mshidumdf.sys F65ABC7DE945047147F17330F79732CB

C:\WINDOWS\System32\drivers\msisadrv.sys 05B23012427801E710BDD12720B9020B

C:\WINDOWS\System32\drivers\MSKSSRV.sys B25B2CD3E052D68075A3814AAA0C6421

C:\WINDOWS\System32\drivers\mslldp.sys C3F5EA6B9041A30B4F11BE2E7863E487

C:\WINDOWS\System32\drivers\MSPCLOCK.sys 601D666820F0408B896791D19BE6D258

C:\WINDOWS\System32\drivers\MSPQM.sys 46E61FBA0097E48E5628C74A3F72233A

C:\Windows\System32\Drivers\MsRPC.sys 4EB9B77179BDEE89C496E60D4BF85CC1

C:\WINDOWS\System32\drivers\mssmbios.sys CBD56E0B55FB3672BA80382EC2F8835C

C:\WINDOWS\System32\drivers\MSTEE.sys 5734B2A36D3BB13A638E5305EEEC582D

C:\WINDOWS\System32\drivers\MTConfig.sys 85270E0DC6907C6B99F72A36F17AED34

C:\WINDOWS\System32\Drivers\mup.sys DB5B1539F5EBB3DD3A7ED25ADBC4D6D9

C:\WINDOWS\System32\drivers\mvumis.sys 3C57FF3BCF496D24C39C2198158864BB

C:\WINDOWS\System32\DRIVERS\nwifi.sys 8A9CD53B0FBE679116638120CCBB201E

C:\WINDOWS\System32\drivers\ndfltr.sys 77B047B109CE758A017F58FAE5038D0D

C:\WINDOWS\System32\drivers\ndis.sys 44071DC1A957B2062E0C2EE14E05A607

C:\WINDOWS\System32\drivers\ndiscap.sys 067AE5BA349CC35AF8975D22DC483DDF

C:\WINDOWS\System32\drivers\NdisImPlatform.sys 6FC4D7EB5D38CFB7966405036116F065

C:\WINDOWS\System32\DRIVERS\ndistapi.sys ED7CC4E16B76B2603C9F827188EA63B4

C:\WINDOWS\System32\drivers\ndisuio.sys 8D977AFC195A3F4B15B05D02B2BD0292

C:\WINDOWS\System32\drivers\NdisVirtualBus.sys DC1D26D62F40B7552BCF49D92774F0C5

C:\WINDOWS\System32\drivers\ndiswan.sys 66F56AC744101DB870934D0EB31C2426

C:\WINDOWS\System32\DRIVERS\ndiswan.sys 66F56AC744101DB870934D0EB31C2426

C:\WINDOWS\System32\DRIVERS\NDProxy.sys AC908EF74DB5BC1DC7FB2BF0205D4FF1

C:\WINDOWS\System32\drivers\Ndu.sys A791792DC412CCD83DA0AF6871682552

C:\WINDOWS\System32\drivers\NetAdapterCx.sys BE79982A50AC88BC0765F3AFECFCB596

C:\WINDOWS\System32\drivers\netbios.sys AAC1622CA213F7DA660A04FD51B730C3

C:\WINDOWS\System32\DRIVERS\netbt.sys 401C17200AA0433D94EA61695F111DC3

C:\WINDOWS\System32\drivers\netvsc.sys 19A981EC09C5C78A063FFF2E1E71CD28

C:\Windows\System32\Drivers\Npfs.sys 84EB8F01B140618518AFF30B9951F132

C:\WINDOWS\System32\drivers\npsvctrig.sys 5CB8082E51DE7D19042F0FF8C517CB0D

C:\WINDOWS\System32\drivers\nsiproxy.sys 958921BB7AE2671983743FDA0DD587C4

C:\Windows\System32\Drivers\NTFS.sys 70750B27A72427B0ACAE2D6CD161946A

C:\Windows\System32\Drivers\Null.sys 0D1E03A5F87F4DE04D97622C686910A2

C:\WINDOWS\System32\drivers\nvdimmn.sys 532F27A2B62D70C327E763F035AED6C1

C:\WINDOWS\System32\drivers\nvraid.sys 7E04652EB1A476BC0A72ECDC613AF0C5

C:\WINDOWS\System32\drivers\nvstor.sys 880B3E874914DAEF97119876543AE117

C:\WINDOWS\System32\drivers\parport.sys 2E07EC2C1622F5E7B535D62DCD61F3AB

C:\WINDOWS\System32\drivers\partmgr.sys BD93CDE9A332C00BCB0836483271781F

C:\WINDOWS\System32\drivers\pci.sys FC0D7D7ADACA8A3746D31F9C710F9E2B

C:\WINDOWS\System32\drivers\pciide.sys E5AF806815ED797086629741F29E4156

C:\WINDOWS\System32\drivers\pcmcia.sys 2A631D447B988AFBE847CBAA8E5CC298

C:\WINDOWS\System32\drivers\pcw.sys ACD510CF2B631A2D36B2CFB7D31E22FD

C:\WINDOWS\System32\drivers\pdc.sys 1796112EB89559910BC18865A29C8894

C:\WINDOWS\System32\drivers\peauth.sys F21127EDE5D72090A1B029AFF4AFFD17

C:\WINDOWS\System32\drivers\percsas2i.sys 35FD028E4323018202C0B7D115FD3AEF

C:\WINDOWS\System32\drivers\percsas3i.sys F9F3D8BE9BC9241CC726197261362AC4

C:\WINDOWS\System32\drivers\pmem.sys 36D43EA5517F3F4AAAC8EE061C957EF1

C:\WINDOWS\System32\drivers\pnpmem.sys 59048555B59FD69287CFAB6022B5CC86

C:\WINDOWS\System32\drivers\raspptp.sys C6010D36B68FB534D1B1245978C9921D

C:\WINDOWS\System32\drivers\processr.sys B1111C47F128C946BDC87A18E44007EB

C:\WINDOWS\System32\drivers\pacer.sys 5818FE76C3C6AE0CA723EBE483BF447F

C:\WINDOWS\system32\drivers\qwavedrv.sys 16F9A6B593B52EB18F7ECB9D251BDF7A

C:\WINDOWS\System32\DRIVERS\ramdisk.sys 13600C467512147E99052806F2C1307A

C:\WINDOWS\System32\DRIVERS\rasacd.sys F57D1DE0C9522BCD590A69D044641B5A

C:\WINDOWS\System32\drivers\AgileVpn.sys ED0EE10911C16AD8B21B9003C90E968F

C:\WINDOWS\System32\drivers\rasl2tp.sys E0220BB6580D34001D4D1D133052DAA4

C:\WINDOWS\System32\DRIVERS\raspppoe.sys 12EE1D92F4E5FAE4B6F65195A2016CE5

C:\WINDOWS\System32\drivers\rassstp.sys 91CE469015979E5B3C3DBC2C41A476E8

C:\WINDOWS\System32\DRIVERS\rdbss.sys 0945839C334DAAD62EB528F8A5C7F946

C:\WINDOWS\System32\drivers\rdpbus.sys 8A5285B38A203D15110E142DE68406DD

C:\WINDOWS\System32\drivers\rdpdr.sys DF83769C92527DB50653F8FB57D001FF

C:\WINDOWS\System32\drivers\rdpvideominiport.sys 4D1A63ACEC42A88E52AFC4E84A8CE9EE

C:\WINDOWS\System32\drivers\rdyboost.sys 12AF835862F2B6B2FB9DEA8BA2288587

C:\Windows\System32\Drivers\ReFS.sys FB0577F6BC9E07549CEACF5224327499

C:\Windows\System32\Drivers\ReFSv1.sys 4136BCA61BCDCC79DCE145F9CB639CD6

C:\WINDOWS\System32\drivers\rfcomm.sys 5BF7698021DB13B55753FD921BEBE318

C:\WINDOWS\System32\drivers\rhproxy.sys BBC228CA2F96B784B01FE7F1C5E3CFBB

C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys 4AEF2CC20371CC7965C460EB0CC5DEF5

C:\WINDOWS\System32\drivers\rspndr.sys 27B80E5766B114621980F82FB78E912A

C:\WINDOWS\System32\drivers\rt640x64.sys 78983CC6A1C29B75324B22BA0087E60B

C:\WINDOWS\System32\drivers\vms3cap.sys F0FA6B67B16EEFDEF8E8AFAD47A4F9B8

C:\WINDOWS\System32\drivers\sbp2port.sys 324FA3C337EB54B43448F7B08444DC8D

C:\WINDOWS\System32\DRIVERS\scfilter.sys 62A33CE69DB508BCEC63F4D3BFF400CE

C:\WINDOWS\System32\drivers\scmbus.sys 7B057373146CC4E5A1F1DA665EA55DC7

C:\WINDOWS\System32\drivers\sdbus.sys 0FB6CCFA52FE5AD0B8D86E8AB370EF34

C:\WINDOWS\System32\drivers\SDFRd.sys 6D3853838864886B4F10B074282772E0

C:\WINDOWS\System32\drivers\sdstor.sys C289832A3174DC9D393C7603C511DF79

C:\WINDOWS\System32\drivers\SerCx.sys 75A27472AFD009255DBDE52038E3BDB5

C:\WINDOWS\System32\drivers\SerCx2.sys 84005F54308109A022413D628E966412

C:\WINDOWS\System32\drivers\serenum.sys 40384793F74CFFA45BCC38DF65E978EC

C:\WINDOWS\System32\drivers\serial.sys 699470AD24D67908991A777716A352FD

C:\WINDOWS\System32\drivers\sermouse.sys 92453F065F52A8EF0328A926B2C9502F

C:\WINDOWS\System32\drivers\sfloppy.sys 1D8920C40F19B5FBA5F4897779840AD1

C:\WINDOWS\System32\drivers\SiSRaid2.sys A871F9CC9CF388DC7193D22EF8D8C8DF

C:\WINDOWS\System32\drivers\sisraid4.sys D30FC341550CC364880950152AE8B1C5

C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys DDACBE2EFD5143E24EE59B0F460F25BA

C:\WINDOWS\System32\drivers\spaceport.sys 215836D9719355A2C378300BDE31FB83

C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys CCECE7E96B4F7B0E9F0FC82F6DADA917

C:\WINDOWS\System32\drivers\SpbCx.sys 545507AF670BC88B89200A118513ED9A

C:\WINDOWS\System32\DRIVERS\srv2.sys C7DAAB9C4A77B3C3C38A7CB6158E82ED

C:\WINDOWS\System32\DRIVERS\srvnet.sys 43480B3EE4D23F5AA8EE7C6D83B09487

C:\WINDOWS\system32\DRIVERS\stdriverx64.sys 4F3BFCC627EE6617D286EF5B4B235576

C:\WINDOWS\System32\drivers\stexstor.sys 162A805E13B3C0DD06AE8B6FC1900156

C:\WINDOWS\system32\DRIVERS\serscan.sys 0690CE515A295BD101415C7E411C43F3

C:\WINDOWS\System32\drivers\storahci.sys DD1F00B80DDD12252B7B228ABCE181A9

C:\WINDOWS\System32\drivers\vmstorfl.sys A12CFAAA0F113A25D8CEFE58B1CBB207

C:\WINDOWS\System32\drivers\stornvme.sys DA0097E6C70EA25F6020CC97C7828F70

C:\WINDOWS\System32\drivers\storqosflt.sys 57377953F5688158054BC8CB5A243115

C:\WINDOWS\System32\drivers\storufs.sys B59D29E535AF7E82717C2AD2C57EEC67

C:\WINDOWS\System32\drivers\storvsc.sys 9B431079624306B5659B3B7208A71C75

C:\WINDOWS\System32\drivers\swenum.sys 027B27E4B9DB3931D64159B81BD915A0

C:\WINDOWS\System32\drivers\Synth3dVsc.sys AB15F9FDCD11D5283891BC956E8C5C95

C:\WINDOWS\system32\DRIVERS\SynTP.sys D47B1A895DD6DAAE11DFD7A961E8E26C

C:\WINDOWS\System32\drivers\tcpip.sys 420A2A36A7E04D137DB35126C0C451A3

C:\WINDOWS\System32\drivers\tcpipreg.sys 74A1BF4093FA7B7D6C9366A39911A78E

C:\WINDOWS\system32\DRIVERS\tdx.sys 571D82ABAC428D902ACA0CF60373C039

C:\WINDOWS\System32\drivers\terminpt.sys B4B68E1DB59456419D9E49645729502A

C:\WINDOWS\System32\drivers\Thotkey.sys 3D4F13D1A7687095F507D323B91CB279

C:\WINDOWS\System32\drivers\tosrfec.sys A371045B9685DE327BDF5088AA0F5842

C:\WINDOWS\System32\drivers\tpm.sys 1658D060057C85DEC82BFCB018C4C22F

C:\WINDOWS\System32\drivers\TsUsbFlt.sys 8D811209E34358EAD3FD8E40F657E59C

C:\WINDOWS\System32\drivers\TsUsbGD.sys 68DE1735FB020AE8948BD7B60F2EBD3B

C:\WINDOWS\System32\drivers\tunnel.sys ACD39B0E5CFDA7B1AB7DF33FC5CC0E46

C:\WINDOWS\System32\drivers\TVALZ_O.SYS 6A2A692F6A987D8C3BF758CA5A225BD1

C:\WINDOWS\System32\drivers\uaspstor.sys 04FC2C7F73AE58BF0DD674164E28A6DF

C:\WINDOWS\System32\Drivers\UcmCx.sys E437FC4B1833F6B745184F78C4921FB8

C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys 950A3E42167904CAB9AA64863C31CEB5

C:\WINDOWS\System32\drivers\UcmUcsi.sys 149CBBB74DFC3E52F242029A27B0F8EB

C:\WINDOWS\System32\drivers\ucx01000.sys E6E91B3980A495D2A9D28A09580EA993

C:\WINDOWS\System32\drivers\udecx.sys DACA289DFFA7658C04FEF6DCFA2AA9CE

C:\WINDOWS\System32\DRIVERS\udfs.sys 12383D410AEF99AD6979A8EFD3D61888

C:\WINDOWS\System32\drivers\UEFI.sys AB7FE51D818B6059C2F56FA62268CCAC

C:\WINDOWS\System32\drivers\ufx01000.sys 58447F28E697A93521DD20530A8D50ED

C:\WINDOWS\System32\drivers\UfxChipidea.sys 69ED2D00A7787D9D84E6C90CE0B02B2D

C:\WINDOWS\System32\drivers\ufxsynopsys.sys F061EC57330FBC597A4E7298BE667780

C:\WINDOWS\System32\drivers\umbus.sys D40BCED160D332005AF612E1228825E6

C:\WINDOWS\System32\drivers\umpass.sys 64CF24D7B1FA4975C52A31BF4C82EB73

C:\WINDOWS\System32\drivers\urschipidea.sys ACE4C3B4C7D17B154FFC5BBE5F7A9835

C:\WINDOWS\System32\drivers\urscx01000.sys ECE40EB976A5ACB366808AECF6B235BA

C:\WINDOWS\System32\drivers\urssynopsys.sys EB738F830D3E7EA62A218F101EF91FD4

C:\WINDOWS\System32\drivers\usbccgp.sys B43E28E5CF868517EEC0923AB2BC366B

C:\WINDOWS\System32\drivers\usbcir.sys 1080D80B5F6D249F23BAE1C0C36233A4

C:\WINDOWS\System32\drivers\usbehci.sys EE162DA2C92026A5B96ED89737975AA8

C:\WINDOWS\System32\drivers\usbhub.sys C27FEE9758E3BEDE4D48B5EDBE1122CF

C:\WINDOWS\System32\drivers\UsbHub3.sys 4FA9C956E569D0D380C2859542361780

C:\WINDOWS\System32\drivers\usbohci.sys 44B954306BB2B311E070EDA276FECAB1

C:\WINDOWS\System32\drivers\usbprint.sys EEF26F9034F0608B93D4D239534BB0BA

C:\WINDOWS\System32\drivers\usbser.sys 913CFF365DB1803525DBD2AA8B8188B4

C:\WINDOWS\System32\drivers\USBSTOR.SYS 441CAE778B6A1FF6E618E37814A7A52A

C:\WINDOWS\System32\drivers\usbuhci.sys 2D6BB2157B37B2D9DABF8C218F2A805B

C:\WINDOWS\System32\Drivers\usbvideo.sys 68788AE61B2E6A7D97CAD73B632F5BF5

C:\WINDOWS\System32\drivers\USBXHCI.SYS 41E5A6188180DC72BCECA999ED2532D4

C:\WINDOWS\System32\drivers\VClone.sys 84BB306B7863883018D7F3EB0C453BD5

C:\WINDOWS\System32\drivers\vdrvroot.sys C77C537077822D8EA529AD4EBFD971D6

C:\WINDOWS\System32\drivers\VerifierExt.sys 9D4EEE333603F3675685F644053499D5

C:\WINDOWS\System32\drivers\vhdmp.sys EA64495B9FAF0052113890184DA57573

C:\WINDOWS\System32\drivers\vhf.sys E10FEBB566E1F0A3936AB304F338637E

C:\WINDOWS\System32\drivers\vmbus.sys 164E6B2919FF12911F63C7EC526ED669

C:\WINDOWS\System32\drivers\VMBusHID.sys DC9E0600B356258E31403789119C78A9

C:\WINDOWS\System32\drivers\vmgid.sys B24F74B2710B66F647419697BDB9E163

C:\WINDOWS\System32\drivers\vnvdimm.sys D81F6B790519A60F3D1788B45D04B749

C:\WINDOWS\System32\drivers\volmgr.sys DCE032DE20AB85CFA92141F419CFE68E

C:\WINDOWS\System32\drivers\volmgrx.sys 6D6CACED512C1EF1FEAC215E37E3A9BC

C:\WINDOWS\System32\drivers\volsnap.sys 5B27846CF4B1C21AFB3A35A8336BA02F

C:\WINDOWS\System32\drivers\volume.sys 72A95A844D6BAF2924A4C15BEDFD6BCA

C:\WINDOWS\System32\drivers\vpci.sys 702273C7C1BE9D366BAF1305D382F03C

C:\WINDOWS\System32\drivers\vsmraid.sys 075CE3C9E77D2666AFA888951E5F07A9

C:\WINDOWS\System32\drivers\vstxraid.sys 26D00E85BE4726B114335250FCDEDA89

C:\WINDOWS\System32\drivers\vwifibus.sys 3DFDB573E4D49EA8F416B573525B7A86

C:\WINDOWS\System32\drivers\vwififlt.sys A40FA64655AB5B8773A96A821616C5FC

C:\WINDOWS\System32\drivers\vwifimp.sys 0D34F98DBDF09D239533AC345C360F03

C:\WINDOWS\System32\drivers\wacompen.sys 5B5430522E0BDF2A753D758710BE7C5E

C:\WINDOWS\System32\DRIVERS\wanarp.sys 478193CE0AAD5C8515568592F1F640D1

C:\WINDOWS\system32\drivers\wcifs.sys A8DFD1465C05D9EFBDFD5C3A25B7F496

C:\WINDOWS\system32\drivers\wcnfs.sys 9DE3FDFF295F2534DF0A8B6FC4F06355

C:\WINDOWS\system32\drivers\wd\WdBoot.sys 71E8950CF0DEC853EF72EB6A67AD67ED

C:\WINDOWS\System32\drivers\Wdf01000.sys FCC960498E3CD899F0A429F7CF9E77AD

C:\WINDOWS\system32\drivers\wd\WdFilter.sys F8BB41D6A300A6D7DE64678BAD3D7D6F

C:\WINDOWS\System32\DRIVERS\wdiwifi.sys 2D50C46EFE924BC24F63A45D2DB1AA3A

C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys BDD91FCE8883C0E2110FE34E8D22711A

C:\WINDOWS\System32\drivers\wdnsfltr.sys DF58AA71FBA55E15F572C93447696DEC

C:\WINDOWS\System32\drivers\wfplwfs.sys 4EAE206AF1D880C9C06FB4ACD17F0506

C:\WINDOWS\System32\drivers\wimmount.sys C8D3FC38426E990E2787771678B19C6D

C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys 0484B0D01EA6F7017519EBDDBADE759D

C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys 813EE0F4D4B8D599DB1968682D080732

C:\WINDOWS\System32\drivers\winmad.sys E23475E9150E6A50B12DB176EA5CDD56

C:\WINDOWS\System32\drivers\winnat.sys 3E27B5B573DCC8DE15A93F61C01713B6

C:\WINDOWS\System32\drivers\WinUSB.SYS E92F3539C4758F6A9F4B80CBAC75B3E6

C:\WINDOWS\System32\drivers\winverbs.sys 59126AFCC64270747B5CC9B44A4A48F4

C:\WINDOWS\System32\drivers\wmiacpi.sys E8C793ED028E132771988760819E3754

C:\Windows\System32\Drivers\Wof.sys 8D6E6F6C233AF450C50FA615530B44D2

C:\WINDOWS\System32\drivers\WpdUpFltr.sys 9EAE1EF282864674355B4B81DF6AE935

C:\WINDOWS\system32\drivers\ws2ifsl.sys 367B3ED0C688AFE28C376B0230814567

C:\WINDOWS\System32\drivers\WudfPf.sys BD5E68B369DF3453A0A87663C6C5476D

C:\WINDOWS\System32\drivers\WudfRd.sys A86A249314FD0A780214028B0C31A386

C:\WINDOWS\system32\DRIVERS\WUDFRd.sys A86A249314FD0A780214028B0C31A386

C:\WINDOWS\System32\drivers\xboxgip.sys 2244A4CEFE8F9C74091369ACE2E9EBC6

C:\WINDOWS\System32\drivers\xinputhid.sys 4A91B49C6B1E41151D47CB919ADF013A

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-25 19:21 - 2018-03-25 19:21 - 000001334 _____ C:\Users\zC\Desktop\eset scan 032518.txt

2018-03-25 14:32 - 2018-03-25 14:32 - 000000000 ____D C:\Users\zC\AppData\LocalLow\uTorrent

2018-03-25 11:19 - 2018-03-25 11:20 - 000001134 _____ C:\Users\zC\Desktop\SALog.txt

2018-03-25 10:27 - 2018-03-25 10:27 - 000142160 ____N C:\WINDOWS\system32\Drivers\upkimpsv.sys

2018-03-25 10:21 - 2018-03-25 10:21 - 000899584 _____ C:\Users\zC\Desktop\RGSA.exe

2018-03-25 10:12 - 2018-03-25 20:47 - 000000000 ____D C:\FRST

2018-03-25 09:30 - 2018-03-25 09:30 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC

2018-03-13 07:59 - 2018-03-13 07:59 - 007629824 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe

2018-03-05 09:40 - 2018-03-25 20:11 - 000003000 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (zC)

2018-03-02 10:07 - 2018-03-02 10:07 - 000002020 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2018-03-02 10:07 - 2018-03-02 10:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

2018-03-02 10:06 - 2018-03-16 10:04 - 000000000 ____D C:\ProgramData\McAfee Security Scan

2018-02-27 09:10 - 2018-02-27 09:10 - 000137104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\Drivers\amdpsp.sys

2018-02-27 09:10 - 2018-02-27 09:10 - 000129032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\tbaseregistry64.dll

2018-02-27 09:10 - 2018-02-27 09:10 - 000108552 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\tbaseregistry32.dll

2018-02-27 09:10 - 2018-02-27 09:10 - 000026120 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\t-base_client_api.dll

2018-02-27 09:10 - 2018-02-27 09:10 - 000022024 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\t-base_client_api.dll

2018-02-27 09:08 - 2018-02-27 09:08 - 000000000 ____D C:\ProgramData\Audyssey Labs

2018-02-27 09:06 - 2018-02-27 09:06 - 013831786 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT

2018-02-27 09:06 - 2018-02-27 09:06 - 003677152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl

2018-02-27 09:06 - 2018-02-27 09:06 - 003561920 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll

2018-02-27 09:06 - 2018-02-27 09:06 - 003509192 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll

2018-02-27 09:06 - 2018-02-27 09:06 - 003410832 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll

2018-02-27 09:06 - 2018-02-27 09:06 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.

Zyrus Campbell

#2 Android 8888

SWI Malware Tracker

Trusted Advisor*
1,120 posts

Posted 26 March 2018 - 04:38 AM

Hello Zyrus Campbell.
Welcome to SpywareInfo Forum.
I'm Android 8888 and I'll be helping you with your computer issues. Please ask questions if anything is unclear.

Some set of instructions may be long or you can stay without Internet connection for a while so I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Your computer is infected with a variant of a SmartService Rootkit. A rootkit is one of the most difficult types of malware to find and remove. You may want to read more about this type of infection here.

Please read the instructions carefully and follow the directions in the order listed. We will have to deal with this infection step by step.

For now, in Normal mode do this please:

Right click on the FRST64.exe icon and select Run as administrator to start the tool;
Highlight and copy the following text and paste it inside the 'Search' box area of FRST;

Start::
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
End::

Once done, click on the Fix button. A file called Fixlog.txt should appear on the same location as FRST64.exe;

Please copy and paste its content in your next reply and wait for further instructions.

Thank you.

Android 8888

Android 8888

Website: http://android8888.comlu.com

Tavira - Here's where I live!

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#3 Zyrus Campbell

Member

Full Member
35 posts

Posted 28 March 2018 - 12:38 PM

Thank you for helping me out with this. I really appreciate it. Wow, a rootkit? I'm gonna have to be more careful from now on.

Ok, I followed your instructions. Below are the results:

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018

Ran by zC (28-03-2018 14:32:46) Run:1

Running from C:\Users\zC\Desktop\Antivirus

Loaded Profiles: zC (Available Profiles: zC)

Boot Mode: Normal

==============================================

fixlist content:

*****************

CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes

CMD: bcdedit.exe /set {default} recoveryenabled yes

*****************

========= bcdedit.exe /set {bootmgr} displaybootmenu yes =========

The operation completed successfully.

========= End of CMD: =========

========= bcdedit.exe /set {default} recoveryenabled yes =========

The operation completed successfully.

========= End of CMD: =========

==== End of Fixlog 14:32:50 ====

Thanks again!

Zyrus Campbell

#4 Android 8888

SWI Malware Tracker

Trusted Advisor*
1,120 posts

Posted 29 March 2018 - 09:38 AM

Thank you for the log.

Now please read carefully the following instructions and if you don't understand something, please STOP and ask before proceed.

You will have to run a scan with FRST from the Windows Recovery Environment (RE).

But first you will need to have access to a uninfected computer and a USB Flash Drive.

Please note: The USB Flash Drive can only be inserted in the infected computer if it is either shutdown, or in the Windows RE (Recovery Environment). Otherwise, the infection will mess with the files on the USB.

Preparing the USB Flash Drive (on a clean computer)

Plug-in the USB Flash Drive on a clean computer and format it before using it ('Quick Format' is enough).
Access the Internet and download FRST64.exe from a clean computer (Don't use the FRST64.exe file stored in the infected computer):
- FRST 64-bit
Move the executable (FRST64.exe) to the USB Flash Drive.

Boot in the Recovery Environment (RE) (on the infected computer)

To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
- Restart the computer
- Once you've seen your BIOS splash screen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
- Use the arrow keys to select Repair your computer, and press on Enter
- Select your keyboard layout (US, French, etc.) and click on Next
- Click on Command Prompt to open the command prompt
  Note:If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.

To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.

Note: Once in the Windows RE, plug the USB Flash Drive in the computer.

Once in the Command Prompt

In the command prompt, type notepad and press on Enter;
Notepad will open. Click on the File menu and select Open;
Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad;
In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter;
Note: Replace the letter e with the drive letter of your USB Flash Drive;
FRST will open;
Click on Yes to accept the disclaimer;
Click on the Scan button and wait for the scan to complete;
A log called FRST.txt will be saved on your USB Flash Drive;
Please post the entire content of that log in your next reply.

Let me see the FRST.txt log and wait for further instructions.

#5 Zyrus Campbell

Member

Full Member
35 posts

Posted 09 June 2018 - 11:27 AM

I apologize for dropping the ball with this. Life caught up with me and I hadn't touched the laptop in over a month. By the time I got back around to turning it back on, the loading screen was offering the option to Reset Windows so I used it. At least I'm able to use the laptop again. The performance had degraded to the point that it was simply unusable; wouldn't load or anything. So, I apologize for the long delay. Resetting removed a lot of the software that I used but that's fine, I can always reinstall. I used the Reset option to keep my files and it seems to have.

At any rate, I followed your instructions above and here's the FRST.txt log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01

Ran by zC (administrator) on ZC (09-06-2018 12:19:34)

Running from E:\

Loaded Profiles: zC (Available Profiles: zC)

Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Edge)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe

(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

() C:\Program Files\CyberLink\Shared files\RichVideo64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe

(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe

(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(McAfee, LLC) C:\Windows\System32\mfevtps.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_8\mcapexe.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe

(McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

() C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\McCSPServiceHost.exe

() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\System Setting\TCrdMain_Win8.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(TOSHIBA America Information Systems.) C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\SrTasks.exe

(Microsoft Corporation) C:\Windows\System32\cmd.exe

(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.15_none_2c4b8d3b386eed8e\TiWorker.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18383328 2018-02-27] (Realtek Semiconductor)

HKLM\...\Run: [TCrdMain] => C:\Program Files\Toshiba\System Setting\TCrdMain_Win8.exe [511280 2015-06-24] (TOSHIBA Corporation)

HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)

HKLM\...\Run: [] => [X]

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-06-03] (AVAST Software)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-07] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-09-18]

ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-09-18]

ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)

BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{4c218fd7-ed11-40a1-8d67-cb9906afe954}: [DhcpNameServer] 192.168.1.254

Internet Explorer:

==================

HKU\S-1-5-21-3369261439-609741471-2718208431-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba15.msn.com/?pc=TBTE

HKU\S-1-5-21-3369261439-609741471-2718208431-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba15.msn.com/?pc=TBTE

HKU\S-1-5-21-3369261439-609741471-2718208431-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://start.new.toshiba.com?cid=H15C2

BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-06-05] (McAfee, Inc.)

BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-06-05] (McAfee, Inc.)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-06-05] (McAfee, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-06-05] (McAfee, Inc.)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2018-04-11] (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2018-04-11] (McAfee, Inc.)

FireFox:

========

FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi

FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-05-15]

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-06-09] [Legacy] [not signed]

FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-04-11] ()

FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-04-11] ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-03] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-03] (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()

Chrome:

=======

CHR Session Restore: Default -> is enabled.

CHR Profile: C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default [2018-06-09]

CHR Extension: (Slides) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-03]

CHR Extension: (E*TRADE Browser Trading) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\adgjomjdnhlppcidahijhehhfgneaolh [2018-06-09]

CHR Extension: (SEOquake) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2018-06-09]

CHR Extension: (Word Search Puzzle) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\alcobafdkcddhiabfgnongafffchimnl [2018-06-09]

CHR Extension: (Docs) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-03]

CHR Extension: (Google Drive) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-03]

CHR Extension: (YouTube) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-03]

CHR Extension: (8-Ball Pool) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb [2018-06-09]

CHR Extension: (Finance Toolbar - Real Time Stock Tracker) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cichbngoomgnobmmjpagmbkimbamigie [2018-06-09]

CHR Extension: (__MSG_browserActionTitle__) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\clkkaggocmafajhbcbknhcgnbmagjohi [2018-06-09]

CHR Extension: (Word Search) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj [2018-06-09]

CHR Extension: (Avast SafePrice) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-06-09]

CHR Extension: (Sheets) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-03]

CHR Extension: (McAfee® WebAdvisor) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-06-09]

CHR Extension: (Page Analytics (by Google)) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2018-06-09]

CHR Extension: (Google Docs Offline) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-06-09]

CHR Extension: (Google Calendar) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2018-06-09]

CHR Extension: (Save to Google Drive) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2018-06-09]

CHR Extension: (Bookmark Manager) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2018-06-09]

CHR Extension: (Avast Online Security) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-06-09]

CHR Extension: (eCannabis.com News) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hleklbkjnimndonegalbakabcdhmhpbo [2018-06-09]

CHR Extension: (Google Keep - notes and lists) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2018-06-09]

CHR Extension: (SMhack - Social Media Management Tool) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\imggkmfffdfkcdekembcmkogdjgdicge [2018-06-09]

CHR Extension: (Unifeed | Social networks in one hub) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbjhhjplnmadgnhoiofenklhhpijiojh [2018-06-09]

CHR Extension: (Cisco WebEx Extension) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-06-09]

CHR Extension: (Reload All Tabs) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgpdljdpanfecnpindkbnikegohoobci [2018-06-09]

CHR Extension: (Google Keep Chrome Extension) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2018-06-09]

CHR Extension: (Stock Portfolio) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdoambecilccimhbonfabmoomaegehni [2018-06-09]

CHR Extension: (Google Hangouts) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2018-06-09]

CHR Extension: (Chrome Web Store Payments) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-03]

CHR Extension: (Gmail) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-03]

CHR Extension: (Chrome Media Router) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-03]

CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-07-07] () [File not signed]

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7620096 2018-06-03] (AVAST Software)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-06-03] (AVAST Software)

S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.)

R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373824 2015-05-12] (WildTangent)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)

R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604824 2018-06-05] (McAfee, Inc.)

R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728808 2018-04-09] (McAfee, Inc.)

S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [338208 2015-03-19] (McAfee, Inc.)

R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\\McCSPServiceHost.exe [2141912 2018-04-06] (McAfee, Inc.)

S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [697288 2017-12-19] (McAfee, Inc.)

S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-02-23] (McAfee, LLC)

R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-02-23] (McAfee, LLC)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [473040 2018-02-23] (McAfee, LLC)

R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1669328 2018-04-02] (McAfee, Inc.)

R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1061528 2018-03-06] (McAfee, Inc.)

R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()

S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)

R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [287240 2018-03-29] (Synaptics Incorporated)

R2 taisregispinger; C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2202680 2015-05-28] (TOSHIBA America Information Systems.)

R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [60432 2015-06-23] (Advanced Micro Devices, Inc.)

R2 TOSRMService; C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe [326960 2015-06-24] (TOSHIBA)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [27016 2018-02-27] (Advanced Micro Devices, INC.)

S3 amdkmcsp; C:\WINDOWS\System32\drivers\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices, Inc. )

R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2015-06-04] (Advanced Micro Devices, Inc.)

R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [137104 2018-02-27] (Advanced Micro Devices, Inc. )

S3 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196640 2018-06-03] (AVAST Software)

S3 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-06-03] (AVAST Software)

S3 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-06-03] (AVAST Software)

S3 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-06-03] (AVAST Software)

S3 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-06-03] (AVAST Software)

R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [234560 2018-06-03] (AVAST Software)

S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-06-03] (AVAST Software)

R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159120 2018-06-03] (AVAST Software)

S3 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111360 2018-06-03] (AVAST Software)

R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-06-03] (AVAST Software)

S3 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027720 2018-06-03] (AVAST Software)

R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-06-03] (AVAST Software)

S3 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-06-03] (AVAST Software)

S3 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381552 2018-06-03] (AVAST Software)

R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2018-02-27] (Advanced Micro Devices)

R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-02-28] (McAfee, LLC)

S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218336 2017-10-09] (McAfee, Inc.)

R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-06-09] (Malwarebytes)

R2 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [497568 2018-02-28] (McAfee, LLC)

R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [360352 2018-02-28] (McAfee, LLC)

U3 mfeavfk02; no ImagePath

S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-02-28] (McAfee, LLC)

R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [529312 2018-02-28] (McAfee, LLC)

R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [953248 2018-02-28] (McAfee, LLC)

R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [543632 2018-01-22] (McAfee LLC.)

S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108432 2018-01-22] (McAfee LLC.)

R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115616 2018-02-28] (McAfee, LLC)

R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)

R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-02-28] (McAfee, LLC)

R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329184 2018-02-27] (Realtek Semiconductor Corp.)

R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010624 2018-02-27] (Realtek )

R3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [53768 2018-03-29] (Synaptics Incorporated)

S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [42600 2018-02-27] (Synaptics Incorporated)

R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [44952 2018-02-27] (Toshiba Client Solutions Co., Ltd.)

S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)

U3 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-09 12:08 - 2018-06-09 12:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2018-06-09 12:05 - 2018-06-09 12:05 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf

2018-06-09 10:41 - 2018-06-09 10:41 - 000000000 ____D C:\Users\zC\AppData\Roaming\Google

2018-06-09 10:38 - 2018-06-09 10:38 - 000001381 _____ C:\Users\zC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee WebAdvisor.lnk

2018-06-09 10:28 - 2018-06-09 10:28 - 000003442 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)

2018-06-09 10:28 - 2018-06-09 10:28 - 000003344 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3369261439-609741471-2718208431-1001

2018-06-03 23:32 - 2018-06-03 23:32 - 000000000 ____D C:\ProgramData\AMD

2018-06-03 20:37 - 2018-06-09 12:08 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee

2018-06-03 20:37 - 2018-06-09 10:49 - 000003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon

2018-06-03 20:23 - 2018-06-09 10:28 - 000000000 ____D C:\Program Files\Common Files\AV

2018-06-03 18:03 - 2015-07-10 07:02 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20180603-180309.backup

2018-06-03 16:48 - 2018-06-03 17:30 - 000000000 ____D C:\WINDOWS\system32\MRT

2018-06-03 16:48 - 2018-06-03 16:48 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe

2018-06-03 16:47 - 2018-06-03 16:47 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2018-06-03 15:40 - 2018-06-03 15:40 - 000002384 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2018-06-03 15:40 - 2018-06-03 15:40 - 000002343 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2018-06-03 15:38 - 2018-06-09 10:40 - 000000000 ____D C:\Users\zC\AppData\Local\Google

2018-06-03 15:38 - 2018-06-03 16:10 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2018-06-03 15:38 - 2018-06-03 16:10 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2018-06-03 15:38 - 2018-06-03 15:40 - 000000000 ____D C:\Program Files (x86)\Google

2018-06-03 15:34 - 2018-06-03 15:34 - 000001990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk

2018-06-03 15:34 - 2018-06-03 15:34 - 000001978 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk

2018-06-03 15:34 - 2018-06-03 15:34 - 000000000 ____D C:\Users\zC\AppData\Roaming\AVAST Software

2018-06-03 15:34 - 2018-06-03 15:34 - 000000000 ____D C:\Users\zC\AppData\Local\CEF

2018-06-03 15:29 - 2018-06-09 12:11 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update

2018-06-03 15:28 - 2018-06-03 15:26 - 000460520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

2018-06-03 15:28 - 2018-06-03 15:26 - 000381552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys

2018-06-03 15:28 - 2018-06-03 15:26 - 000205976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys

2018-06-03 15:28 - 2018-06-03 15:26 - 000196640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys

2018-06-03 15:28 - 2018-06-03 15:26 - 000159120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys

2018-06-03 15:28 - 2018-06-03 15:26 - 000111360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys

2018-06-03 15:28 - 2018-06-03 15:26 - 000085968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys

2018-06-03 15:28 - 2018-06-03 15:26 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys

2018-06-03 15:28 - 2018-06-03 15:24 - 001027720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys

2018-06-03 15:28 - 2018-06-03 15:23 - 000343752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys

2018-06-03 15:28 - 2018-06-03 15:23 - 000234560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys

2018-06-03 15:28 - 2018-06-03 15:23 - 000227504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys

2018-06-03 15:28 - 2018-06-03 15:23 - 000199440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys

2018-06-03 15:28 - 2018-06-03 15:23 - 000057680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys

2018-06-03 15:26 - 2018-06-03 15:26 - 000376536 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

2018-06-03 15:26 - 2018-06-03 15:26 - 000000000 ____D C:\Program Files\Common Files\AVAST Software

2018-06-03 15:20 - 2018-06-03 15:20 - 000000013 __RSH C:\WINDOWS\system32\Drivers\fbd.sys

2018-06-03 15:19 - 2018-06-03 15:19 - 000000000 ____D C:\Program Files\AVAST Software

2018-06-03 15:18 - 2018-06-03 17:56 - 000000000 ____D C:\ProgramData\AVAST Software

2018-06-03 14:52 - 2018-06-09 12:04 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys

2018-06-03 14:52 - 2018-06-03 14:52 - 000001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2018-06-03 14:52 - 2018-06-03 14:52 - 000001471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

2018-06-03 14:52 - 2018-06-03 14:52 - 000001459 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

2018-06-03 14:52 - 2018-06-03 14:52 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking

2018-06-03 14:52 - 2018-06-03 14:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

2018-06-03 14:52 - 2018-06-03 14:52 - 000000000 ____D C:\ProgramData\Malwarebytes

2018-06-03 14:52 - 2018-06-03 14:52 - 000000000 ____D C:\Program Files\Malwarebytes

2018-06-03 14:52 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys

2018-06-03 14:52 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe

2018-06-03 14:51 - 2018-06-09 10:18 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2

2018-06-03 14:51 - 2018-06-03 18:01 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy

2018-06-03 14:51 - 2018-06-03 14:51 - 000000000 ____D C:\Users\zC\AppData\Local\DBG

2018-06-03 14:51 - 2018-06-03 14:51 - 000000000 ____D C:\Users\zC\AppData\Local\Comms

2018-06-03 14:33 - 2018-06-03 14:35 - 000000000 ____D C:\Users\zC\AppData\Local\MicrosoftEdge

2018-06-03 14:17 - 2018-06-03 14:17 - 000000000 ____D C:\Users\zC\AppData\Roaming\Macromedia

2018-06-03 01:04 - 2018-06-09 10:28 - 000002365 _____ C:\Users\zC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2018-06-03 00:59 - 2018-06-03 01:02 - 000000000 ____D C:\Users\zC\AppData\Roaming\DropboxOEM

2018-06-03 00:59 - 2018-06-03 00:59 - 000000000 ____D C:\Users\zC\AppData\Local\DropboxOEM

2018-06-03 00:57 - 2018-06-03 00:57 - 000000000 ____D C:\Users\zC\AppData\Local\Publishers

2018-06-03 00:56 - 2018-06-03 17:43 - 000000000 ____D C:\Users\zC\AppData\Local\Packages

2018-06-03 00:56 - 2018-06-03 00:56 - 000000000 ____D C:\Users\zC\AppData\Roaming\Adobe

2018-06-03 00:56 - 2018-06-03 00:56 - 000000000 ____D C:\Users\zC\AppData\Local\VirtualStore

2018-06-03 00:55 - 2018-06-03 00:55 - 000000020 ___SH C:\Users\zC\ntuser.ini

2018-06-03 00:55 - 2018-06-03 00:55 - 000000000 ____D C:\Users\zC\AppData\Local\ConnectedDevicesPlatform

2018-06-02 18:44 - 2018-06-03 01:04 - 000000000 ____D C:\ProgramData\TOSHIBA

2018-06-02 18:42 - 2018-06-09 11:01 - 000000000 ____D C:\Windows.old

2018-06-02 18:42 - 2018-06-02 18:43 - 000000000 ____D C:\WINDOWS\InfusedApps

2018-06-02 18:42 - 2018-06-02 15:40 - 000000000 ____D C:\WINDOWS\Panther

2018-06-02 18:39 - 2018-06-02 18:40 - 000000000 ____D C:\WINDOWS\ServiceProfiles

2018-06-02 18:37 - 2018-06-02 18:37 - 000008192 _____ C:\WINDOWS\system32\config\userdiff

2018-06-02 18:34 - 2018-06-02 18:35 - 000000000 ____D C:\WINDOWS\AMDTAs

2018-06-02 18:33 - 2018-06-02 18:33 - 000000000 ____D C:\Program Files\Synaptics

2018-06-02 18:32 - 2018-06-02 18:32 - 000000000 ____D C:\WINDOWS\Setup

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\zu-ZA

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\yo-NG

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\xh-ZA

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\wo-SN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\vi-VN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ur-PK

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ug-CN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\tt-RU

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\tn-ZA

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\tk-TM

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ti-ET

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\te-IN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ta-IN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\sw-KE

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\sq-AL

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\si-LK

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\rw-RW

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\quz-PE

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\prs-AF

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\pa-IN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\or-IN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\nso-ZA

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\nn-NO

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ne-NP

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\mt-MT

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\mr-IN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\mn-MN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ml-IN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\mk-MK

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\mi-NZ

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\lo-LA

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\lb-LU

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ky-KG

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\kok-IN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\kn-IN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\km-KH

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\kk-KZ

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ka-GE

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\is-IS

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ig-NG

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\id-ID

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\hy-AM

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\gu-IN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\gd-GB

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ga-IE

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\fil-PH

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\fa-IR

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\cy-GB

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\bn-IN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\bn-BD

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\be-BY

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\as-IN

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\am-ET

2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\af-ZA

2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync

2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN

2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES

2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES

2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES

2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync

2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\system32\hi-IN

2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\system32\gl-ES

2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\system32\eu-ES

2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\system32\ca-ES

2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\Program Files\Reference Assemblies

2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\Program Files\MSBuild

2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies

2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\Program Files (x86)\MSBuild

2018-06-02 18:27 - 2018-06-02 15:19 - 000000000 ____D C:\WINDOWS\OCR

2018-06-02 18:24 - 2018-06-03 00:56 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep

2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm

2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN

2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr

2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts

2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\0409

2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\winrm

2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\WCN

2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\slmgr

2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts

2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\0409

2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\DigitalLocker

2018-06-02 18:20 - 2018-06-05 19:24 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2018-06-02 18:20 - 2018-06-05 19:24 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2018-06-02 18:16 - 2018-06-02 18:42 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template

2018-06-02 18:16 - 2018-06-02 18:10 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll

2018-06-02 18:16 - 2018-06-02 18:10 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat

2018-06-02 18:16 - 2018-06-02 18:10 - 000215943 _____ C:\WINDOWS\system32\dssec.dat

2018-06-02 18:16 - 2018-06-02 18:10 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll

2018-06-02 18:16 - 2018-06-02 18:10 - 000017572 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml

2018-06-02 18:16 - 2018-06-02 18:10 - 000004096 _____ C:\WINDOWS\system32\config\VSMIDK

2018-06-02 18:16 - 2018-06-02 18:10 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam

2018-06-02 18:16 - 2018-06-02 18:10 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json

2018-06-02 18:16 - 2018-06-02 18:10 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT

2018-06-02 18:16 - 2018-06-02 18:10 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT

2018-06-02 18:15 - 2018-06-09 12:16 - 000000000 ___HD C:\Program Files\WindowsApps

2018-06-02 18:15 - 2018-06-09 12:15 - 000000000 ____D C:\WINDOWS\DeliveryOptimization

2018-06-02 18:15 - 2018-06-09 12:15 - 000000000 ____D C:\WINDOWS\AppReadiness

2018-06-02 18:15 - 2018-06-09 10:40 - 000000000 ___HD C:\WINDOWS\ELAMBKUP

2018-06-02 18:15 - 2018-06-03 16:29 - 000000000 ___RD C:\Program Files (x86)

2018-06-02 18:15 - 2018-06-03 00:55 - 000000000 ____D C:\WINDOWS\LiveKernelReports

2018-06-02 18:15 - 2018-06-02 18:44 - 000000000 ____D C:\WINDOWS\system32\oobe

2018-06-02 18:15 - 2018-06-02 18:42 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase

2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12

2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ___SD C:\WINDOWS\system32\F12

2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\TextInput

2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata

2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism

2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\WinMetadata

2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns

2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\Dism

2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\appraiser

2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\ShellExperiences

2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\Provisioning

2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\Program Files\Windows Defender

2018-06-02 18:15 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\PolicyDefinitions

2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs

2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ___SD C:\WINDOWS\system32\dsc

2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs

2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup

2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe

2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI

2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\com

2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform

2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\setup

2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\MUI

2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\migwiz

2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\com

2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\IME

2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\Help

2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\Program Files\Windows Photo Viewer

2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\Program Files\Common Files\system

2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer

2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender

2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 __RSD C:\WINDOWS\media

2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui

2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ___SD C:\WINDOWS\system32\UNP

2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ___SD C:\WINDOWS\system32\Nui

2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files

2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ___RD C:\WINDOWS\Offline Web Pages

2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz

2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml

2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel

2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops

2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers

2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates

2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\system32\MsDtc

2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\system32\icsxml

2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\system32\ias

2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\system32\downlevel

2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\system32\DDFs

2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\system32\Bthprops

2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers

2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\L2Schemas

2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\Cursors

2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\bcastdvr

2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\addins

2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\Program Files\Windows Portable Devices

2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\Program Files\Windows Multimedia Platform

2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices

2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 __SHD C:\Program Files\Windows Sidebar

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ___SD C:\WINDOWS\system32\Configuration

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\Web

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\Vss

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\tracing

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\TAPI

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ras

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\IME

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SystemResources

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SystemApps

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\winevt

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\ras

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\ProximityToast

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\PointOfService

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\NDF

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\Macromed

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\Ipmi

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\InputMethod

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\inetsrv

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\IME

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\hydrogen

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\config\TxR

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\config\Journal

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\AppLocker

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\System

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SKB

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\security

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\schemas

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SchCache

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\Resources

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\rescache

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\PLA

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\Performance

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\ModemLogs

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\InputMethod

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\Globalization

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\Branding

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\Program Files\Windows Security

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\Program Files\windows nt

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\Program Files\Common Files\Services

2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\Program Files (x86)\windows nt

2018-06-02 18:15 - 2018-06-02 15:32 - 000000000 ____D C:\WINDOWS\Registration

2018-06-02 18:15 - 2018-06-02 15:31 - 000000000 __RHD C:\Users\Public\Libraries

2018-06-02 18:15 - 2018-06-02 15:30 - 000000000 ____D C:\WINDOWS\system32\FxsTmp

2018-06-02 18:15 - 2018-06-02 15:19 - 000000000 ____D C:\WINDOWS\system32\spool

2018-06-02 18:15 - 2018-06-02 15:17 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2018-06-02 18:15 - 2018-06-02 15:09 - 000000000 ____D C:\Program Files\Common Files\microsoft shared

2018-06-02 18:15 - 2018-06-02 15:08 - 000000000 ____D C:\WINDOWS\appcompat

2018-06-02 18:15 - 2018-06-02 15:02 - 000000000 ____D C:\WINDOWS\system32\Sysprep

2018-06-02 18:15 - 2018-06-02 14:58 - 000000000 ____D C:\ProgramData\USOPrivate

2018-06-02 18:15 - 2018-06-02 14:55 - 000000000 ___RD C:\WINDOWS\PrintDialog

2018-06-02 18:15 - 2018-06-02 14:55 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2018-06-02 18:15 - 2018-06-02 14:46 - 000000000 ____D C:\WINDOWS\system32\config\RegBack

2018-06-02 18:12 - 2018-06-09 12:04 - 000000000 ____D C:\WINDOWS\INF

2018-06-02 18:01 - 2018-06-09 12:18 - 000000000 ____D C:\WINDOWS\CbsTemp

2018-06-02 17:49 - 2018-06-09 15:26 - 087818240 _____ C:\WINDOWS\system32\config\SOFTWARE

2018-06-02 17:49 - 2018-06-09 15:26 - 000028672 _____ C:\WINDOWS\system32\config\SAM

2018-06-02 17:49 - 2018-06-09 15:25 - 043515904 _____ C:\WINDOWS\system32\config\SYSTEM

2018-06-02 17:49 - 2018-06-09 15:25 - 000057344 _____ C:\WINDOWS\system32\config\SECURITY

2018-

Zyrus Campbell

#6 Android 8888

SWI Malware Tracker

Trusted Advisor*
1,120 posts

Posted 10 June 2018 - 06:52 AM

Hello Zyrus Campbell and welcome back!

I apologize for dropping the ball with this. Life caught up with me and I hadn't touched the laptop in over a month.

There is no problem at all. Okay, let's continue.

I see you ran FRST from E:\

Also, the FRST.txt log that you post is not complete and you did not post the content of the Addition.txt log as well.

Please move the executable FRST file to your computer Desktop and run a new scan. Then copy and paste the entire content of the two logs (FRST.txt and Addition.txt) for my review.

Thank you.

Android 8888

#7 Zyrus Campbell

Member

Full Member
35 posts

Posted 10 June 2018 - 11:56 AM

Ok, I misunderstood. Here are the results:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01

Ran by zC (administrator) on ZC (10-06-2018 13:40:43)

Running from C:\Users\zC\Desktop