10 replies to this topic

[NextStep]

Brand new laptop, so naffed off!      Acer Aspire 3  -  Windows 10

 

Memory is not great but....

 

Whilst using the laptop about two weeks ago it suddenly turned itself off. I tried powering it back on and just got a black screen. After turning it off and on several times it started up properly (or so I thought)

First thing I noticed was the first screen that comes up (screen saver? wallpaper?) had gone back to the default one. Next was, some of the desktop icons wouldn't work - Power off/sleep, settings, search, task view, clock/date etc. Only ones that worked were Firefox, file explorer. Also when I click on my mail icon I get an error message - explorer.exe - "class not registered"

 

I downloaded and ran Adwcleaner as I have found it to be thorough. It found 18 but only fixed 17. So I will start with that log file and then copy/paste others if thats ok?.

 

 

 

# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build:    04-27-2018
# Database: 2018-05-02.2
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    05-03-2018
# Duration: 00:00:04
# OS:       Windows 10 Home
# Cleaned:  17
# Failed:   1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Users\SthCo\AppData\Local\Host App Service
Deleted       C:\Users\Public\Desktop\..\App Explorer

***** [ Files ] *****

Deleted       C:\Users\Public\Desktop\eBay.lnk
Deleted       C:\Windows\System32\Tasks_Migrated\App Explorer

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted       C:\Windows\System32\Tasks\FreeDownloadManagerNetworkMonitor
Deleted       C:\Windows\System32\Tasks\App Explorer

***** [ Registry ] *****

Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Deleted       HKCU\Software\Host App Service
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeDownloadManagerNetworkMonitor
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\OverlayIcon.DLL
Deleted       HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL
Deleted       HKLM\Software\Wow6432Node\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
Deleted       HKLM\Software\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
Deleted       HKLM\Software\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E137F9A8-F159-4AD4-879F-4F1B174A9BB0}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

Not Deleted   __MSG_appName__

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************


########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

 

 

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 03rd May, 2018
Running from:C:\Users\SthCo\OneDrive\Desktop (16:45:45 - 05/05/2018)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled
Internet Explorer 11
Default Browser: Firefox
***------------Antivirus - Antispyware - Firewall-----------***
Windows Defender (Disabled - up to Date)
Norton Security (Enabled - up to Date)
Malwarebytes (Enabled - up to Date)
Malwarebytes (Enabled - up to Date)
Norton Security (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
Norton Security Firewall (Enabled)
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI is not installed
Malwarebytes (3.4.5.2467)
Mozilla Firefox (59.0.3)

***----------------Analysis Complete-------------------------***

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.05.2018
Ran by SthCo (administrator) on LAPTOP-KBGPHM51 (05-05-2018 16:41:25)
Running from C:\Users\SthCo\OneDrive\Desktop
Loaded Profiles: SthCo (Available Profiles: SthCo)
Platform: Windows 10 Home Version 1709 16299.371 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Acer Cloud Technology) C:\Program Files\WindowsApps\AcerIncorporated.AcerPortal_1.1.9.0_x86__48frkmn4z8aw4\Acer Portal\acer\ccd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.14.0.54\nortonsecurity.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.14.0.54\nortonsecurity.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Collection\ACEMon.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Users\SthCo\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\FileCoAuth.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\SthCo\OneDrive\Desktop\FRST.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
HKU\S-1-5-21-1472495051-1772555074-1016449411-1001\...\Run: [RemoteFilesTrayIcon] => C:\ProgramData\acer\abFiles\launchFiles.exe [27352 2017-05-17] ()
HKU\S-1-5-21-1472495051-1772555074-1016449411-1001\...\Run: [AcerPortal] => C:\ProgramData\acer\Acer Portal\launchPortal.exe [25816 2017-06-07] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{3a5201de-de6f-496a-bf4a-df967eed7671}: [DhcpNameServer] 40.33.1.55
Tcpip\..\Interfaces\{ece7c19d-309a-4992-ad4c-23e2b051e1d2}: [DhcpNameServer] 192.168.0.1 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-1472495051-1772555074-1016449411-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-1472495051-1772555074-1016449411-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-05-05] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-05] (Microsoft Corporation)

Edge:
======
Edge Extension: (AutoFormFill) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [2017-09-29]
Edge Extension: (LearningTools) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [2018-04-11]

FireFox:
========
FF DefaultProfile: hdl1r5g9.default-1523386581439
FF ProfilePath: C:\Users\SthCo\AppData\Roaming\Mozilla\Firefox\Profiles\hdl1r5g9.default-1523386581439 [2018-05-05]
FF Homepage: Mozilla\Firefox\Profiles\hdl1r5g9.default-1523386581439 -> hxxps://www.google.co.uk/
FF Extension: (Grammarly for Firefox) - C:\Users\SthCo\AppData\Roaming\Mozilla\Firefox\Profiles\hdl1r5g9.default-1523386581439\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2018-04-21]
FF Extension: (Amazon Assistant for Firefox) - C:\Users\SthCo\AppData\Roaming\Mozilla\Firefox\Profiles\hdl1r5g9.default-1523386581439\Extensions\abb-acer@amazon.com.xpi [2018-04-13]
FF Extension: (iCloud Bookmarks) - C:\Users\SthCo\AppData\Roaming\Mozilla\Firefox\Profiles\hdl1r5g9.default-1523386581439\Extensions\firefoxdav@icloud.com.xpi [2018-04-11]
FF Extension: (To Google Translate) - C:\Users\SthCo\AppData\Roaming\Mozilla\Firefox\Profiles\hdl1r5g9.default-1523386581439\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2018-04-11]
FF Extension: (AdBlock) - C:\Users\SthCo\AppData\Roaming\Mozilla\Firefox\Profiles\hdl1r5g9.default-1523386581439\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2018-04-28]
FF Extension: (English (US) Language Pack) - C:\Users\SthCo\AppData\Roaming\Mozilla\Firefox\Profiles\hdl1r5g9.default-1523386581439\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2018-04-11]
FF Extension: (Mozilla Partner Defaults) - C:\Users\SthCo\AppData\Roaming\Mozilla\Firefox\Profiles\hdl1r5g9.default-1523386581439\Extensions\partnerdefaults@mozilla.com [2018-04-11] [Legacy]
FF Extension: (S3.Translator) - C:\Users\SthCo\AppData\Roaming\Mozilla\Firefox\Profiles\hdl1r5g9.default-1523386581439\Extensions\s3google@translator.xpi [2018-04-10]
FF Extension: (Popup-Blocker) - C:\Users\SthCo\AppData\Roaming\Mozilla\Firefox\Profiles\hdl1r5g9.default-1523386581439\Extensions\{0fde9597-0508-47ff-ad8a-793fa059c4e7}.xpi [2018-04-11]
FF Extension: (Reverse image search using various search engines, such as Google, Bing, Yandex, Baidu and TinEye.) - C:\Users\SthCo\AppData\Roaming\Mozilla\Firefox\Profiles\hdl1r5g9.default-1523386581439\Extensions\{2e5ff8c8-32fe-46d0-9fc8-6b8986621f3c}.xpi [2018-05-02]
FF Extension: (Adblock Plus) - C:\Users\SthCo\AppData\Roaming\Mozilla\Firefox\Profiles\hdl1r5g9.default-1523386581439\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-04-25]
FF Extension: (Acer Locale Fix) - C:\Users\SthCo\AppData\Roaming\Mozilla\Firefox\Profiles\hdl1r5g9.default-1523386581439\features\{d73de8e6-7637-4835-b3e5-511b5a475b93}\acer-locale-fix@mozilla.org.xpi [2018-05-02] [Legacy]
FF Extension: (Amazon Assistant for Firefox) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\abb-acer@amazon.com [2017-12-20] [Legacy]
FF Extension: (English (US) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-en-US@firefox.mozilla.org [2017-12-20] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\partnerdefaults@mozilla.com [2017-12-20] [Legacy]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-04-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-04-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-04-09] (Google Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.14.0.54\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.14.0.54\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2017-04-24] (Windows ® Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2272472 2017-06-07] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8566440 2018-04-23] (Microsoft Corporation)
S2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [83992 2017-08-23] (Dashlane, Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] () [File not signed]
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.14.0.54\NortonSecurity.exe [328712 2018-04-04] (Symantec Corporation)
S3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [461616 2017-06-06] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [506672 2017-06-06] (Acer Incorporated)
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [299824 2017-05-23] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34672 2017-05-12] (Advanced Micro Devices, Inc)
R3 amdi2c; C:\WINDOWS\System32\drivers\amdi2c.sys [54128 2017-05-12] (Advanced Micro Devices, Inc)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-16] (Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0315893.inf_amd64_c7f492d4318c2a29\atikmdag.sys [36557720 2017-07-14] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0315893.inf_amd64_c7f492d4318c2a29\atikmpag.sys [528792 2017-07-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243048 2017-06-16] (Advanced Micro Devices, Inc. )
R3 amduart; C:\WINDOWS\System32\drivers\amduart.sys [91640 2017-05-12] (Advanced Micro Devices, Inc)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110088 2017-04-26] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.9.2.3\Definitions\BASHDefs\20180425.001\BHDrvx64.sys [1879632 2018-04-04] (Symantec Corporation)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [605616 2017-04-24] (Qualcomm)
R1 ccSet_NGC; C:\WINDOWS\system32\drivers\NGCx64\160E000.036\ccSetx64.sys [187544 2018-04-04] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-04-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153168 2018-04-09] (Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76192 2018-03-19] ()
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.9.2.3\Definitions\IPSDefs\20180504.061\IDSvia64.sys [1299024 2018-04-09] (Symantec Corporation)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [22320 2017-06-06] (Acer Incorporated)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193768 2018-05-05] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-05-05] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-05-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-05-05] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [102112 2018-05-05] (Malwarebytes)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [15664 2017-06-06] (Acer Incorporated)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [1849752 2017-09-29] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [954368 2017-04-18] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [782304 2017-06-29] (Realsil Semiconductor Corporation)
R1 SRTSP; C:\WINDOWS\System32\Drivers\NGCx64\160E000.036\SRTSP64.SYS [835664 2018-04-04] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NGCx64\160E000.036\SRTSPX64.SYS [49232 2018-04-04] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\160E000.036\SYMEFASI64.SYS [1942096 2018-04-04] (Symantec Corporation)
S4 SymELAM; C:\WINDOWS\system32\drivers\NGCx64\160E000.036\SymELAM.sys [24608 2018-04-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-04-30] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NGCx64\160E000.036\Ironx64.SYS [307792 2018-04-04] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\NGCx64\160E000.036\SYMNETS.SYS [566936 2018-04-04] (Symantec Corporation)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [66144 2016-09-06] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\system32\drivers\NGCx64\160E000.036\wpCtrlDrv.sys [1007592 2018-04-04] (Symantec Corporation)

========================== Drivers MD5 =======================

C:\WINDOWS\System32\drivers\1394ohci.sys 08312DEEF0D3F8647AA53AD90A69094E
C:\WINDOWS\System32\drivers\3ware.sys 645009E711BBF117CCEE917A03FB0CDD
C:\WINDOWS\System32\drivers\ACPI.sys 334BAC25FE297342B119730E699B826C
C:\WINDOWS\System32\drivers\AcpiDev.sys 44EA35A4B397898A83BF1B9B4B8DAE35
C:\WINDOWS\System32\Drivers\acpiex.sys 91D113A1532B8AB1E25B7DE5AB3C2F83
C:\WINDOWS\System32\drivers\acpipagr.sys 620BB2682BA625DF037072D89F44F6EE
C:\WINDOWS\System32\drivers\acpipmi.sys B9805A3C479390CEAEA5AEF5E4A90A2E
C:\WINDOWS\System32\drivers\acpitime.sys ABD4EB55C661143B015BD0B9B47B235C
C:\WINDOWS\System32\drivers\ADP80XX.SYS 8C58BD711FAD5F11E8CFDBC5CED973A5
C:\WINDOWS\system32\drivers\afd.sys 9619C0D7DB55CC3A636A24A7D82B0C8E
C:\WINDOWS\System32\DRIVERS\ahcache.sys DCE606F0E15E0FB75ECC02EBB3DEFA9C
C:\WINDOWS\System32\drivers\amdgpio2.sys 80110D23E6581A7CFFEAC4F5D3C319A5
C:\WINDOWS\System32\drivers\amdi2c.sys AE2A5372495129DA6A561CC3E8E5F6AC
C:\WINDOWS\System32\drivers\amdk8.sys 654824DF0CE32C9D274C1943DEB19AEA
C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys 534D8A02188C2F78C90E6E79B1159259
C:\WINDOWS\System32\DriverStore\FileRepository\c0315893.inf_amd64_c7f492d4318c2a29\atikmdag.sys 3BEB33976C3AE80C3E8DF1EE2EB94120
C:\WINDOWS\System32\DriverStore\FileRepository\c0315893.inf_amd64_c7f492d4318c2a29\atikmpag.sys 9CD4C9F50FE9E929B230936C289EEFA5
C:\WINDOWS\System32\drivers\amdppm.sys 12C4246CE1B769B720BE0848F75AB4C1
C:\WINDOWS\System32\DRIVERS\amdpsp.sys 9161CACD4C916953AE94943907D2EC81
C:\WINDOWS\System32\drivers\amdsata.sys F1C16AABA27E9E153AEC7BD2AB853F30
C:\WINDOWS\System32\drivers\amdsbs.sys C834D0F1ECB8473E9E6D18EE1BCEECB2
C:\WINDOWS\System32\drivers\amduart.sys 76819FA364A1DCE690F460A27BEBB380
C:\WINDOWS\System32\drivers\amdxata.sys 49203D2FFE30CBB36BE66A0E70F3D954
C:\WINDOWS\System32\drivers\appid.sys 38DC4D8B1BD5DA43179EEA726BD05249
C:\WINDOWS\System32\drivers\applockerfltr.sys 1E085E2302D568F0CE041732B3E887B0
C:\WINDOWS\System32\drivers\arcsas.sys B42C83DE28776B80DBA1310C56DD4F74
C:\WINDOWS\System32\drivers\asyncmac.sys C2151380227CD1F7DDA2401C1F151367
C:\WINDOWS\System32\drivers\atapi.sys 6191B9B2EE0E8CB957C683B9B341CC86
C:\WINDOWS\system32\drivers\AtihdWT6.sys B10B0DAB003CDB363003CDB6CB2DD52D
C:\WINDOWS\System32\drivers\bxvbda.sys A921805C1ED3253DF48FCA4D724173EB
C:\WINDOWS\System32\drivers\bam.sys 3CC12A09AE7293F4CD1688117B46B9BB
C:\WINDOWS\System32\drivers\BasicDisplay.sys 2A7267AA15E508F6D05A5B562F1FD1CE
C:\WINDOWS\System32\drivers\BasicRender.sys FAFAEDFC7CAFD8B8FADA6A81BAF92E3A
C:\WINDOWS\System32\drivers\bcmfn2.sys 739D089777D2B66DBE7201E5EA4BA2D7
C:\Windows\System32\Drivers\Beep.sys 355D162E52819C19396FB01A8E005A1F
C:\Program Files\Norton Security\NortonData\22.9.2.3\Definitions\BASHDefs\20180425.001\BHDrvx64.sys D835A5104CAB33407EDE2CA5325C26A6
C:\WINDOWS\System32\DRIVERS\bowser.sys 8843185CC8F60801C06812799584F6EB
C:\WINDOWS\system32\DRIVERS\btfilter.sys 142C50117583F904B742130905465452
C:\WINDOWS\System32\drivers\BthAvrcpTg.sys A4863B7B1F0DB513D6E34547BACC211A
C:\WINDOWS\System32\drivers\BthEnum.sys 82BD96D56574231AD0E9BBF293EA2E7F
C:\WINDOWS\System32\drivers\bthhfenum.sys 9C9EE272C11252C651C5DE6A1AC1EDAA
C:\WINDOWS\System32\drivers\BthHFHid.sys 69734E386826ED857C889330F35B4D9C
C:\WINDOWS\system32\DRIVERS\bthl2cap.sys 338B8D45C7DFB03DB7957188E16C9661
C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys 47BF82E2A6D11279C8501E08518AB835
C:\WINDOWS\System32\drivers\bthmodem.sys A94AFAEA86F5F792BB4ECA095B231464
C:\WINDOWS\System32\drivers\bthpan.sys 4F58D8C265FFA943878CF7F922432847
C:\WINDOWS\System32\drivers\BTHport.sys CC98DC94BB904EEADD22242535DF83DB
C:\WINDOWS\System32\drivers\BTHUSB.sys 55C836530A9602255BFB4F5D9DA2B737
C:\WINDOWS\System32\drivers\bttflt.sys 39E7437FC59CDD7A303ABD514E462E8B
C:\WINDOWS\System32\drivers\buttonconverter.sys 522888590B0C19BC8128119060AE7901
C:\WINDOWS\System32\drivers\CAD.sys 2AB01CE5E233A6FBA3E91BD57772AA4B
C:\WINDOWS\System32\drivers\capimg.sys F6F97879F53AD57194C6BC8272FD73EA
C:\WINDOWS\system32\drivers\NGCx64\160E000.036\ccSetx64.sys 64AA35CA5D1C56853D00AE64352548CB
C:\WINDOWS\System32\DRIVERS\cdfs.sys 9E82A95D77AC78C84BA75FF896B060BF
C:\WINDOWS\System32\drivers\cdrom.sys 6D83565C1652E80447EDEA6947FA89D7
C:\WINDOWS\System32\drivers\cht4sx64.sys D81954CE5E016FD716EDDB2B2FD9BA58
C:\WINDOWS\System32\drivers\cht4vx64.sys F9A8570805807FFD66488F0A858E1308
C:\WINDOWS\System32\drivers\circlass.sys 9798D58461706930190F1F2F6BF21D80
C:\WINDOWS\System32\drivers\cldflt.sys 6AF3865AEF65623814209794409AA15F
C:\WINDOWS\System32\drivers\CLFS.sys 33609EDF8062E8FE79DD5F9079E4D3CE
C:\WINDOWS\System32\drivers\CmBatt.sys 2BA3BA38B5A6A667B0EAEC477276707B
C:\WINDOWS\System32\Drivers\cng.sys 5FD7E04967054728203265A310ED8D4A
C:\WINDOWS\System32\DRIVERS\cnghwassist.sys C65AF00EF12A1755E7CA370B0C71935D
C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_9c1fb8f4db31c348\CompositeBus.sys A50300498D56B2448F3593D25478D508
C:\WINDOWS\System32\drivers\condrv.sys 65602B0DB49199647FECB2D1212147BE
C:\WINDOWS\System32\drivers\dam.sys 72BE43ABD786E86AAE7EA2193201E100
C:\WINDOWS\System32\Drivers\dfsc.sys FAEC08F583CAD06D4F057DBB733A03A1
C:\WINDOWS\System32\drivers\disk.sys 8C7FF86607E367E6319F7F637115D665
C:\WINDOWS\System32\drivers\dmvsc.sys 64009621AAF4BC6626BC1A623A26FAD1
C:\WINDOWS\System32\drivers\drmkaud.sys F4800922F4ABA619585CE320A72E6389
C:\WINDOWS\System32\drivers\dxgkrnl.sys EAC1B96AF31F554FC2ED24CEF8AB42D8
C:\WINDOWS\System32\drivers\evbda.sys C99D40C97841E0A7F0F90B8629593A97
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 03D20FD0DE4CA674F5F10FC78AB146C1
C:\WINDOWS\System32\drivers\EhStorClass.sys 260BBD6B1ED06298E509B452354EDB91
C:\WINDOWS\System32\drivers\EhStorTcgDrv.sys F3BEBDC1B9DBA32F183079EAE6244837
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys A841E787369DEAABEFBA5C9D6204422C
C:\WINDOWS\System32\drivers\errdev.sys 1B63CA857FD03FD0A5A1379F2996784F
C:\WINDOWS\system32\drivers\mbae64.sys 0AE7DAAA8524C8D1A4C2414296EF329E
C:\Windows\System32\Drivers\exfat.sys F1ACA42D448E3986565EA54275EEEA65
C:\Windows\System32\Drivers\fastfat.sys 0AF4B36754A6EAE794EE4398E219A9E1
C:\WINDOWS\System32\drivers\fdc.sys 7CD8426A33F06EB72BFEC51F7C264AF8
C:\WINDOWS\System32\drivers\filecrypt.sys DE51BBBCF358188F9736F031546F9908
C:\WINDOWS\System32\drivers\fileinfo.sys 822F664952B0F8D11BB6BD2F11779602
C:\WINDOWS\System32\drivers\filetrace.sys 5A4935682A0D47A4EAC4BE3C2ACF74D6
C:\WINDOWS\System32\drivers\flpydisk.sys 60641F22D1D38EAD197C25F0339C9712
C:\WINDOWS\System32\drivers\fltmgr.sys D38A250AE8335BC74808897B3C404F4D
C:\WINDOWS\System32\drivers\FsDepends.sys 0425D9D2A679060CC9755449779FBA54
C:\Windows\System32\Drivers\Fs_Rec.sys B962036CAADC05E466FEB165E0974587
C:\WINDOWS\System32\DRIVERS\fvevol.sys 2C8891C306C8F43A273BDB7C490E1C92
C:\WINDOWS\System32\drivers\vmgencounter.sys DFAB4D8FE39C64EAD3A4DCBA25AAFEE0
C:\WINDOWS\System32\drivers\genericusbfn.sys 8B34E3F794F652082D7E8AF112F71681
C:\WINDOWS\System32\Drivers\msgpioclx.sys 127C23F4720C8902A3AB0FEE12205317
C:\WINDOWS\System32\drivers\gpuenergydrv.sys 582578F031109BE65C15E1D8A45BA547
C:\WINDOWS\System32\drivers\HDAudBus.sys 99A34FD1F6431A10D8C3BB50E170D0F2
C:\WINDOWS\System32\drivers\HidBatt.sys 2443FC6EEB9CF092B62127D867901B02
C:\WINDOWS\System32\drivers\hidbth.sys 205043CDC16ADE85E252DD54AE925161
C:\WINDOWS\System32\drivers\hidi2c.sys B521DDDC9038C066B1B957BF063A531A
C:\WINDOWS\System32\drivers\hidinterrupt.sys 5AC0EBFA76E93273A806176D3178E986
C:\WINDOWS\System32\drivers\hidir.sys 366AC0E05EBF5D5C375F65CD8BC7F0DF
C:\WINDOWS\System32\drivers\hidusb.sys 7CB54D02746024648FCE184FC3F941FF
C:\WINDOWS\System32\drivers\HpSAMD.sys 835FB95D85D362057A72D21A48C2C7F8
C:\WINDOWS\System32\drivers\HTTP.sys E2F4638649D2157D8A863ADBEF99C2E5
C:\WINDOWS\System32\drivers\hvservice.sys 71E673C20651C2530A359F0D8B3B3E57
C:\WINDOWS\System32\Drivers\mshwnclx.sys 3737FE486929AFC48F1D10677B698E52
C:\WINDOWS\System32\drivers\hwpolicy.sys 3C65EBF7F1BFD98426C355D66876ECEE
C:\WINDOWS\System32\drivers\hyperkbd.sys E3BDE6C567ED5CD7B15B2E522C120D02
C:\WINDOWS\System32\drivers\HyperVideo.sys 1D7BBC4C6F33A4A6189AEA1509615DF9
C:\WINDOWS\System32\drivers\i8042prt.sys 56FF074E50F9042FD2856AB3418F4B18
C:\WINDOWS\System32\drivers\iagpio.sys B5EC43755E62591197DE5CBBDAA9FEB7
C:\WINDOWS\System32\drivers\iai2c.sys D8CA23F9C5FEF44296FDE1E005C06EC0
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys 7B769C9D19C013F94874C4B15D59A005
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys E0F1B3A2A70FABE3BE1C9140BB55E607
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys 89A869BCC0588A3009ECB875B09ECD39
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys 2E693DF3C02A0859DB8DE25772751100
C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\WINDOWS\System32\drivers\iaStorAV.sys 435883A27A376B125BD4DF888417C85F
C:\WINDOWS\System32\drivers\iaStorV.sys 7118E4390C4ACDE61E280CE52BCAF44E
C:\WINDOWS\System32\drivers\ibbus.sys 9DBE8C359ABACE1BE1BBAB687D114506
C:\Program Files\Norton Security\NortonData\22.9.2.3\Definitions\IPSDefs\20180504.061\IDSvia64.sys D4942452166D39049458995641641BEC
C:\WINDOWS\System32\drivers\IndirectKmd.sys 42CAF6216A6E516DC56BA319ACC7EEC5
C:\WINDOWS\system32\drivers\RTKVHD64.sys E784FC9991028BC13539E172EE3CEF0D
C:\WINDOWS\System32\drivers\intelide.sys 40943C1CD031ACE06A8374AD56B9E5EA
C:\WINDOWS\System32\drivers\intelpep.sys 327D9CCF5492543AEF3979F9EEAD02BE
C:\WINDOWS\System32\drivers\intelppm.sys 7344528DFD4484CF86F36E24E7CB59B1
C:\WINDOWS\System32\drivers\invdimm.sys 8387E90B551B9B7F32EDC69909591E9E
C:\WINDOWS\System32\drivers\iorate.sys E207078E0E1BB3524277DB9077E4148E
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys FD8F64B7B345E539F2EA7F72846F83B4
C:\WINDOWS\System32\drivers\IPMIDrv.sys 8AAB863E72A4F9C578FED2EE3541545B
C:\WINDOWS\System32\drivers\ipnat.sys 7BEC2AF23F586EFF0DB4DBF4331B0C70
C:\WINDOWS\System32\drivers\ipt.sys 35A54F19E703D4FE5919F812F6CC5D0A
C:\WINDOWS\system32\drivers\irda.sys BF933330256DEDAFA939BEBC46D060C7
C:\WINDOWS\System32\drivers\irenum.sys F88664A2A82DDA456180FFF95A771765
C:\WINDOWS\System32\drivers\isapnp.sys A3B7A93F32E110949CA01DDE7C6B991B
C:\WINDOWS\System32\drivers\msiscsi.sys 68B971E7200EC9013BF90BC72B66110A
C:\WINDOWS\System32\drivers\kbdclass.sys E320F986BBE0CD9324EA0A193EBF29B1
C:\WINDOWS\System32\drivers\kbdhid.sys AFF5DDCC1A79217C9526FF5E01A69E89
C:\WINDOWS\System32\drivers\kdnic.sys 916E62AF3386F7A74603E5C545F6FF2D
C:\WINDOWS\System32\Drivers\ksecdd.sys BE46CEF0F176D215B3FDF1C664B3D6A7
C:\WINDOWS\System32\Drivers\ksecpkg.sys 5F0A90AC0AA8C772B20AD71B87422838
C:\WINDOWS\system32\drivers\ksthunk.sys DD8C4726127CFE313233372D70787C37
C:\WINDOWS\System32\drivers\lltdio.sys 56B6326B15A14043C82ED9EA3B817E2C
C:\WINDOWS\System32\drivers\LMDriver.sys BA35694625114B227BF6F84E8B4F4E63
C:\WINDOWS\System32\drivers\lsi_sas.sys 20048BEE892138A745B1C23EBB0E069F
C:\WINDOWS\System32\drivers\lsi_sas2i.sys 9EAB16572B576979D585DDEDB12417CD
C:\WINDOWS\System32\drivers\lsi_sas3i.sys 3B7B359C0870317106DF3438D4FF491D
C:\WINDOWS\System32\drivers\lsi_sss.sys 2DE03BA338A4B0ACDB416A30F1C7D56F
C:\WINDOWS\system32\drivers\luafv.sys 9A497169E145FCE2D8AA7DBC67377F64
C:\WINDOWS\System32\drivers\mausbhost.sys BF56CB9D02DEE8CA9CBA50220BE16F15
C:\WINDOWS\System32\drivers\mausbip.sys 01BDEE1FFF6D2216797DFEE4ABD937D9
C:\WINDOWS\System32\Drivers\MbamChameleon.sys A276E01963EB0D8685AE56C40FFC0E86
C:\WINDOWS\System32\DRIVERS\farflt.sys 556F12926B94D36821D4ABFC6F02EB1D
C:\WINDOWS\system32\DRIVERS\mbam.sys 84DED95846466C5BB53407288B074F52
C:\WINDOWS\System32\Drivers\mbamswissarmy.sys 351BF8F77B0A15A7B5A2AE098C52A387
C:\WINDOWS\system32\DRIVERS\mwac.sys AAEEB331DDE8596F4522316E4420ACB6
C:\WINDOWS\System32\drivers\megasas.sys C7B8B5053D646CBD30BE1BA6B487D396
C:\WINDOWS\System32\drivers\MegaSas2i.sys EB8ED3204499DDB2D3BA094A4563EE3E
C:\WINDOWS\System32\drivers\megasr.sys F1C1D4E752DE1D58295040E5BE8813AF
C:\WINDOWS\System32\drivers\mlx4_bus.sys 16B078D1089FEA98710C9D07C152DCEE
C:\WINDOWS\system32\drivers\mmcss.sys 20C57CE47B1A877C48A4B68E9A4E21FA
C:\WINDOWS\System32\drivers\modem.sys A4467A5C080318F0CCCF5ED463821F8B
C:\WINDOWS\System32\drivers\monitor.sys 78BE85C1F1C7F3AF6C87BCE127007D5A
C:\WINDOWS\System32\drivers\mouclass.sys 8E262B34A8BD184B4B3025AA8C396B00
C:\WINDOWS\System32\drivers\mouhid.sys C094A555F148495EA130D3BBC5232D5E
C:\WINDOWS\System32\drivers\mountmgr.sys 8209AC7D3F8AF41E3A14D022CD1F2040
C:\WINDOWS\System32\drivers\mpsdrv.sys F36E4074C66DD31855A8D79EF0AE8066
C:\WINDOWS\system32\drivers\mrxdav.sys 215D672CB71987CD98EB2298EFB84DDC
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 71729B1EE949E1B092CB5CB75CC63715
C:\WINDOWS\System32\DRIVERS\mrxsmb10.sys 6537678DEEA2A5B079052D75E21E46DA
C:\WINDOWS\System32\DRIVERS\mrxsmb20.sys 87FF93E7420C9068C0D5B2F3109809F4
C:\WINDOWS\System32\drivers\bridge.sys 167408B38458ECAE545C57527BC99024
C:\Windows\System32\Drivers\Msfs.sys DC23D3D24C64BF3A314E34887AD86732
C:\WINDOWS\System32\drivers\msgpiowin32.sys 6DDDFCAB646BBBCFC583135C4430E10F
C:\WINDOWS\System32\drivers\mshidkmdf.sys 01C6A86BEA8279E557A5056148F068BF
C:\WINDOWS\System32\drivers\mshidumdf.sys F65ABC7DE945047147F17330F79732CB
C:\WINDOWS\System32\drivers\msisadrv.sys 05B23012427801E710BDD12720B9020B
C:\WINDOWS\System32\drivers\MSKSSRV.sys 021C34C1968B78ACFBF30553EE78A1D3
C:\WINDOWS\System32\drivers\mslldp.sys C3F5EA6B9041A30B4F11BE2E7863E487
C:\WINDOWS\System32\drivers\MSPCLOCK.sys 601D666820F0408B896791D19BE6D258
C:\WINDOWS\System32\drivers\MSPQM.sys 46E61FBA0097E48E5628C74A3F72233A
C:\Windows\System32\Drivers\MsRPC.sys 3B6127DB162A2B1B0DA2F35BA77F12F1
C:\WINDOWS\System32\drivers\mssmbios.sys CBD56E0B55FB3672BA80382EC2F8835C
C:\WINDOWS\System32\drivers\MSTEE.sys 5734B2A36D3BB13A638E5305EEEC582D
C:\WINDOWS\System32\drivers\MTConfig.sys 85270E0DC6907C6B99F72A36F17AED34
C:\WINDOWS\System32\Drivers\mup.sys DD673D9422457EFCCDEE45C73C0DF241
C:\WINDOWS\System32\drivers\mvumis.sys 3C57FF3BCF496D24C39C2198158864BB
C:\WINDOWS\System32\DRIVERS\nwifi.sys FD916B66910494DFF70C944FC38A2623
C:\WINDOWS\System32\drivers\ndfltr.sys 77B047B109CE758A017F58FAE5038D0D
C:\WINDOWS\System32\drivers\ndis.sys 25D126EFFEC0B117DA4C81F7AE6C99FC
C:\WINDOWS\System32\drivers\ndiscap.sys 067AE5BA349CC35AF8975D22DC483DDF
C:\WINDOWS\System32\drivers\NdisImPlatform.sys 6FC4D7EB5D38CFB7966405036116F065
C:\WINDOWS\System32\DRIVERS\ndistapi.sys ED7CC4E16B76B2603C9F827188EA63B4
C:\WINDOWS\System32\drivers\ndisuio.sys E9676E94DEA144259344A15D68785B17
C:\WINDOWS\System32\drivers\NdisVirtualBus.sys DC1D26D62F40B7552BCF49D92774F0C5
C:\WINDOWS\System32\drivers\ndiswan.sys 66F56AC744101DB870934D0EB31C2426
C:\WINDOWS\System32\DRIVERS\ndiswan.sys 66F56AC744101DB870934D0EB31C2426
C:\WINDOWS\System32\DRIVERS\NDProxy.sys 8ABF5B8D5839F8DAE2E0D3165AE732F6
C:\WINDOWS\System32\drivers\Ndu.sys A791792DC412CCD83DA0AF6871682552
C:\WINDOWS\System32\drivers\NetAdapterCx.sys BE79982A50AC88BC0765F3AFECFCB596
C:\WINDOWS\System32\drivers\netbios.sys 80475A12D4AA90937CE69265BAFA993F
C:\WINDOWS\System32\DRIVERS\netbt.sys E5C5E6ED3949546E2ACA79B6A3817202
C:\WINDOWS\System32\drivers\netvsc.sys 8AED8AF4CBF661E82CF74CBF198B0C56
C:\Windows\System32\Drivers\Npfs.sys EFF488F6DA45224965B30CE1AB464C08
C:\WINDOWS\System32\drivers\npsvctrig.sys 5CB8082E51DE7D19042F0FF8C517CB0D
C:\WINDOWS\System32\drivers\nsiproxy.sys 201F3764A379001168DFB2B90F7C1E57
C:\Windows\System32\Drivers\NTFS.sys ADF52C1A5831EA1009382B3BE3A204B3
C:\Windows\System32\Drivers\Null.sys 6D8A287B88F76EB47ACC6BF8E318E1FD
C:\WINDOWS\System32\drivers\nvdimmn.sys 532F27A2B62D70C327E763F035AED6C1
C:\WINDOWS\System32\drivers\nvraid.sys 7E04652EB1A476BC0A72ECDC613AF0C5
C:\WINDOWS\System32\drivers\nvstor.sys 880B3E874914DAEF97119876543AE117
C:\WINDOWS\System32\drivers\parport.sys 2E07EC2C1622F5E7B535D62DCD61F3AB
C:\WINDOWS\System32\drivers\partmgr.sys 681E8A68C13253D23B93953FDE569120
C:\WINDOWS\System32\drivers\pci.sys 38FABAC2072FC9E6459F7B7ECF3F6C47
C:\WINDOWS\System32\drivers\pciide.sys E5AF806815ED797086629741F29E4156
C:\WINDOWS\System32\drivers\pcmcia.sys 2A631D447B988AFBE847CBAA8E5CC298
C:\WINDOWS\System32\drivers\pcw.sys 6F55F5AD830F8EA1D37ED23A0CBD7112
C:\WINDOWS\System32\drivers\pdc.sys 1796112EB89559910BC18865A29C8894
C:\WINDOWS\System32\drivers\peauth.sys 7D9F4EB1450CFB32D708BF943C170475
C:\WINDOWS\System32\drivers\percsas2i.sys 35FD028E4323018202C0B7D115FD3AEF
C:\WINDOWS\System32\drivers\percsas3i.sys F9F3D8BE9BC9241CC726197261362AC4
C:\WINDOWS\System32\drivers\pmem.sys 36D43EA5517F3F4AAAC8EE061C957EF1
C:\WINDOWS\System32\drivers\pnpmem.sys 59048555B59FD69287CFAB6022B5CC86
C:\WINDOWS\System32\drivers\raspptp.sys AACA74DEF7BE3DED322411787494878B
C:\WINDOWS\System32\drivers\processr.sys C009BE61D95CAD5F999D0F4785AEFB7B
C:\WINDOWS\System32\drivers\pacer.sys 5818FE76C3C6AE0CA723EBE483BF447F
C:\WINDOWS\system32\DRIVERS\Qcamain10x64.sys E8A44A8D55FCAFCDB56355B649650DAF
C:\WINDOWS\system32\drivers\qwavedrv.sys 16F9A6B593B52EB18F7ECB9D251BDF7A
C:\WINDOWS\System32\drivers\RadioShim.sys 29AA10A60A734CFD91AF0EA18CD022EA
C:\WINDOWS\System32\DRIVERS\ramdisk.sys 13600C467512147E99052806F2C1307A
C:\WINDOWS\System32\DRIVERS\rasacd.sys BD6EF1748DC3DBACEC97B87B6252AAC7
C:\WINDOWS\System32\drivers\AgileVpn.sys ED0EE10911C16AD8B21B9003C90E968F
C:\WINDOWS\System32\drivers\rasl2tp.sys E0220BB6580D34001D4D1D133052DAA4
C:\WINDOWS\System32\DRIVERS\raspppoe.sys 12EE1D92F4E5FAE4B6F65195A2016CE5
C:\WINDOWS\System32\drivers\rassstp.sys 91CE469015979E5B3C3DBC2C41A476E8
C:\WINDOWS\System32\DRIVERS\rdbss.sys BC808F726164F2EBF18E79B9AC7B70AF
C:\WINDOWS\System32\drivers\rdpbus.sys 9D7E65A15478944836C353B556F9CB87
C:\WINDOWS\System32\drivers\rdpdr.sys 39886C19FB466BBF8AEC31E3E77C034C
C:\WINDOWS\System32\drivers\rdpvideominiport.sys 4D1A63ACEC42A88E52AFC4E84A8CE9EE
C:\WINDOWS\System32\drivers\rdyboost.sys A4C3DC6530752AF3C78DAAC8B2B23EA7
C:\Windows\System32\Drivers\ReFS.sys FB0577F6BC9E07549CEACF5224327499
C:\Windows\System32\Drivers\ReFSv1.sys 4136BCA61BCDCC79DCE145F9CB639CD6
C:\WINDOWS\System32\drivers\rfcomm.sys 5BF7698021DB13B55753FD921BEBE318
C:\WINDOWS\System32\drivers\rhproxy.sys BBC228CA2F96B784B01FE7F1C5E3CFBB
C:\WINDOWS\System32\drivers\rspndr.sys 27B80E5766B114621980F82FB78E912A
C:\WINDOWS\System32\drivers\rt640x64.sys 5E912FAEB14D16E345FBAB6B1966409D
C:\WINDOWS\system32\DRIVERS\RtsPer.sys FAEE7E2ABA25F975F2A14551DF385609
C:\WINDOWS\System32\drivers\vms3cap.sys 96C14A080CE15E4D8A9C7AE526F7B804
C:\WINDOWS\System32\drivers\sbp2port.sys 324FA3C337EB54B43448F7B08444DC8D
C:\WINDOWS\System32\DRIVERS\scfilter.sys 62A33CE69DB508BCEC63F4D3BFF400CE
C:\WINDOWS\System32\drivers\scmbus.sys 7B057373146CC4E5A1F1DA665EA55DC7
C:\WINDOWS\System32\drivers\sdbus.sys 1F58E6D5C1F211DE8BF5131BF12077D1
C:\WINDOWS\System32\drivers\SDFRd.sys 6D3853838864886B4F10B074282772E0
C:\WINDOWS\System32\drivers\sdstor.sys 80E9563F0B75E98482ECB7D5CBA56BBA
C:\WINDOWS\System32\drivers\SerCx.sys 75A27472AFD009255DBDE52038E3BDB5
C:\WINDOWS\System32\drivers\SerCx2.sys 84005F54308109A022413D628E966412
C:\WINDOWS\System32\drivers\serenum.sys 40384793F74CFFA45BCC38DF65E978EC
C:\WINDOWS\System32\drivers\serial.sys 699470AD24D67908991A777716A352FD
C:\WINDOWS\System32\drivers\sermouse.sys 92453F065F52A8EF0328A926B2C9502F
C:\WINDOWS\System32\drivers\sfloppy.sys 1D8920C40F19B5FBA5F4897779840AD1
C:\WINDOWS\System32\drivers\SiSRaid2.sys A871F9CC9CF388DC7193D22EF8D8C8DF
C:\WINDOWS\System32\drivers\sisraid4.sys D30FC341550CC364880950152AE8B1C5
C:\WINDOWS\System32\drivers\spaceport.sys DA0AECA8222682F90C325E483E8115D4
C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys CCECE7E96B4F7B0E9F0FC82F6DADA917
C:\WINDOWS\System32\drivers\SpbCx.sys 545507AF670BC88B89200A118513ED9A
C:\WINDOWS\System32\Drivers\NGCx64\160E000.036\SRTSP64.SYS DACB8F3F3D6D2D5AE87290CD4DB514EB
C:\WINDOWS\system32\drivers\NGCx64\160E000.036\SRTSPX64.SYS ADC5796651019FAD495098A1B0E5DF16
C:\WINDOWS\System32\DRIVERS\srv.sys 4AC6919E5BCB24E53A2FB76C0CDBF7FE
C:\WINDOWS\System32\DRIVERS\srv2.sys CD568BE7C01EF3BA7CDA1CF36C37513C
C:\WINDOWS\System32\DRIVERS\srvnet.sys 43480B3EE4D23F5AA8EE7C6D83B09487
C:\WINDOWS\System32\drivers\stexstor.sys 162A805E13B3C0DD06AE8B6FC1900156
C:\WINDOWS\System32\drivers\storahci.sys D218EA2F4126629BEAC03555216CB506
C:\WINDOWS\System32\drivers\vmstorfl.sys 03B1F66AB47618A6123EB0631B57A31B
C:\WINDOWS\System32\drivers\stornvme.sys 15EA6F1F6BA9A0E2C8D32A6EB77129F8
C:\WINDOWS\System32\drivers\storqosflt.sys 15599E47C28DC511F0CA3B664A257728
C:\WINDOWS\System32\drivers\storufs.sys 4D6FF8DDBF9CC61EC95A4BF4096D52FF
C:\WINDOWS\System32\drivers\storvsc.sys 6FD2D01E4AD9494874A3A8BA74A8FA64
C:\WINDOWS\System32\drivers\swenum.sys 027B27E4B9DB3931D64159B81BD915A0
C:\WINDOWS\System32\drivers\NGCx64\160E000.036\SYMEFASI64.SYS 9EC50B85A00D8073E46CFCFCEAA67F6B
C:\WINDOWS\system32\drivers\NGCx64\160E000.036\SymELAM.sys B32953CF423A0CBBF344F57D23BDDDD3
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 9B6F1133F3FC40EFBAC5A6422205187D
C:\WINDOWS\system32\drivers\NGCx64\160E000.036\Ironx64.SYS 37351B0F319625F935A2F9C3AED0A6A9
C:\WINDOWS\System32\Drivers\NGCx64\160E000.036\SYMNETS.SYS 0DCEE5862BB0CD22474B921C2BA39AF2
C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys 1A98072E9B008D4FD85AF2B8BE94A2E8
C:\WINDOWS\System32\drivers\Synth3dVsc.sys 3D63A58A9DD3F984A7E3C2F2CB357E06
C:\WINDOWS\System32\drivers\tcpip.sys AE5CA8D3D81DCC76C5FFF1CD60E48606
C:\WINDOWS\System32\drivers\tcpip.sys AE5CA8D3D81DCC76C5FFF1CD60E48606
C:\WINDOWS\System32\drivers\tcpipreg.sys 74A1BF4093FA7B7D6C9366A39911A78E
C:\WINDOWS\system32\DRIVERS\tdx.sys 09125A12CAB5F8D5EAE9C83C25792FDD
C:\WINDOWS\System32\drivers\terminpt.sys B4B68E1DB59456419D9E49645729502A
C:\WINDOWS\System32\drivers\tpm.sys F54728E32D67537C5A13454E23449C7A
C:\WINDOWS\System32\drivers\TsUsbFlt.sys 8D811209E34358EAD3FD8E40F657E59C
C:\WINDOWS\System32\drivers\TsUsbGD.sys 68DE1735FB020AE8948BD7B60F2EBD3B
C:\WINDOWS\System32\drivers\tunnel.sys ACD39B0E5CFDA7B1AB7DF33FC5CC0E46
C:\WINDOWS\System32\drivers\uaspstor.sys 04FC2C7F73AE58BF0DD674164E28A6DF
C:\WINDOWS\System32\Drivers\UcmCx.sys E437FC4B1833F6B745184F78C4921FB8
C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys 950A3E42167904CAB9AA64863C31CEB5
C:\WINDOWS\System32\drivers\UcmUcsi.sys F520EF2D24C1B43A2151DCA271865271
C:\WINDOWS\System32\drivers\ucx01000.sys E6E91B3980A495D2A9D28A09580EA993
C:\WINDOWS\System32\drivers\udecx.sys DACA289DFFA7658C04FEF6DCFA2AA9CE
C:\WINDOWS\System32\DRIVERS\udfs.sys 12383D410AEF99AD6979A8EFD3D61888
C:\WINDOWS\System32\drivers\UEFI.sys AB7FE51D818B6059C2F56FA62268CCAC
C:\WINDOWS\System32\drivers\ufx01000.sys 58447F28E697A93521DD20530A8D50ED
C:\WINDOWS\System32\drivers\UfxChipidea.sys 69ED2D00A7787D9D84E6C90CE0B02B2D
C:\WINDOWS\System32\drivers\ufxsynopsys.sys F061EC57330FBC597A4E7298BE667780
C:\WINDOWS\System32\drivers\umbus.sys D40BCED160D332005AF612E1228825E6
C:\WINDOWS\System32\drivers\umpass.sys 64CF24D7B1FA4975C52A31BF4C82EB73
C:\WINDOWS\System32\drivers\urschipidea.sys ACE4C3B4C7D17B154FFC5BBE5F7A9835
C:\WINDOWS\System32\drivers\urscx01000.sys ECE40EB976A5ACB366808AECF6B235BA
C:\WINDOWS\System32\drivers\urssynopsys.sys EB738F830D3E7EA62A218F101EF91FD4
C:\WINDOWS\System32\drivers\usbccgp.sys B43E28E5CF868517EEC0923AB2BC366B
C:\WINDOWS\System32\drivers\usbcir.sys 1080D80B5F6D249F23BAE1C0C36233A4
C:\WINDOWS\System32\drivers\usbehci.sys EE162DA2C92026A5B96ED89737975AA8
C:\WINDOWS\System32\drivers\usbhub.sys C27FEE9758E3BEDE4D48B5EDBE1122CF
C:\WINDOWS\System32\drivers\UsbHub3.sys DAB1695B400DE19A9DEA686022FD1544
C:\WINDOWS\System32\drivers\usbohci.sys 44B954306BB2B311E070EDA276FECAB1
C:\WINDOWS\System32\drivers\usbprint.sys EEF26F9034F0608B93D4D239534BB0BA
C:\WINDOWS\system32\DRIVERS\usbscan.sys E55C9AF5EE8905879048118824B06816
C:\WINDOWS\System32\drivers\usbser.sys 446F2908C891A583BEA930226E37036E
C:\WINDOWS\System32\drivers\USBSTOR.SYS 441CAE778B6A1FF6E618E37814A7A52A
C:\WINDOWS\System32\drivers\usbuhci.sys 2D6BB2157B37B2D9DABF8C218F2A805B
C:\WINDOWS\System32\Drivers\usbvideo.sys 68788AE61B2E6A7D97CAD73B632F5BF5
C:\WINDOWS\System32\drivers\USBXHCI.SYS D4AF6826A473562C169B0916BFE3486C
C:\WINDOWS\System32\drivers\vdrvroot.sys BF13071600C1A0B090BEEC159A75B133
C:\WINDOWS\System32\drivers\VerifierExt.sys 9D4EEE333603F3675685F644053499D5
C:\WINDOWS\System32\drivers\vhdmp.sys 274D49BBF0F3C7F193BFC13434F2F08C
C:\WINDOWS\System32\drivers\vhf.sys E10FEBB566E1F0A3936AB304F338637E
C:\WINDOWS\System32\drivers\vmbus.sys 3093314480D83FB733A6069AB12D3DA1
C:\WINDOWS\System32\drivers\VMBusHID.sys 12723C0F54432B4A98702110B344B030
C:\WINDOWS\System32\drivers\vmgid.sys BCD144BFA4E13E0F74D852ADF283626E
C:\WINDOWS\System32\drivers\vnvdimm.sys D81F6B790519A60F3D1788B45D04B749
C:\WINDOWS\System32\drivers\volmgr.sys 4F91CD6C36DF2FDB91390082A116E602
C:\WINDOWS\System32\drivers\volmgrx.sys 6D6CACED512C1EF1FEAC215E37E3A9BC
C:\WINDOWS\System32\drivers\volsnap.sys 5B27846CF4B1C21AFB3A35A8336BA02F
C:\WINDOWS\System32\drivers\volume.sys 72A95A844D6BAF2924A4C15BEDFD6BCA
C:\WINDOWS\System32\drivers\vpci.sys 9198C53EE69D942217E2ACC29A01D605
C:\WINDOWS\System32\drivers\vsmraid.sys 075CE3C9E77D2666AFA888951E5F07A9
C:\WINDOWS\System32\drivers\vstxraid.sys 26D00E85BE4726B114335250FCDEDA89
C:\WINDOWS\System32\drivers\vwifibus.sys 3DFDB573E4D49EA8F416B573525B7A86
C:\WINDOWS\System32\drivers\vwififlt.sys A40FA64655AB5B8773A96A821616C5FC
C:\WINDOWS\System32\drivers\vwifimp.sys 0D34F98DBDF09D239533AC345C360F03
C:\WINDOWS\System32\drivers\wacompen.sys 5B5430522E0BDF2A753D758710BE7C5E
C:\WINDOWS\System32\DRIVERS\wanarp.sys E77B19FF6C2FFA5B19CDF62DA4953BC9
C:\WINDOWS\System32\DRIVERS\wanarp.sys E77B19FF6C2FFA5B19CDF62DA4953BC9
C:\WINDOWS\system32\drivers\wcifs.sys 0610F02EC87DBF6BA319CB1D6B8771AE
C:\WINDOWS\system32\drivers\wcnfs.sys 87F462C7D37F380187BE12F079F73216
C:\WINDOWS\system32\drivers\WdBoot.sys 6FD8F1FBED780A7F3DF329C834E52AC5
C:\WINDOWS\System32\drivers\Wdf01000.sys FCC960498E3CD899F0A429F7CF9E77AD
C:\WINDOWS\system32\drivers\WdFilter.sys 7D182F0F227FC141C5D2085175BE05F6
C:\WINDOWS\System32\DRIVERS\wdiwifi.sys 394CCCA2A8C04BA14327636F20AB9DAD
C:\WINDOWS\System32\Drivers\WdNisDrv.sys 0D38C257A7B34A818726BA2F323B196E
C:\WINDOWS\System32\drivers\wdnsfltr.sys DF58AA71FBA55E15F572C93447696DEC
C:\WINDOWS\System32\drivers\wfplwfs.sys C82198D3B33854D9578F9B09025E4293
C:\WINDOWS\System32\drivers\wimmount.sys C8D3FC38426E990E2787771678B19C6D
C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys 4499AB24236526E5CFCE817CD02EC034
C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys 813EE0F4D4B8D599DB1968682D080732
C:\WINDOWS\System32\drivers\winmad.sys E23475E9150E6A50B12DB176EA5CDD56
C:\WINDOWS\System32\drivers\winnat.sys 90DBE4DB3A8266C6E078EF6682E26B91
C:\WINDOWS\System32\drivers\WinUSB.SYS E92F3539C4758F6A9F4B80CBAC75B3E6
C:\WINDOWS\System32\drivers\winverbs.sys 59126AFCC64270747B5CC9B44A4A48F4
C:\WINDOWS\System32\drivers\wmiacpi.sys E8C793ED028E132771988760819E3754
C:\Windows\System32\Drivers\Wof.sys 8D6E6F6C233AF450C50FA615530B44D2
C:\WINDOWS\system32\drivers\NGCx64\160E000.036\wpCtrlDrv.sys EF72449BAD39CA0F6634643622DB9075
C:\WINDOWS\System32\drivers\WpdUpFltr.sys 9EAE1EF282864674355B4B81DF6AE935
C:\WINDOWS\system32\drivers\ws2ifsl.sys 367B3ED0C688AFE28C376B0230814567
C:\WINDOWS\System32\drivers\WudfPf.sys BD5E68B369DF3453A0A87663C6C5476D
C:\WINDOWS\System32\drivers\WUDFRd.sys A86A249314FD0A780214028B0C31A386
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys A86A249314FD0A780214028B0C31A386
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys A86A249314FD0A780214028B0C31A386
C:\WINDOWS\System32\drivers\xboxgip.sys 2244A4CEFE8F9C74091369ACE2E9EBC6
C:\WINDOWS\System32\drivers\xinputhid.sys 4A91B49C6B1E41151D47CB919ADF013A

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-05 16:15 - 2018-05-05 16:15 - 000000017 _____ C:\Users\SthCo\AppData\Local\resmon.resmoncfg
2018-05-05 16:07 - 2018-05-05 16:09 - 000102112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-05-05 16:07 - 2018-05-05 16:07 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-05-05 16:07 - 2018-05-05 16:07 - 000193768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-05-05 16:07 - 2018-05-05 16:07 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-05-05 16:07 - 2018-05-05 16:07 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-05-05 16:07 - 2018-05-05 16:07 - 000001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-05-05 16:07 - 2018-05-05 16:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-05 16:07 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-05-05 16:06 - 2018-05-05 16:06 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-05 16:06 - 2018-05-05 16:06 - 000000000 ____D C:\Program Files\Malwarebytes
2018-05-05 14:08 - 2018-05-05 14:08 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2018-05-05 14:04 - 2018-05-05 14:04 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-05-05 14:04 - 2018-05-05 14:04 - 000000000 ____D C:\Users\SthCo\AppData\Roaming\Skype
2018-05-05 14:04 - 2018-05-05 14:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strumenti di Microsoft Office
2018-05-05 13:48 - 2018-05-05 13:56 - 000001083 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2018-05-05 13:48 - 2018-05-05 13:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-05-05 13:48 - 2018-05-05 13:48 - 000000000 ____D C:\Program Files\VS Revo Group
2018-05-05 13:41 - 2018-05-05 14:36 - 000002166 _____ C:\Users\SthCo\Desktop\unhide.txt
2018-05-05 13:40 - 2018-05-05 13:40 - 000432592 _____ (Bleeping Computer, LLC) C:\Users\SthCo\Downloads\unhide.exe
2018-05-05 13:39 - 2018-05-05 13:39 - 007197480 _____ (VS Revo Group ) C:\Users\SthCo\Downloads\revosetup.exe
2018-05-05 13:12 - 2018-05-05 13:12 - 000000000 ____D C:\ProgramData\Emsisoft
2018-05-05 12:40 - 2018-05-05 13:19 - 000000000 ____D C:\EEK
2018-05-05 12:38 - 2018-05-05 12:39 - 330176160 _____ C:\Users\SthCo\Downloads\EmsisoftEmergencyKit.exe
2018-05-03 20:00 - 2018-05-03 20:00 - 000000000 ____D C:\Users\SthCo\AppData\Local\ESET
2018-05-03 19:54 - 2018-05-03 19:54 - 006968952 _____ (ESET spol. s r.o.) C:\Users\SthCo\Downloads\esetonlinescanner_enu.exe
2018-05-03 19:53 - 2018-05-05 16:41 - 000000000 ____D C:\FRST
2018-05-03 19:51 - 2018-05-03 19:51 - 002405376 _____ (Farbar) C:\Users\SthCo\Downloads\FRST64.exe
2018-05-03 19:32 - 2018-05-03 19:36 - 000000000 ____D C:\AdwCleaner
2018-05-03 19:31 - 2018-05-03 19:31 - 007271632 _____ (Malwarebytes) C:\Users\SthCo\Downloads\adwcleaner_7.1.1.exe
2018-05-03 12:31 - 2018-05-03 12:31 - 000000000 ____D C:\Users\SthCo\AppData\Roaming\CareCenter
2018-05-03 12:27 - 2018-05-03 12:28 - 000000000 ____D C:\WINDOWS\System32\Tasks\CareCenter
2018-05-03 10:20 - 2018-05-03 10:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-1472495051-1772555074-1016449411-1001
2018-05-03 10:10 - 2018-05-03 10:08 - 001146554 ____T C:\Users\SthCo\OneDrive\Documents\THE POWER OF DIATOMACEOUS EARTH.pdf
2018-05-02 18:21 - 2018-05-02 18:21 - 000114985 _____ C:\Users\SthCo\OneDrive\Documents\Your statement #9 from Leaders Limited for 52 Jervis Road  is attached..eml
2018-04-30 20:30 - 2018-05-05 13:34 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2018-04-30 20:30 - 2018-04-30 20:30 - 000003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2018-04-30 20:30 - 2018-04-30 20:30 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2018-04-29 20:58 - 2018-04-29 20:58 - 000000000 ____D C:\Users\SthCo\AppData\Local\CEF
2018-04-29 20:56 - 2018-04-29 20:56 - 051045224 _____ (FreeDownloadManager.ORG ) C:\Users\SthCo\Downloads\fdm5_x64_setup.exe
2018-04-26 18:49 - 2018-04-30 20:30 - 000099920 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2018-04-26 09:27 - 2018-04-26 09:27 - 007342872 _____ (Microsoft Corporation) C:\Users\SthCo\Downloads\setuplanguagepack.x64.it-it_.exe
2018-04-26 09:12 - 2018-04-26 09:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP610 series User Registration
2018-04-26 09:12 - 2018-04-26 09:12 - 000000000 ____D C:\ProgramData\CanonIJPLM
2018-04-26 09:10 - 2018-04-26 09:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD-LabelPrint
2018-04-26 09:10 - 2018-04-26 09:10 - 000000000 ____D C:\Program Files\Common Files\CANON
2018-04-26 09:10 - 2018-04-26 09:10 - 000000000 ____D C:\Program Files\Canon
2018-04-26 09:09 - 2018-04-26 09:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2018-04-26 09:09 - 2018-04-26 09:09 - 000002426 _____ C:\Users\Public\Desktop\MP610 series On-screen Manual.lnk
2018-04-26 09:09 - 2018-04-26 09:09 - 000000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2018-04-26 09:09 - 2018-04-26 09:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP610 series Manual
2018-04-26 09:09 - 2018-04-26 09:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP610 series
2018-04-26 09:08 - 2018-04-26 09:12 - 000000000 ____D C:\Program Files (x86)\Canon
2018-04-26 09:08 - 2018-04-26 09:08 - 000000000 ____D C:\Program Files\CanonBJ
2018-04-26 09:08 - 2007-04-15 22:00 - 000258560 _____ (CANON INC.) C:\WINDOWS\system32\CNMLM93.DLL
2018-04-26 09:08 - 2007-04-13 07:46 - 000246272 _____ (CANON INC.) C:\WINDOWS\system32\CNC610L.DLL
2018-04-26 09:08 - 2007-03-23 09:33 - 001439744 _____ (CANON INC.) C:\WINDOWS\system32\CNC610C.DLL
2018-04-26 09:08 - 2007-03-23 09:32 - 000092672 _____ (CANON INC.) C:\WINDOWS\system32\CNC610I.DLL
2018-04-26 09:08 - 2007-03-15 07:13 - 000229888 _____ (Canon Inc.) C:\WINDOWS\system32\CNC610O.DLL
2018-04-25 20:13 - 2018-04-25 20:13 - 000000000 ____D C:\ProgramData\CanonBJ
2018-04-25 18:56 - 2018-04-25 18:56 - 000339981 _____ C:\Users\SthCo\OneDrive\Documents\Medical History.pdf
2018-04-25 18:56 - 2018-04-25 18:56 - 000000000 ____D C:\Users\SthCo\AppData\LocalLow\Temp
2018-04-25 18:28 - 2018-04-25 18:28 - 000000000 ____D C:\Users\SthCo\OneDrive\Documents\Custom Office Templates
2018-04-17 17:11 - 2018-04-17 17:11 - 000000000 ____D C:\OneDriveTemp
2018-04-15 15:15 - 2018-04-15 15:15 - 000000000 ____D C:\Users\SthCo\abBox
2018-04-14 21:00 - 2018-05-05 12:20 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{452E6004-C5E8-4C44-BB93-C1A4A76CD100}
2018-04-14 18:29 - 2018-04-14 18:29 - 000000000 ____D C:\Users\SthCo\AppData\Local\acer
2018-04-14 18:18 - 2018-04-14 18:18 - 000000000 ____D C:\Users\SthCo\MicrosoftEdgeBackups
2018-04-14 18:18 - 2018-04-14 18:18 - 000000000 ____D C:\Users\SthCo\AppData\Local\MicrosoftEdge
2018-04-14 18:16 - 2018-04-14 18:16 - 000000000 ____D C:\Users\SthCo\AppData\Local\DBG
2018-04-12 20:06 - 2018-04-30 20:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2018-04-12 11:43 - 2018-05-03 18:47 - 000000000 ____D C:\WINDOWS\Minidump
2018-04-11 20:48 - 2018-04-11 20:48 - 000000000 ____D C:\ProgramData\Samsung
2018-04-11 20:46 - 2018-04-11 20:50 - 000000000 ___DL C:\Users\SthCo\OneDrive\Documents\samsung
2018-04-11 20:45 - 2018-04-11 20:46 - 000000000 ____D C:\Users\SthCo\AppData\Roaming\Samsung
2018-04-11 20:45 - 2018-04-11 20:45 - 000002050 _____ C:\Users\Public\Desktop\Samsung Kies 3.lnk
2018-04-11 20:45 - 2018-04-11 20:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2018-04-11 20:45 - 2018-04-11 20:45 - 000000000 ____D C:\Program Files (x86)\Samsung
2018-04-11 20:45 - 2014-05-07 17:42 - 000144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll
2018-04-11 20:27 - 2018-04-11 20:42 - 040758048 _____ (Samsung Electronics Co., Ltd.) C:\Users\SthCo\Downloads\Kies3Setup.exe
2018-04-11 13:18 - 2018-04-11 13:21 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-04-11 13:18 - 2018-04-11 13:18 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-04-11 13:18 - 2018-04-11 13:18 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-04-11 13:06 - 2018-04-11 13:06 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2018-04-11 13:03 - 2018-03-30 07:06 - 000166304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-04-11 13:03 - 2018-03-30 07:05 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-04-11 13:03 - 2018-03-30 07:05 - 001056152 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-04-11 13:03 - 2018-03-30 07:03 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-04-11 13:03 - 2018-03-30 07:03 - 000059808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-04-11 13:03 - 2018-03-30 07:01 - 008600480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-04-11 13:03 - 2018-03-30 07:01 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-04-11 13:03 - 2018-03-30 07:01 - 000471968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-04-11 13:03 - 2018-03-30 07:00 - 002395040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-04-11 13:03 - 2018-03-30 06:59 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-04-11 13:03 - 2018-03-30 06:59 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-04-11 13:03 - 2018-03-30 06:58 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-04-11 13:03 - 2018-03-30 06:54 - 002574240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-04-11 13:03 - 2018-03-30 06:53 - 007676304 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-04-11 13:03 - 2018-03-30 06:53 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-04-11 13:03 - 2018-03-30 06:53 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-04-11 13:03 - 2018-03-30 06:52 - 021351632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-04-11 13:03 - 2018-03-30 06:52 - 000428960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-04-11 13:03 - 2018-03-30 06:51 - 000902928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-04-11 13:03 - 2018-03-30 06:51 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-04-11 13:03 - 2018-03-30 06:19 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-04-11 13:03 - 2018-03-30 06:13 - 002193176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-04-11 13:03 - 2018-03-30 06:10 - 000704080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-04-11 13:03 - 2018-03-30 06:09 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-04-11 13:03 - 2018-03-30 05:55 - 025253888 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-04-11 13:03 - 2018-03-30 05:46 - 018925056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-04-11 13:03 - 2018-03-30 05:46 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-04-11 13:03 - 2018-03-30 05:45 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-04-11 13:03 - 2018-03-30 05:43 - 019355136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-04-11 13:03 - 2018-03-30 05:43 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-04-11 13:03 - 2018-03-30 05:41 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-04-11 13:03 - 2018-03-30 05:41 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-04-11 13:03 - 2018-03-30 05:40 - 011924992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-04-11 13:03 - 2018-03-30 05:40 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-04-11 13:03 - 2018-03-30 05:39 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-04-11 13:03 - 2018-03-30 05:38 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-04-11 13:03 - 2018-03-30 05:38 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-04-11 13:03 - 2018-03-30 05:38 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-04-11 13:03 - 2018-03-30 05:37 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-04-11 13:03 - 2018-03-30 05:36 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-04-11 13:03 - 2018-03-30 05:36 - 002869760 _

[SWI Support Robot]

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]

[nasdaq]

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.

Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

FF Extension: (Popup-Blocker) - C:\Users\SthCo\AppData\Roaming\Mozilla\Firefox\Profiles\hdl1r5g9.default-1523386581439\Extensions\{0fde9597-0508-47ff-ad8a-793fa059c4e7}.xpi [2018-04-11]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.14.0.54\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.14.0.54\Exts\Chrome.crx <not found>
C:\Users\SthCo\AppData\Local\Temp\oct3C40.tmp.exe

End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
==

If the problem persists navigate to this page.
https://windowsrepor...red-windows-10/

Execute the instructions on the page.

Personnaly I would not wait before contacting Dell, it's a new computer and I would do it before the warranty expires.

[NextStep]

Sorry for the delay, we are travelling and have had no wifi.

I now have an added problem. My laptop won't go past the log in page. It did it before, but if I shut it down and started it up several times it would eventually load.Now I just have a black screen.
I can't start the laptop in safe mode unless I'm doing it wrong.

[nasdaq]

Hi,

Contact Dell and explain the problems.

This is not caused by Malware.

It's under warranty and should be replaced.

[NextStep]

Thank you, sorry for my bad manners.

I have some documents I do not want to lose, on the laptop, any chance you can help me through logging on in safe mode, if it's possible to do please? This site has helped me before, always appreciated!

[nasdaq]

Hi,

If the computer did not come with an installation CD try this.

https://www.techwall...-an-acer-aspire

Keep me posted.

[NextStep]

Thanks for link, couldn't get instructions to work. Hours of pressing different keys and turning pc on and off it had a brain storm and came on.

I have saved my documents to email.

I did as you instructed and here is the log - nothings changed.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by SthCo (18-05-2018 19:11:04) Run:1
Running from C:\Users\SthCo\OneDrive\Desktop
Loaded Profiles: SthCo (Available Profiles: SthCo)
Boot Mode: Normal
==============================================

fixlist content:
*****************

Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

FF Extension: (Popup-Blocker) - C:\Users\SthCo\AppData\Roaming\Mozilla\Firefox\Profiles\hdl1r5g9.default-1523386581439\Extensions\{0fde9597-0508-47ff-ad8a-793fa059c4e7}.xpi [2018-04-11]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.14.0.54\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.14.0.54\Exts\Chrome.crx <not found>
C:\Users\SthCo\AppData\Local\Temp\oct3C40.tmp.exe

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\SthCo\AppData\Roaming\Mozilla\Firefox\Profiles\hdl1r5g9.default-1523386581439\Extensions\{0fde9597-0508-47ff-ad8a-793fa059c4e7}.xpi => moved successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => not found
"C:\Users\SthCo\AppData\Local\Temp\oct3C40.tmp.exe" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 42918182 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 5797494 B
Edge => 14133 B
Chrome => 0 B
Firefox => 379599516 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 46258 B
NetworkService => 9924 B
SthCo => 467268477 B

RecycleBin => 9051482 B
EmptyTemp: => 869.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:13:50 ====

[nasdaq]

Hi,

Check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833

When completed refer to the Microsoft article again and follow the instructions to view details of the System File Checker process

Post the contents of the sfcdetails.txt file for my review.

Let me know if the problem persists.
<<<>>>

[NextStep]

Thanks for staying with me.

 

I managed, somehow, to find where you reset windows. So, I reset, what could I lose! All (seemingly) back to working ok.

 

Then I did what you advised (which I tried to do before but was unable) I couldnt find a log but it said  "Windows Resource Protection did not find any integrity violation"

I do think though that was because I reset windows?

I may be wrong, as I so often am, but i dont think its a hardware issue. There was a lot of malware, which I have no idea where it came from.

 

Anything I should check now, just to be sure?

[nasdaq]

Hi,

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingc...best-practices/


https://www.bleeping...er-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===