Computer Hope
Software => Computer viruses and spyware => Topic started by: frazz on February 07, 2018, 11:35:20 AM
-
Hi, I need help asap, this has gone on for so so long, I can not get past the grasp of this amazon cloud services that im somehow part of their active directory and joined up through the proxy. It is either amazon or akamai, I can explain later I have months of detail and evidence, I just ran some tests though Ill post those too. Anyways, Every single device of mine is run by some hacker who remotely turned it all into a VM and uses amazon cloud service, I bought the service just to check it out and matched up the cloudfront and verisign certificates, but i can not shake them off my pc. I have re formatted at least 200 times, i try encryption whether on my pc or my router and it doesnt matter. I have spent so much money thousands, I just got a new asus laptop in september by november it is on its third laptop because the geek squad doesnt know its hacked they just think that the hard drive is nmot booting up im assuming thats how they came to that conclusion, but on a 2 month old asus new new laptop 3 hard drives in 2 months??? My phone, and all my devices are all on someones sick nicketwork, sick in the head i mean. And its making me lose my mind. Plz can someone respond to me asap and give me a hand, I have knowledge but I don't know anything like this, i have never even remotely connected to another computer so I dont know where to even start to look when it comes to beating the hacker remoting me. I built my PC its an MSI z97 g45 gaming mobo i5-4690 3.5 and nv gf 760 gtx. And From all this I have learned a bunch but still not enough to even know where to begin hence i am here. I will post logs too. Oh and its windows 10 pro
-
Reason Core Security Diagnostic Scan (version 1.1.0.0)
Created on 2/7/2018 2:15:44 AM by Danny (Administrator rights, UAC enabled)
Windows 10 Pro (x64)
Installed in C:\Program Files\Reason\Security
Internet Explorer 9.11.14393.0 (default browser)
Google Chrome 64.0.3282.140
==================== Processes (Filtered) ========================================
Process: (Google Inc) C:\Program Files (x86)\google\chrome\application\chrome.exe
Process: (Zemana Bilisim Teknolojileri Sanayi Ticaret Limited Sirketi) C:\Users\danny\desktop\zemana.antimalware.setup.exe
Process: (MICRO-STAR INTERNATIONAL CO., LTD.) C:\msi\msiregister\msiregisterservice.exe
Process: (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\resources\binaries\64bit\openvpn-nordvpn.exe
Process: (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\conathst.exe
Process: (Malwarebytes Corporation) C:\Program Files (x86)\malwarebytes anti-exploit\mbae64.exe
Process: (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield agent\cshield.exe
Process: (gemalto) C:\Program Files\safenet\authentication\sac\x64\sacmonitor.exe
Process: (Malwarebytes Corporation) C:\Program Files\malwarebytes\anti-malware\mbamtray.exe
Process: (gemalto) C:\Program Files\safenet\authentication\sac\x64\sacsrv.exe
Process: C:\Program Files (x86)\comodo\shield agent\dnscrypt-proxy.exe
Process: (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield agent\cshield_tray_helper.exe
Process: (NVIDIA Corporation) C:\Program Files (x86)\nvidia corporation\nvtelemetry\nvtelemetrycontainer.exe
Process: (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\ns.exe
Process: (Google Inc) C:\Program Files (x86)\google\update\1.3.33.7\googlecrashhandler64.exe
Process: (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn.exe
Process: C:\Users\danny\appdata\local\temp\is-40o9j.tmp\zemana.antimalware.setup.tmp
Process: (Intel Corporation) C:\Windows\System32\igfxhk.exe
Process: (NVIDIA Corporation) C:\Program Files\nvidia corporation\display.nvcontainer\nvdisplay.container.exe
Process: (Malwarebytes Corporation) C:\Program Files\malwarebytes\anti-malware\mbamservice.exe
Process: (Intel Corporation) C:\Windows\System32\igfxcuiservice.exe
Process: (Malwarebytes Corporation) C:\Program Files\malwarebytes\anti-malware\mbam.exe
Process: (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn-service.exe
Process: (Adlice) C:\Program Files\ucheck\ucheck64.exe
Process: (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\a2service.exe
Process: (gemalto) C:\Program Files\safenet\authentication\sac\x64\sactools.exe
Process: (Zemana Ltd.) C:\Program Files (x86)\zemana antilogger free\antilogger free.exe
Process: (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\a2wizard.exe
Process: (Intel Corporation) C:\Windows\System32\igfxtray.exe
Process: (Intel Corporation) C:\Windows\System32\igfxem.exe
Process: (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\live update\msi_liveupdate_service.exe
Process: (Google Inc) C:\Program Files (x86)\google\update\1.3.33.7\googlecrashhandler.exe
==================== Browsers (Filtered) ========================================
========== Internet Explorer (C:\Program Files\Internet Explorer\IExplore.exe) ==========
IEBHO: [{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} / Norton Identity Safety] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\coieplg.dll
IEBHO: [{AA58ED58-01DD-4d91-8333-CF10577473F7} / Google Toolbar Helper] (Google Inc) C:\Program Files (x86)\google\google toolbar\googletoolbar_32.dll
IEToolbar: [{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Inc) C:\Program Files (x86)\google\google toolbar\googletoolbar_32.dll
IEToolbar: [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\coieplg.dll
IEWebBrowser: [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\coieplg.dll
IEWebBrowser: [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] (Google Inc) C:\Program Files (x86)\google\google toolbar\googletoolbar_32.dll
SearchScope: [@ieframe.dll,-12512 / {0633EE93-D776-472f-A0FF-E1416B8B2E3A}] http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScope: [@ieframe.dll,-12512 / {0633EE93-D776-472f-A0FF-E1416B8B2E3A}] http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScope: [Google / {6A1806CD-94D4-4689-BA73-E35EA1EA9990}] http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
SearchScope: [Bing / {0633EE93-D776-472f-A0FF-E1416B8B2E3A}] http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScope: [Google / {6A1806CD-94D4-4689-BA73-E35EA1EA9990}] http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
SearchScope: [Norton Safe Search / {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}] https://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=oem&geo=US&ver=22.10.0.85&locale=en_US&guid=CD2A8243-B5BE-4488-8524-EA0BB83A9DE0&doi=2018-02-06&gct=kwd&qsrc=2869 (default) ***Attention***
Page: (HKCU\Start Page) http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
Page: (HKLM\Start Page) http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
Page: (HKLM\Wow6432Node\Start Page) http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
========== Google Chrome (C:\Program Files (x86)\Google\Chrome\Application\chrome.exe) ==========
ChromeExtension: C:\Program Files\norton security\engine\22.10.0.85\exts\chrome.crx
ChromeExtension: [Slides] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\manifest.json
ChromeExtension: [Docs] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\manifest.json
ChromeExtension: [Google Drive] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json
ChromeExtension: [TunnelBear Blocker] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\bebdhgdigjiiamnkcenegafmfjoghafk\0.9.8_0\manifest.json
ChromeExtension: [WOT: Web of Trust, Website Reputation Ratings] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\bhmmomiinigofkjcapegjjndpbikblnp\4.0.6.5_0\manifest.json
ChromeExtension: [YouTube] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\manifest.json
ChromeExtension: [Norton Security Toolbar] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe\2017.12.0.5_0\manifest.json
ChromeExtension: [uBlock Origin] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.15.2_0\manifest.json
ChromeExtension: [Sheets] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\manifest.json
ChromeExtension: [HTTPS Everywhere] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\gcbommkclmclpchllfjekcdonpmejbdp\2018.1.29_0\manifest.json
ChromeExtension: [Norton Home Page for Chrome] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\gfoabcdjalmeenbjjngidappmppchblc\1.0.0.20_0\manifest.json ***PUP.Norton.Ask.Search***
ChromeExtension: [Norton Safe] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\hbmobhkkblcgdifigjglcjneplefbkmh\2.0.26_0\manifest.json ***PUP.Norton.Ask.Search***
ChromeExtension: [Norton Identity Safe] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\manifest.json
ChromeExtension: [Chrome Web Store Payments] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.3_0\manifest.json
ChromeExtension: [TunnelBear Inc.] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\omdakjcmkglenbhjadbccaookpfjihpa\2.0.1_0\manifest.json
ChromeExtension: [Gmail] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\manifest.json
ChromeExtension: [Chrome Media Router] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\6417.1211.0.0_0\manifest.json
==================== Services (Filtered) ========================================
Service: [Intel® Content Protection HECI Service] (Intel Corporation) C:\Windows\syswow64\intelcphecisvc.exe
Service: [Google Update Service (gupdate)] (Google Inc) C:\Program Files (x86)\google\update\googleupdate.exe
Service: [Google Software Updater] (Google Inc) C:\Program Files (x86)\google\common\google updater\googleupdaterservice.exe
Service: [Intel® HD Graphics Control Panel Service] (Intel Corporation) C:\Windows\System32\igfxcuiservice.exe
Service: [Malwarebytes Anti-Exploit Service] (Malwarebytes Corporation) C:\Program Files (x86)\malwarebytes anti-exploit\mbae-svc.exe
Service: [Malwarebytes Service] (Malwarebytes Corporation) C:\Program Files\malwarebytes\anti-malware\mbamservice.exe
Service: [MSIREGISTER_MR] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\msi\msiregister\msiregisterservice.exe
Service: [MSI Live Update Service] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\live update\msi_liveupdate_service.exe
Service: [nordvpn-service] (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn-service.exe
Service: [Norton Security] (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\ns.exe
Service: [NVIDIA Display Container LS] (NVIDIA Corporation) C:\Program Files\nvidia corporation\display.nvcontainer\nvdisplay.container.exe
Service: [NVIDIA Telemetry Container] (NVIDIA Corporation) C:\Program Files (x86)\nvidia corporation\nvtelemetry\nvtelemetrycontainer.exe
Service: [SACSrv] (gemalto) C:\Program Files\safenet\authentication\sac\x64\sacsrv.exe
Service: [cShield] (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield agent\cshield.exe
Service: [dnscrypt-proxy] C:\Program Files (x86)\comodo\shield agent\dnscrypt-proxy.exe
Service: [Emsisoft Protection Service] (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\a2service.exe
==================== Drivers (Filtered) ========================================
Driver: [bcmfn Service] C:\Windows\System32\drivers\bcmfn.sys
Driver: [bcmfn2 Service] C:\Windows\System32\drivers\bcmfn2.sys
Driver: [Killer Bandwidth Control] (Rivet Networks LLC) C:\Windows\System32\drivers\bwcw10x64.sys
Driver: [BHDrvx64] (Symantec Corporation) C:\Program Files\norton security\nortondata\22.9.0.71\definitions\bashdefs\20180201.001\bhdrvx64.sys
Driver: [HID driver for CapImg touch screen] C:\Windows\System32\drivers\capimg.sys
Driver: [NS Settings Manager] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\ccsetx64.sys
Driver: [Composite Bus Enumerator Driver] C:\Windows\System32\driverstore\filerepository\compositebus.inf_amd64_a140581a8f8b58b7\compositebus.sys
Driver: [Symantec Eraser Control driver] (Symantec Corporation) C:\Program Files (x86)\Common Files\symantec shared\eengine\eectrl64.sys
Driver: [EraserUtilRebootDrv] (Symantec Corporation) C:\Program Files (x86)\Common Files\symantec shared\eengine\eraserutilrebootdrv.sys
Driver: [Generic USB Function Class] C:\Windows\System32\drivers\genericusbfn.sys
Driver: [Intel Serial IO GPIO Controller Driver] C:\Windows\System32\drivers\iagpio.sys
Driver: [Intel® Serial IO I2C Host Controller] C:\Windows\System32\drivers\iai2c.sys
Driver: [Intel® Serial IO GPIO Driver v2] C:\Windows\System32\drivers\ialpss2i_gpio2.sys
Driver: [Intel® Serial IO I2C Driver v2] (Intel Corporation) C:\Windows\System32\drivers\ialpss2i_i2c.sys
Driver: [Intel® Serial IO GPIO Controller Driver] (Intel Corporation) C:\Windows\System32\drivers\ialpssi_gpio.sys
Driver: [Intel® Serial IO I2C Controller Driver] C:\Windows\System32\drivers\ialpssi_i2c.sys
Driver: [IDSVia64] (Symantec Corporation) C:\Program Files\norton security\nortondata\22.9.0.71\definitions\ipsdefs\20180206.001\idsvia64.sys
Driver: [igfx] (Intel Corporation) C:\Windows\System32\drivers\igdkmd64.sys
Driver: [Intel® Display Audio] (Intel Corporation) C:\Windows\System32\drivers\intcdaud.sys
Driver: [Microsoft Kernel Debug Network Miniport (NDIS 6.20)] C:\Windows\System32\drivers\kdnic.sys
Driver: [keycrypt] (Zemana Ltd.) C:\Windows\System32\drivers\keycrypt64.sys
Driver: [NDIS Miniport Driver for Killer PCI-E Gigabit Ethernet Controller] (Rivet Networks LLC) C:\Windows\System32\drivers\e2xw10x64.sys
Driver: [MBAMChameleon] (Malwarebytes Corporation) C:\Windows\System32\drivers\mbamchameleon.sys
Driver: [Intel® Management Engine Interface ] (Intel Corporation) C:\Windows\System32\drivers\teedriverw8x64.sys
Driver: [Service for NVIDIA High Definition Audio Driver] (NVIDIA Corporation) C:\Windows\System32\drivers\nvhda64v.sys
Driver: [nvlddmkm] (NVIDIA Corporation) C:\Windows\System32\driverstore\filerepository\nv_dispi.inf_amd64_7a39871618b19f06\nvlddmkm.sys
Driver: [NVIDIA Stereoscopic 3D USB driver] (NVIDIA Corporation) C:\Windows\System32\drivers\nvstusb.sys
Driver: [Microsoft NVDIMM-N disk driver] C:\Windows\System32\drivers\scmdisk0101.sys
Driver: [Symantec Real Time Storage Protection x64] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\srtsp64.sys
Driver: [Symantec Real Time Storage Protection (PEL) x64] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\srtspx64.sys
Driver: [Symantec Extended File Attributes (SI)] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\symefasi64.sys
Driver: [SymEvent] (Symantec Corporation) C:\Windows\System32\drivers\symevent64x86.sys
Driver: [Symantec Iron Driver] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\ironx64.sys
Driver: [Symantec Network Security WFP Driver] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\symnets.sys
Driver: [Synth3dVsc] C:\Windows\System32\drivers\synth3dvsc.sys
Driver: [TAP-NordVPN Windows Adapter V9] (TEFINCOM S.A.) C:\Windows\System32\drivers\tapnordvpn.sys
Driver: [USB Connector Manager UCSI Client] C:\Windows\System32\drivers\ucmucsi.sys
Driver: [Xbox Game Input Protocol Driver] C:\Windows\System32\drivers\xboxgip.sys
Driver: [XINPUT HID Filter Driver] C:\Windows\System32\drivers\xinputhid.sys
Driver: [MBAMSwissArmy] (Malwarebytes Corporation) C:\Windows\System32\drivers\mbamswissarmy.sys
Driver: [MBAMProtection] (Malwarebytes Corporation) C:\Windows\System32\drivers\mbam.sys
Driver: [MBAMFarflt] (Malwarebytes Corporation) C:\Windows\System32\drivers\farflt.sys
Driver: [Malwarebytes Anti-Exploit] (Malwarebytes Corporation) C:\Windows\System32\drivers\mbae64.sys
Driver: [Aladdin IFD Handler] (Aladdin Knowledge Systems Inc.) C:\Windows\System32\drivers\aksifdh.sys
Driver: [Rainbow iKey Enumerator] (SafeNet, Inc.) C:\Windows\System32\drivers\ikeyenum.sys
Driver: [Rainbow iKey Virtual Reader] (SafeNet, Inc.) C:\Windows\System32\drivers\ikeyifd.sys
Driver: [MBAMWebProtection] (Malwarebytes Corporation) C:\Windows\System32\drivers\mwac.sys
Driver: [epp] (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\epp.sys
==================== Startups (Filtered) ========================================
RegistryHCURun: [NordVPN] (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn.exe
RegistryHLMRun: [SACMonitor] (gemalto) C:\Program Files\safenet\authentication\sac\x64\sacmonitor.exe
RegistryHLMRun: [emsisoft anti-malware] (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\a2guard.exe
RegistryHLMRun: [ZALFree] (Zemana Ltd.) C:\Program Files (x86)\zemana antilogger free\antilogger free.exe
RegistryHLMRun: [Live Update] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\live update\live update.exe
RegistryHLMRun: [MSIRegister] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\msi\msiregister\msiregister.exe
RegistryHLMRun: [Malwarebytes Anti-Exploit] (Malwarebytes Corporation) C:\Program Files (x86)\malwarebytes anti-exploit\mbae.exe
RegistryHLMRun: [Comodo Dome Shield Tray Helper] (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield agent\cshield_tray_helper.exe
RegistryHLMRun: [Comodo Dome Shield IP Updater] (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield ip updater\cshieldipupdater.exe
RegistryHCURun: [NordVPN] (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn.exe
ScheduledTasksStartup: [GoogleUpdateTaskMachineCore] (Google Inc) C:\Program Files (x86)\google\update\googleupdate.exe
ScheduledTasksStartup: [MSI_Toast_Server] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\msi toast server\msitoastserver.exe
ScheduledTasksStartup: [Tweaking.com - Windows Repair Tray Icon] (Tweaking LLC) C:\Program Files (x86)\tweaking.com\Windows repair (all in one)\wr_tray_icon.exe
ScheduledTasksStartup: [AntimalwareMigrationTask] (Symantec Corporation) C:\Program Files\Common Files\av\norton security\upgrade.exe
==================== Tasks (Filtered) ========================================
ScheduledTask: [GoogleUpdateTaskMachineCore] (Google Inc) C:\Program Files (x86)\google\update\googleupdate.exe
ScheduledTask: [MSI_Toast_Server] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\msi toast server\msitoastserver.exe
ScheduledTask: [Norton Security Scan for Danny] (Symantec Corporation) C:\Program Files (x86)\norton security scan\engine\4.6.1.145\nss.exe
ScheduledTask: [Norton WSC Integration] (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\wscstub.exe
ScheduledTask: [Tweaking.com - Windows Repair Tray Icon] (Tweaking LLC) C:\Program Files (x86)\tweaking.com\Windows repair (all in one)\wr_tray_icon.exe
ScheduledTask: [Norton Security Autofix] (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\symerr.exe
ScheduledTask: [AntimalwareMigrationTask] (Symantec Corporation) C:\Program Files\Common Files\av\norton security\upgrade.exe
==================== ASEPs (Filtered) ========================================
ContextMenuHandler: [BUContextMenu] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\bushell.dll
ContextMenuHandler: [Symantec.Norton.Antivirus.IEContextMenu] (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\navshext.dll
ContextMenuHandler: [NvCplDesktopContext] (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
PropertySheetHandler: [BuPropertySheet] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\bushell.dll
ShellOpenCommand: [WinRAR] (win.rar GmbH) C:\Program Files\winrar\winrar.exe
==================== Internet (Filtered) ========================================
[Nothing interesting]
==================== Policies (Filtered) ========================================
[Nothing interesting]
==================== Customs ========================================
[Nothing interesting]
==================== Paths ========================================
[Nothing interesting]
==================== Anti-virus/Anti-malware Programs ========================================
AV: Norton Antivirus by Symantec Corporation version 15.0.0.80[C:\Program Files\Norton Security\Engine\22.10.0.85\NS.exe]
AV: Malwarebytes Anti-Malware by Malwarebytes Corporation version 3.1.0.595[C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe]
AV: Windows Defender by Microsoft Corporation version 4.10.14393.0 (rs1_release.160715-1616)[C:\Program Files\windows defender\msascui.exe]
AV: Norton Security Scan version 4.6.1.145[c:\program files\norton security\engine\22.10.0.85\wscstub.exe]
==================== Programs ========================================
Program: UCheck version 2.3.2.0 by Adlice Software 2.3.2.0 ("C:\Program Files\UCheck\unins000.exe")
Program: Malwarebytes Anti-Exploit version 1.11.1.48 by Malwarebytes 1.11.1.48 ("C:\Program Files (x86)\Malwarebytes Anti-Exploit\unins000.exe")
Program: TAP-NordVPN 9.21.2 by NordVPN.com 9.21.2 (C:\Program Files\TAP-NordVPN\Uninstall.exe)
Program: WinRAR 5.50 (64-bit) by win.rar GmbH 5.50.0 (C:\Program Files\WinRAR\uninstall.exe)
Program: SafeNet Authentication Client 10.3 by Gemalto 10.3.25.0 (MsiExec.exe /X{2F50DC95-4FAE-4025-84F3-844C2100ABE5})
Program: Malwarebytes version 3.3.1.2183 by Malwarebytes 3.3.1.2183 ("C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe" /LOG)
Program: Windows 10 Update and Privacy Settings by Microsoft Corporation 1.0.14.0 (MsiExec.exe /X{4DFCD818-036A-4229-A67D-CF17DC461D92})
Program: Emsisoft Anti-Malware by Emsisoft Ltd. 2017.4 ("C:\Program Files\Emsisoft Anti-Malware\unins000.exe")
Program: Killer Bandwidth Control Filter Driver by Rivet Networks 1.1.57.1125 (MsiExec.exe /X{5B7A2B7B-CEA9-4E50-B0E4-E82F204CBE78})
Program: Killer E220x Drivers by Rivet Networks 1.1.57.1125 (MsiExec.exe /X{77C95134-CA2D-4614-9C86-55B7A6A281AA})
Program: Update for Windows 10 for x64-based Systems (KB4023057) by Microsoft Corporation 2.11.0.0 (MsiExec.exe /X{AC0D130B-8809-4125-811F-667893B90644})
Program: NVIDIA Graphics Driver 390.77 by NVIDIA Corporation 390.77 ("C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver)
Program: NVIDIA PhysX System Software 9.17.0524 by NVIDIA Corporation 9.17.0524 ("C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX)
Program: NVIDIA HD Audio Driver 1.3.36.6 by NVIDIA Corporation 1.3.36.6 ("C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage HDAudio.Driver)
Program: Google Chrome by Google Inc. 64.0.3282.140 ("C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.140\Installer\setup.exe" --uninstall --system-level --verbose-logging)
Program: NordVPN by NordVPN 6.11.11 (C:\ProgramData\Caphyon\Advanced Installer\{268B3D75-199F-4844-9AFF-36A629814C8B}\NordVPNSetup.exe /i {268B3D75-199F-4844-9AFF-36A629814C8B} AI_UNINSTALLER_CTP=1)
Program: Norton Security by Symantec Corporation 22.10.0.85 ("C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS\A5E82D02\22.10.0.85\InstStub.exe" /X /ARP)
Program: Norton Security Scan by Symantec Corporation 4.6.1.145 (C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.145\InstWrap.exe)
Program: Reason Core Security by Reason Software Company Inc. 1.1.0.0 ("C:\Program Files\Reason\Security\uninstall.exe")
Program: Tweaking.com - Windows Repair by Tweaking.com 4.0.13 ("C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\uninstall.exe" "/U:C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Uninstall\uninstall.xml")
Program: Google Toolbar for Internet Explorer by Google Inc. 1.0.0 (MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C})
Program: Comodo Dome Shield IP Updater Agent by COMODO 1.0.0.2 (MsiExec.exe /I{302BFEBD-A200-4588-A734-22D77AE90DD4})
Program: MSI Live Update 6 by MSI 6.2.0.27 ("C:\Program Files (x86)\MSI\Live Update\unins000.exe")
Program: Google Update Helper by Google Inc. 1.3.33.7 (MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA})
Program: Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 by Microsoft Corporation 12.0.21005.1 ("C:\ProgramData\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe" /uninstall)
Program: MSIRegister by MSI 2.0.0.10 ("C:\MSI\MSIRegister\unins000.exe")
Program: Comodo Shield Agent by COMODO 1.2.0.6 (MsiExec.exe /I{89047C23-659B-4718-BD55-8950BC33353E})
Program: AntiLogger Free version 1.8.2.320 by Zemana Ltd. 1.8.2.320 ("C:\Program Files (x86)\Zemana AntiLogger Free\unins000.exe")
Program: Intel® Chipset Device Software by Intel® Corporation 10.1.1.9 ("C:\ProgramData\Package Cache\{c7f54569-0018-439c-809a-48046a4d4ebc}\SetupChipset.exe" /uninstall)
Program: Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 by Microsoft Corporation 12.0.21005.1 ("C:\ProgramData\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe" /uninstall)
Program: Windows 10 Update Assistant by Microsoft Corporation 1.4.9200.22350 ("C:\Windows10Upgrade\Windows10UpgraderApp.exe" /Uninstall)
Program: Killer Performance Suite by Rivet Networks 1.1.57.1125 ("C:\Program Files (x86)\InstallShield Installation Information\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}\PerformanceSuite.exe" -remove -runfromtemp)
Program: Microsoft OneDrive by Microsoft Corporation 17.3.7294.0108 (C:\Users\Danny\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\OneDriveSetup.exe /uninstall )
Look as I was doing this they closed down thge program on me and all of my browsers so i couldnt do this, I cant get a log from malwarebytes it just says www.malwarebytes.com im serious they are controlling my pc. this was the original log i saved lets see if its changed
Reason Core Security Diagnostic Scan (version 1.1.0.0)
Created on 2/7/2018 2:13:59 AM by Danny (Administrator rights, UAC enabled)
Windows 10 Pro (x64)
Installed in C:\Program Files\Reason\Security
Internet Explorer 9.11.14393.0 (default browser)
Google Chrome 64.0.3282.140
==================== Processes (Filtered) ========================================
Process: (Google Inc) C:\Program Files (x86)\google\chrome\application\chrome.exe
Process: (Malwarebytes Corporation) C:\Program Files\malwarebytes\anti-malware\mbamtray.exe
Process: (gemalto) C:\Program Files\safenet\authentication\sac\x64\sactools.exe
Process: (Adlice) C:\Program Files\ucheck\ucheck64.exe
Process: (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\ns.exe
Process: C:\Program Files (x86)\comodo\shield agent\dnscrypt-proxy.exe
Process: (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\conathst.exe
Process: (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield agent\cshield_tray_helper.exe
Process: (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn.exe
Process: (Google Inc) C:\Program Files (x86)\google\google toolbar\googletoolbaruser_32.exe
Process: (Intel Corporation) C:\Windows\System32\igfxhk.exe
Process: (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield agent\cshield.exe
Process: (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\resources\binaries\64bit\openvpn-nordvpn.exe
Process: (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn-service.exe
Process: (Intel Corporation) C:\Windows\System32\igfxem.exe
Process: (Malwarebytes Corporation) C:\Program Files\malwarebytes\anti-malware\mbam.exe
Process: (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\a2service.exe
Process: (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\live update\msi_liveupdate_service.exe
Process: (MICRO-STAR INTERNATIONAL CO., LTD.) C:\msi\msiregister\msiregisterservice.exe
Process: (Google Inc) C:\Program Files (x86)\google\update\1.3.33.7\googlecrashhandler64.exe
Process: (NVIDIA Corporation) C:\Program Files\nvidia corporation\display.nvcontainer\nvdisplay.container.exe
Process: (Malwarebytes Corporation) C:\Program Files\malwarebytes\anti-malware\mbamservice.exe
Process: (Intel Corporation) C:\Windows\System32\igfxcuiservice.exe
Process: (gemalto) C:\Program Files\safenet\authentication\sac\x64\sacsrv.exe
Process: (Zemana Bilisim Teknolojileri Sanayi Ticaret Limited Sirketi) C:\Users\danny\desktop\zemana.antimalware.setup.exe
Process: (NVIDIA Corporation) C:\Program Files (x86)\nvidia corporation\nvtelemetry\nvtelemetrycontainer.exe
Process: (Google Inc) C:\Program Files (x86)\google\update\1.3.33.7\googlecrashhandler.exe
Process: (Zemana Ltd.) C:\Program Files (x86)\zemana antilogger free\antilogger free.exe
Process: (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\a2wizard.exe
Process: (gemalto) C:\Program Files\safenet\authentication\sac\x64\sacmonitor.exe
Process: (Intel Corporation) C:\Windows\System32\igfxtray.exe
Process: (Malwarebytes Corporation) C:\Program Files (x86)\malwarebytes anti-exploit\mbae64.exe
Process: C:\Users\danny\appdata\local\temp\is-40o9j.tmp\zemana.antimalware.setup.tmp
==================== Browsers (Filtered) ========================================
========== Internet Explorer (C:\Program Files\Internet Explorer\IExplore.exe) ==========
IEBHO: [{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} / Norton Identity Safety] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\coieplg.dll
IEBHO: [{AA58ED58-01DD-4d91-8333-CF10577473F7} / Google Toolbar Helper] (Google Inc) C:\Program Files (x86)\google\google toolbar\googletoolbar_32.dll
IEToolbar: [{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Inc) C:\Program Files (x86)\google\google toolbar\googletoolbar_32.dll
IEToolbar: [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\coieplg.dll
IEWebBrowser: [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\coieplg.dll
IEWebBrowser: [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] (Google Inc) C:\Program Files (x86)\google\google toolbar\googletoolbar_32.dll
SearchScope: [@ieframe.dll,-12512 / {0633EE93-D776-472f-A0FF-E1416B8B2E3A}] http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScope: [Google / {6A1806CD-94D4-4689-BA73-E35EA1EA9990}] http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 (default)
SearchScope: [@ieframe.dll,-12512 / {0633EE93-D776-472f-A0FF-E1416B8B2E3A}] http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScope: [Google / {6A1806CD-94D4-4689-BA73-E35EA1EA9990}] http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 (default)
SearchScope: [Bing / {0633EE93-D776-472f-A0FF-E1416B8B2E3A}] http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScope: [Google / {6A1806CD-94D4-4689-BA73-E35EA1EA9990}] http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
SearchScope: [Norton Safe Search / {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}] https://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=oem&geo=US&ver=22.9.0.71&locale=en_US&guid=CD2A8243-B5BE-4488-8524-EA0BB83A9DE0&doi=2018-02-06&gct=kwd&qsrc=2869 (default) ***Attention***
Page: (HKCU\Start Page) https://search.norton.com/?prt=ns&chn=oem&geo=us&ver=22.9.0.71&locale=en_us&guid=cd2a8243-b5be-4488-8524-ea0bb83a9de0&doi=2018-02-06&o=APN11915
Page: (HKLM\Start Page) http://go.microsoft.com/fwlink/p/?LinkId=255141
Page: (HKLM\Wow6432Node\Start Page) http://go.microsoft.com/fwlink/p/?LinkId=255141
========== Google Chrome (C:\Program Files (x86)\Google\Chrome\Application\chrome.exe) ==========
ChromeExtension: C:\Program Files\norton security\engine\22.10.0.85\exts\chrome.crx
ChromeExtension: [Slides] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\manifest.json
ChromeExtension: [Docs] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\manifest.json
ChromeExtension: [Google Drive] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json
ChromeExtension: [TunnelBear Blocker] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\bebdhgdigjiiamnkcenegafmfjoghafk\0.9.8_0\manifest.json
ChromeExtension: [WOT: Web of Trust, Website Reputation Ratings] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\bhmmomiinigofkjcapegjjndpbikblnp\4.0.6.5_0\manifest.json
ChromeExtension: [YouTube] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\manifest.json
ChromeExtension: [Norton Security Toolbar] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe\2017.12.0.5_0\manifest.json
ChromeExtension: [uBlock Origin] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.15.2_0\manifest.json
ChromeExtension: [Sheets] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\manifest.json
ChromeExtension: [HTTPS Everywhere] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\gcbommkclmclpchllfjekcdonpmejbdp\2018.1.29_0\manifest.json
ChromeExtension: [Norton Home Page for Chrome] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\gfoabcdjalmeenbjjngidappmppchblc\1.0.0.20_0\manifest.json ***PUP.Norton.Ask.Search***
ChromeExtension: [Norton Safe] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\hbmobhkkblcgdifigjglcjneplefbkmh\2.0.26_0\manifest.json ***PUP.Norton.Ask.Search***
ChromeExtension: [Norton Identity Safe] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\manifest.json
ChromeExtension: [Chrome Web Store Payments] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.3_0\manifest.json
ChromeExtension: [TunnelBear Inc.] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\omdakjcmkglenbhjadbccaookpfjihpa\2.0.1_0\manifest.json
ChromeExtension: [Gmail] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\manifest.json
ChromeExtension: [Chrome Media Router] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\6417.1211.0.0_0\manifest.json
==================== Services (Filtered) ========================================
Service: [Intel® Content Protection HECI Service] (Intel Corporation) C:\Windows\syswow64\intelcphecisvc.exe
Service: [Google Update Service (gupdate)] (Google Inc) C:\Program Files (x86)\google\update\googleupdate.exe
Service: [Google Software Updater] (Google Inc) C:\Program Files (x86)\google\common\google updater\googleupdaterservice.exe
Service: [Intel® HD Graphics Control Panel Service] (Intel Corporation) C:\Windows\System32\igfxcuiservice.exe
Service: [Malwarebytes Anti-Exploit Service] (Malwarebytes Corporation) C:\Program Files (x86)\malwarebytes anti-exploit\mbae-svc.exe
Service: [Malwarebytes Service] (Malwarebytes Corporation) C:\Program Files\malwarebytes\anti-malware\mbamservice.exe
Service: [MSIREGISTER_MR] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\msi\msiregister\msiregisterservice.exe
Service: [MSI Live Update Service] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\live update\msi_liveupdate_service.exe
Service: [nordvpn-service] (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn-service.exe
Service: [Norton Security] (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\ns.exe
Service: [NVIDIA Display Container LS] (NVIDIA Corporation) C:\Program Files\nvidia corporation\display.nvcontainer\nvdisplay.container.exe
Service: [NVIDIA Telemetry Container] (NVIDIA Corporation) C:\Program Files (x86)\nvidia corporation\nvtelemetry\nvtelemetrycontainer.exe
Service: [SACSrv] (gemalto) C:\Program Files\safenet\authentication\sac\x64\sacsrv.exe
Service: [cShield] (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield agent\cshield.exe
Service: [dnscrypt-proxy] C:\Program Files (x86)\comodo\shield agent\dnscrypt-proxy.exe
Service: [Emsisoft Protection Service] (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\a2service.exe
==================== Drivers (Filtered) ========================================
Driver: [bcmfn Service] C:\Windows\System32\drivers\bcmfn.sys
Driver: [bcmfn2 Service] C:\Windows\System32\drivers\bcmfn2.sys
Driver: [Killer Bandwidth Control] (Rivet Networks LLC) C:\Windows\System32\drivers\bwcw10x64.sys
Driver: [BHDrvx64] (Symantec Corporation) C:\Program Files\norton security\nortondata\22.9.0.71\definitions\bashdefs\20180201.001\bhdrvx64.sys
Driver: [HID driver for CapImg touch screen] C:\Windows\System32\drivers\capimg.sys
Driver: [NS Settings Manager] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\ccsetx64.sys
Driver: [Composite Bus Enumerator Driver] C:\Windows\System32\driverstore\filerepository\compositebus.inf_amd64_a140581a8f8b58b7\compositebus.sys
Driver: [Symantec Eraser Control driver] (Symantec Corporation) C:\Program Files (x86)\Common Files\symantec shared\eengine\eectrl64.sys
Driver: [EraserUtilRebootDrv] (Symantec Corporation) C:\Program Files (x86)\Common Files\symantec shared\eengine\eraserutilrebootdrv.sys
Driver: [Generic USB Function Class] C:\Windows\System32\drivers\genericusbfn.sys
Driver: [Intel Serial IO GPIO Controller Driver] C:\Windows\System32\drivers\iagpio.sys
Driver: [Intel® Serial IO I2C Host Controller] C:\Windows\System32\drivers\iai2c.sys
Driver: [Intel® Serial IO GPIO Driver v2] C:\Windows\System32\drivers\ialpss2i_gpio2.sys
Driver: [Intel® Serial IO I2C Driver v2] (Intel Corporation) C:\Windows\System32\drivers\ialpss2i_i2c.sys
Driver: [Intel® Serial IO GPIO Controller Driver] (Intel Corporation) C:\Windows\System32\drivers\ialpssi_gpio.sys
Driver: [Intel® Serial IO I2C Controller Driver] C:\Windows\System32\drivers\ialpssi_i2c.sys
Driver: [IDSVia64] (Symantec Corporation) C:\Program Files\norton security\nortondata\22.9.0.71\definitions\ipsdefs\20180206.001\idsvia64.sys
Driver: [igfx] (Intel Corporation) C:\Windows\System32\drivers\igdkmd64.sys
Driver: [Intel® Display Audio] (Intel Corporation) C:\Windows\System32\drivers\intcdaud.sys
Driver: [Microsoft Kernel Debug Network Miniport (NDIS 6.20)] C:\Windows\System32\drivers\kdnic.sys
Driver: [keycrypt] (Zemana Ltd.) C:\Windows\System32\drivers\keycrypt64.sys
Driver: [NDIS Miniport Driver for Killer PCI-E Gigabit Ethernet Controller] (Rivet Networks LLC) C:\Windows\System32\drivers\e2xw10x64.sys
Driver: [MBAMChameleon] (Malwarebytes Corporation) C:\Windows\System32\drivers\mbamchameleon.sys
Driver: [Intel® Management Engine Interface ] (Intel Corporation) C:\Windows\System32\drivers\teedriverw8x64.sys
Driver: [Service for NVIDIA High Definition Audio Driver] (NVIDIA Corporation) C:\Windows\System32\drivers\nvhda64v.sys
Driver: [nvlddmkm] (NVIDIA Corporation) C:\Windows\System32\driverstore\filerepository\nv_dispi.inf_amd64_7a39871618b19f06\nvlddmkm.sys
Driver: [NVIDIA Stereoscopic 3D USB driver] (NVIDIA Corporation) C:\Windows\System32\drivers\nvstusb.sys
Driver: [Microsoft NVDIMM-N disk driver] C:\Windows\System32\drivers\scmdisk0101.sys
Driver: [Symantec Real Time Storage Protection x64] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\srtsp64.sys
Driver: [Symantec Real Time Storage Protection (PEL) x64] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\srtspx64.sys
Driver: [Symantec Extended File Attributes (SI)] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\symefasi64.sys
Driver: [SymEvent] (Symantec Corporation) C:\Windows\System32\drivers\symevent64x86.sys
Driver: [Symantec Iron Driver] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\ironx64.sys
Driver: [Symantec Network Security WFP Driver] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\symnets.sys
Driver: [Synth3dVsc] C:\Windows\System32\drivers\synth3dvsc.sys
Driver: [TAP-NordVPN Windows Adapter V9] (TEFINCOM S.A.) C:\Windows\System32\drivers\tapnordvpn.sys
Driver: [USB Connector Manager UCSI Client] C:\Windows\System32\drivers\ucmucsi.sys
Driver: [Xbox Game Input Protocol Driver] C:\Windows\System32\drivers\xboxgip.sys
Driver: [XINPUT HID Filter Driver] C:\Windows\System32\drivers\xinputhid.sys
Driver: [MBAMSwissArmy] (Malwarebytes Corporation) C:\Windows\System32\drivers\mbamswissarmy.sys
Driver: [MBAMProtection] (Malwarebytes Corporation) C:\Windows\System32\drivers\mbam.sys
Driver: [MBAMFarflt] (Malwarebytes Corporation) C:\Windows\System32\drivers\farflt.sys
Driver: [Malwarebytes Anti-Exploit] (Malwarebytes Corporation) C:\Windows\System32\drivers\mbae64.sys
Driver: [Aladdin IFD Handler] (Aladdin Knowledge Systems Inc.) C:\Windows\System32\drivers\aksifdh.sys
Driver: [Rainbow iKey Enumerator] (SafeNet, Inc.) C:\Windows\System32\drivers\ikeyenum.sys
Driver: [Rainbow iKey Virtual Reader] (SafeNet, Inc.) C:\Windows\System32\drivers\ikeyifd.sys
Driver: [MBAMWebProtection] (Malwarebytes Corporation) C:\Windows\System32\drivers\mwac.sys
Driver: [epp] (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\epp.sys
==================== Startups (Filtered) ========================================
RegistryHCURun: [NordVPN] (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn.exe
RegistryHLMRun: [SACMonitor] (gemalto) C:\Program Files\safenet\authentication\sac\x64\sacmonitor.exe
RegistryHLMRun: [emsisoft anti-malware] (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\a2guard.exe
RegistryHLMRun: [ZALFree] (Zemana Ltd.) C:\Program Files (x86)\zemana antilogger free\antilogger free.exe
RegistryHLMRun: [Live Update] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\live update\live update.exe
RegistryHLMRun: [MSIRegister] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\msi\msiregister\msiregister.exe
RegistryHLMRun: [Malwarebytes Anti-Exploit] (Malwarebytes Corporation) C:\Program Files (x86)\malwarebytes anti-exploit\mbae.exe
RegistryHLMRun: [Comodo Dome Shield Tray Helper] (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield agent\cshield_tray_helper.exe
RegistryHLMRun: [Comodo Dome Shield IP Updater] (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield ip updater\cshieldipupdater.exe
RegistryHCURun: [NordVPN] (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn.exe
ScheduledTasksStartup: [GoogleUpdateTaskMachineCore] (Google Inc) C:\Program Files (x86)\google\update\googleupdate.exe
ScheduledTasksStartup: [MSI_Toast_Server] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\msi toast server\msitoastserver.exe
ScheduledTasksStartup: [Tweaking.com - Windows Repair Tray Icon] (Tweaking LLC) C:\Program Files (x86)\tweaking.com\Windows repair (all in one)\wr_tray_icon.exe
ScheduledTasksStartup: [AntimalwareMigrationTask] (Symantec Corporation) C:\Program Files\Common Files\av\norton security\upgrade.exe
==================== Tasks (Filtered) ========================================
ScheduledTask: [GoogleUpdateTaskMachineCore] (Google Inc) C:\Program Files (x86)\google\update\googleupdate.exe
ScheduledTask: [MSI_Toast_Server] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\msi toast server\msitoastserver.exe
ScheduledTask: [Norton Security Scan for Danny] (Symantec Corporation) C:\Program Files (x86)\norton security scan\engine\4.6.1.145\nss.exe
ScheduledTask: [Norton WSC Integration] (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\wscstub.exe
ScheduledTask: [Tweaking.com - Windows Repair Tray Icon] (Tweaking LLC) C:\Program Files (x86)\tweaking.com\Windows repair (all in one)\wr_tray_icon.exe
ScheduledTask: [Norton Security Autofix] (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\symerr.exe
ScheduledTask: [AntimalwareMigrationTask] (Symantec Corporation) C:\Program Files\Common Files\av\norton security\upgrade.exe
==================== ASEPs (Filtered) ========================================
AppInitDLL: [keycrypt32(1).dll] (Zemana Ltd.) C:\Program Files (x86)\keycryptsdk\keycrypt32(1).dll
ContextMenuHandler: [BUContextMenu] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\bushell.dll
ContextMenuHandler: [Symantec.Norton.Antivirus.IEContextMenu] (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\navshext.dll
ContextMenuHandler: [NvCplDesktopContext] (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
PropertySheetHandler: [BuPropertySheet] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\bushell.dll
ShellOpenCommand: [WinRAR] (win.rar GmbH) C:\Program Files\winrar\winrar.exe
==================== Internet (Filtered) ========================================
[Nothing interesting]
==================== Policies (Filtered) ========================================
[Nothing interesting]
==================== Customs ========================================
[Nothing interesting]
==================== Paths ========================================
[Nothing interesting]
==================== Anti-virus/Anti-malware Programs ========================================
AV: Norton Antivirus by Symantec Corporation version 15.0.0.80[C:\Program Files\Norton Security\Engine\22.10.0.85\NS.exe]
AV: Malwarebytes Anti-Malware by Malwarebytes Corporation version 3.0.0.1284[C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe]
AV: Windows Defender by Microsoft Corporation version 4.10.14393.0 (rs1_release.160715-1616)[C:\Program Files\windows defender\msascui.exe]
AV: Norton Security Scan version 4.6.1.145[c:\program files\norton security\engine\22.10.0.85\wscstub.exe]
==================== Programs ========================================
Program: UCheck version 2.3.2.0 by Adlice Software 2.3.2.0 ("C:\Program Files\UCheck\unins000.exe")
Program: Malwarebytes Anti-Exploit version 1.11.1.48 by Malwarebytes 1.11.1.48 ("C:\Program Files (x86)\Malwarebytes Anti-Exploit\unins000.exe")
Program: TAP-NordVPN 9.21.2 by NordVPN.com 9.21.2 (C:\Program Files\TAP-NordVPN\Uninstall.exe)
Program: WinRAR 5.50 (64-bit) by win.rar GmbH 5.50.0 (C:\Program Files\WinRAR\uninstall.exe)
Program: SafeNet Authentication Client 10.3 by Gemalto 10.3.25.0 (MsiExec.exe /X{2F50DC95-4FAE-4025-84F3-844C2100ABE5})
Program: Malwarebytes version 3.3.1.2183 by Malwarebytes 3.3.1.2183 ("C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe" /LOG)
Program: Windows 10 Update and Privacy Settings by Microsoft Corporation 1.0.14.0 (MsiExec.exe /X{4DFCD818-036A-4229-A67D-CF17DC461D92})
Program: Emsisoft Anti-Malware by Emsisoft Ltd. 2017.4 ("C:\Program Files\Emsisoft Anti-Malware\unins000.exe")
Program: Killer Bandwidth Control Filter Driver by Rivet Networks 1.1.57.1125 (MsiExec.exe /X{5B7A2B7B-CEA9-4E50-B0E4-E82F204CBE78})
Program: Killer E220x Drivers by Rivet Networks 1.1.57.1125 (MsiExec.exe /X{77C95134-CA2D-4614-9C86-55B7A6A281AA})
Program: Update for Windows 10 for x64-based Systems (KB4023057) by Microsoft Corporation 2.11.0.0 (MsiExec.exe /X{AC0D130B-8809-4125-811F-667893B90644})
Program: NVIDIA Graphics Driver 390.77 by NVIDIA Corporation 390.77 ("C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver)
Program: NVIDIA PhysX System Software 9.17.0524 by NVIDIA Corporation 9.17.0524 ("C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX)
Program: NVIDIA HD Audio Driver 1.3.36.6 by NVIDIA Corporation 1.3.36.6 ("C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage HDAudio.Driver)
Program: Google Chrome by Google Inc. 64.0.3282.140 ("C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.140\Installer\setup.exe" --uninstall --system-level --verbose-logging)
Program: NordVPN by NordVPN 6.11.11 (C:\ProgramData\Caphyon\Advanced Installer\{268B3D75-199F-4844-9AFF-36A629814C8B}\NordVPNSetup.exe /i {268B3D75-199F-4844-9AFF-36A629814C8B} AI_UNINSTALLER_CTP=1)
Program: Norton Security by Symantec Corporation 22.10.0.85 ("C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS\A5E82D02\22.10.0.85\InstStub.exe" /X /ARP)
Program: Norton Security Scan by Symantec Corporation 4.6.1.145 (C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.145\InstWrap.exe)
Program: Reason Core Security by Reason Software Company Inc. 1.1.0.0 ("C:\Program Files\Reason\Security\uninstall.exe")
Program: Tweaking.com - Windows Repair by Tweaking.com 4.0.13 ("C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\uninstall.exe" "/U:C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Uninstall\uninstall.xml")
Program: Google Toolbar for Internet Explorer by Google Inc. 1.0.0 (MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C})
Program: Comodo Dome Shield IP Updater Agent by COMODO 1.0.0.2 (MsiExec.exe /I{302BFEBD-A200-4588-A734-22D77AE90DD4})
Program: MSI Live Update 6 by MSI 6.2.0.27 ("C:\Program Files (x86)\MSI\Live Update\unins000.exe")
Program: Google Update Helper by Google Inc. 1.3.33.7 (MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA})
Program: Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 by Microsoft Corporation 12.0.21005.1 ("C:\ProgramData\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe" /uninstall)
Program: MSIRegister by MSI 2.0.0.10 ("C:\MSI\MSIRegister\unins000.exe")
Program: Comodo Shield Agent by COMODO 1.2.0.6 (MsiExec.exe /I{89047C23-659B-4718-BD55-8950BC33353E})
Program: AntiLogger Free version 1.8.2.320 by Zemana Ltd. 1.8.2.320 ("C:\Program Files (x86)\Zemana AntiLogger Free\unins000.exe")
Program: Intel® Chipset Device Software by Intel® Corporation 10.1.1.9 ("C:\ProgramData\Package Cache\{c7f54569-0018-439c-809a-48046a4d4ebc}\SetupChipset.exe" /uninstall)
Program: Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 by Microsoft Corporation 12.0.21005.1 ("C:\ProgramData\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe" /uninstall)
Program: Windows 10 Update Assistant by Microsoft Corporation 1.4.9200.22350 ("C:\Windows10Upgrade\Windows10UpgraderApp.exe" /Uninstall)
Program: Killer Performance Suite by Rivet Networks 1.1.57.1125 ("C:\Program Files (x86)\InstallShield Installation Information\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}\PerformanceSuite.exe" -remove -runfromtemp)
Program: Microsoft OneDrive by Microsoft Corporation 17.3.7294.0108 (C:\Users\Danny\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\OneDriveSetup.exe /uninstall )
Reason Core Security Diagnostic Scan (version 1.1.0.0)
Created on 2/7/2018 2:25:59 AM by Danny (Administrator rights, UAC enabled)
Windows 10 Pro (x64)
Installed in C:\Program Files\Reason\Security
Internet Explorer 9.11.14393.0 (default browser)
Google Chrome 64.0.3282.140
==================== Processes (Filtered) ========================================
Process: (Google Inc) C:\Program Files (x86)\google\chrome\application\chrome.exe
Process: (MICRO-STAR INTERNATIONAL CO., LTD.) C:\msi\msiregister\msiregisterservice.exe
Process: (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\resources\binaries\64bit\openvpn-nordvpn.exe
Process: (Malwarebytes Corporation) C:\Program Files (x86)\malwarebytes anti-exploit\mbae64.exe
Process: (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield agent\cshield.exe
Process: (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\a2service.exe
Process: (Malwarebytes Corporation) C:\Program Files\malwarebytes\anti-malware\mbamtray.exe
Process: (Google Inc) C:\Program Files (x86)\google\google toolbar\googletoolbaruser_32.exe
Process: (gemalto) C:\Program Files\safenet\authentication\sac\x64\sacsrv.exe
Process: (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\conathst.exe
Process: C:\Program Files (x86)\comodo\shield agent\dnscrypt-proxy.exe
Process: (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield agent\cshield_tray_helper.exe
Process: (Zemana Bilisim Teknolojileri Sanayi Ticaret Limited Sirketi) C:\Program Files (x86)\zemana antimalware\zam.exe
Process: (NVIDIA Corporation) C:\Program Files (x86)\nvidia corporation\nvtelemetry\nvtelemetrycontainer.exe
Process: (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\ns.exe
Process: (Google Inc) C:\Program Files (x86)\google\update\1.3.33.7\googlecrashhandler64.exe
Process: (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn.exe
Process: (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\a2start.exe
Process: (Intel Corporation) C:\Windows\System32\igfxhk.exe
Process: (NVIDIA Corporation) C:\Program Files\nvidia corporation\display.nvcontainer\nvdisplay.container.exe
Process: (Malwarebytes Corporation) C:\Program Files\malwarebytes\anti-malware\mbamservice.exe
Process: (Intel Corporation) C:\Windows\System32\igfxcuiservice.exe
Process: (Malwarebytes Corporation) C:\Program Files\malwarebytes\anti-malware\mbam.exe
Process: (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn-service.exe
Process: (Adlice) C:\Program Files\ucheck\ucheck64.exe
Process: (gemalto) C:\Program Files\safenet\authentication\sac\x64\sactools.exe
Process: (Zemana Ltd.) C:\Program Files (x86)\zemana antilogger free\antilogger free.exe
Process: (Intel Corporation) C:\Windows\System32\igfxtray.exe
Process: (Intel Corporation) C:\Windows\System32\igfxem.exe
Process: (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\live update\msi_liveupdate_service.exe
Process: (Google Inc) C:\Program Files (x86)\google\update\1.3.33.7\googlecrashhandler.exe
==================== Browsers (Filtered) ========================================
========== Internet Explorer (C:\Program Files\Internet Explorer\IExplore.exe) ==========
IEBHO: [{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} / Norton Identity Safety] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\coieplg.dll
IEBHO: [{AA58ED58-01DD-4d91-8333-CF10577473F7} / Google Toolbar Helper] (Google Inc) C:\Program Files (x86)\google\google toolbar\googletoolbar_32.dll
IEToolbar: [{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Inc) C:\Program Files (x86)\google\google toolbar\googletoolbar_32.dll
IEToolbar: [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\coieplg.dll
IEWebBrowser: [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\coieplg.dll
IEWebBrowser: [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] (Google Inc) C:\Program Files (x86)\google\google toolbar\googletoolbar_32.dll
SearchScope: [@ieframe.dll,-12512 / {0633EE93-D776-472f-A0FF-E1416B8B2E3A}] http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScope: [@ieframe.dll,-12512 / {0633EE93-D776-472f-A0FF-E1416B8B2E3A}] http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScope: [Google / {6A1806CD-94D4-4689-BA73-E35EA1EA9990}] http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
SearchScope: [Bing / {0633EE93-D776-472f-A0FF-E1416B8B2E3A}] http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScope: [Google / {6A1806CD-94D4-4689-BA73-E35EA1EA9990}] http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
SearchScope: [Norton Safe Search / {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}] https://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=oem&geo=US&ver=22.10.0.85&locale=en_US&guid=CD2A8243-B5BE-4488-8524-EA0BB83A9DE0&doi=2018-02-06&gct=kwd&qsrc=2869 (default) ***Attention***
Page: (HKCU\Start Page) http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
Page: (HKLM\Start Page) http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
Page: (HKLM\Wow6432Node\Start Page) http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
========== Google Chrome (C:\Program Files (x86)\Google\Chrome\Application\chrome.exe) ==========
ChromeExtension: C:\Program Files\norton security\engine\22.10.0.85\exts\chrome.crx
ChromeExtension: [Slides] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\manifest.json
ChromeExtension: [Docs] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\manifest.json
ChromeExtension: [Google Drive] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json
ChromeExtension: [TunnelBear Blocker] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\bebdhgdigjiiamnkcenegafmfjoghafk\0.9.8_0\manifest.json
ChromeExtension: [WOT: Web of Trust, Website Reputation Ratings] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\bhmmomiinigofkjcapegjjndpbikblnp\4.0.6.5_0\manifest.json
ChromeExtension: [YouTube] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\manifest.json
ChromeExtension: [Norton Security Toolbar] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe\2017.12.0.5_0\manifest.json
ChromeExtension: [uBlock Origin] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.15.2_0\manifest.json
ChromeExtension: [Sheets] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\manifest.json
ChromeExtension: [HTTPS Everywhere] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\gcbommkclmclpchllfjekcdonpmejbdp\2018.1.29_0\manifest.json
ChromeExtension: [Norton Home Page for Chrome] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\gfoabcdjalmeenbjjngidappmppchblc\1.0.0.20_0\manifest.json ***PUP.Norton.Ask.Search***
ChromeExtension: [Norton Safe] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\hbmobhkkblcgdifigjglcjneplefbkmh\2.0.26_0\manifest.json ***PUP.Norton.Ask.Search***
ChromeExtension: [Norton Identity Safe] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\manifest.json
ChromeExtension: [Chrome Web Store Payments] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.3_0\manifest.json
ChromeExtension: [TunnelBear Inc.] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\omdakjcmkglenbhjadbccaookpfjihpa\2.0.1_0\manifest.json
ChromeExtension: [Gmail] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\manifest.json
ChromeExtension: [Chrome Media Router] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\6417.1211.0.0_0\manifest.json
==================== Services (Filtered) ========================================
Service: [Intel® Content Protection HECI Service] (Intel Corporation) C:\Windows\syswow64\intelcphecisvc.exe
Service: [Google Update Service (gupdate)] (Google Inc) C:\Program Files (x86)\google\update\googleupdate.exe
Service: [Google Software Updater] (Google Inc) C:\Program Files (x86)\google\common\google updater\googleupdaterservice.exe
Service: [Intel® HD Graphics Control Panel Service] (Intel Corporation) C:\Windows\System32\igfxcuiservice.exe
Service: [Malwarebytes Anti-Exploit Service] (Malwarebytes Corporation) C:\Program Files (x86)\malwarebytes anti-exploit\mbae-svc.exe
Service: [Malwarebytes Service] (Malwarebytes Corporation) C:\Program Files\malwarebytes\anti-malware\mbamservice.exe
Service: [MSIREGISTER_MR] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\msi\msiregister\msiregisterservice.exe
Service: [MSI Live Update Service] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\live update\msi_liveupdate_service.exe
Service: [nordvpn-service] (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn-service.exe
Service: [Norton Security] (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\ns.exe
Service: [NVIDIA Display Container LS] (NVIDIA Corporation) C:\Program Files\nvidia corporation\display.nvcontainer\nvdisplay.container.exe
Service: [NVIDIA Telemetry Container] (NVIDIA Corporation) C:\Program Files (x86)\nvidia corporation\nvtelemetry\nvtelemetrycontainer.exe
Service: [SACSrv] (gemalto) C:\Program Files\safenet\authentication\sac\x64\sacsrv.exe
Service: [cShield] (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield agent\cshield.exe
Service: [dnscrypt-proxy] C:\Program Files (x86)\comodo\shield agent\dnscrypt-proxy.exe
Service: [Emsisoft Protection Service] (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\a2service.exe
Service: [ZAM Controller Service] (Zemana Bilisim Teknolojileri Sanayi Ticaret Limited Sirketi) C:\Program Files (x86)\zemana antimalware\zam.exe
==================== Drivers (Filtered) ========================================
Driver: [bcmfn Service] C:\Windows\System32\drivers\bcmfn.sys
Driver: [bcmfn2 Service] C:\Windows\System32\drivers\bcmfn2.sys
Driver: [Killer Bandwidth Control] (Rivet Networks LLC) C:\Windows\System32\drivers\bwcw10x64.sys
Driver: [BHDrvx64] (Symantec Corporation) C:\Program Files\norton security\nortondata\22.9.0.71\definitions\bas
-
Here is an FRST log from just now
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by Danny (administrator) on DANNY-PC (07-02-2018 02:36:22)
Running from C:\Users\Danny\Desktop
Loaded Profiles: Danny (Available Profiles: Danny)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Micro-Star INT'L CO., LTD.) C:\MSI\MSIRegister\MSIRegisterService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
() C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.10.0.85\ns.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.10.0.85\ns.exe
(NordVPN) C:\Program Files (x86)\NordVPN\NordVPN.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows10Upgrade\Windows10UpgraderApp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(The OpenVPN Project) C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\openvpn-nordvpn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Adlice Software) C:\Program Files\UCheck\UCheck64.exe
(Gemalto) C:\Program Files\SafeNet\Authentication\SAC\x64\SACSRV.exe
(COMODO Security Solutions) C:\Program Files (x86)\COMODO\Shield Agent\cShield.exe
(COMODO Security Solutions) C:\Program Files (x86)\COMODO\Shield Agent\cshield_tray_helper.exe
() C:\Program Files (x86)\COMODO\Shield Agent\dnscrypt-proxy.exe
(Gemalto) C:\Program Files\SafeNet\Authentication\SAC\x64\SACTools.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsUI.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsEngineSvc.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\397cffd104f9525702c352b7f8a90682\WindowsUpdateBox.exe
(Microsoft Corporation) C:\$WINDOWS.~BT\Sources\SetupHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.10.0.85\conathst.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.10.0.85\conathst.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SACMonitor] => C:\Program Files\SafeNet\Authentication\SAC\x64\SACMonitor.exe [636984 2017-03-29] (Gemalto)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8980016 2015-11-05] (Zemana Ltd.)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [26119352 2018-01-30] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [MSIRegister] => C:\MSI\MSIRegister\MSIRegister.exe [1262544 2017-07-11] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2479392 2017-12-18] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Comodo Dome Shield Tray Helper] => C:\Program Files (x86)\COMODO\Shield Agent\cshield_tray_helper.exe [1765176 2018-01-05] (COMODO Security Solutions)
HKLM-x32\...\Run: [Comodo Dome Shield IP Updater] => C:\Program Files (x86)\COMODO\Shield IP Updater\cShieldIpUpdater.exe [2117432 2017-12-15] (COMODO Security Solutions)
Winlogon\Notify\ScCertProp:
Winlogon\Notify\ScCertProp:
HKU\S-1-5-21-282559497-451337721-2173362044-1001\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [5851936 2018-02-05] (NordVPN)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-282559497-451337721-2173362044-1001] => Proxy is enabled.
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{47fc06bb-498b-40fa-aae7-c55c5a19934f}: [NameServer] 8.26.56.10,8.20.247.10
Tcpip\..\Interfaces\{47fc06bb-498b-40fa-aae7-c55c5a19934f}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9b024e62-78d7-459f-bd93-21f3c937c18a}: [DhcpNameServer] 103.86.99.99 103.86.96.96 78.46.223.24 162.242.211.137
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-282559497-451337721-2173362044-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-282559497-451337721-2173362044-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-282559497-451337721-2173362044-1001 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=oem&geo=US&ver=22.10.0.85&locale=en_US&guid=CD2A8243-B5BE-4488-8524-EA0BB83A9DE0&doi=2018-02-06&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-282559497-451337721-2173362044-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=oem&geo=US&ver=22.10.0.85&locale=en_US&guid=CD2A8243-B5BE-4488-8524-EA0BB83A9DE0&doi=2018-02-06&gct=kwd&qsrc=2869
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-02-07] (Google Inc.)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-02-07] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-02-07] (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-02-07] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-282559497-451337721-2173362044-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-282559497-451337721-2173362044-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-02-07] (Google Inc.)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\coFFAddon [2018-02-06] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\coFFAddon
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-06] (Google Inc.)
Chrome:
=======
CHR NewTab: Default -> Active:"chrome-extension://gfoabcdjalmeenbjjngidappmppchblc/homePageRedirect.html"
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Profile: C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default [2018-02-07]
CHR Extension: (Slides) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-06]
CHR Extension: (Docs) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-06]
CHR Extension: (Google Drive) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-06]
CHR Extension: (TunnelBear Blocker) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\bebdhgdigjiiamnkcenegafmfjoghafk [2018-02-07]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-02-06]
CHR Extension: (YouTube) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2018-02-07]
CHR Extension: (uBlock Origin) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-02-06]
CHR Extension: (Sheets) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-06]
CHR Extension: (HTTPS Everywhere) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2018-02-06]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfoabcdjalmeenbjjngidappmppchblc [2018-02-06]
CHR Extension: (Norton Safe) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbmobhkkblcgdifigjglcjneplefbkmh [2018-02-06]
CHR Extension: (Norton Identity Safe) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2018-02-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-06]
CHR Extension: (TunnelBear Inc.) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2018-02-07]
CHR Extension: (Gmail) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-06]
CHR Extension: (Chrome Media Router) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-06]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.10.0.85\Exts\Chrome.crx [2018-02-06]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.10.0.85\Exts\Chrome.crx [2018-02-06]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9303352 2018-01-31] (Emsisoft Ltd)
R2 cShield; C:\Program Files (x86)\COMODO\Shield Agent\cShield.exe [2019648 2018-01-05] (COMODO Security Solutions)
R2 dnscrypt-proxy; C:\Program Files (x86)\COMODO\Shield Agent\dnscrypt-proxy.exe [235520 2017-12-26] () [File not signed]
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [153888 2017-12-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MSIREGISTER_MR; C:\MSI\MSIRegister\MSIRegisterService.exe [128976 2017-07-11] (Micro-Star INT'L CO., LTD.)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2306232 2018-01-25] (Micro-Star INT'L CO., LTD.)
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [420640 2018-02-05] ()
R2 NS; C:\Program Files\Norton Security\Engine\22.10.0.85\NS.exe [326144 2017-07-14] (Symantec Corporation)
R2 osrss; C:\Windows\system32\osrss.dll [108584 2018-01-09] (Microsoft Corporation)
R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [293656 2018-02-07] (Reason Software Company Inc.)
R2 rsEngineSvc; C:\Program Files\Reason\Security\rsEngineSvc.exe [80144 2015-08-12] (Reason Software Company Inc.)
R2 SACSrv; C:\Program Files\SafeNet\Authentication\SAC\x64\SACSRV.exe [48696 2017-03-29] (Gemalto)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
S3 disconnect-openvpn; C:\Users\Danny\AppData\Roaming\Disconnect\Disconnect Desktop\nssm.exe [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AKSIFDH; C:\Windows\system32\DRIVERS\aksifdh.sys [62632 2017-03-29] (Aladdin Knowledge Systems, Ltd.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [144456 2016-01-22] (Rivet Networks, LLC.)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\BASHDefs\20180201.001\BHDrvx64.sys [1872024 2018-02-01] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\160A000.055\ccSetx64.sys [187520 2017-07-14] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-02-06] (Symantec Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [152656 2018-02-06] (Symantec Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2018-02-07] ()
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\IPSDefs\20180206.001\IDSvia64.sys [1056920 2018-02-06] (Symantec Corporation)
R3 iKeyEnum; C:\Windows\system32\DRIVERS\ikeyenum.sys [16160 2017-03-29] (SafeNet, Inc.)
R3 iKeyIFD; C:\Windows\system32\DRIVERS\ikeyifd.sys [22304 2017-03-29] (SafeNet, Inc.)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [162120 2016-09-28] (Qualcomm Atheros, Inc.)
R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193464 2018-02-07] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2018-02-06] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [46008 2018-02-06] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-06] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2018-02-07] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7a39871618b19f06\nvlddmkm.sys [17493824 2018-01-24] (NVIDIA Corporation)
U5 RnbToken; C:\Windows\System32\Drivers\RnbToken.sys [24352 2017-03-29] (SafeNet, Inc.)
R1 SRTSP; C:\Windows\System32\Drivers\NSx64\160A000.055\SRTSP64.SYS [810136 2017-07-14] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\160A000.055\SRTSPX64.SYS [49304 2017-07-14] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\160A000.055\SYMEFASI64.SYS [1868416 2017-07-14] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\160A000.055\SymELAM.sys [24608 2017-07-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102568 2018-02-06] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\160A000.055\Ironx64.SYS [301288 2017-07-14] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\160A000.055\SYMNETS.SYS [566912 2017-07-14] (Symantec Corporation)
R3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [84432 2017-03-27] (The OpenVPN Project)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2018-02-07] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2018-02-07] (Zemana Ltd.)
S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\SDSDefs\20180206.006\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\SDSDefs\20180206.006\NAVEX15.SYS [X]
========================== Drivers MD5 =======================
C:\Windows\System32\drivers\1394ohci.sys A7901875F89D011C38CF52C98ACF5B29
C:\Windows\System32\drivers\3ware.sys EE1CCC54F75C24727A218F98FC5349DA
C:\Windows\System32\drivers\ACPI.sys 73C73E1AA0D4D727A04AAAB120B7F56A
C:\Windows\System32\drivers\AcpiDev.sys 0935496EF9624B46B935CB35ECE1F205
C:\Windows\System32\Drivers\acpiex.sys D6794C31F4077B71433988787BAA926E
C:\Windows\System32\drivers\acpipagr.sys FE5F656D6B35089DA39112E74EC6A85A
C:\Windows\System32\drivers\acpipmi.sys 2F242941E4DFF69B883D77A16F039557
C:\Windows\System32\drivers\acpitime.sys C247E35A21682DA8D0DC3AF9F025FCC5
C:\Windows\System32\drivers\ADP80XX.SYS 49B9DB97AFC85DCCBDACDAB2E90085B7
C:\Windows\system32\drivers\afd.sys 983266DA83FFF73DBDDD3730A4712228
C:\Windows\System32\DRIVERS\ahcache.sys E44DB3F7225EC3E119560738B3619972
C:\Windows\system32\DRIVERS\aksifdh.sys 3392A62BD8C2232C87B94C330AFA91B1
C:\Windows\System32\drivers\amdk8.sys DF21E05E41E5AC3F13F304D91457649A
C:\Windows\System32\drivers\amdppm.sys 45D0AA4BB90B821DF92E8F19ABED0C5E
C:\Windows\System32\drivers\amdsata.sys 74FFBC43B4B899C9A8CA06A892F2CE73
C:\Windows\System32\drivers\amdsbs.sys AAB0F1D8D7E54761ABAB13AF161F1680
C:\Windows\System32\drivers\amdxata.sys F91BAAC4237C40352A807000F3B716F9
C:\Windows\System32\drivers\appid.sys BC121C099C6C659126AD2102AFDFF8CF
C:\Windows\System32\drivers\applockerfltr.sys 68190E2BADF23BD782344970E5B5DE9E
C:\Windows\system32\drivers\AppvStrm.sys FC51FBAF73621601693DA24262353DE3
C:\Windows\system32\drivers\AppvVemgr.sys 8DC924848E20F890BEFC6B31136D46BE
C:\Windows\system32\drivers\AppvVfs.sys 9ADC5A8BEE10E174F95349E9232D8E76
C:\Windows\System32\drivers\arcsas.sys E6AB1F0B4C3D4E0D2A88332D76FECD03
C:\Windows\System32\drivers\asyncmac.sys 61C5A480C43E7E8E49C42869F49D0D3E
C:\Windows\System32\drivers\atapi.sys A10F989A812B57B9695F6C305907C9C6
C:\Windows\System32\drivers\bxvbda.sys 61BAC67048CA5C1D08C48FCC8012B613
C:\Windows\System32\drivers\BasicDisplay.sys 68F72B05EBC6D1779C0D60A147C7CA0B
C:\Windows\System32\drivers\BasicRender.sys 23156E7EDAF613D839E2839746B168D3
C:\Windows\System32\drivers\bcmfn.sys 3F5523DCEFE42B385659C5CB46A6B810
C:\Windows\System32\drivers\bcmfn2.sys 0B750A6A6D847E73CA48ADD7A0F5A393
C:\Windows\System32\Drivers\Beep.sys 0A508274355745EEF01C6BE3198D02C4
C:\Windows\system32\DRIVERS\bwcW10x64.sys A9C299A036F7BAB662868D7250BAC799
C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\BASHDefs\20180201.001\BHDrvx64.sys 97CC114712E5CCFA89082392EB89D21E
C:\Windows\System32\DRIVERS\bowser.sys EEBFAEB4702E1049ECD44B10485E6C0C
C:\Windows\System32\drivers\BthAvrcpTg.sys 722036C26D2C4E50EC2A2EC5FD678846
C:\Windows\System32\drivers\bthhfenum.sys C2E31BE025D46D189E38DD1EDF07837A
C:\Windows\System32\drivers\BthHFHid.sys F7CD605FC0B0B22F3F6F247595E3A655
C:\Windows\System32\drivers\bthmodem.sys 535DC41A33630AE4C262406F9E981C03
C:\Windows\System32\drivers\buttonconverter.sys 23F9EF739F685E07482116425E7879AA
C:\Windows\System32\drivers\capimg.sys 4C61113687EB66035A70A55EE9B7DB4A
C:\Windows\system32\drivers\NSx64\160A000.055\ccSetx64.sys C407C0279B86DA6C36741B4AF80BF630
C:\Windows\System32\DRIVERS\cdfs.sys F8FB51B9EF6372610E9B31A1D86B62FC
C:\Windows\System32\drivers\cdrom.sys 613D0137C269187FA298A157E3D14A18
C:\Windows\System32\drivers\cht4sx64.sys 0AED948DA8D5F08B3D6F12E4E2089736
C:\Windows\System32\drivers\cht4vx64.sys 0002A0FDE087C1657AB31CE73077539C
C:\Windows\System32\drivers\circlass.sys 6B4F90A287D75CCD78694F6790C911B2
C:\Windows\System32\drivers\CLFS.sys 09D0B94D3A06EFD1EB70189EC4B26DF7
C:\Windows\System32\drivers\registry.sys EEC3A4A98AE1A337E3CD1483AD6F2E15
C:\Windows\System32\drivers\CmBatt.sys 429623E266EF067A44E8CF148E9DFB9B
C:\Windows\System32\Drivers\cng.sys D0438FBD80ECEF7591575AA9E7186E93
C:\Windows\System32\DRIVERS\cnghwassist.sys 3DB10C59405931E2C72EFB82C1AF97D1
C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys 34C935AF2A414572B412B3556586D783
C:\Windows\System32\drivers\condrv.sys 44EEEB2382F566999287E13F2067693C
C:\Windows\System32\drivers\csc.sys 03214883D52FAD46573233852344C72C
C:\Windows\System32\drivers\dam.sys 42F254BA851371E2F5351E59E391751B
C:\Windows\System32\Drivers\dfsc.sys 7EAFDEF51136E8F2452CEBD8D084F108
C:\Windows\System32\drivers\disk.sys 35B9D46560339A5A7F0CAC6ED702C817
C:\Windows\System32\drivers\dmvsc.sys 815F45161A4571C2C44491564F3D5968
C:\Windows\system32\DRIVERS\drmkaud.sys AE6BD4C879A8C849E53947C92DF3B3A0
C:\Windows\System32\drivers\dxgkrnl.sys E28103485F82F30AFC5DE1CEDF4AF295
C:\Windows\System32\drivers\evbda.sys 7EC6FC0266D74BD47ABB130A328B70EC
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 572D6654361A653042693C488197D014
C:\Windows\System32\drivers\EhStorClass.sys 8D74B8B5D6F7C5BC4C525BAF2B083FF1
C:\Windows\System32\drivers\EhStorTcgDrv.sys 4D49B99DCACA1FC782A94DB596246504
C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys 0E840AA66CAB02CBA9730C772BBE305B
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 6E7F4FD29451F0D4D965D0996856F525
C:\Windows\System32\drivers\errdev.sys 77B60DEC7DCB4233E4A69D3F52E5DB24
C:\Windows\system32\drivers\mbae64.sys 7D0520A12B31E6858B3BB7E675AFA34E
C:\Windows\System32\Drivers\exfat.sys FCD2C63754C2E739A8EEAD9BC63F9DDC
C:\Windows\System32\Drivers\fastfat.sys C077AA74EDDAF69985EB27597BCB342A
C:\Windows\System32\drivers\fdc.sys 99598ECA5E41996E005D5B9D9FF1EFA2
C:\Windows\System32\drivers\filecrypt.sys F44F666B0EACC3181544FFCF8CA0FFC7
C:\Windows\System32\drivers\fileinfo.sys 78A210DDFDF2C9EC884631D2DAA573F0
C:\Windows\System32\drivers\filetrace.sys 1A97DB5E701A186989F3795223C3BE39
C:\Windows\System32\drivers\flpydisk.sys 46626665F0E5906E45619B4EFD6186B8
C:\Windows\System32\drivers\fltmgr.sys FDA72ACA14D516D18C33AFCD0FD9260F
C:\Windows\System32\drivers\FsDepends.sys D152CCBFC8251670BF0AAFE00D6BC782
C:\Windows\System32\Drivers\Fs_Rec.sys 6D6BB5C7363CD35FA715E826F3D029EE
C:\Windows\System32\DRIVERS\fvevol.sys B719EAA1EC93586955B013BD7DD61356
C:\Windows\System32\drivers\vmgencounter.sys EF78034773CE506323655A868C949144
C:\Windows\System32\drivers\genericusbfn.sys B55FEBC6A00DAA1FE074F020B6907516
C:\Windows\System32\Drivers\msgpioclx.sys DDD8A8CDDC7F13EF57D1DAAE71865936
C:\Windows\System32\drivers\gpuenergydrv.sys 7ACD8F69B5D6EC97E6D2C006E19BED88
C:\Windows\system32\DRIVERS\HdAudio.sys 217230B984AB2954E2FA5E36578D7B08
C:\Windows\System32\drivers\HDAudBus.sys 10E3515FE5DBA6656FA62C29342EC4A1
C:\Windows\System32\drivers\HidBatt.sys B90D284B97CD4CA9DE7430AAAD887A56
C:\Windows\System32\drivers\hidbth.sys B2FE11643CC6ACDEE6C247DD36018FDB
C:\Windows\System32\drivers\hidi2c.sys D24355488A2D4D2323518EC1AC7A6D9E
C:\Windows\System32\drivers\hidinterrupt.sys 0AF9ABBA4F3F55C6C803890D64BC3C29
C:\Windows\System32\drivers\hidir.sys CDBCF8E9AB06D88A1E1191D32F320C5D
C:\Windows\System32\drivers\hidusb.sys 2B7002EEACFC2687788A34ADB204293D
C:\Windows\System32\drivers\HpSAMD.sys F5CA18197B4646E04DB9EB2D6642CC4D
C:\Windows\System32\drivers\HTTP.sys 65E358D604267CBAACB74A2598BBE22B
C:\Windows\System32\drivers\hvservice.sys 3756E15BB86689412775DF22A442FC46
C:\Windows\System32\drivers\hwpolicy.sys 771EDDA9830A3079F996F34D681FB6E5
C:\Windows\System32\drivers\hyperkbd.sys 3B9F315E7FA72CC25228EB097DD9C694
C:\Windows\System32\drivers\i8042prt.sys B54B30992620C97230013A74461C8517
C:\Windows\System32\drivers\iagpio.sys C6B8743B213F06AA60943D8366FE968F
C:\Windows\System32\drivers\iai2c.sys 9A2A2F3C69B9A30B6E78536F6D258BAD
C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys 5A0E850F8CD17791A3E6A3CF81D0CA28
C:\Windows\System32\drivers\iaLPSS2i_I2C.sys 7508F1096803385D6376BFD0BD473AC4
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\Windows\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\Windows\System32\drivers\iaStorAV.sys 97E553D03219D3D51705C7235D9EAEBD
C:\Windows\System32\drivers\iaStorV.sys 8350FE3BCDE3428BC040877BB7E9EAEB
C:\Windows\System32\drivers\ibbus.sys 3BA03F7C7700DDF4C383DDE9252F5817
C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\IPSDefs\20180206.001\IDSvia64.sys 53C62B1F7DC9134130C688A2FCDEDADE
C:\Windows\system32\DRIVERS\igdkmd64.sys 32F5DCDDC3D4DF6DDA96CD29C8FC51A4
C:\Windows\system32\DRIVERS\ikeyenum.sys 73BA74701D8E14D1B431BAB1C75641AD
C:\Windows\system32\DRIVERS\ikeyifd.sys 4E7681D5A354396F95DF46C942733E4A
C:\Windows\System32\drivers\IndirectKmd.sys 2A01C96DF5802D3434634E55C91232D8
C:\Windows\system32\DRIVERS\IntcDAud.sys E300D1E37B737ED14F7A08CD5604E5D9
C:\Windows\System32\drivers\intelide.sys 9F7E87F6595D065A8A200A291043045E
C:\Windows\System32\drivers\intelpep.sys A6BD2E20AE1BC5CB2776C87C28E4F4CA
C:\Windows\System32\drivers\intelppm.sys 2A48DA39542636DB0FA3BA915385D1B3
C:\Windows\System32\drivers\iorate.sys 4A922CAB4AB5F29F1BECC9D95B4B7F05
C:\Windows\System32\DRIVERS\ipfltdrv.sys FE85D0A86CA7A5A99CF8CD04DE7F80AE
C:\Windows\System32\drivers\IPMIDrv.sys 450DBDD716C7911F83E05F78EE18BFA2
C:\Windows\System32\drivers\ipnat.sys F1DAECC3B3D6399875D4F10529D6A77C
C:\Windows\system32\drivers\irda.sys 7475A2903BB704B446AA6309E34D3362
C:\Windows\System32\drivers\irenum.sys 9725E7F0C64CE9916A5CDABE8D6E13C3
C:\Windows\System32\drivers\isapnp.sys 58040898883A96160D41739C80328BBF
C:\Windows\System32\drivers\msiscsi.sys C9FD02D62E09337B67B0C61EC8CA38CC
C:\Windows\System32\drivers\kbdclass.sys 210808437570BDDEE71A43535E3A2D30
C:\Windows\System32\drivers\kbdhid.sys 2D05785B0C58D90A34EA15032EADBBA9
C:\Windows\System32\drivers\kdnic.sys 813BA3EB2CE038F2A5382DDD75CAD60B
C:\Windows\System32\DRIVERS\KeyCrypt64.sys 547E9B25B4407A125D5F187E918BC217
C:\Windows\System32\drivers\e2xw10x64.sys 79FB15772614197065C6F8DF085125CA
C:\Windows\System32\Drivers\ksecdd.sys 9FA1B5D84F596F0664F0465F302044DC
C:\Windows\System32\Drivers\ksecpkg.sys ECC7F3CDF34AAA49C00504466FC2B698
C:\Windows\system32\drivers\ksthunk.sys 4ED115CD1A1099705F56B5E0FFF97CC6
C:\Windows\System32\drivers\lltdio.sys 5933A6673F00D8255C52957E40C2D601
C:\Windows\System32\drivers\lsi_sas.sys 8E1B0946948CCC0BC1FA3CB70374A795
C:\Windows\System32\drivers\lsi_sas2i.sys 4F68163FC04C973500DC4DA0946917B0
C:\Windows\System32\drivers\lsi_sas3i.sys E5AC5F2815938651CDCC27F425474673
C:\Windows\System32\drivers\lsi_sss.sys CCF6EC9FB9B8F18E05B4253E81013E48
C:\Windows\system32\drivers\luafv.sys C9579D32219E5B936AC3A48D470117EC
C:\Windows\System32\Drivers\MbamChameleon.sys C3C2C7E2EEFECD88A76FF626E72BF123
C:\Windows\system32\DRIVERS\farflt.sys 20046A5DB1466EBD0DCAEB84D00C5432
C:\Windows\system32\DRIVERS\mbam.sys 29BD0BB2CD7E37B8C248CFA933FBD1F4
C:\Windows\System32\Drivers\mbamswissarmy.sys B047B9CE5A0D800E6D713B43D0405221
C:\Windows\system32\DRIVERS\mwac.sys 482F6D603BDCC825768D86D8228BD65F
C:\Windows\System32\drivers\megasas.sys C3CDCCF07486BD2616A7B82946E07AC0
C:\Windows\System32\drivers\megasr.sys FADB2FE017E69EECE0E1BA78661C2E8C
C:\Windows\System32\drivers\TeeDriverW8x64.sys F1E754DEEB3369BCCE2228D5C10DE101
C:\Windows\System32\drivers\mlx4_bus.sys FD60818B66B2E8A5415EA840E99A9D8F
C:\Windows\system32\drivers\mmcss.sys 68F6977F1CFBAAC770D940A8C0326FA1
C:\Windows\System32\drivers\modem.sys D842ADDB5911945D51F61A0B1C8F36E3
C:\Windows\System32\drivers\monitor.sys 9CCCB7FC3EDADEBA461D78615A6011A6
C:\Windows\System32\drivers\mouclass.sys 27A07B2FB2E3057DA8DAEA4F25D843C7
C:\Windows\System32\drivers\mouhid.sys 7BD6E7F7C9001AB21B8362CFFEE80B25
C:\Windows\System32\drivers\mountmgr.sys F5BDAEE4B7D369D4C74668DCFBA3FF10
C:\Windows\System32\drivers\mpsdrv.sys 30844BD376F9D01E62C820BEF446F1F8
C:\Windows\system32\drivers\mrxdav.sys 50C2389CD04C5B8632E3DC2D733EF15D
C:\Windows\System32\DRIVERS\mrxsmb.sys C9BB4E2FCAB693FEB00CF940060D94F4
C:\Windows\System32\DRIVERS\mrxsmb10.sys 8F58AEAE00B39AC9AD93755E777B19D8
C:\Windows\System32\DRIVERS\mrxsmb20.sys 6C83C4A8278E48455DA13E554CEB45F1
C:\Windows\System32\drivers\bridge.sys 74C9D21523DAE0C18F413C196DF0058A
C:\Windows\System32\Drivers\Msfs.sys F01B849D9D4A8CEAF32D4FDBD0B83C92
C:\Windows\System32\drivers\msgpiowin32.sys 22ECD8F5D1DFADF2011BBB1700CB871D
C:\Windows\System32\drivers\mshidkmdf.sys FD870F6968A145E4D2BA8A8842686B03
C:\Windows\System32\drivers\mshidumdf.sys 30364757963A028CE5DF0FBAAC270173
C:\Windows\System32\drivers\msisadrv.sys 6BB0FEDDAE7135FA37FFAFF4D9E0E876
C:\Windows\system32\DRIVERS\MSKSSRV.sys 13D614E6B51ECF36746C48CE829FA7F6
C:\Windows\System32\drivers\mslldp.sys 642CDE46351D5D2D90311E77072AB46D
C:\Windows\system32\DRIVERS\MSPCLOCK.sys F2302A5CE63CA7673200FAFCEEEDB6AF
C:\Windows\system32\DRIVERS\MSPQM.sys 6114512EA26E835BA522C63635429DB5
C:\Windows\System32\Drivers\MsRPC.sys AA538E16E644D00E3BA5349BBA9598EC
C:\Windows\System32\drivers\mssecflt.sys 7ACFE7435317E791FF9EED2F49B402F2
C:\Windows\System32\drivers\mssmbios.sys 0543BEFD41EC4D25C7F7CF36409CEC7D
C:\Windows\system32\DRIVERS\MSTEE.sys C1569E4DB8EFE3617847BF041A3C842F
C:\Windows\System32\drivers\MTConfig.sys 130B16970154BA9876B09E5C4BAC63BE
C:\Windows\System32\Drivers\mup.sys 15D987C8F6CCD4AC94E070C5986762CB
C:\Windows\System32\drivers\mvumis.sys 3D2C5B4995CA0751D32DEA0DE9FDFE44
C:\Windows\System32\DRIVERS\nwifi.sys DB31EBB04C871F422C36A0962DA7D38B
C:\Windows\System32\drivers\ndfltr.sys 629CB21AC49C8867E0F29DF1C16DB7B4
C:\Windows\System32\drivers\ndis.sys 36DD2C614720EC2970CB5E870BA69D8D
C:\Windows\System32\drivers\ndiscap.sys 6DD605338FAAF6BA17662AA874E0D162
C:\Windows\System32\drivers\NdisImPlatform.sys E34196F285F8B8879E1FF36C31F7179E
C:\Windows\System32\DRIVERS\ndistapi.sys 1FAD2398673F30CEC616B89C46B7DCBA
C:\Windows\System32\drivers\ndisuio.sys AEB8ECBE66CC46854066CB1F5623E179
C:\Windows\System32\drivers\NdisVirtualBus.sys 7340104C2BF2F126714F7CDE85E63610
C:\Windows\System32\drivers\ndiswan.sys 07ADC1F8DCBEB8104D75129B11584B8C
C:\Windows\System32\DRIVERS\ndiswan.sys 07ADC1F8DCBEB8104D75129B11584B8C
C:\Windows\System32\DRIVERS\NDProxy.sys 78A12E3DF035B5D054986949B19BE43C
C:\Windows\System32\drivers\Ndu.sys 04C8859355C1DC9C0FA198D1894D71C2
C:\Windows\System32\drivers\NetAdapterCx.sys 6C76780A01FC2B885BD6E957B5C36B02
C:\Windows\System32\drivers\netbios.sys 5D1513BD6430307C9DB86C6E351372ED
C:\Windows\System32\DRIVERS\netbt.sys 6FEBB0A847FFD5F057B9AC8889F1B9A7
C:\Windows\System32\Drivers\Npfs.sys 001CBD7A2CD45C4EB39C01C3C677EF73
C:\Windows\System32\drivers\npsvctrig.sys 90F5DC9802AAA00CD0B6E2AD9E7FFADC
C:\Windows\System32\drivers\nsiproxy.sys 0C6218321A09A7B51BA7FFAFBA4CCB21
C:\Windows\System32\Drivers\NTFS.sys D1AF837A1555990602A51A3ED238EC80
C:\Windows\System32\Drivers\Null.sys 6E6DD6F9DD2A034CF85E94047DBDB992
C:\Windows\system32\drivers\nvhda64v.sys BF58D8D2DA50AF7A8E55567B7C73661A
C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7a39871618b19f06\nvlddmkm.sys C18DE336EFB00CC23FE87ADED9A9AA92
C:\Windows\System32\drivers\nvraid.sys D261DF41F0840F734856A2B4F5E072C7
C:\Windows\System32\drivers\nvstor.sys 23B702B555EB0436B9DAA0BC63DA65CE
C:\Windows\System32\drivers\nvstusb.sys 28ED9DA419D92A2C3C805DC3C0E2718F
C:\Windows\System32\drivers\parport.sys 6B81BF7853D161DB8AC62CD8B9C2DE6B
C:\Windows\System32\drivers\partmgr.sys F9C32E5ECA5D29852A93C3888A4CC4B2
C:\Windows\System32\drivers\pci.sys 55E45E0A89429AE9C62D728B9C4891C0
C:\Windows\System32\drivers\pciide.sys 214DCC87E3898F738075D1341252A552
C:\Windows\System32\drivers\pcmcia.sys AED76A3333B3A31536E430020E0226FC
C:\Windows\System32\drivers\pcw.sys E63FB38B6E75B39467492FBAD2CD512A
C:\Windows\System32\drivers\pdc.sys 2CCD68D8A6BBFF2DE0EC54F086C5F3BC
C:\Windows\System32\drivers\peauth.sys 1509A77F840AA9E72CF8247D0CF2FBDE
C:\Windows\System32\drivers\percsas2i.sys 540116170E2135FCD5DDE77702166B67
C:\Windows\System32\drivers\percsas3i.sys 8356F87553BF49C703CF382033815898
C:\Windows\System32\drivers\raspptp.sys 5645B9D9788CCA2C88B9534996ED2D6D
C:\Windows\System32\drivers\processr.sys 372913E12677A8CBBBABDD8311894F9D
C:\Windows\System32\drivers\pacer.sys FC98407B85A31161851FDE245517574F
C:\Windows\system32\drivers\qwavedrv.sys 819602BBBFDB0BD46DEA3715BF0DD452
C:\Windows\System32\DRIVERS\rasacd.sys CDF47037A0939F56D11F699629C276AD
C:\Windows\System32\drivers\AgileVpn.sys 28C2EA278070EE12701D0EDF8CB0EC36
C:\Windows\System32\drivers\rasl2tp.sys 17E565710172ED71B8531D8822E1C5D1
C:\Windows\System32\DRIVERS\raspppoe.sys 9387DF155233D45D4E010F4F2FB52A57
C:\Windows\System32\drivers\rassstp.sys F0F4EEDEEBEE7A4244FAFB96A16B5712
C:\Windows\System32\DRIVERS\rdbss.sys BBE0FC9C9E7C556DA6E6E6904739DF7E
C:\Windows\System32\drivers\rdpbus.sys 79A415E6FA915EFC00297DAB16EC2635
C:\Windows\System32\drivers\rdpdr.sys 7135785C21CA79D270D11037C43D3F19
C:\Windows\System32\drivers\rdpvideominiport.sys 97A61A3CB2B5CB4FC32B3224EF333448
C:\Windows\System32\drivers\rdyboost.sys 69BB204AE07EE84ECFAB1BF13C4BD04B
C:\Windows\System32\Drivers\ReFSv1.sys 940D6F5A2B0A61EE4170DF84F6C95C20
C:\Windows\System32\drivers\rspndr.sys 5FF28F097C9699097B473F8FC7C1AA7D
C:\Windows\System32\drivers\vms3cap.sys B5DAEE69BACA64D2BB004568E22D8756
C:\Windows\System32\drivers\sbp2port.sys 5E73FB63E2DBC75FE0C17DEB0010CE0E
C:\Windows\System32\DRIVERS\scfilter.sys 3D9A82B03C92D1FEC42CB171D6F57778
C:\Windows\System32\drivers\scmbus.sys 9055ADDFBA4C8B914C914CE693B55C0A
C:\Windows\System32\drivers\scmdisk0101.sys B6F2363584E62960846F7C3F00124A4F
C:\Windows\System32\drivers\sdbus.sys FCBB8A17B4437B2CA8CC8DA8CB1D306E
C:\Windows\System32\drivers\sdstor.sys 120DFCB71D6C502613A9E2D50E16850C
C:\Windows\System32\drivers\SerCx.sys 401D706DDC0A7AF18C3DD228ADF74551
C:\Windows\System32\drivers\SerCx2.sys 7084D11083F0CDCA8B5C76F9846ABF5D
C:\Windows\System32\drivers\serenum.sys 3FF478A8ED32A83C36581425F6282B6C
C:\Windows\System32\drivers\serial.sys 92509187AA171A80521528B36F753E1D
C:\Windows\System32\drivers\sermouse.sys 433D38FF6D08B993847EA2A10EB8CB52
C:\Windows\System32\drivers\sfloppy.sys 697D3EE0740AEAB62B66ABCA1C83D13B
C:\Windows\System32\drivers\SiSRaid2.sys A34CE1830E45DA98932295FDE4B7908A
C:\Windows\System32\drivers\sisraid4.sys A7B5C670770E908DA5FEF5BF1136E933
C:\Windows\System32\drivers\spaceport.sys 3DB9C2950439B61A038BF83E697C7A14
C:\Windows\System32\drivers\SpbCx.sys E03264C4C25B568F92ED1656AD541E64
C:\Windows\System32\Drivers\NSx64\160A000.055\SRTSP64.SYS 9225E5323704993E6C557F8ABCEF2A66
C:\Windows\system32\drivers\NSx64\160A000.055\SRTSPX64.SYS 96E5695385228F99509DD505EA4F1F37
C:\Windows\System32\DRIVERS\srv.sys EDCDCD95B916DB156A903AC6256F0CCF
C:\Windows\System32\DRIVERS\srv2.sys DF7147DE10921DBAAE9F9EEF94590E10
C:\Windows\System32\DRIVERS\srvnet.sys 416D224AF7481A4179F018FB1F9A5B6B
C:\Windows\System32\drivers\stexstor.sys 29D26E1347AE1BBD4201014E19880B2C
C:\Windows\System32\drivers\storahci.sys 0FE3B9A9E40DE1029B0AC2368A3F765D
C:\Windows\System32\drivers\vmstorfl.sys C5E0ACE4771F5575D9D5B457ABF3AD03
C:\Windows\System32\drivers\stornvme.sys C1CFB9C19BF1134D8B9A7CF89BEC0AD1
C:\Windows\System32\drivers\storqosflt.sys BEBF85EB4D90E6996047DA027D0ED26E
C:\Windows\System32\drivers\storufs.sys 8E73037A6F8938475692FFCC26EBF385
C:\Windows\System32\drivers\storvsc.sys 9D9DED47DA10E845EFF2DD57C94C809B
C:\Windows\System32\drivers\swenum.sys 505E0C40B5D0ADDCBB414640F59BD2E0
C:\Windows\System32\drivers\NSx64\160A000.055\SYMEFASI64.SYS 204B80C2C5B2E87E9558CC2D1C2D8BB5
C:\Windows\System32\drivers\NSx64\160A000.055\SymELAM.sys 3123BDBFE5CF061035D79CB3F3075F82
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 674908D3CE54EE5336DC545CB2A39702
C:\Windows\system32\drivers\NSx64\160A000.055\Ironx64.SYS EF84A42B86BCBDCB88F3C8849170492D
C:\Windows\System32\Drivers\NSx64\160A000.055\SYMNETS.SYS 8CF934DF2A8C1BDFA766D3E137A11986
C:\Windows\System32\drivers\Synth3dVsc.sys 32F46FB0F290D16DAA452B289C985795
C:\Windows\System32\drivers\tapnordvpn.sys 33956C0B1B809C416619E0526EA219F3
C:\Windows\System32\drivers\tcpip.sys 172B5A199F917B4BACB38F13BCAA11CB
C:\Windows\System32\drivers\tcpip.sys 172B5A199F917B4BACB38F13BCAA11CB
C:\Windows\System32\drivers\tcpipreg.sys 8DBB1BE20C36E6D19BCC89EEA00B953C
C:\Windows\system32\DRIVERS\tdx.sys 9D2DD64A0B51C56285512DC9454340F6
C:\Windows\System32\drivers\terminpt.sys 06130AFFECEB94525FC2352936576B70
C:\Windows\System32\drivers\tpm.sys 798C8CB861EB09C5AFB77468E5449BBB
C:\Windows\System32\drivers\TsUsbFlt.sys A6F4025664C9D4BC2A9EDAB4092706D7
C:\Windows\System32\drivers\TsUsbGD.sys 37A96AD493E110C0BF1EE0AC0F9E7DBD
C:\Windows\System32\drivers\tsusbhub.sys 5A91FDBA4D3FCB56DAEB8C091B3EB8E1
C:\Windows\System32\drivers\tunnel.sys 79E264287F17D56D768440B0270466DE
C:\Windows\System32\drivers\uaspstor.sys AA65954F512BA097DD190790876DD991
C:\Windows\System32\Drivers\UcmCx.sys AB6268022C3A5B529075A39C33904DA6
C:\Windows\System32\Drivers\UcmTcpciCx.sys 7ED2EDA43D21C7A5F589A7960E265C52
C:\Windows\System32\drivers\UcmUcsi.sys 169351463039B45F5CDED9768879F712
C:\Windows\System32\drivers\ucx01000.sys 08A9E3AD29B215484FBB68CDC175DF3A
C:\Windows\System32\drivers\udecx.sys DA70AEE267491AA56BC63AA0C0C96CA2
C:\Windows\System32\DRIVERS\udfs.sys FBC5ECF6D5A868D0B116C2DBB02B8168
C:\Windows\System32\drivers\UEFI.sys B918E40FAA9CD118CCA4AD388B748C98
C:\Windows\system32\drivers\UevAgentDriver.sys 166B17AE1DD24D8BA8CA474C7C31148F
C:\Windows\System32\drivers\ufx01000.sys 0FD75222C1AD2687AB365BEBEA400DD4
C:\Windows\System32\drivers\UfxChipidea.sys C1A78C53E01C641AE41BFA65797819F5
C:\Windows\System32\drivers\ufxsynopsys.sys 767307212110EBEFB93EC9A5BE9E85B9
C:\Windows\System32\drivers\umbus.sys DC460AAA18CA2342FBBFB2DF9B044472
C:\Windows\System32\drivers\umpass.sys C3CF0377917ECE6D65D7623E1E61568F
C:\Windows\System32\drivers\urschipidea.sys 6B46FC140C9AF68E6E7697D66D59CB4D
C:\Windows\System32\drivers\urscx01000.sys B4402E7F0923F660270442CE76877ABE
C:\Windows\System32\drivers\urssynopsys.sys 9DD431F1B94789CFB527E5D19261F124
C:\Windows\System32\drivers\usbccgp.sys C87E32B90F085970D9637FBAD45EF6FE
C:\Windows\System32\drivers\usbcir.sys 0B663856474AC41924D9E9112203858F
C:\Windows\System32\drivers\usbehci.sys F83D2250256203AC5DA5E8601C1AFDD7
C:\Windows\System32\drivers\usbhub.sys 7FFD26742321919590ED77FCA556D65F
C:\Windows\System32\drivers\UsbHub3.sys 7A749B2863B5561BE34B39E8E249AD8F
C:\Windows\System32\drivers\usbohci.sys D2109F1F4FEBF1DAC415CDC5DE876479
C:\Windows\System32\drivers\usbprint.sys 29C9572F2D061CFC3C0BD48A3163E343
C:\Windows\System32\drivers\usbser.sys 429477D6DEF3321FF7D3EF23CAAADA00
C:\Windows\System32\drivers\USBSTOR.SYS 0CC16F7B91C57AE9A4E44425A295FDAA
C:\Windows\System32\drivers\usbuhci.sys C917D09064CDBD18F75ADC9B2C48F847
C:\Windows\System32\drivers\USBXHCI.SYS 95BCCEFBC40D06484CF16144FE79B8A5
C:\Windows\System32\drivers\vdrvroot.sys 0CBDE344FB48E42D78E29469F202ADBC
C:\Windows\System32\drivers\VerifierExt.sys 723195568C8755CAD57F7933C5F2C5C2
C:\Windows\System32\drivers\vhdmp.sys C12B4859FC255AA6B3021CF8BB14A11F
C:\Windows\System32\drivers\vhf.sys 7929228F0E8B0C2FA0495A17A4FC27F6
C:\Windows\System32\drivers\vmbus.sys AEE432ED868831B1F068E373598F6D93
C:\Windows\System32\drivers\VMBusHID.sys 9444B23FC694B5F90F21B0FC7F10D8DD
C:\Windows\System32\drivers\vmgid.sys 4D0287F566B36536DD812A54C015FC4A
C:\Windows\System32\drivers\volmgr.sys 29075915F9BDC3437F8BED71C067D399
C:\Windows\System32\drivers\volmgrx.sys 6BDB6CE6D2D9E3D3F28F1C97E12B62E2
C:\Windows\System32\drivers\volsnap.sys BF2546583BB75F01DDA60A7921DFB230
C:\Windows\System32\drivers\volume.sys AC2E20A74D09D24485BE8396CE04F07B
C:\Windows\System32\drivers\vpci.sys 04BEC879AD7B3FDDD0339B19FECB0160
C:\Windows\System32\drivers\vsmraid.sys FD9BCB8920973CEAD4D49DC7A6D8A618
C:\Windows\System32\drivers\vstxraid.sys 0C111F220798CCE80484026E06822379
C:\Windows\System32\drivers\vwifibus.sys 607639716E9DB1CEF4E18B5B229293B4
C:\Windows\System32\drivers\vwififlt.sys B1ED64E628763148BF84FBE23F2AD711
C:\Windows\System32\drivers\wacompen.sys 55D00B785A7587F4263D125817871283
C:\Windows\System32\DRIVERS\wanarp.sys CEF3D306C09BEC1A800E9B4A06F859F6
C:\Windows\System32\DRIVERS\wanarp.sys CEF3D306C09BEC1A800E9B4A06F859F6
C:\Windows\system32\drivers\wcifs.sys CD24DEEA22152524CCFE859591D12A57
C:\Windows\system32\drivers\wcnfs.sys AEA1093B751339267D8C8C1EF3D669CF
C:\Windows\system32\drivers\WdBoot.sys D520B1B849B6D4D707AB31722B952C2D
C:\Windows\System32\drivers\Wdf01000.sys 5030C76047D756263093A47B82970868
C:\Windows\system32\drivers\WdFilter.sys 29FF9199EDEB4F5470BB134D1A2563D2
C:\Windows\System32\DRIVERS\wdiwifi.sys 373DF27CD5D5E50FFA2A90FEE0C0D994
C:\Windows\System32\Drivers\WdNisDrv.sys 17CF416CFF408190F5A4CBD79AB12E55
C:\Windows\System32\drivers\wfplwfs.sys E1785942AC51FEE6826CDF02075C5AA9
C:\Windows\System32\drivers\wimmount.sys 0CF79A0EACFFBB75A50A469A27696D02
C:\Windows\System32\drivers\WindowsTrustedRT.sys 0DE131733317EB4BE67028366B0CAAC6
C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys 92EB5D38BDF10C790450F3E46BF93A0E
C:\Windows\System32\drivers\winmad.sys F95DE20312ACCA7761446DE152BD1F7C
C:\Windows\System32\drivers\WinUSB.SYS 4EFB346BFDAEEB29316AA52BBB9852B1
C:\Windows\System32\drivers\winverbs.sys 8B9AFF5F08E66A6F1F1063DEC9457FB6
C:\Windows\System32\drivers\wmiacpi.sys 6F4F4F5A007D1710BD76FB311DA97C07
C:\Windows\System32\Drivers\Wof.sys EDADABA8665AB5C51BF59C4E2566BA7E
C:\Windows\System32\drivers\WpdUpFltr.sys 75A9284F01FE7CB1A7D5EAE5C1EB4F33
C:\Windows\system32\drivers\ws2ifsl.sys 36D7B73ADC3E10607ED6EC874AFB5D1E
C:\Windows\System32\drivers\WudfPf.sys AED7FE551E8672B824A56324076183EB
C:\Windows\System32\drivers\WudfRd.sys CEFAB17FD7DFCFA515626C306262E89D
C:\Windows\system32\DRIVERS\WUDFRd.sys CEFAB17FD7DFCFA515626C306262E89D
C:\Windows\System32\drivers\xboxgip.sys 59335CEA021FB89E07AD5DB5D17F09D0
C:\Windows\System32\drivers\xinputhid.sys 864F4209B03BE4267DDE09B067A165CA
C:\Windows\System32\drivers\zam64.sys 21E13F2CB269DEFEAE5E1D09887D47BB
C:\Windows\System32\drivers\zamguard64.sys 21E13F2CB269DEFEAE5E1D09887D47BB
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Three Months Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-07 02:36 - 2018-02-07 02:36 - 000049497 _____ C:\Users\Danny\Desktop\FRST.txt
2018-02-07 02:35 - 2018-02-07 02:35 - 000145581 _____ C:\Users\Danny\Desktop\first frst.txt
2018-02-07 02:26 - 2018-02-07 02:26 - 000025667 _____ C:\Users\Danny\Desktop\core diagnostic 2.txt
2018-02-07 02:20 - 2018-02-07 02:36 - 000126148 _____ C:\Windows\ZAM.krnl.trace
2018-02-07 02:20 - 2018-02-07 02:36 - 000018472 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-02-07 02:20 - 2018-02-07 02:20 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2018-02-07 02:20 - 2018-02-07 02:20 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2018-02-07 02:20 - 2018-02-07 02:20 - 000001217 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2018-02-07 02:20 - 2018-02-07 02:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-02-07 02:20 - 2018-02-07 02:20 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-02-07 02:16 - 2018-02-07 02:16 - 000025159 _____ C:\Users\Danny\Desktop\core log.txt
2018-02-07 02:15 - 2018-02-07 02:15 - 000025635 _____ C:\Users\Danny\Desktop\wdwd.txt
2018-02-07 02:14 - 2018-02-07 02:14 - 000025637 _____ C:\Users\Danny\Desktop\RCSSD.txt
2018-02-07 02:13 - 2018-02-07 02:13 - 000000000 ____D C:\ProgramData\Reason
2018-02-07 02:12 - 2018-02-07 02:12 - 000291606 _____ C:\Users\Danny\Desktop\TCPView.zip
2018-02-07 02:12 - 2018-02-07 02:12 - 000003624 _____ C:\Windows\System32\Tasks\ReasonSecurityScheduledScan
2018-02-07 02:12 - 2018-02-07 02:12 - 000003474 _____ C:\Windows\System32\Tasks\ReasonSecurityStart
2018-02-07 02:12 - 2018-02-07 02:12 - 000000956 _____ C:\Users\Public\Desktop\Reason Core Security.lnk
2018-02-07 02:12 - 2018-02-07 02:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2018-02-07 02:12 - 2018-02-07 02:12 - 000000000 ____D C:\Program Files\Reason
2018-02-07 02:11 - 2018-02-07 02:11 - 004257344 _____ (Reason Software Company Inc.) C:\Users\Danny\Desktop\reason-core-security-setup.exe
2018-02-07 02:10 - 2018-02-07 02:11 - 006625600 _____ (Zemana Ltd. ) C:\Users\Danny\Desktop\Zemana.AntiMalware.Setup.exe
2018-02-07 02:06 - 2018-02-07 02:27 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2018-02-07 02:06 - 2018-02-07 02:06 - 000000937 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2018-02-07 02:06 - 2018-02-07 02:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2018-02-07 02:01 - 2018-02-07 02:01 - 000000036 _____ C:\Users\Danny\Desktop\e.txt
2018-02-07 01:59 - 2018-02-07 01:59 - 000001982 _____ C:\Users\Public\Desktop\NordVPN.lnk
2018-02-07 01:59 - 2018-02-07 01:59 - 000000000 ____D C:\ProgramData\NordVpn
2018-02-07 01:59 - 2018-02-07 01:59 - 000000000 ____D C:\ProgramData\Caphyon
2018-02-07 01:58 - 2018-02-07 01:59 - 000000000 ____D C:\Users\Danny\AppData\Local\NordVPN
2018-02-07 01:58 - 2018-02-07 01:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
2018-02-07 01:58 - 2018-02-07 01:58 - 000000000 ____D C:\Program Files\TAP-NordVPN
2018-02-07 01:58 - 2018-02-07 01:58 - 000000000 ____D C:\Program Files (x86)\NordVPN
2018-02-07 01:57 - 2018-02-07 01:59 - 000000000 ____D C:\Users\Danny\AppData\Roaming\NordVPN
2018-02-07 01:54 - 2018-02-07 02:04 - 000000036 _____ C:\Users\Danny\Desktop\weweew.txt
2018-02-07 01:54 - 2018-02-07 01:54 - 012822632 _____ (NordVPN) C:\Users\Danny\Desktop\NordVPNSetup.exe
2018-02-07 01:46 - 2018-02-07 02:01 - 000000036 _____ C:\Users\Danny\Desktop\mbytesscan2-7.txt
2018-02-07 01:40 - 2017-12-31 23:51 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usoapi.dll
2018-02-07 01:40 - 2017-12-31 23:49 - 000073728 _____ (Microsoft Corporation) C:\Windows\system32\usoapi.dll
2018-02-07 01:40 - 2017-12-31 23:49 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
2018-02-07 01:40 - 2017-12-31 23:48 - 000310784 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2018-02-07 01:40 - 2017-12-31 23:48 - 000135168 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2018-02-07 01:40 - 2017-12-31 23:41 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2018-02-07 01:40 - 2017-12-31 23:39 - 000557568 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2018-02-07 01:40 - 2017-11-17 22:29 - 002321408 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-02-07 01:40 - 2017-11-01 17:12 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\UsoClient.exe
2018-02-07 01:40 - 2017-11-01 17:05 - 000297984 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2018-02-07 01:40 - 2017-10-08 20:44 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2018-02-07 01:40 - 2017-10-08 20:43 - 001231360 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2018-02-07 01:40 - 2017-09-17 21:27 - 000326656 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2018-02-07 01:40 - 2017-09-07 00:53 - 000180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2018-02-07 01:40 - 2017-09-07 00:52 - 000557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2018-02-07 01:40 - 2017-09-07 00:51 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2018-02-07 01:40 - 2017-09-07 00:18 - 000211968 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2018-02-07 01:40 - 2017-09-07 00:16 - 000748544 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2018-02-07 01:40 - 2017-09-07 00:15 - 000260608 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe
2018-02-07 01:40 - 2017-08-22 00:09 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2018-02-07 01:40 - 2017-08-22 00:08 - 000079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2018-02-07 01:40 - 2017-08-22 00:06 - 000093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2018-02-07 01:40 - 2017-08-22 00:05 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\wuautoappupdate.dll
2018-02-07 01:40 - 2017-08-22 00:04 - 000165376 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2018-02-07 01:40 - 2017-08-21 23:57 - 000711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-02-07 01:40 - 2017-08-21 23:47 - 000869888 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-02-07 01:40 - 2017-07-12 00:23 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2018-02-07 01:40 - 2017-07-12 00:12 - 000091648 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2018-02-07 01:40 - 2017-06-21 01:50 - 001054208 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2018-02-07 01:40 - 2017-03-04 01:36 - 000101888 _____ (Microsoft Corporation) C:\Windows\system32\DuCsps.dll
2018-02-07 01:40 - 2016-11-11 04:23 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\EAMProgressHandler.dll
2018-02-07 01:40 - 2016-08-05 23:16 - 000026408 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-02-07 01:40 - 2016-08-05 22:48 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2018-02-07 01:39 - 2016-12-21 02:08 - 000142848 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2018-02-07 01:39 - 2016-12-20 23:44 - 000120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2018-02-07 01:37 - 2018-02-07 01:38 - 002793472 _____ C:\Users\Danny\Desktop\cShieldAgent (2).msi
2018-02-07 01:34 - 2018-02-07 01:35 - 002793472 _____ C:\Users\Danny\Desktop\cShieldAgent (1).msi
2018-02-07 01:33 - 2018-02-07 02:36 - 000000000 ____D C:\FRST
2018-02-07 01:32 - 2018-02-07 01:32 - 001159168 _____ C:\Users\Danny\Desktop\cShieldIpUpdaterAgent.msi
2018-02-07 01:32 - 2018-02-07 01:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2018-02-07 01:31 - 2018-02-07 01:33 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2018-02-07 01:31 - 2018-02-06 23:29 - 000000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2018-02-07 01:30 - 2018-02-07 01:30 - 001875480 _____ (Malwarebytes ) C:\Users\Danny\Desktop\mbae-setup-1.10.1.41.exe
2018-02-07 01:27 - 2018-02-07 01:32 - 000000000 ____D C:\AdwCleaner
2018-02-07 01:26 - 2018-02-07 01:26 - 000000000 ____D C:\Windows\system32\appmgmt
2018-02-07 01:25 - 2018-02-07 01:50 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts.bak
2018-02-07 01:25 - 2018-02-07 01:32 - 000000000 ____D C:\Program Files (x86)\COMODO
2018-02-07 01:24 - 2018-02-07 01:24 - 002793472 _____ C:\Users\Danny\Desktop\cShieldAgent.msi
2018-02-07 01:10 - 2018-02-07 02:27 - 000000000 ____D C:\ProgramData\Emsisoft
2018-02-07 01:07 - 2018-02-07 01:23 - 000000000 ____D C:\EEK
2018-02-07 01:06 - 2018-01-09 16:44 - 000108584 _____ (Microsoft Corporation) C:\Windows\system32\osrss.dll
2018-02-07 01:05 - 2018-02-07 01:53 - 1574456320 _____ C:\Users\Danny\Desktop\domefirewall.ova
2018-02-07 01:04 - 2018-02-07 01:51 - 1149382656 _____ C:\Users\Danny\Desktop\domefirewall.iso
2018-02-07 01:03 - 2018-02-07 02:07 - 000000000 ____D C:\Users\Danny\AppData\Local\NPE
2018-02-07 01:02 - 2018-02-07 01:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SafeNet
2018-02-07 01:02 - 2018-02-07 01:02 - 000000000 ____D C:\Program Files\SafeNet
2018-02-07 01:02 - 2017-03-29 12:52 - 000062632 _____ (Aladdin Knowledge Systems, Ltd.) C:\Windows\system32\Drivers\aksifdh.sys
2018-02-07 01:02 - 2017-03-29 12:52 - 000044712 _____ (Aladdin Knowledge Systems, Ltd.) C:\Windows\system32\Drivers\aksup.sys
2018-02-07 00:59 - 2018-02-07 01:00 - 014661632 _____ C:\Users\Danny\Desktop\SafeNetAuthenticationClient-x64-10.3.msi
2018-02-07 00:59 - 2018-02-07 00:59 - 011384320 _____ C:\Users\Danny\Desktop\SafeNetAuthenticationClient-x32-10.3.msi
2018-02-07 00:59 - 2018-02-07 00:59 - 000717017 _____ C:\Users\Danny\Desktop\comodocertificateautoinstaller (1).pdf
2018-02-07 00:58 - 2018-02-07 00:58 - 000001911 _____ C:\Users\Danny\Desktop\comodosha256extendedvalidationsecureserverca (1).crt
2018-02-07 00:58 - 2018-02-07 00:58 - 000001684 _____ C:\Users\Danny\Desktop\comodosha256clientauthenticationandsecureemailca (1).crt
2018-02-07 00:57 - 2018-02-07 00:57 - 000001911 _____ C:\Users\Danny\Desktop\comodosha256extendedvalidationsecureserverca.crt
2018-02-07 00:56 - 2018-02-07 00:56 - 000001858 _____ C:\Users\Danny\Desktop\comodosha256domainvalidationsecureserverca.crt
2018-02-07 00:56 - 2018-02-07 00:56 - 000001858 _____ C:\Users\Danny\Desktop\comodosha256domainvalidationsecureserverca (2).crt
2018-02-07 00:55 - 2018-02-07 00:55 - 000001684 _____ C:\Users\Danny\Desktop\comodosha256clientauthenticationandsecureemailca.crt
2018-02-07 00:55 - 2018-02-07 00:55 - 000001635 _____ C:\Users\Danny\Desktop\comodosha256codesigningca.crt
2018-02-07 00:55 - 2018-02-07 00:55 - 000001521 _____ C:\Users\Danny\Desktop\addtrustexternalcaroot (4).crt
2018-02-07 00:55 - 2018-02-07 00:55 - 000001521 _____ C:\Users\Danny\Desktop\addtrustexternalcaroot (3).crt
2018-02-07 00:54 - 2018-02-07 00:54 - 000002114 _____ C:\Users\Danny\Desktop\incommonrsacodesigningca.crt
2018-02-07 00:54 - 2018-02-07 00:54 - 000001956 _____ C:\Users\Danny\Desktop\usertrustrsaaddtrustca (1).crt
2018-02-07 00:54 - 2018-02-07 00:54 - 000001521 _____ C:\Users\Danny\Desktop\addtrustexternalcaroot (2).crt
2018-02-07 00:53 - 2018-02-07 00:53 - 000005608 _____ C:\Users\Danny\Desktop\incommonrsaserverca-bundle.crt
2018-02-07 00:53 - 2018-02-07 00:53 - 000005593 _____ C:\Users\Danny\Desktop\incommonrsacodesigning-bundle.crt
2018-02-07 00:53 - 2018-02-07 00:53 - 000001956 _____ C:\Users\Danny\Desktop\usertrustrsaaddtrustca.crt
2018-02-07 00:52 - 2018-02-07 00:52 - 000002130 _____ C:\Users\Danny\Desktop\incommonrsaserverca_2.crt
2018-02-07 00:52 - 2018-02-07 00:52 - 000002098 _____ C:\Users\Danny\Desktop\comodorsacodesigningca (1).crt
2018-02-07 00:52 - 2018-02-07 00:52 - 000001952 _____ C:\Users\Danny\Desktop\comodorsaaddtrustca.crt
2018-02-07 00:52 - 2018-02-07 00:52 - 000001521 _____ C:\Users\Danny\Desktop\addtrustexternalcaroot.crt
2018-02-07 00:52 - 2018-02-07 00:52 - 000001521 _____ C:\Users\Danny\Desktop\addtrustexternalcaroot (1).crt
2018-02-07 00:51 - 2018-02-07 00:51 - 000002098 _____ C:\Users\Danny\Desktop\comodorsacodesigningca.crt
2018-02-07 00:49 - 2018-02-0
-
Here is an FRST log from just now
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by Danny (administrator) on DANNY-PC (07-02-2018 02:36:22)
Running from C:\Users\Danny\Desktop
Loaded Profiles: Danny (Available Profiles: Danny)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Micro-Star INT'L CO., LTD.) C:\MSI\MSIRegister\MSIRegisterService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
() C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.10.0.85\ns.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.10.0.85\ns.exe
(NordVPN) C:\Program Files (x86)\NordVPN\NordVPN.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows10Upgrade\Windows10UpgraderApp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(The OpenVPN Project) C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\openvpn-nordvpn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Adlice Software) C:\Program Files\UCheck\UCheck64.exe
(Gemalto) C:\Program Files\SafeNet\Authentication\SAC\x64\SACSRV.exe
(COMODO Security Solutions) C:\Program Files (x86)\COMODO\Shield Agent\cShield.exe
(COMODO Security Solutions) C:\Program Files (x86)\COMODO\Shield Agent\cshield_tray_helper.exe
() C:\Program Files (x86)\COMODO\Shield Agent\dnscrypt-proxy.exe
(Gemalto) C:\Program Files\SafeNet\Authentication\SAC\x64\SACTools.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsUI.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsEngineSvc.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\397cffd104f9525702c352b7f8a90682\WindowsUpdateBox.exe
(Microsoft Corporation) C:\$WINDOWS.~BT\Sources\SetupHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.10.0.85\conathst.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.10.0.85\conathst.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SACMonitor] => C:\Program Files\SafeNet\Authentication\SAC\x64\SACMonitor.exe [636984 2017-03-29] (Gemalto)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8980016 2015-11-05] (Zemana Ltd.)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [26119352 2018-01-30] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [MSIRegister] => C:\MSI\MSIRegister\MSIRegister.exe [1262544 2017-07-11] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2479392 2017-12-18] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Comodo Dome Shield Tray Helper] => C:\Program Files (x86)\COMODO\Shield Agent\cshield_tray_helper.exe [1765176 2018-01-05] (COMODO Security Solutions)
HKLM-x32\...\Run: [Comodo Dome Shield IP Updater] => C:\Program Files (x86)\COMODO\Shield IP Updater\cShieldIpUpdater.exe [2117432 2017-12-15] (COMODO Security Solutions)
Winlogon\Notify\ScCertProp:
Winlogon\Notify\ScCertProp:
HKU\S-1-5-21-282559497-451337721-2173362044-1001\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [5851936 2018-02-05] (NordVPN)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-282559497-451337721-2173362044-1001] => Proxy is enabled.
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{47fc06bb-498b-40fa-aae7-c55c5a19934f}: [NameServer] 8.26.56.10,8.20.247.10
Tcpip\..\Interfaces\{47fc06bb-498b-40fa-aae7-c55c5a19934f}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9b024e62-78d7-459f-bd93-21f3c937c18a}: [DhcpNameServer] 103.86.99.99 103.86.96.96 78.46.223.24 162.242.211.137
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-282559497-451337721-2173362044-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-282559497-451337721-2173362044-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-282559497-451337721-2173362044-1001 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=oem&geo=US&ver=22.10.0.85&locale=en_US&guid=CD2A8243-B5BE-4488-8524-EA0BB83A9DE0&doi=2018-02-06&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-282559497-451337721-2173362044-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=oem&geo=US&ver=22.10.0.85&locale=en_US&guid=CD2A8243-B5BE-4488-8524-EA0BB83A9DE0&doi=2018-02-06&gct=kwd&qsrc=2869
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-02-07] (Google Inc.)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-02-07] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-02-07] (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-02-07] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-282559497-451337721-2173362044-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-282559497-451337721-2173362044-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-02-07] (Google Inc.)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\coFFAddon [2018-02-06] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\coFFAddon
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-06] (Google Inc.)
Chrome:
=======
CHR NewTab: Default -> Active:"chrome-extension://gfoabcdjalmeenbjjngidappmppchblc/homePageRedirect.html"
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Profile: C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default [2018-02-07]
CHR Extension: (Slides) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-06]
CHR Extension: (Docs) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-06]
CHR Extension: (Google Drive) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-06]
CHR Extension: (TunnelBear Blocker) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\bebdhgdigjiiamnkcenegafmfjoghafk [2018-02-07]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-02-06]
CHR Extension: (YouTube) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2018-02-07]
CHR Extension: (uBlock Origin) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-02-06]
CHR Extension: (Sheets) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-06]
CHR Extension: (HTTPS Everywhere) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2018-02-06]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfoabcdjalmeenbjjngidappmppchblc [2018-02-06]
CHR Extension: (Norton Safe) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbmobhkkblcgdifigjglcjneplefbkmh [2018-02-06]
CHR Extension: (Norton Identity Safe) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2018-02-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-06]
CHR Extension: (TunnelBear Inc.) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2018-02-07]
CHR Extension: (Gmail) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-06]
CHR Extension: (Chrome Media Router) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-06]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.10.0.85\Exts\Chrome.crx [2018-02-06]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.10.0.85\Exts\Chrome.crx [2018-02-06]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9303352 2018-01-31] (Emsisoft Ltd)
R2 cShield; C:\Program Files (x86)\COMODO\Shield Agent\cShield.exe [2019648 2018-01-05] (COMODO Security Solutions)
R2 dnscrypt-proxy; C:\Program Files (x86)\COMODO\Shield Agent\dnscrypt-proxy.exe [235520 2017-12-26] () [File not signed]
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [153888 2017-12-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MSIREGISTER_MR; C:\MSI\MSIRegister\MSIRegisterService.exe [128976 2017-07-11] (Micro-Star INT'L CO., LTD.)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2306232 2018-01-25] (Micro-Star INT'L CO., LTD.)
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [420640 2018-02-05] ()
R2 NS; C:\Program Files\Norton Security\Engine\22.10.0.85\NS.exe [326144 2017-07-14] (Symantec Corporation)
R2 osrss; C:\Windows\system32\osrss.dll [108584 2018-01-09] (Microsoft Corporation)
R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [293656 2018-02-07] (Reason Software Company Inc.)
R2 rsEngineSvc; C:\Program Files\Reason\Security\rsEngineSvc.exe [80144 2015-08-12] (Reason Software Company Inc.)
R2 SACSrv; C:\Program Files\SafeNet\Authentication\SAC\x64\SACSRV.exe [48696 2017-03-29] (Gemalto)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
S3 disconnect-openvpn; C:\Users\Danny\AppData\Roaming\Disconnect\Disconnect Desktop\nssm.exe [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AKSIFDH; C:\Windows\system32\DRIVERS\aksifdh.sys [62632 2017-03-29] (Aladdin Knowledge Systems, Ltd.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [144456 2016-01-22] (Rivet Networks, LLC.)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\BASHDefs\20180201.001\BHDrvx64.sys [1872024 2018-02-01] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\160A000.055\ccSetx64.sys [187520 2017-07-14] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-02-06] (Symantec Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [152656 2018-02-06] (Symantec Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2018-02-07] ()
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\IPSDefs\20180206.001\IDSvia64.sys [1056920 2018-02-06] (Symantec Corporation)
R3 iKeyEnum; C:\Windows\system32\DRIVERS\ikeyenum.sys [16160 2017-03-29] (SafeNet, Inc.)
R3 iKeyIFD; C:\Windows\system32\DRIVERS\ikeyifd.sys [22304 2017-03-29] (SafeNet, Inc.)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [162120 2016-09-28] (Qualcomm Atheros, Inc.)
R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193464 2018-02-07] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2018-02-06] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [46008 2018-02-06] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-06] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2018-02-07] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7a39871618b19f06\nvlddmkm.sys [17493824 2018-01-24] (NVIDIA Corporation)
U5 RnbToken; C:\Windows\System32\Drivers\RnbToken.sys [24352 2017-03-29] (SafeNet, Inc.)
R1 SRTSP; C:\Windows\System32\Drivers\NSx64\160A000.055\SRTSP64.SYS [810136 2017-07-14] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\160A000.055\SRTSPX64.SYS [49304 2017-07-14] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\160A000.055\SYMEFASI64.SYS [1868416 2017-07-14] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\160A000.055\SymELAM.sys [24608 2017-07-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102568 2018-02-06] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\160A000.055\Ironx64.SYS [301288 2017-07-14] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\160A000.055\SYMNETS.SYS [566912 2017-07-14] (Symantec Corporation)
R3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [84432 2017-03-27] (The OpenVPN Project)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2018-02-07] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2018-02-07] (Zemana Ltd.)
S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\SDSDefs\20180206.006\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\SDSDefs\20180206.006\NAVEX15.SYS [X]
========================== Drivers MD5 =======================
C:\Windows\System32\drivers\1394ohci.sys A7901875F89D011C38CF52C98ACF5B29
C:\Windows\System32\drivers\3ware.sys EE1CCC54F75C24727A218F98FC5349DA
C:\Windows\System32\drivers\ACPI.sys 73C73E1AA0D4D727A04AAAB120B7F56A
C:\Windows\System32\drivers\AcpiDev.sys 0935496EF9624B46B935CB35ECE1F205
C:\Windows\System32\Drivers\acpiex.sys D6794C31F4077B71433988787BAA926E
C:\Windows\System32\drivers\acpipagr.sys FE5F656D6B35089DA39112E74EC6A85A
C:\Windows\System32\drivers\acpipmi.sys 2F242941E4DFF69B883D77A16F039557
C:\Windows\System32\drivers\acpitime.sys C247E35A21682DA8D0DC3AF9F025FCC5
C:\Windows\System32\drivers\ADP80XX.SYS 49B9DB97AFC85DCCBDACDAB2E90085B7
C:\Windows\system32\drivers\afd.sys 983266DA83FFF73DBDDD3730A4712228
C:\Windows\System32\DRIVERS\ahcache.sys E44DB3F7225EC3E119560738B3619972
C:\Windows\system32\DRIVERS\aksifdh.sys 3392A62BD8C2232C87B94C330AFA91B1
C:\Windows\System32\drivers\amdk8.sys DF21E05E41E5AC3F13F304D91457649A
C:\Windows\System32\drivers\amdppm.sys 45D0AA4BB90B821DF92E8F19ABED0C5E
C:\Windows\System32\drivers\amdsata.sys 74FFBC43B4B899C9A8CA06A892F2CE73
C:\Windows\System32\drivers\amdsbs.sys AAB0F1D8D7E54761ABAB13AF161F1680
C:\Windows\System32\drivers\amdxata.sys F91BAAC4237C40352A807000F3B716F9
C:\Windows\System32\drivers\appid.sys BC121C099C6C659126AD2102AFDFF8CF
C:\Windows\System32\drivers\applockerfltr.sys 68190E2BADF23BD782344970E5B5DE9E
C:\Windows\system32\drivers\AppvStrm.sys FC51FBAF73621601693DA24262353DE3
C:\Windows\system32\drivers\AppvVemgr.sys 8DC924848E20F890BEFC6B31136D46BE
C:\Windows\system32\drivers\AppvVfs.sys 9ADC5A8BEE10E174F95349E9232D8E76
C:\Windows\System32\drivers\arcsas.sys E6AB1F0B4C3D4E0D2A88332D76FECD03
C:\Windows\System32\drivers\asyncmac.sys 61C5A480C43E7E8E49C42869F49D0D3E
C:\Windows\System32\drivers\atapi.sys A10F989A812B57B9695F6C305907C9C6
C:\Windows\System32\drivers\bxvbda.sys 61BAC67048CA5C1D08C48FCC8012B613
C:\Windows\System32\drivers\BasicDisplay.sys 68F72B05EBC6D1779C0D60A147C7CA0B
C:\Windows\System32\drivers\BasicRender.sys 23156E7EDAF613D839E2839746B168D3
C:\Windows\System32\drivers\bcmfn.sys 3F5523DCEFE42B385659C5CB46A6B810
C:\Windows\System32\drivers\bcmfn2.sys 0B750A6A6D847E73CA48ADD7A0F5A393
C:\Windows\System32\Drivers\Beep.sys 0A508274355745EEF01C6BE3198D02C4
C:\Windows\system32\DRIVERS\bwcW10x64.sys A9C299A036F7BAB662868D7250BAC799
C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\BASHDefs\20180201.001\BHDrvx64.sys 97CC114712E5CCFA89082392EB89D21E
C:\Windows\System32\DRIVERS\bowser.sys EEBFAEB4702E1049ECD44B10485E6C0C
C:\Windows\System32\drivers\BthAvrcpTg.sys 722036C26D2C4E50EC2A2EC5FD678846
C:\Windows\System32\drivers\bthhfenum.sys C2E31BE025D46D189E38DD1EDF07837A
C:\Windows\System32\drivers\BthHFHid.sys F7CD605FC0B0B22F3F6F247595E3A655
C:\Windows\System32\drivers\bthmodem.sys 535DC41A33630AE4C262406F9E981C03
C:\Windows\System32\drivers\buttonconverter.sys 23F9EF739F685E07482116425E7879AA
C:\Windows\System32\drivers\capimg.sys 4C61113687EB66035A70A55EE9B7DB4A
C:\Windows\system32\drivers\NSx64\160A000.055\ccSetx64.sys C407C0279B86DA6C36741B4AF80BF630
C:\Windows\System32\DRIVERS\cdfs.sys F8FB51B9EF6372610E9B31A1D86B62FC
C:\Windows\System32\drivers\cdrom.sys 613D0137C269187FA298A157E3D14A18
C:\Windows\System32\drivers\cht4sx64.sys 0AED948DA8D5F08B3D6F12E4E2089736
C:\Windows\System32\drivers\cht4vx64.sys 0002A0FDE087C1657AB31CE73077539C
C:\Windows\System32\drivers\circlass.sys 6B4F90A287D75CCD78694F6790C911B2
C:\Windows\System32\drivers\CLFS.sys 09D0B94D3A06EFD1EB70189EC4B26DF7
C:\Windows\System32\drivers\registry.sys EEC3A4A98AE1A337E3CD1483AD6F2E15
C:\Windows\System32\drivers\CmBatt.sys 429623E266EF067A44E8CF148E9DFB9B
C:\Windows\System32\Drivers\cng.sys D0438FBD80ECEF7591575AA9E7186E93
C:\Windows\System32\DRIVERS\cnghwassist.sys 3DB10C59405931E2C72EFB82C1AF97D1
C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys 34C935AF2A414572B412B3556586D783
C:\Windows\System32\drivers\condrv.sys 44EEEB2382F566999287E13F2067693C
C:\Windows\System32\drivers\csc.sys 03214883D52FAD46573233852344C72C
C:\Windows\System32\drivers\dam.sys 42F254BA851371E2F5351E59E391751B
C:\Windows\System32\Drivers\dfsc.sys 7EAFDEF51136E8F2452CEBD8D084F108
C:\Windows\System32\drivers\disk.sys 35B9D46560339A5A7F0CAC6ED702C817
C:\Windows\System32\drivers\dmvsc.sys 815F45161A4571C2C44491564F3D5968
C:\Windows\system32\DRIVERS\drmkaud.sys AE6BD4C879A8C849E53947C92DF3B3A0
C:\Windows\System32\drivers\dxgkrnl.sys E28103485F82F30AFC5DE1CEDF4AF295
C:\Windows\System32\drivers\evbda.sys 7EC6FC0266D74BD47ABB130A328B70EC
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 572D6654361A653042693C488197D014
C:\Windows\System32\drivers\EhStorClass.sys 8D74B8B5D6F7C5BC4C525BAF2B083FF1
C:\Windows\System32\drivers\EhStorTcgDrv.sys 4D49B99DCACA1FC782A94DB596246504
C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys 0E840AA66CAB02CBA9730C772BBE305B
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 6E7F4FD29451F0D4D965D0996856F525
C:\Windows\System32\drivers\errdev.sys 77B60DEC7DCB4233E4A69D3F52E5DB24
C:\Windows\system32\drivers\mbae64.sys 7D0520A12B31E6858B3BB7E675AFA34E
C:\Windows\System32\Drivers\exfat.sys FCD2C63754C2E739A8EEAD9BC63F9DDC
C:\Windows\System32\Drivers\fastfat.sys C077AA74EDDAF69985EB27597BCB342A
C:\Windows\System32\drivers\fdc.sys 99598ECA5E41996E005D5B9D9FF1EFA2
C:\Windows\System32\drivers\filecrypt.sys F44F666B0EACC3181544FFCF8CA0FFC7
C:\Windows\System32\drivers\fileinfo.sys 78A210DDFDF2C9EC884631D2DAA573F0
C:\Windows\System32\drivers\filetrace.sys 1A97DB5E701A186989F3795223C3BE39
C:\Windows\System32\drivers\flpydisk.sys 46626665F0E5906E45619B4EFD6186B8
C:\Windows\System32\drivers\fltmgr.sys FDA72ACA14D516D18C33AFCD0FD9260F
C:\Windows\System32\drivers\FsDepends.sys D152CCBFC8251670BF0AAFE00D6BC782
C:\Windows\System32\Drivers\Fs_Rec.sys 6D6BB5C7363CD35FA715E826F3D029EE
C:\Windows\System32\DRIVERS\fvevol.sys B719EAA1EC93586955B013BD7DD61356
C:\Windows\System32\drivers\vmgencounter.sys EF78034773CE506323655A868C949144
C:\Windows\System32\drivers\genericusbfn.sys B55FEBC6A00DAA1FE074F020B6907516
C:\Windows\System32\Drivers\msgpioclx.sys DDD8A8CDDC7F13EF57D1DAAE71865936
C:\Windows\System32\drivers\gpuenergydrv.sys 7ACD8F69B5D6EC97E6D2C006E19BED88
C:\Windows\system32\DRIVERS\HdAudio.sys 217230B984AB2954E2FA5E36578D7B08
C:\Windows\System32\drivers\HDAudBus.sys 10E3515FE5DBA6656FA62C29342EC4A1
C:\Windows\System32\drivers\HidBatt.sys B90D284B97CD4CA9DE7430AAAD887A56
C:\Windows\System32\drivers\hidbth.sys B2FE11643CC6ACDEE6C247DD36018FDB
C:\Windows\System32\drivers\hidi2c.sys D24355488A2D4D2323518EC1AC7A6D9E
C:\Windows\System32\drivers\hidinterrupt.sys 0AF9ABBA4F3F55C6C803890D64BC3C29
C:\Windows\System32\drivers\hidir.sys CDBCF8E9AB06D88A1E1191D32F320C5D
C:\Windows\System32\drivers\hidusb.sys 2B7002EEACFC2687788A34ADB204293D
C:\Windows\System32\drivers\HpSAMD.sys F5CA18197B4646E04DB9EB2D6642CC4D
C:\Windows\System32\drivers\HTTP.sys 65E358D604267CBAACB74A2598BBE22B
C:\Windows\System32\drivers\hvservice.sys 3756E15BB86689412775DF22A442FC46
C:\Windows\System32\drivers\hwpolicy.sys 771EDDA9830A3079F996F34D681FB6E5
C:\Windows\System32\drivers\hyperkbd.sys 3B9F315E7FA72CC25228EB097DD9C694
C:\Windows\System32\drivers\i8042prt.sys B54B30992620C97230013A74461C8517
C:\Windows\System32\drivers\iagpio.sys C6B8743B213F06AA60943D8366FE968F
C:\Windows\System32\drivers\iai2c.sys 9A2A2F3C69B9A30B6E78536F6D258BAD
C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys 5A0E850F8CD17791A3E6A3CF81D0CA28
C:\Windows\System32\drivers\iaLPSS2i_I2C.sys 7508F1096803385D6376BFD0BD473AC4
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\Windows\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\Windows\System32\drivers\iaStorAV.sys 97E553D03219D3D51705C7235D9EAEBD
C:\Windows\System32\drivers\iaStorV.sys 8350FE3BCDE3428BC040877BB7E9EAEB
C:\Windows\System32\drivers\ibbus.sys 3BA03F7C7700DDF4C383DDE9252F5817
C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\IPSDefs\20180206.001\IDSvia64.sys 53C62B1F7DC9134130C688A2FCDEDADE
C:\Windows\system32\DRIVERS\igdkmd64.sys 32F5DCDDC3D4DF6DDA96CD29C8FC51A4
C:\Windows\system32\DRIVERS\ikeyenum.sys 73BA74701D8E14D1B431BAB1C75641AD
C:\Windows\system32\DRIVERS\ikeyifd.sys 4E7681D5A354396F95DF46C942733E4A
C:\Windows\System32\drivers\IndirectKmd.sys 2A01C96DF5802D3434634E55C91232D8
C:\Windows\system32\DRIVERS\IntcDAud.sys E300D1E37B737ED14F7A08CD5604E5D9
C:\Windows\System32\drivers\intelide.sys 9F7E87F6595D065A8A200A291043045E
C:\Windows\System32\drivers\intelpep.sys A6BD2E20AE1BC5CB2776C87C28E4F4CA
C:\Windows\System32\drivers\intelppm.sys 2A48DA39542636DB0FA3BA915385D1B3
C:\Windows\System32\drivers\iorate.sys 4A922CAB4AB5F29F1BECC9D95B4B7F05
C:\Windows\System32\DRIVERS\ipfltdrv.sys FE85D0A86CA7A5A99CF8CD04DE7F80AE
C:\Windows\System32\drivers\IPMIDrv.sys 450DBDD716C7911F83E05F78EE18BFA2
C:\Windows\System32\drivers\ipnat.sys F1DAECC3B3D6399875D4F10529D6A77C
C:\Windows\system32\drivers\irda.sys 7475A2903BB704B446AA6309E34D3362
C:\Windows\System32\drivers\irenum.sys 9725E7F0C64CE9916A5CDABE8D6E13C3
C:\Windows\System32\drivers\isapnp.sys 58040898883A96160D41739C80328BBF
C:\Windows\System32\drivers\msiscsi.sys C9FD02D62E09337B67B0C61EC8CA38CC
C:\Windows\System32\drivers\kbdclass.sys 210808437570BDDEE71A43535E3A2D30
C:\Windows\System32\drivers\kbdhid.sys 2D05785B0C58D90A34EA15032EADBBA9
C:\Windows\System32\drivers\kdnic.sys 813BA3EB2CE038F2A5382DDD75CAD60B
C:\Windows\System32\DRIVERS\KeyCrypt64.sys 547E9B25B4407A125D5F187E918BC217
C:\Windows\System32\drivers\e2xw10x64.sys 79FB15772614197065C6F8DF085125CA
C:\Windows\System32\Drivers\ksecdd.sys 9FA1B5D84F596F0664F0465F302044DC
C:\Windows\System32\Drivers\ksecpkg.sys ECC7F3CDF34AAA49C00504466FC2B698
C:\Windows\system32\drivers\ksthunk.sys 4ED115CD1A1099705F56B5E0FFF97CC6
C:\Windows\System32\drivers\lltdio.sys 5933A6673F00D8255C52957E40C2D601
C:\Windows\System32\drivers\lsi_sas.sys 8E1B0946948CCC0BC1FA3CB70374A795
C:\Windows\System32\drivers\lsi_sas2i.sys 4F68163FC04C973500DC4DA0946917B0
C:\Windows\System32\drivers\lsi_sas3i.sys E5AC5F2815938651CDCC27F425474673
C:\Windows\System32\drivers\lsi_sss.sys CCF6EC9FB9B8F18E05B4253E81013E48
C:\Windows\system32\drivers\luafv.sys C9579D32219E5B936AC3A48D470117EC
C:\Windows\System32\Drivers\MbamChameleon.sys C3C2C7E2EEFECD88A76FF626E72BF123
C:\Windows\system32\DRIVERS\farflt.sys 20046A5DB1466EBD0DCAEB84D00C5432
C:\Windows\system32\DRIVERS\mbam.sys 29BD0BB2CD7E37B8C248CFA933FBD1F4
C:\Windows\System32\Drivers\mbamswissarmy.sys B047B9CE5A0D800E6D713B43D0405221
C:\Windows\system32\DRIVERS\mwac.sys 482F6D603BDCC825768D86D8228BD65F
C:\Windows\System32\drivers\megasas.sys C3CDCCF07486BD2616A7B82946E07AC0
C:\Windows\System32\drivers\megasr.sys FADB2FE017E69EECE0E1BA78661C2E8C
C:\Windows\System32\drivers\TeeDriverW8x64.sys F1E754DEEB3369BCCE2228D5C10DE101
C:\Windows\System32\drivers\mlx4_bus.sys FD60818B66B2E8A5415EA840E99A9D8F
C:\Windows\system32\drivers\mmcss.sys 68F6977F1CFBAAC770D940A8C0326FA1
C:\Windows\System32\drivers\modem.sys D842ADDB5911945D51F61A0B1C8F36E3
C:\Windows\System32\drivers\monitor.sys 9CCCB7FC3EDADEBA461D78615A6011A6
C:\Windows\System32\drivers\mouclass.sys 27A07B2FB2E3057DA8DAEA4F25D843C7
C:\Windows\System32\drivers\mouhid.sys 7BD6E7F7C9001AB21B8362CFFEE80B25
C:\Windows\System32\drivers\mountmgr.sys F5BDAEE4B7D369D4C74668DCFBA3FF10
C:\Windows\System32\drivers\mpsdrv.sys 30844BD376F9D01E62C820BEF446F1F8
C:\Windows\system32\drivers\mrxdav.sys 50C2389CD04C5B8632E3DC2D733EF15D
C:\Windows\System32\DRIVERS\mrxsmb.sys C9BB4E2FCAB693FEB00CF940060D94F4
C:\Windows\System32\DRIVERS\mrxsmb10.sys 8F58AEAE00B39AC9AD93755E777B19D8
C:\Windows\System32\DRIVERS\mrxsmb20.sys 6C83C4A8278E48455DA13E554CEB45F1
C:\Windows\System32\drivers\bridge.sys 74C9D21523DAE0C18F413C196DF0058A
C:\Windows\System32\Drivers\Msfs.sys F01B849D9D4A8CEAF32D4FDBD0B83C92
C:\Windows\System32\drivers\msgpiowin32.sys 22ECD8F5D1DFADF2011BBB1700CB871D
C:\Windows\System32\drivers\mshidkmdf.sys FD870F6968A145E4D2BA8A8842686B03
C:\Windows\System32\drivers\mshidumdf.sys 30364757963A028CE5DF0FBAAC270173
C:\Windows\System32\drivers\msisadrv.sys 6BB0FEDDAE7135FA37FFAFF4D9E0E876
C:\Windows\system32\DRIVERS\MSKSSRV.sys 13D614E6B51ECF36746C48CE829FA7F6
C:\Windows\System32\drivers\mslldp.sys 642CDE46351D5D2D90311E77072AB46D
C:\Windows\system32\DRIVERS\MSPCLOCK.sys F2302A5CE63CA7673200FAFCEEEDB6AF
C:\Windows\system32\DRIVERS\MSPQM.sys 6114512EA26E835BA522C63635429DB5
C:\Windows\System32\Drivers\MsRPC.sys AA538E16E644D00E3BA5349BBA9598EC
C:\Windows\System32\drivers\mssecflt.sys 7ACFE7435317E791FF9EED2F49B402F2
C:\Windows\System32\drivers\mssmbios.sys 0543BEFD41EC4D25C7F7CF36409CEC7D
C:\Windows\system32\DRIVERS\MSTEE.sys C1569E4DB8EFE3617847BF041A3C842F
C:\Windows\System32\drivers\MTConfig.sys 130B16970154BA9876B09E5C4BAC63BE
C:\Windows\System32\Drivers\mup.sys 15D987C8F6CCD4AC94E070C5986762CB
C:\Windows\System32\drivers\mvumis.sys 3D2C5B4995CA0751D32DEA0DE9FDFE44
C:\Windows\System32\DRIVERS\nwifi.sys DB31EBB04C871F422C36A0962DA7D38B
C:\Windows\System32\drivers\ndfltr.sys 629CB21AC49C8867E0F29DF1C16DB7B4
C:\Windows\System32\drivers\ndis.sys 36DD2C614720EC2970CB5E870BA69D8D
C:\Windows\System32\drivers\ndiscap.sys 6DD605338FAAF6BA17662AA874E0D162
C:\Windows\System32\drivers\NdisImPlatform.sys E34196F285F8B8879E1FF36C31F7179E
C:\Windows\System32\DRIVERS\ndistapi.sys 1FAD2398673F30CEC616B89C46B7DCBA
C:\Windows\System32\drivers\ndisuio.sys AEB8ECBE66CC46854066CB1F5623E179
C:\Windows\System32\drivers\NdisVirtualBus.sys 7340104C2BF2F126714F7CDE85E63610
C:\Windows\System32\drivers\ndiswan.sys 07ADC1F8DCBEB8104D75129B11584B8C
C:\Windows\System32\DRIVERS\ndiswan.sys 07ADC1F8DCBEB8104D75129B11584B8C
C:\Windows\System32\DRIVERS\NDProxy.sys 78A12E3DF035B5D054986949B19BE43C
C:\Windows\System32\drivers\Ndu.sys 04C8859355C1DC9C0FA198D1894D71C2
C:\Windows\System32\drivers\NetAdapterCx.sys 6C76780A01FC2B885BD6E957B5C36B02
C:\Windows\System32\drivers\netbios.sys 5D1513BD6430307C9DB86C6E351372ED
C:\Windows\System32\DRIVERS\netbt.sys 6FEBB0A847FFD5F057B9AC8889F1B9A7
C:\Windows\System32\Drivers\Npfs.sys 001CBD7A2CD45C4EB39C01C3C677EF73
C:\Windows\System32\drivers\npsvctrig.sys 90F5DC9802AAA00CD0B6E2AD9E7FFADC
C:\Windows\System32\drivers\nsiproxy.sys 0C6218321A09A7B51BA7FFAFBA4CCB21
C:\Windows\System32\Drivers\NTFS.sys D1AF837A1555990602A51A3ED238EC80
C:\Windows\System32\Drivers\Null.sys 6E6DD6F9DD2A034CF85E94047DBDB992
C:\Windows\system32\drivers\nvhda64v.sys BF58D8D2DA50AF7A8E55567B7C73661A
C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7a39871618b19f06\nvlddmkm.sys C18DE336EFB00CC23FE87ADED9A9AA92
C:\Windows\System32\drivers\nvraid.sys D261DF41F0840F734856A2B4F5E072C7
C:\Windows\System32\drivers\nvstor.sys 23B702B555EB0436B9DAA0BC63DA65CE
C:\Windows\System32\drivers\nvstusb.sys 28ED9DA419D92A2C3C805DC3C0E2718F
C:\Windows\System32\drivers\parport.sys 6B81BF7853D161DB8AC62CD8B9C2DE6B
C:\Windows\System32\drivers\partmgr.sys F9C32E5ECA5D29852A93C3888A4CC4B2
C:\Windows\System32\drivers\pci.sys 55E45E0A89429AE9C62D728B9C4891C0
C:\Windows\System32\drivers\pciide.sys 214DCC87E3898F738075D1341252A552
C:\Windows\System32\drivers\pcmcia.sys AED76A3333B3A31536E430020E0226FC
C:\Windows\System32\drivers\pcw.sys E63FB38B6E75B39467492FBAD2CD512A
C:\Windows\System32\drivers\pdc.sys 2CCD68D8A6BBFF2DE0EC54F086C5F3BC
C:\Windows\System32\drivers\peauth.sys 1509A77F840AA9E72CF8247D0CF2FBDE
C:\Windows\System32\drivers\percsas2i.sys 540116170E2135FCD5DDE77702166B67
C:\Windows\System32\drivers\percsas3i.sys 8356F87553BF49C703CF382033815898
C:\Windows\System32\drivers\raspptp.sys 5645B9D9788CCA2C88B9534996ED2D6D
C:\Windows\System32\drivers\processr.sys 372913E12677A8CBBBABDD8311894F9D
C:\Windows\System32\drivers\pacer.sys FC98407B85A31161851FDE245517574F
C:\Windows\system32\drivers\qwavedrv.sys 819602BBBFDB0BD46DEA3715BF0DD452
C:\Windows\System32\DRIVERS\rasacd.sys CDF47037A0939F56D11F699629C276AD
C:\Windows\System32\drivers\AgileVpn.sys 28C2EA278070EE12701D0EDF8CB0EC36
C:\Windows\System32\drivers\rasl2tp.sys 17E565710172ED71B8531D8822E1C5D1
C:\Windows\System32\DRIVERS\raspppoe.sys 9387DF155233D45D4E010F4F2FB52A57
C:\Windows\System32\drivers\rassstp.sys F0F4EEDEEBEE7A4244FAFB96A16B5712
C:\Windows\System32\DRIVERS\rdbss.sys BBE0FC9C9E7C556DA6E6E6904739DF7E
C:\Windows\System32\drivers\rdpbus.sys 79A415E6FA915EFC00297DAB16EC2635
C:\Windows\System32\drivers\rdpdr.sys 7135785C21CA79D270D11037C43D3F19
C:\Windows\System32\drivers\rdpvideominiport.sys 97A61A3CB2B5CB4FC32B3224EF333448
C:\Windows\System32\drivers\rdyboost.sys 69BB204AE07EE84ECFAB1BF13C4BD04B
C:\Windows\System32\Drivers\ReFSv1.sys 940D6F5A2B0A61EE4170DF84F6C95C20
C:\Windows\System32\drivers\rspndr.sys 5FF28F097C9699097B473F8FC7C1AA7D
C:\Windows\System32\drivers\vms3cap.sys B5DAEE69BACA64D2BB004568E22D8756
C:\Windows\System32\drivers\sbp2port.sys 5E73FB63E2DBC75FE0C17DEB0010CE0E
C:\Windows\System32\DRIVERS\scfilter.sys 3D9A82B03C92D1FEC42CB171D6F57778
C:\Windows\System32\drivers\scmbus.sys 9055ADDFBA4C8B914C914CE693B55C0A
C:\Windows\System32\drivers\scmdisk0101.sys B6F2363584E62960846F7C3F00124A4F
C:\Windows\System32\drivers\sdbus.sys FCBB8A17B4437B2CA8CC8DA8CB1D306E
C:\Windows\System32\drivers\sdstor.sys 120DFCB71D6C502613A9E2D50E16850C
C:\Windows\System32\drivers\SerCx.sys 401D706DDC0A7AF18C3DD228ADF74551
C:\Windows\System32\drivers\SerCx2.sys 7084D11083F0CDCA8B5C76F9846ABF5D
C:\Windows\System32\drivers\serenum.sys 3FF478A8ED32A83C36581425F6282B6C
C:\Windows\System32\drivers\serial.sys 92509187AA171A80521528B36F753E1D
C:\Windows\System32\drivers\sermouse.sys 433D38FF6D08B993847EA2A10EB8CB52
C:\Windows\System32\drivers\sfloppy.sys 697D3EE0740AEAB62B66ABCA1C83D13B
C:\Windows\System32\drivers\SiSRaid2.sys A34CE1830E45DA98932295FDE4B7908A
C:\Windows\System32\drivers\sisraid4.sys A7B5C670770E908DA5FEF5BF1136E933
C:\Windows\System32\drivers\spaceport.sys 3DB9C2950439B61A038BF83E697C7A14
C:\Windows\System32\drivers\SpbCx.sys E03264C4C25B568F92ED1656AD541E64
C:\Windows\System32\Drivers\NSx64\160A000.055\SRTSP64.SYS 9225E5323704993E6C557F8ABCEF2A66
C:\Windows\system32\drivers\NSx64\160A000.055\SRTSPX64.SYS 96E5695385228F99509DD505EA4F1F37
C:\Windows\System32\DRIVERS\srv.sys EDCDCD95B916DB156A903AC6256F0CCF
C:\Windows\System32\DRIVERS\srv2.sys DF7147DE10921DBAAE9F9EEF94590E10
C:\Windows\System32\DRIVERS\srvnet.sys 416D224AF7481A4179F018FB1F9A5B6B
C:\Windows\System32\drivers\stexstor.sys 29D26E1347AE1BBD4201014E19880B2C
C:\Windows\System32\drivers\storahci.sys 0FE3B9A9E40DE1029B0AC2368A3F765D
C:\Windows\System32\drivers\vmstorfl.sys C5E0ACE4771F5575D9D5B457ABF3AD03
C:\Windows\System32\drivers\stornvme.sys C1CFB9C19BF1134D8B9A7CF89BEC0AD1
C:\Windows\System32\drivers\storqosflt.sys BEBF85EB4D90E6996047DA027D0ED26E
C:\Windows\System32\drivers\storufs.sys 8E73037A6F8938475692FFCC26EBF385
C:\Windows\System32\drivers\storvsc.sys 9D9DED47DA10E845EFF2DD57C94C809B
C:\Windows\System32\drivers\swenum.sys 505E0C40B5D0ADDCBB414640F59BD2E0
C:\Windows\System32\drivers\NSx64\160A000.055\SYMEFASI64.SYS 204B80C2C5B2E87E9558CC2D1C2D8BB5
C:\Windows\System32\drivers\NSx64\160A000.055\SymELAM.sys 3123BDBFE5CF061035D79CB3F3075F82
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 674908D3CE54EE5336DC545CB2A39702
C:\Windows\system32\drivers\NSx64\160A000.055\Ironx64.SYS EF84A42B86BCBDCB88F3C8849170492D
C:\Windows\System32\Drivers\NSx64\160A000.055\SYMNETS.SYS 8CF934DF2A8C1BDFA766D3E137A11986
C:\Windows\System32\drivers\Synth3dVsc.sys 32F46FB0F290D16DAA452B289C985795
C:\Windows\System32\drivers\tapnordvpn.sys 33956C0B1B809C416619E0526EA219F3
C:\Windows\System32\drivers\tcpip.sys 172B5A199F917B4BACB38F13BCAA11CB
C:\Windows\System32\drivers\tcpip.sys 172B5A199F917B4BACB38F13BCAA11CB
C:\Windows\System32\drivers\tcpipreg.sys 8DBB1BE20C36E6D19BCC89EEA00B953C
C:\Windows\system32\DRIVERS\tdx.sys 9D2DD64A0B51C56285512DC9454340F6
C:\Windows\System32\drivers\terminpt.sys 06130AFFECEB94525FC2352936576B70
C:\Windows\System32\drivers\tpm.sys 798C8CB861EB09C5AFB77468E5449BBB
C:\Windows\System32\drivers\TsUsbFlt.sys A6F4025664C9D4BC2A9EDAB4092706D7
C:\Windows\System32\drivers\TsUsbGD.sys 37A96AD493E110C0BF1EE0AC0F9E7DBD
C:\Windows\System32\drivers\tsusbhub.sys 5A91FDBA4D3FCB56DAEB8C091B3EB8E1
C:\Windows\System32\drivers\tunnel.sys 79E264287F17D56D768440B0270466DE
C:\Windows\System32\drivers\uaspstor.sys AA65954F512BA097DD190790876DD991
C:\Windows\System32\Drivers\UcmCx.sys AB6268022C3A5B529075A39C33904DA6
C:\Windows\System32\Drivers\UcmTcpciCx.sys 7ED2EDA43D21C7A5F589A7960E265C52
C:\Windows\System32\drivers\UcmUcsi.sys 169351463039B45F5CDED9768879F712
C:\Windows\System32\drivers\ucx01000.sys 08A9E3AD29B215484FBB68CDC175DF3A
C:\Windows\System32\drivers\udecx.sys DA70AEE267491AA56BC63AA0C0C96CA2
C:\Windows\System32\DRIVERS\udfs.sys FBC5ECF6D5A868D0B116C2DBB02B8168
C:\Windows\System32\drivers\UEFI.sys B918E40FAA9CD118CCA4AD388B748C98
C:\Windows\system32\drivers\UevAgentDriver.sys 166B17AE1DD24D8BA8CA474C7C31148F
C:\Windows\System32\drivers\ufx01000.sys 0FD75222C1AD2687AB365BEBEA400DD4
C:\Windows\System32\drivers\UfxChipidea.sys C1A78C53E01C641AE41BFA65797819F5
C:\Windows\System32\drivers\ufxsynopsys.sys 767307212110EBEFB93EC9A5BE9E85B9
C:\Windows\System32\drivers\umbus.sys DC460AAA18CA2342FBBFB2DF9B044472
C:\Windows\System32\drivers\umpass.sys C3CF0377917ECE6D65D7623E1E61568F
C:\Windows\System32\drivers\urschipidea.sys 6B46FC140C9AF68E6E7697D66D59CB4D
C:\Windows\System32\drivers\urscx01000.sys B4402E7F0923F660270442CE76877ABE
C:\Windows\System32\drivers\urssynopsys.sys 9DD431F1B94789CFB527E5D19261F124
C:\Windows\System32\drivers\usbccgp.sys C87E32B90F085970D9637FBAD45EF6FE
C:\Windows\System32\drivers\usbcir.sys 0B663856474AC41924D9E9112203858F
C:\Windows\System32\drivers\usbehci.sys F83D2250256203AC5DA5E8601C1AFDD7
C:\Windows\System32\drivers\usbhub.sys 7FFD26742321919590ED77FCA556D65F
C:\Windows\System32\drivers\UsbHub3.sys 7A749B2863B5561BE34B39E8E249AD8F
C:\Windows\System32\drivers\usbohci.sys D2109F1F4FEBF1DAC415CDC5DE876479
C:\Windows\System32\drivers\usbprint.sys 29C9572F2D061CFC3C0BD48A3163E343
C:\Windows\System32\drivers\usbser.sys 429477D6DEF3321FF7D3EF23CAAADA00
C:\Windows\System32\drivers\USBSTOR.SYS 0CC16F7B91C57AE9A4E44425A295FDAA
C:\Windows\System32\drivers\usbuhci.sys C917D09064CDBD18F75ADC9B2C48F847
C:\Windows\System32\drivers\USBXHCI.SYS 95BCCEFBC40D06484CF16144FE79B8A5
C:\Windows\System32\drivers\vdrvroot.sys 0CBDE344FB48E42D78E29469F202ADBC
C:\Windows\System32\drivers\VerifierExt.sys 723195568C8755CAD57F7933C5F2C5C2
C:\Windows\System32\drivers\vhdmp.sys C12B4859FC255AA6B3021CF8BB14A11F
C:\Windows\System32\drivers\vhf.sys 7929228F0E8B0C2FA0495A17A4FC27F6
C:\Windows\System32\drivers\vmbus.sys AEE432ED868831B1F068E373598F6D93
C:\Windows\System32\drivers\VMBusHID.sys 9444B23FC694B5F90F21B0FC7F10D8DD
C:\Windows\System32\drivers\vmgid.sys 4D0287F566B36536DD812A54C015FC4A
C:\Windows\System32\drivers\volmgr.sys 29075915F9BDC3437F8BED71C067D399
C:\Windows\System32\drivers\volmgrx.sys 6BDB6CE6D2D9E3D3F28F1C97E12B62E2
C:\Windows\System32\drivers\volsnap.sys BF2546583BB75F01DDA60A7921DFB230
C:\Windows\System32\drivers\volume.sys AC2E20A74D09D24485BE8396CE04F07B
C:\Windows\System32\drivers\vpci.sys 04BEC879AD7B3FDDD0339B19FECB0160
C:\Windows\System32\drivers\vsmraid.sys FD9BCB8920973CEAD4D49DC7A6D8A618
C:\Windows\System32\drivers\vstxraid.sys 0C111F220798CCE80484026E06822379
C:\Windows\System32\drivers\vwifibus.sys 607639716E9DB1CEF4E18B5B229293B4
C:\Windows\System32\drivers\vwififlt.sys B1ED64E628763148BF84FBE23F2AD711
C:\Windows\System32\drivers\wacompen.sys 55D00B785A7587F4263D125817871283
C:\Windows\System32\DRIVERS\wanarp.sys CEF3D306C09BEC1A800E9B4A06F859F6
C:\Windows\System32\DRIVERS\wanarp.sys CEF3D306C09BEC1A800E9B4A06F859F6
C:\Windows\system32\drivers\wcifs.sys CD24DEEA22152524CCFE859591D12A57
C:\Windows\system32\drivers\wcnfs.sys AEA1093B751339267D8C8C1EF3D669CF
C:\Windows\system32\drivers\WdBoot.sys D520B1B849B6D4D707AB31722B952C2D
C:\Windows\System32\drivers\Wdf01000.sys 5030C76047D756263093A47B82970868
C:\Windows\system32\drivers\WdFilter.sys 29FF9199EDEB4F5470BB134D1A2563D2
C:\Windows\System32\DRIVERS\wdiwifi.sys 373DF27CD5D5E50FFA2A90FEE0C0D994
C:\Windows\System32\Drivers\WdNisDrv.sys 17CF416CFF408190F5A4CBD79AB12E55
C:\Windows\System32\drivers\wfplwfs.sys E1785942AC51FEE6826CDF02075C5AA9
C:\Windows\System32\drivers\wimmount.sys 0CF79A0EACFFBB75A50A469A27696D02
C:\Windows\System32\drivers\WindowsTrustedRT.sys 0DE131733317EB4BE67028366B0CAAC6
C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys 92EB5D38BDF10C790450F3E46BF93A0E
C:\Windows\System32\drivers\winmad.sys F95DE20312ACCA7761446DE152BD1F7C
C:\Windows\System32\drivers\WinUSB.SYS 4EFB346BFDAEEB29316AA52BBB9852B1
C:\Windows\System32\drivers\winverbs.sys 8B9AFF5F08E66A6F1F1063DEC9457FB6
C:\Windows\System32\drivers\wmiacpi.sys 6F4F4F5A007D1710BD76FB311DA97C07
C:\Windows\System32\Drivers\Wof.sys EDADABA8665AB5C51BF59C4E2566BA7E
C:\Windows\System32\drivers\WpdUpFltr.sys 75A9284F01FE7CB1A7D5EAE5C1EB4F33
C:\Windows\system32\drivers\ws2ifsl.sys 36D7B73ADC3E10607ED6EC874AFB5D1E
C:\Windows\System32\drivers\WudfPf.sys AED7FE551E8672B824A56324076183EB
C:\Windows\System32\drivers\WudfRd.sys CEFAB17FD7DFCFA515626C306262E89D
C:\Windows\system32\DRIVERS\WUDFRd.sys CEFAB17FD7DFCFA515626C306262E89D
C:\Windows\System32\drivers\xboxgip.sys 59335CEA021FB89E07AD5DB5D17F09D0
C:\Windows\System32\drivers\xinputhid.sys 864F4209B03BE4267DDE09B067A165CA
C:\Windows\System32\drivers\zam64.sys 21E13F2CB269DEFEAE5E1D09887D47BB
C:\Windows\System32\drivers\zamguard64.sys 21E13F2CB269DEFEAE5E1D09887D47BB
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Three Months Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-07 02:36 - 2018-02-07 02:36 - 000049497 _____ C:\Users\Danny\Desktop\FRST.txt
2018-02-07 02:35 - 2018-02-07 02:35 - 000145581 _____ C:\Users\Danny\Desktop\first frst.txt
2018-02-07 02:26 - 2018-02-07 02:26 - 000025667 _____ C:\Users\Danny\Desktop\core diagnostic 2.txt
2018-02-07 02:20 - 2018-02-07 02:36 - 000126148 _____ C:\Windows\ZAM.krnl.trace
2018-02-07 02:20 - 2018-02-07 02:36 - 000018472 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-02-07 02:20 - 2018-02-07 02:20 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2018-02-07 02:20 - 2018-02-07 02:20 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2018-02-07 02:20 - 2018-02-07 02:20 - 000001217 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2018-02-07 02:20 - 2018-02-07 02:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-02-07 02:20 - 2018-02-07 02:20 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-02-07 02:16 - 2018-02-07 02:16 - 000025159 _____ C:\Users\Danny\Desktop\core log.txt
2018-02-07 02:15 - 2018-02-07 02:15 - 000025635 _____ C:\Users\Danny\Desktop\wdwd.txt
2018-02-07 02:14 - 2018-02-07 02:14 - 000025637 _____ C:\Users\Danny\Desktop\RCSSD.txt
2018-02-07 02:13 - 2018-02-07 02:13 - 000000000 ____D C:\ProgramData\Reason
2018-02-07 02:12 - 2018-02-07 02:12 - 000291606 _____ C:\Users\Danny\Desktop\TCPView.zip
2018-02-07 02:12 - 2018-02-07 02:12 - 000003624 _____ C:\Windows\System32\Tasks\ReasonSecurityScheduledScan
2018-02-07 02:12 - 2018-02-07 02:12 - 000003474 _____ C:\Windows\System32\Tasks\ReasonSecurityStart
2018-02-07 02:12 - 2018-02-07 02:12 - 000000956 _____ C:\Users\Public\Desktop\Reason Core Security.lnk
2018-02-07 02:12 - 2018-02-07 02:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2018-02-07 02:12 - 2018-02-07 02:12 - 000000000 ____D C:\Program Files\Reason
2018-02-07 02:11 - 2018-02-07 02:11 - 004257344 _____ (Reason Software Company Inc.) C:\Users\Danny\Desktop\reason-core-security-setup.exe
2018-02-07 02:10 - 2018-02-07 02:11 - 006625600 _____ (Zemana Ltd. ) C:\Users\Danny\Desktop\Zemana.AntiMalware.Setup.exe
2018-02-07 02:06 - 2018-02-07 02:27 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2018-02-07 02:06 - 2018-02-07 02:06 - 000000937 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2018-02-07 02:06 - 2018-02-07 02:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2018-02-07 02:01 - 2018-02-07 02:01 - 000000036 _____ C:\Users\Danny\Desktop\e.txt
2018-02-07 01:59 - 2018-02-07 01:59 - 000001982 _____ C:\Users\Public\Desktop\NordVPN.lnk
2018-02-07 01:59 - 2018-02-07 01:59 - 000000000 ____D C:\ProgramData\NordVpn
2018-02-07 01:59 - 2018-02-07 01:59 - 000000000 ____D C:\ProgramData\Caphyon
2018-02-07 01:58 - 2018-02-07 01:59 - 000000000 ____D C:\Users\Danny\AppData\Local\NordVPN
2018-02-07 01:58 - 2018-02-07 01:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
2018-02-07 01:58 - 2018-02-07 01:58 - 000000000 ____D C:\Program Files\TAP-NordVPN
2018-02-07 01:58 - 2018-02-07 01:58 - 000000000 ____D C:\Program Files (x86)\NordVPN
2018-02-07 01:57 - 2018-02-07 01:59 - 000000000 ____D C:\Users\Danny\AppData\Roaming\NordVPN
2018-02-07 01:54 - 2018-02-07 02:04 - 000000036 _____ C:\Users\Danny\Desktop\weweew.txt
2018-02-07 01:54 - 2018-02-07 01:54 - 012822632 _____ (NordVPN) C:\Users\Danny\Desktop\NordVPNSetup.exe
2018-02-07 01:46 - 2018-02-07 02:01 - 000000036 _____ C:\Users\Danny\Desktop\mbytesscan2-7.txt
2018-02-07 01:40 - 2017-12-31 23:51 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usoapi.dll
2018-02-07 01:40 - 2017-12-31 23:49 - 000073728 _____ (Microsoft Corporation) C:\Windows\system32\usoapi.dll
2018-02-07 01:40 - 2017-12-31 23:49 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
2018-02-07 01:40 - 2017-12-31 23:48 - 000310784 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2018-02-07 01:40 - 2017-12-31 23:48 - 000135168 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2018-02-07 01:40 - 2017-12-31 23:41 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2018-02-07 01:40 - 2017-12-31 23:39 - 000557568 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2018-02-07 01:40 - 2017-11-17 22:29 - 002321408 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-02-07 01:40 - 2017-11-01 17:12 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\UsoClient.exe
2018-02-07 01:40 - 2017-11-01 17:05 - 000297984 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2018-02-07 01:40 - 2017-10-08 20:44 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2018-02-07 01:40 - 2017-10-08 20:43 - 001231360 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2018-02-07 01:40 - 2017-09-17 21:27 - 000326656 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2018-02-07 01:40 - 2017-09-07 00:53 - 000180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2018-02-07 01:40 - 2017-09-07 00:52 - 000557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2018-02-07 01:40 - 2017-09-07 00:51 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2018-02-07 01:40 - 2017-09-07 00:18 - 000211968 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2018-02-07 01:40 - 2017-09-07 00:16 - 000748544 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2018-02-07 01:40 - 2017-09-07 00:15 - 000260608 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe
2018-02-07 01:40 - 2017-08-22 00:09 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2018-02-07 01:40 - 2017-08-22 00:08 - 000079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2018-02-07 01:40 - 2017-08-22 00:06 - 000093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2018-02-07 01:40 - 2017-08-22 00:05 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\wuautoappupdate.dll
2018-02-07 01:40 - 2017-08-22 00:04 - 000165376 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2018-02-07 01:40 - 2017-08-21 23:57 - 000711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-02-07 01:40 - 2017-08-21 23:47 - 000869888 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-02-07 01:40 - 2017-07-12 00:23 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2018-02-07 01:40 - 2017-07-12 00:12 - 000091648 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2018-02-07 01:40 - 2017-06-21 01:50 - 001054208 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2018-02-07 01:40 - 2017-03-04 01:36 - 000101888 _____ (Microsoft Corporation) C:\Windows\system32\DuCsps.dll
2018-02-07 01:40 - 2016-11-11 04:23 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\EAMProgressHandler.dll
2018-02-07 01:40 - 2016-08-05 23:16 - 000026408 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-02-07 01:40 - 2016-08-05 22:48 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2018-02-07 01:39 - 2016-12-21 02:08 - 000142848 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2018-02-07 01:39 - 2016-12-20 23:44 - 000120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2018-02-07 01:37 - 2018-02-07 01:38 - 002793472 _____ C:\Users\Danny\Desktop\cShieldAgent (2).msi
2018-02-07 01:34 - 2018-02-07 01:35 - 002793472 _____ C:\Users\Danny\Desktop\cShieldAgent (1).msi
2018-02-07 01:33 - 2018-02-07 02:36 - 000000000 ____D C:\FRST
2018-02-07 01:32 - 2018-02-07 01:32 - 001159168 _____ C:\Users\Danny\Desktop\cShieldIpUpdaterAgent.msi
2018-02-07 01:32 - 2018-02-07 01:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2018-02-07 01:31 - 2018-02-07 01:33 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2018-02-07 01:31 - 2018-02-06 23:29 - 000000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2018-02-07 01:30 - 2018-02-07 01:30 - 001875480 _____ (Malwarebytes ) C:\Users\Danny\Desktop\mbae-setup-1.10.1.41.exe
2018-02-07 01:27 - 2018-02-07 01:32 - 000000000 ____D C:\AdwCleaner
2018-02-07 01:26 - 2018-02-07 01:26 - 000000000 ____D C:\Windows\system32\appmgmt
2018-02-07 01:25 - 2018-02-07 01:50 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts.bak
2018-02-07 01:25 - 2018-02-07 01:32 - 000000000 ____D C:\Program Files (x86)\COMODO
2018-02-07 01:24 - 2018-02-07 01:24 - 002793472 _____ C:\Users\Danny\Desktop\cShieldAgent.msi
2018-02-07 01:10 - 2018-02-07 02:27 - 000000000 ____D C:\ProgramData\Emsisoft
2018-02-07 01:07 - 2018-02-07 01:23 - 000000000 ____D C:\EEK
2018-02-07 01:06 - 2018-01-09 16:44 - 000108584 _____ (Microsoft Corporation) C:\Windows\system32\osrss.dll
2018-02-07 01:05 - 2018-02-07 01:53 - 1574456320 _____ C:\Users\Danny\Desktop\domefirewall.ova
2018-02-07 01:04 - 2018-02-07 01:51 - 1149382656 _____ C:\Users\Danny\Desktop\domefirewall.iso
2018-02-07 01:03 - 2018-02-07 02:07 - 000000000 ____D C:\Users\Danny\AppData\Local\NPE
2018-02-07 01:02 - 2018-02-07 01:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SafeNet
2018-02-07 01:02 - 2018-02-07 01:02 - 000000000 ____D C:\Program Files\SafeNet
2018-02-07 01:02 - 2017-03-29 12:52 - 000062632 _____ (Aladdin Knowledge Systems, Ltd.) C:\Windows\system32\Drivers\aksifdh.sys
2018-02-07 01:02 - 2017-03-29 12:52 - 000044712 _____ (Aladdin Knowledge Systems, Ltd.) C:\Windows\system32\Drivers\aksup.sys
2018-02-07 00:59 - 2018-02-07 01:00 - 014661632 _____ C:\Users\Danny\Desktop\SafeNetAuthenticationClient-x64-10.3.msi
2018-02-07 00:59 - 2018-02-07 00:59 - 011384320 _____ C:\Users\Danny\Desktop\SafeNetAuthenticationClient-x32-10.3.msi
2018-02-07 00:59 - 2018-02-07 00:59 - 000717017 _____ C:\Users\Danny\Desktop\comodocertificateautoinstaller (1).pdf
2018-02-07 00:58 - 2018-02-07 00:58 - 000001911 _____ C:\Users\Danny\Desktop\comodosha256extendedvalidationsecureserverca (1).crt
2018-02-07 00:58 - 2018-02-07 00:58 - 000001684 _____ C:\Users\Danny\Desktop\comodosha256clientauthenticationandsecureemailca (1).crt
2018-02-07 00:57 - 2018-02-07 00:57 - 000001911 _____ C:\Users\Danny\Desktop\comodosha256extendedvalidationsecureserverca.crt
2018-02-07 00:56 - 2018-02-07 00:56 - 000001858 _____ C:\Users\Danny\Desktop\comodosha256domainvalidationsecureserverca.crt
2018-02-07 00:56 - 2018-02-07 00:56 - 000001858 _____ C:\Users\Danny\Desktop\comodosha256domainvalidationsecureserverca (2).crt
2018-02-07 00:55 - 2018-02-07 00:55 - 000001684 _____ C:\Users\Danny\Desktop\comodosha256clientauthenticationandsecureemailca.crt
2018-02-07 00:55 - 2018-02-07 00:55 - 000001635 _____ C:\Users\Danny\Desktop\comodosha256codesigningca.crt
2018-02-07 00:55 - 2018-02-07 00:55 - 000001521 _____ C:\Users\Danny\Desktop\addtrustexternalcaroot (4).crt
2018-02-07 00:55 - 2018-02-07 00:55 - 000001521 _____ C:\Users\Danny\Desktop\addtrustexternalcaroot (3).crt
2018-02-07 00:54 - 2018-02-07 00:54 - 000002114 _____ C:\Users\Danny\Desktop\incommonrsacodesigningca.crt
2018-02-07 00:54 - 2018-02-07 00:54 - 000001956 _____ C:\Users\Danny\Desktop\usertrustrsaaddtrustca (1).crt
2018-02-07 00:54 - 2018-02-07 00:54 - 000001521 _____ C:\Users\Danny\Desktop\addtrustexternalcaroot (2).crt
2018-02-07 00:53 - 2018-02-07 00:53 - 000005608 _____ C:\Users\Danny\Desktop\incommonrsaserverca-bundle.crt
2018-02-07 00:53 - 2018-02-07 00:53 - 000005593 _____ C:\Users\Danny\Desktop\incommonrsacodesigning-bundle.crt
2018-02-07 00:53 - 2018-02-07 00:53 - 000001956 _____ C:\Users\Danny\Desktop\usertrustrsaaddtrustca.crt
2018-02-07 00:52 - 2018-02-07 00:52 - 000002130 _____ C:\Users\Danny\Desktop\incommonrsaserverca_2.crt
2018-02-07 00:52 - 2018-02-07 00:52 - 000002098 _____ C:\Users\Danny\Desktop\comodorsacodesigningca (1).crt
2018-02-07 00:52 - 2018-02-07 00:52 - 000001952 _____ C:\Users\Danny\Desktop\comodorsaaddtrustca.crt
2018-02-07 00:52 - 2018-02-07 00:52 - 000001521 _____ C:\Users\Danny\Desktop\addtrustexternalcaroot.crt
2018-02-07 00:52 - 2018-02-07 00:52 - 000001521 _____ C:\Users\Danny\Desktop\addtrustexternalcaroot (1).crt
2018-02-07 00:51 - 2018-02-07 00:51 - 000002098 _____ C:\Users\Danny\Desktop\comodorsacodesigningca.crt
2018-02-
-
Here is the fixlog from the first FRST scan not the second.
Here is the fixlog because I do know how to use the tool... But dont forget I formatted this pc a couple hours ago it doesnt even have the newest win 10 yet. and i know about the multiple AV's i was trying to get logs for u
Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Danny (07-02-2018 01:50:02) Run:1
Running from C:\Users\Danny\Desktop
Loaded Profiles: Danny (Available Profiles: Danny)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start:
CloseProcesses:
EmptyTemp:
DeleteQuarantine:
Hosts:
RemoveProxy:
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(Micro-Star INT'L CO., LTD.) C:\MSI\MSIRegister\MSIRegisterService.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.9.0.71\NS.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.0_none_36d3ccc3ddfd1ecb\TiWorker.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.9.0.71\NS.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Windows\syswow64\wbem\WmiPrvSE.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\Live Update.exe
(Symantec Corporation) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\NPE.exe
CMD: netsh winsock reset catalog
CMD: netsh winsock reset c:\resetlog.txt
CMD: netsh winsock reset
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ip reset c:\log.txt
CMD: netsh int ip reset
CMD: ipconfig /flushdns
CMD: ipconfig /release
CMD: ipconfig /renew
RemoveProxy:
bitsadmin /reset /allusers
CMD: bitsadmin /reset /allusers
Task: Unhide: Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Task: Unhide: Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Task: Unhide: Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Task: Unhide: Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Task: Unhide: Killer Bandwidth Control Filter Driver (HKLM\...\{5B7A2B7B-CEA9-4E50-B0E4-E82F204CBE78}) (Version: 1.1.57.1125 - Rivet Networks) Hidden
Task: Unhide: Killer E220x Drivers (HKLM\...\{77C95134-CA2D-4614-9C86-55B7A6A281AA}) (Version: 1.1.57.1125 - Rivet Networks) Hidden
Task: RemoveKey: ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
Task: RemoveKey: ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
Task: RemoveKey: ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
Task: RemoveKey: ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
Task: RemoveKey: ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
Task: RemoveKey: ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
Task: RemoveKey: ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
Task: RemoveKey: ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.9.0.71\NavShExt.dll [2017-02-20] (Symantec Corporation)
Task: RemoveKey: ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
Task: RemoveKey: ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
Task: RemoveKey: ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.9.0.71\NavShExt.dll [2017-02-20] (Symantec Corporation)
Task: RemoveKey: ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
Task: RemoveKey: ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: RemoveKey: ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-10-20] (Intel Corporation)
Task: RemoveKey: ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
Task: RemoveKey: ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
Task: RemoveKey: ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
Task: RemoveKey: ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.9.0.71\NavShExt.dll [2017-02-20] (Symantec Corporation)
Task: RemoveKey: ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
Task: RemoveKey: ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
Task: RemoveKey: {0DE1C53F-E391-4716-B3CF-C43DB0921FAE} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: RemoveKey: {1E087CEA-BDF2-4455-A683-A8FA6DD163D6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: RemoveKey: {22C764B0-4DB2-4CCC-87AB-AA778CF31B3B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-06] (Google Inc.)
Task: RemoveKey: {22DC766C-9ACA-4FF3-8F57-8F1B27BB5E55} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: RemoveKey: {34C3B638-9FC5-4374-A5DC-57C412591ED9} - System32\Tasks\Norton Security Scan for Danny => C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.145\Nss.exe [2017-12-15] (Symantec Corporation)
Task: RemoveKey: {3704827F-AF35-40D1-ACA9-DE5DA1C6633C} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.9.0.71\SymErr.exe [2017-02-20] (Symantec Corporation)
Task: RemoveKey: {3732AD9F-0418-4A63-BF9F-A7AD3A301CD2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-06] (Google Inc.)
Task: RemoveKey: {578689B9-C8D7-4E1F-854B-8553AF4A4FFA} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.9.0.71\SymErr.exe [2017-02-20] (Symantec Corporation)
Task: RemoveKey: {7494753E-4913-47AE-9451-CD65276B03A9} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.9.0.71\WSCStub.exe [2017-02-20] (Symantec Corporation)
Task: RemoveKey: {AF29A97C-32FC-45C5-A8F0-29FF0035D776} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.9.0.71\SymErr.exe [2017-02-20] (Symantec Corporation)
Task: RemoveKey: {B497D2A1-24B5-4DDD-8A27-03A6DBB17510} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: RemoveKey: {C353E55C-EFDF-4BE4-8E65-9144E736B370} - System32\Tasks\MSI_Toast_Server => C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe [2017-07-10] (Micro-Star INT'L CO., LTD.)
Task: RemoveKey: {F8E92E22-52ED-4039-A6BC-81BC655B7886} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: RemoveKey: R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
Task: RemoveKey: R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [153888 2017-12-18] (Malwarebytes Corporation)
Task: RemoveKey: R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
Task: RemoveKey: R2 MSIREGISTER_MR; C:\MSI\MSIRegister\MSIRegisterService.exe [128976 2017-07-11] (Micro-Star INT'L CO., LTD.)
Task: RemoveKey: R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2306232 2018-01-25] (Micro-Star INT'L CO., LTD.)
Task: RemoveKey: R2 NS; C:\Program Files\Norton Security\Engine\22.9.0.71\NS.exe [326160 2017-02-20] (Symantec Corporation)
Task: RemoveKey: S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation)
Task: RemoveKey: S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
Task: RemoveKey: S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
Task: RemoveKey: S3 disconnect-openvpn; C:\Users\Danny\AppData\Roaming\Disconnect\Disconnect Desktop\nssm.exe [X]
Task: RemoveKey: R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
Task: RemoveDirectory: "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d
Task: RemoveDirectory: "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
Task: RemoveKey: R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [144456 2016-01-22] (Rivet Networks, LLC.)
Task: RemoveKey: R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\BASHDefs\20180201.001\BHDrvx64.sys [1872024 2018-02-01] (Symantec Corporation)
Task: RemoveKey: R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1609000.047\ccSetx64.sys [174240 2017-02-20] (Symantec Corporation)
Task: RemoveKey: R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-02-06] (Symantec Corporation)
Task: RemoveKey: R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [152656 2018-02-06] (Symantec Corporation)
Task: RemoveKey: R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [76192 2017-12-18] ()
Task: RemoveKey: R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\IPSDefs\20180206.001\IDSvia64.sys [1056920 2018-02-06] (Symantec Corporation)
Task: RemoveKey: R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)
Task: RemoveKey: R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [162120 2016-09-28] (Qualcomm Atheros, Inc.)
Task: RemoveKey: R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193464 2018-02-07] (Malwarebytes)
Task: RemoveKey: R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2018-02-07] (Malwarebytes)
Task: RemoveKey: R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [46008 2018-02-07] (Malwarebytes)
Task: RemoveKey: R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-07] (Malwarebytes)
Task: RemoveKey: R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2018-02-07] (Malwarebytes)
Task: RemoveKey: S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
Task: RemoveKey: R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
Task: RemoveKey: R1 SMR520; C:\Windows\System32\drivers\SMR520.SYS [119960 2018-02-07] (Symantec Corporation)
Task: RemoveKey: R1 SRTSP; C:\Windows\system32\drivers\NSx64\1609000.047\SRTSP64.SYS [760992 2017-02-20] (Symantec Corporation)
Task: RemoveKey: R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1609000.047\SRTSPX64.SYS [49312 2017-02-20] (Symantec Corporation)
Task: RemoveKey: R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1609000.047\SYMEFASI64.SYS [1716896 2017-02-20] (Symantec Corporation)
Task: RemoveKey: S0 SymELAM; C:\Windows\System32\drivers\NSx64\1609000.047\SymELAM.sys [24616 2017-02-20] (Symantec Corporation)
Task: RemoveKey: R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2018-02-07] (Symantec Corporation)
Task: RemoveKey: R1 SymIRON; C:\Windows\system32\drivers\NSx64\1609000.047\Ironx64.SYS [291480 2017-02-20] (Symantec Corporation)
Task: RemoveKey: R1 SymNetS; C:\Windows\system32\drivers\NSx64\1609000.047\SYMNETS.SYS [567512 2017-02-20] (Symantec Corporation)
Task: RemoveKey: S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
Task: RemoveKey: S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
Task: RemoveKey: S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
Task: RemoveKey: S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\SDSDefs\20180206.006\NAVENG.SYS [X]
Task: RemoveKey: S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\SDSDefs\20180206.006\NAVEX15.SYS [X]
Task: Restore: HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8980016 2015-11-05] (Zemana Ltd.)
Task: Restore: HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [26119352 2018-01-30] (Micro-Star INT'L CO., LTD.)
Task: Restore: HKLM-x32\...\Run: [MSIRegister] => C:\MSI\MSIRegister\MSIRegister.exe [1262544 2017-07-11] (Micro-Star INT'L CO., LTD.)
Task: Restore: HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2479392 2017-12-18] (Malwarebytes Corporation)
Task: Restore: AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(1).dll [86936 2015-11-05] (Zemana Ltd.)
RemoveProxy:
End:
*****************
Start: => Error: No automatic fix found for this entry.
Processes closed successfully.
"C:\FRST\Quarantine" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKU\S-1-5-21-282559497-451337721-2173362044-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-282559497-451337721-2173362044-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-282559497-451337721-2173362044-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
========= End of RemoveProxy: =========
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe => No running process found
C:\Windows\System32\igfxCUIService.exe => No running process found
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe => No running process found
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe => Could not close process
C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe => No running process found
C:\MSI\MSIRegister\MSIRegisterService.exe => No running process found
C:\Program Files\Norton Security\Engine\22.9.0.71\NS.exe => Could not close process
C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.0_none_36d3ccc3ddfd1ecb\TiWorker.exe => No running process found
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe => Could not close process
C:\Program Files\Norton Security\Engine\22.9.0.71\NS.exe => Could not close process
C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe => No running process found
C:\Windows\System32\igfxEM.exe => No running process found
C:\Windows\System32\igfxHK.exe => No running process found
C:\Windows\System32\igfxTray.exe => No running process found
C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe => No running process found
C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe => No running process found
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe => Could not close process
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe => Could not close process
C:\Windows\syswow64\wbem\WmiPrvSE.exe => No running process found
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe => Could not close process
C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe => No running process found
C:\Program Files (x86)\MSI\Live Update\Live Update.exe => No running process found
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\NPE.exe => No running process found
========= netsh winsock reset catalog =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= netsh winsock reset c:\resetlog.txt =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= netsh winsock reset =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= netsh int ipv4 reset =========
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
Restart the computer to complete this action.
========= End of CMD: =========
========= netsh int ipv6 reset =========
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
Restart the computer to complete this action.
========= End of CMD: =========
========= netsh int ip reset c:\resetlog.txt =========
Resetting , failed.
Access is denied.
There's no user specified settings to be reset.
========= End of CMD: =========
========= netsh int ip reset c:\log.txt =========
Resetting , failed.
Access is denied.
There's no user specified settings to be reset.
========= End of CMD: =========
========= netsh int ip reset =========
Resetting , failed.
Access is denied.
There's no user specified settings to be reset.
========= End of CMD: =========
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= ipconfig /release =========
Windows IP Configuration
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::d0cb:21cb:458a:e804%4
Default Gateway . . . . . . . . . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::2844:4e2:bcea:b88b%3
Default Gateway . . . . . . . . . :
========= End of CMD: =========
========= ipconfig /renew =========
Windows IP Configuration
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . : home
Link-local IPv6 Address . . . . . : fe80::d0cb:21cb:458a:e804%4
IPv4 Address. . . . . . . . . . . : 192.168.1.112
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
Tunnel adapter isatap.home:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::2844:4e2:bcea:b88b%3
Default Gateway . . . . . . . . . :
========= End of CMD: =========
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-282559497-451337721-2173362044-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-282559497-451337721-2173362044-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
========= End of RemoveProxy: =========
bitsadmin /reset /allusers => Error: No automatic fix found for this entry.
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
0 out of 0 jobs canceled.
========= End of CMD: =========
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}\\SystemComponent" => removed successfully
Task: Unhide: Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.) => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{c7f54569-0018-439c-809a-48046a4d4ebc}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B7A2B7B-CEA9-4E50-B0E4-E82F204CBE78}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77C95134-CA2D-4614-9C86-55B7A6A281AA}\\SystemComponent" => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayExcluded => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C} => key could not remove. Access Denied.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayPending => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => key could not remove. Access Denied.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayProtected => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148} => key could not remove. Access Denied.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayExcluded => key could not remove. Access Denied.
HKLM\Software\Wow6432Node\Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C} => key could not remove. Access Denied.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayPending => key could not remove. Access Denied.
HKLM\Software\Wow6432Node\Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => key could not remove. Access Denied.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayProtected => key could not remove. Access Denied.
HKLM\Software\Wow6432Node\Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148} => key could not remove. Access Denied.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BUContextMenu => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => key could not remove. Access Denied.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => key could not remove. Access Denied.
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR" => removed successfully
"HKLM\Software\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}" => removed successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}" => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => key could not remove. Access Denied.
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MBAMShlExt" => removed successfully
HKLM\Software\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => key could not remove. Access Denied.
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxDTCM" => removed successfully
"HKLM\Software\Classes\CLSID\{9B5F5829-A529-4B12-814A-E81BCB8D93FC}" => removed successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\NvCplDesktopContext" => removed successfully
"HKLM\Software\Classes\CLSID\{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}" => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BUContextMenu => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => key could not remove. Access Denied.
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\MBAMShlExt" => removed successfully
HKLM\Software\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => key could not remove. Access Denied.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => key could not remove. Access Denied.
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR" => removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA} => key not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found
Task: RemoveKey: {0DE1C53F-E391-4716-B3CF-C43DB0921FAE} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com) => Error: No automatic fix found for this entry.
Task: RemoveKey: {1E087CEA-BDF2-4455-A683-A8FA6DD163D6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: {22C764B0-4DB2-4CCC-87AB-AA778CF31B3B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-06] (Google Inc.) => Error: No automatic fix found for this entry.
Task: RemoveKey: {22DC766C-9ACA-4FF3-8F57-8F1B27BB5E55} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: {34C3B638-9FC5-4374-A5DC-57C412591ED9} - System32\Tasks\Norton Security Scan for Danny => C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.145\Nss.exe [2017-12-15] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: {3704827F-AF35-40D1-ACA9-DE5DA1C6633C} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.9.0.71\SymErr.exe [2017-02-20] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: {3732AD9F-0418-4A63-BF9F-A7AD3A301CD2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-06] (Google Inc.) => Error: No automatic fix found for this entry.
Task: RemoveKey: {578689B9-C8D7-4E1F-854B-8553AF4A4FFA} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.9.0.71\SymErr.exe [2017-02-20] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: {7494753E-4913-47AE-9451-CD65276B03A9} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.9.0.71\WSCStub.exe [2017-02-20] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: {AF29A97C-32FC-45C5-A8F0-29FF0035D776} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.9.0.71\SymErr.exe [2017-02-20] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: {B497D2A1-24B5-4DDD-8A27-03A6DBB17510} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: {C353E55C-EFDF-4BE4-8E65-9144E736B370} - System32\Tasks\MSI_Toast_Server => C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe [2017-07-10] (Micro-Star INT'L CO., LTD.) => Error: No automatic fix found for this entry.
Task: RemoveKey: {F8E92E22-52ED-4039-A6BC-81BC655B7886} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK => Error: No automatic fix found for this entry.
Task: RemoveKey: R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [153888 2017-12-18] (Malwarebytes Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) => Error: No automatic fix found for this entry.
Task: RemoveKey: R2 MSIREGISTER_MR; C:\MSI\MSIRegister\MSIRegisterService.exe [128976 2017-07-11] (Micro-Star INT'L CO., LTD.) => Error: No automatic fix found for this entry.
Task: RemoveKey: R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2306232 2018-01-25] (Micro-Star INT'L CO., LTD.) => Error: No automatic fix found for this entry.
Task: RemoveKey: R2 NS; C:\Program Files\Norton Security\Engine\22.9.0.71\NS.exe [326160 2017-02-20] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: S3 disconnect-openvpn; C:\Users\Danny\AppData\Roaming\Disconnect\Disconnect Desktop\nssm.exe [X] => Error: No automatic fix found for this entry.
Task: RemoveKey: R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 => Error: No automatic fix found for this entry.
"Task: "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d" => not found
"Task: "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000" => not found
Task: RemoveKey: R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [144456 2016-01-22] (Rivet Networks, LLC.) => Error: No automatic fix found for this entry.
Task: RemoveKey: R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\BASHDefs\20180201.001\BHDrvx64.sys [1872024 2018-02-01] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1609000.047\ccSetx64.sys [174240 2017-02-20] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-02-06] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [152656 2018-02-06] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [76192 2017-12-18] () => Error: No automatic fix found for this entry.
Task: RemoveKey: R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\IPSDefs\20180206.001\IDSvia64.sys [1056920 2018-02-06] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.) => Error: No automatic fix found for this entry.
Task: RemoveKey: R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [162120 2016-09-28] (Qualcomm Atheros, Inc.) => Error: No automatic fix found for this entry.
Task: RemoveKey: R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193464 2018-02-07] (Malwarebytes) => Error: No automatic fix found for this entry.
Task: RemoveKey: R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2018-02-07] (Malwarebytes) => Error: No automatic fix found for this entry.
Task: RemoveKey: R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [46008 2018-02-07] (Malwarebytes) => Error: No automatic fix found for this entry.
Task: RemoveKey: R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-07] (Malwarebytes) => Error: No automatic fix found for this entry.
Task: RemoveKey: R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2018-02-07] (Malwarebytes) => Error: No automatic fix found for this entry.
Task: RemoveKey: S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () => Error: No automatic fix found for this entry.
Task: RemoveKey: R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: R1 SMR520; C:\Windows\System32\drivers\SMR520.SYS [119960 2018-02-07] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: R1 SRTSP; C:\Windows\system32\drivers\NSx64\1609000.047\SRTSP64.SYS [760992 2017-02-20] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1609000.047\SRTSPX64.SYS [49312 2017-02-20] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1609000.047\SYMEFASI64.SYS [1716896 2017-02-20] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: S0 SymELAM; C:\Windows\System32\drivers\NSx64\1609000.047\SymELAM.sys [24616 2017-02-20] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2018-02-07] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: R1 SymIRON; C:\Windows\system32\drivers\NSx64\1609000.047\Ironx64.SYS [291480 2017-02-20] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: R1 SymNetS; C:\Windows\system32\drivers\NSx64\1609000.047\SYMNETS.SYS [567512 2017-02-20] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\SDSDefs\20180206.006\NAVENG.SYS [X] => Error: No automatic fix found for this entry.
Task: RemoveKey: S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\SDSDefs\20180206.006\NAVEX15.SYS [X] => Error: No automatic fix found for this entry.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Task: Restore: ZALFree" => not found
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Task: Restore: Live Update" => not found
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Task: Restore: MSIRegister" => not found
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Task: Restore: Malwarebytes Anti-Exploit" => not found
"Task: Restore: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL" => Value data not found.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-282559497-451337721-2173362044-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-282559497-451337721-2173362044-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
========= End of RemoveProxy: =========
End: => Error: No automatic fix found for this entry.
=========== EmptyTemp: ==========
BITS transfer queue => 567412 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8535690 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1916942 B
Edge => 5081112 B
Chrome => 42167778 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 5656 B
NetworkService => 5950 B
Danny => 8004725 B
RecycleBin => 0 B
EmptyTemp: => 63.2 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 07-02-2018 01:51:08)
Result of scheduled keys to remove after reboot:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayExcluded => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C} => key could not remove. Access Denied.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayPending => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => key could not remove. Access Denied.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayProtected => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148} => key could not remove. Access Denied.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayExcluded => key could not remove. Access Denied.
HKLM\Software\Wow6432Node\Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C} => key could not remove. Access Denied.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayPending => key could not remove. Access Denied.
HKLM\Software\Wow6432Node\Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => key could not remove. Access Denied.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayProtected => key could not remove. Access Denied.
HKLM\Software\Wow6432Node\Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148} => key could not remove. Access Denied.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BUContextMenu => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => key could not remove. Access Denied.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => key could not remove. Access Denied.
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => key could not remove. Access Denied.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BUContextMenu => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => key could not remove. Access Denied.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => key could not remove. Access Denied.
==== End of Fixlog 01:51:08
-
Look as I was doing this they closed down thge program on me and all of my browsers so i couldnt do this, I cant get a log from malwarebytes it just says www.malwarebytes.com im serious they are controlling my pc. this was the original log i saved lets see if its changed
When gathering information, do this with the system "disconnected from the internet". Either unplug the ethernet cable or if its wireless, shut off the network adapter so that there is no remote access. If you feel that someone is able to remote access to this system then dont bring it back online, and work on it in offline mode.
Do you happen to have your system recovery media for this system if it leads down the path to performing a clean install?
Does this system have anything important on it or would it not matter if you wiped it clean and started new with a clean build?
-
And If the same behaviours persist when the system is literally disconnected from the internet then that conclusively proves the behaviour is not caused by "remote hackers". If one is still convinced even after that, then I'd suggest a Carbon Monoxide detector.
akamai is used by Windows Update. I'm unsure what "matching up certificates" means but Verisign is a root certificate authority so a vast number of certificates will probably "match up" to it. Cloudfront is used by loads of streaming services.
I've found that at a certain user skill level- everything points to "remote hackers", and I get the impression that this may be the case here, particularly since terms like VM don't actually make any sense in the context they are used. Without the gathered knowledge about stuff, a lot of aspects of the system can seem suspicious or wrong and thus serve as "evidence" that there is some foul remote hacker in action.
I once resolved a user's issues with a "Korean Hacker" who was "randomly flipping my audio from my headphones and back to get his jollies" by plugging the headphones in all the way.
-
And its making me lose my mind.
-
I once resolved a user's issues with a "Korean Hacker" who was "randomly flipping my audio from my headphones and back to get his jollies" by plugging the headphones in all the way.
There is a story about the early days of the telephone in London around 1880. The wires were strung from pole to pole along the streets and used to hum and sing in the wind. Some people said that if you listened carefully you could make out the conversations being carried along the wires. A respectable middle aged lady is supposed to have written to the Metropolitan Electric Telephone Company saying she hadn't minded about the wires being strung past her window, hadn't even minded about the sounds from the wires, but felt she had finally to write and protest about the filthy, obscene and scandalous nature of most of the conversations she could clearly hear.
-
When gathering information, do this with the system "disconnected from the internet". Either unplug the ethernet cable or if its wireless, shut off the network adapter so that there is no remote access. If you feel that someone is able to remote access to this system then dont bring it back online, and work on it in offline mode.
Do you happen to have your system recovery media for this system if it leads down the path to performing a clean install?
Does this system have anything important on it or would it not matter if you wiped it clean and started new with a clean build?
Yes, I have already formatted about 10 times since this post probayl more. And I have nothing importantt on it at all, When I format without the internet I go into the registry and their is another product key, and enterprisze settings/installers ready to be loaded already. Also somehow mny win10 pro cd key like I said becoimes an enterprise cd key because I will go to certain places and get the not allowed for enterprise accounts, when I don't have an enterprise account. my cd keyt which i have bought more than one of are all pro and 1 home. And because someone can somehow enroll my device into their cloud network it doesn't matter if its offline, its still controlled.
-
And If the same behaviours persist when the system is literally disconnected from the internet then that conclusively proves the behaviour is not caused by "remote hackers". If one is still convinced even after that, then I'd suggest a Carbon Monoxide detector.
akamai is used by Windows Update. I'm unsure what "matching up certificates" means but Verisign is a root certificate authority so a vast number of certificates will probably "match up" to it. Cloudfront is used by loads of streaming services.
I've found that at a certain user skill level- everything points to "remote hackers", and I get the impression that this may be the case here, particularly since terms like VM don't actually make any sense in the context they are used. Without the gathered knowledge about stuff, a lot of aspects of the system can seem suspicious or wrong and thus serve as "evidence" that there is some foul remote hacker in action.
I once resolved a user's issues with a "Korean Hacker" who was "randomly flipping my audio from my headphones and back to get his jollies" by plugging the headphones in all the way.
Look I don’t claim to be a wiz by any means when this all started I had no clue what encryption meant, but why is my cd key all of a sudden an enterprise key? Why can I literally installl the exact same cd key onto multiple solid state ssds as its own windows version but same key. Why did the geek squad say 3 brand new ssd hard drives on my brand new asus laptop and I’m talking within a 2 month period 3 hard drives came back as not booting up aka because the pc was turned into a vm. Why am I on my 58th email address? Look I know what I’m talking about but I’m not a hacker so I maybe I don’t have the lingo down but I guarantee you if you ask me anything you don’t think I know, I know the answer. And I’m picking up on the right things. Akamai does not host Microsoft or apple servers and everything I download is from iTunes.apple.akadns or an Akamai dns or akamaiedge or akamized.microsoft and what not. The two largest companies in software do not have third party download sites, and I know for a fact my motherboard providers who I called and checked with adobe use them. Every single ducking download I get comes from Akamai. That’s not right.
-
Not to mention Akamai headquarters is a half hour away so it wouldn’t be hard for someone to make it look very normal. And another thing I’m connected to an ipv6 server and my isp doesn’t offer ipv6. Also I’m connected to a windows sever in Virginia, I have all the ups. I traced down ips in Ohio Florida va Wisconsin Seattle and couple other places that are constantly in my pc and devices, they all come back to Akamai and amazon servers. And my registry shows me as joined to Annaactive directory thru the authenticated proxy it sets up automatically but I can’t get rid of it, even when I remove it it just comes back on start up. Why are all my drivers and certificates from 1999-20006 when I built this pc in 2014 and have never had an old version of windows on it. Besides what wa current in 2014 and has been released
-
And If the same behaviours persist when the system is literally disconnected from the internet then that conclusively proves the behaviour is not caused by "remote hackers". If one is still convinced even after that, then I'd suggest a Carbon Monoxide detector.
akamai is used by Windows Update. I'm unsure what "matching up certificates" means but Verisign is a root certificate authority so a vast number of certificates will probably "match up" to it. Cloudfront is used by loads of streaming services.
I've found that at a certain user skill level- everything points to "remote hackers", and I get the impression that this may be the case here, particularly since terms like VM don't actually make any sense in the context they are used. Without the gathered knowledge about stuff, a lot of aspects of the system can seem suspicious or wrong and thus serve as "evidence" that there is some foul remote hacker in action.
I once resolved a user's issues with a "Korean Hacker" who was "randomly flipping my audio from my headphones and back to get his jollies" by plugging the headphones in all the way.
This stuff was in my startup before i even had access to the internet i mean i unplugged every single thing that has any sort of internet or com or bluetooth access tvs everything, and formatted thru recovery with the recycle option which is supposed to rid the pc of everything, here.
Oh and btw all of this stuff said yes and was checked and turned on if the log says otherwise its due to me logging after i said no to every single one, i dont even have some of the directories and I searched for the exe files it claimed to use and i lacked most of those too. That says virtual machine too me, where else would these be installing from?? the other pc that is creating my machine itno a virtual, and another thing all the vm appv services are turned on in the registry and active, not just appv but the vmv and the vm file types are all in use. But they show or don't show in the services, meaning they show they are off or dont appear as a service in the list but in the registry its clearly active.
No Task Account Cleanup Microsoft Corporation %windir%\System32\rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance \Microsoft\Windows\SharedPC
No Task AikCertEnrollTask \Microsoft\Windows\CertificateServicesClient
No Task AnalyzeSystem \Microsoft\Windows\Power Efficiency Diagnostics
No Task Automatic-Device-Join Microsoft Corporation %SystemRoot%\System32\dsregcmd.exe \Microsoft\Windows\Workplace Join
No Task BgTaskRegistrationMaintenanceTask \Microsoft\Windows\BrokerInfrastructure
Yes Task CleanupTemporaryState Microsoft Corporation %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState \Microsoft\Windows\ApplicationData
No Task Consolidator Microsoft Corporation %SystemRoot%\System32\wsqmcons.exe \Microsoft\Windows\Customer Experience Improvement Program
No Task CryptoPolicyTask \Microsoft\Windows\CertificateServicesClient
No Task Data Integrity Scan \Microsoft\Windows\Data Integrity Scan
No Task Device Microsoft Corporation %windir%\system32\devicecensus.exe \Microsoft\Windows\Device Information
No Task Diagnostics Microsoft Corporation %windir%\system32\disksnapshot.exe -z \Microsoft\Windows\DiskFootprint
No Task DmClient Microsoft Corporation %windir%\system32\dmclient.exe \Microsoft\Windows\Feedback\Siuf
No Task DmClientOnScenarioDownload Microsoft Corporation %windir%\system32\dmclient.exe utcwnf \Microsoft\Windows\Feedback\Siuf
No Task DsSvcCleanup Microsoft Corporation %windir%\system32\dstokenclean.exe \Microsoft\Windows\ApplicationData
No Task EDP Policy Manager \Microsoft\Windows\AppID
No Task ExploitGuard MDM policy Refresh \Microsoft\Windows\ExploitGuard
No Task FamilySafetyMonitor Microsoft Corporation %windir%\System32\wpcmon.exe \Microsoft\Windows\Shell
No Task FamilySafetyMonitorToastTask \Microsoft\Windows\Shell
No Task FamilySafetyRefreshTask \Microsoft\Windows\Shell
No Task File History (maintenance mode) \Microsoft\Windows\FileHistory
No Task ForceSynchronizeTime \Microsoft\Windows\Time Synchronization
No Task HiveUploadTask \Microsoft\Windows\User Profile Service
No Task HybridDriveCachePrepopulate \Microsoft\Windows\Sysmain
No Task HybridDriveCacheRebalance \Microsoft\Windows\Sysmain
No Task IndexerAutomaticMaintenance \Microsoft\Windows\Shell
Yes Task KeyPreGenTask \Microsoft\Windows\CertificateServicesClient
No Task LoginCheck Microsoft Corporation %windir%\system32\sc.exe start pushtoinstall login \Microsoft\Windows\PushToInstall
Yes Task LPRemove Microsoft Corporation %windir%\system32\lpremove.exe \Microsoft\Windows\MUI
No Task MapsUpdateTask \Microsoft\Windows\Maps
Yes Task Microsoft Compatibility Appraiser Microsoft Corporation %windir%\system32\compattelrunner.exe \Microsoft\Windows\Application Experience
Yes Task MNO Metadata Parser Microsoft Corporation %SystemRoot%\System32\MbaeParserTask.exe \Microsoft\Windows\Mobile Broadband Accounts
Yes Task MobilityManager \Microsoft\Windows\Ras
Yes Task PerformRemediation Microsoft Corporation %systemroot%\System32\WaaSMedic.exe None \Microsoft\Windows\WaaSMedic
No Task PolicyConverter Microsoft Corporation %windir%\system32\appidpolicyconverter.exe \Microsoft\Windows\AppID
Yes Task ProactiveScan \Microsoft\Windows\Chkdsk
Yes Task ProgramDataUpdater Microsoft Corporation %windir%\system32\compattelrunner.exe -maintenance \Microsoft\Windows\Application Experience
No Task Property Definition Sync \Microsoft\Windows\File Classification Infrastructure
Yes Task Proxy Microsoft Corporation %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations \Microsoft\Windows\Autochk
Yes Task QueueReporting Microsoft Corporation %windir%\system32\wermgr.exe -upload \Microsoft\Windows\Windows Error Reporting
Yes Task Reboot Microsoft Corporation %systemroot%\system32\MusNotification.exe \Microsoft\Windows\UpdateOrchestrator
Yes Task Registration Microsoft Corporation %windir%\system32\sc.exe start pushtoinstall registration \Microsoft\Windows\PushToInstall
Yes Task ResPriStaticDbSync \Microsoft\Windows\Sysmain
No Task RunUpdateNotificationMgr Microsoft Corporation %windir%\System32\UNP\UpdateNotificationMgr.exe \Microsoft\Windows\UNP
Yes Task Schedule Scan Microsoft Corporation %systemroot%\system32\usoclient.exe StartScan \Microsoft\Windows\UpdateOrchestrator
Yes Task Scheduled Start Microsoft Corporation C:\Windows\system32\sc.exe start wuauserv \Microsoft\Windows\WindowsUpdate
Yes Task ScheduledDefrag Microsoft Corp. %windir%\system32\defrag.exe -c -h -o -$ \Microsoft\Windows\Defrag
Yes Task Secure-Boot-Update \Microsoft\Windows\PI
Yes Task SetupCleanupTask \Microsoft\Windows\Setup
Yes Task SpaceAgentTask Microsoft Corporation %windir%\system32\SpaceAgent.exe \Microsoft\Windows\SpacePort
Yes Task SpaceManagerTask Microsoft Corporation %windir%\system32\spaceman.exe /Work \Microsoft\Windows\SpacePort
Yes Task SpeechModelDownloadTask Microsoft Corporation %windir%\system32\speech_onecore\common\SpeechModelDownload.exe \Microsoft\Windows\Speech
Yes Task Sqm-Tasks \Microsoft\Windows\PI
Yes Task SR Microsoft Corporation %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation \Microsoft\Windows\SystemRestore
Yes Task StartComponentCleanup \Microsoft\Windows\Servicing
Yes Task Storage Tiers Management Initialization \Microsoft\Windows\Storage Tiers Management
No Task Storage Tiers Optimization Microsoft Corp. %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500 \Microsoft\Windows\Storage Tiers Management
Yes Task SynchronizeTime Microsoft Corporation %windir%\system32\sc.exe start w32time task_started \Microsoft\Windows\Time Synchronization
Yes Task SynchronizeTimeZone Microsoft Corporation %windir%\system32\tzsync.exe \Microsoft\Windows\Time Zone
Yes Task Sysprep Generalize Drivers Microsoft Corporation %SystemRoot%\System32\drvinst.exe 6 \Microsoft\Windows\Plug and Play
Yes Task SystemTask \Microsoft\Windows\CertificateServicesClient
Yes Task Tpm-HASCertRetr \Microsoft\Windows\TPM
Yes Task Tpm-Maintenance \Microsoft\Windows\TPM
Yes Task Uninstallation \Microsoft\Windows\LanguageComponentsInstaller
Yes Task UninstallDeviceTask Microsoft Corporation BthUdTask.exe $(Arg0) \Microsoft\Windows\Bluetooth
Yes Task UninstallSMB1ClientTask Microsoft Corporation %windir%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& %windir%\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client" \Microsoft\Windows\SMB
Yes Task UninstallSMB1ServerTask Microsoft Corporation %windir%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& %windir%\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server" \Microsoft\Windows\SMB
Yes Task UPnPHostConfig Microsoft Corporation sc.exe config upnphost start= auto \Microsoft\Windows\UPnP
Yes Task USO_Broker_Display Microsoft Corporation %systemroot%\system32\MusNotification.exe Display \Microsoft\Windows\UpdateOrchestrator
No Task VerifiedPublisherCertStoreCheck Microsoft Corporation %windir%\system32\appidcertstorecheck.exe \Microsoft\Windows\AppID
Yes Task WIM-Hash-Management \Microsoft\Windows\WOF
Yes Task WIM-Hash-Validation \Microsoft\Windows\WOF
Yes Task Windows Defender Cache Maintenance Microsoft Corporation C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance \Microsoft\Windows\Windows Defender
Yes Task Windows Defender Cleanup Microsoft Corporation C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup \Microsoft\Windows\Windows Defender
Yes Task Windows Defender Scheduled Scan Microsoft Corporation C:\Program Files\Windows Defender\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55 \Microsoft\Windows\Windows Defender
Yes Task Windows Defender Verification Microsoft Corporation C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification \Microsoft\Windows\Windows Defender
Yes Task WinSAT \Microsoft\Windows\Maintenance
Yes Task WsSwapAssessmentTask Microsoft Corporation %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask \Microsoft\Windows\Sysmain
Yes Task XblGameSaveTask Microsoft Corporation %windir%\System32\XblGameSaveTask.exe standby \Microsoft\XblGameSave
#2 after disabling some others appeared
Yes Task appuriverifierdaily Microsoft Corporation %windir%\system32\AppHostRegistrationVerifier.exe \Microsoft\Windows\ApplicationData
Yes Task appuriverifierinstall Microsoft Corporation %windir%\system32\AppHostRegistrationVerifier.exe \Microsoft\Windows\ApplicationData
Yes Task Automatic App Update \Microsoft\Windows\WindowsUpdate
No Task Automatic-Device-Join Microsoft Corporation %SystemRoot%\System32\dsregcmd.exe \Microsoft\Windows\Workplace Join
No Task Background Synchronization \Microsoft\Windows\Offline Files
No Task BgTaskRegistrationMaintenanceTask \Microsoft\Windows\BrokerInfrastructure
Yes Task BitLocker MDM policy Refresh \Microsoft\Windows\BitLocker
Yes Task CacheTask \Microsoft\Windows\Wininet
Yes Task Calibration Loader \Microsoft\Windows\WindowsColorSystem
No Task CleanupTemporaryState Microsoft Corporation %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState \Microsoft\Windows\ApplicationData
No Task Consolidator Microsoft Corporation %SystemRoot%\System32\wsqmcons.exe \Microsoft\Windows\Customer Experience Improvement Program
No Task CryptoPolicyTask \Microsoft\Windows\CertificateServicesClient
No Task Data Integrity Scan \Microsoft\Windows\Data Integrity Scan
No Task Device Microsoft Corporation %windir%\system32\devicecensus.exe \Microsoft\Windows\Device Information
No Task Diagnostics Microsoft Corporation %windir%\system32\disksnapshot.exe -z \Microsoft\Windows\DiskFootprint
No Task DmClient Microsoft Corporation %windir%\system32\dmclient.exe \Microsoft\Windows\Feedback\Siuf
No Task DmClientOnScenarioDownload Microsoft Corporation %windir%\system32\dmclient.exe utcwnf \Microsoft\Windows\Feedback\Siuf
No Task DsSvcCleanup Microsoft Corporation %windir%\system32\dstokenclean.exe \Microsoft\Windows\ApplicationData
Yes Task dusmtask Microsoft Corporation %SystemRoot%\System32\dusmtask.exe \Microsoft\Windows\DUSM
Yes Task EDP App Launch Task \Microsoft\Windows\EDP
Yes Task EDP Auth Task \Microsoft\Windows\EDP
Yes Task EDP Inaccessible Credentials Task \Microsoft\Windows\EDP
No Task EDP Policy Manager \Microsoft\Windows\AppID
Yes Task EduPrintProv Microsoft Corporation %windir%\system32\eduprintprov.exe \Microsoft\Windows\Printing
No Task ExploitGuard MDM policy Refresh \Microsoft\Windows\ExploitGuard
No Task FamilySafetyMonitor Microsoft Corporation %windir%\System32\wpcmon.exe \Microsoft\Windows\Shell
No Task FamilySafetyMonitorToastTask \Microsoft\Windows\Shell
No Task FamilySafetyRefreshTask \Microsoft\Windows\Shell
No Task File History (maintenance mode) \Microsoft\Windows\FileHistory
No Task ForceSynchronizeTime \Microsoft\Windows\Time Synchronization
Yes Task GatherNetworkInfo %windir%\system32\gatherNetworkInfo.vbs \Microsoft\Windows\NetTrace
No Task HiveUploadTask \Microsoft\Windows\User Profile Service
Yes Task HybridDriveCachePrepopulate \Microsoft\Windows\Sysmain
Yes Task HybridDriveCacheRebalance \Microsoft\Windows\Sysmain
Yes Task IndexerAutomaticMaintenance \Microsoft\Windows\Shell
Yes Task Installation \Microsoft\Windows\LanguageComponentsInstaller
No Task KeyPreGenTask \Microsoft\Windows\CertificateServicesClient
No Task LoginCheck Microsoft Corporation %windir%\system32\sc.exe start pushtoinstall login \Microsoft\Windows\PushToInstall
No Task Logon Synchronization \Microsoft\Windows\Offline Files
No Task LPRemove Microsoft Corporation %windir%\system32\lpremove.exe \Microsoft\Windows\MUI
No Task MapsUpdateTask \Microsoft\Windows\Maps
No Task Microsoft Compatibility Appraiser Microsoft Corporation %windir%\system32\compattelrunner.exe \Microsoft\Windows\Application Experience
No Task MNO Metadata Parser Microsoft Corporation %SystemRoot%\System32\MbaeParserTask.exe \Microsoft\Windows\Mobile Broadband Accounts
No Task MobilityManager \Microsoft\Windows\Ras
Yes Task Notifications Microsoft Corporation %windir%\System32\LocationNotificationWindows.exe \Microsoft\Windows\Location
Yes Task PerformRemediation Microsoft Corporation %systemroot%\System32\WaaSMedic.exe None \Microsoft\Windows\WaaSMedic
Yes Task PolicyConverter Microsoft Corporation %windir%\system32\appidpolicyconverter.exe \Microsoft\Windows\AppID
No Task ProactiveScan \Microsoft\Windows\Chkdsk
No Task ProgramDataUpdater Microsoft Corporation %windir%\system32\compattelrunner.exe -maintenance \Microsoft\Windows\Application Experience
No Task Property Definition Sync \Microsoft\Windows\File Classification Infrastructure
No Task Proxy Microsoft Corporation %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations \Microsoft\Windows\Autochk
No Task QueueReporting Microsoft Corporation %windir%\system32\wermgr.exe -upload \Microsoft\Windows\Windows Error Reporting
Yes Task Reboot Microsoft Corporation %systemroot%\system32\MusNotification.exe \Microsoft\Windows\UpdateOrchestrator
No Task Recovery-Check Microsoft Corporation %SystemRoot%\System32\dsregcmd.exe /checkrecovery \Microsoft\Windows\Workplace Join
No Task Registration Microsoft Corporation %windir%\system32\sc.exe start pushtoinstall registration \Microsoft\Windows\PushToInstall
No Task ResPriStaticDbSync \Microsoft\Windows\Sysmain
No Task RunUpdateNotificationMgr Microsoft Corporation %windir%\System32\UNP\UpdateNotificationMgr.exe \Microsoft\Windows\UNP
Yes Task Schedule Scan Microsoft Corporation %systemroot%\system32\usoclient.exe StartScan \Microsoft\Windows\UpdateOrchestrator
No Task Scheduled Start Microsoft Corporation C:\Windows\system32\sc.exe start wuauserv \Microsoft\Windows\WindowsUpdate
No Task ScheduledDefrag Microsoft Corp. %windir%\system32\defrag.exe -c -h -o -$ \Microsoft\Windows\Defrag
No Task Secure-Boot-Update \Microsoft\Windows\PI
No Task SetupCleanupTask \Microsoft\Windows\Setup
Yes Task SilentCleanup Microsoft Corporation %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive% \Microsoft\Windows\DiskCleanup
No Task SpaceAgentTask Microsoft Corporation %windir%\system32\SpaceAgent.exe \Microsoft\Windows\SpacePort
No Task SpaceManagerTask Microsoft Corporation %windir%\system32\spaceman.exe /Work \Microsoft\Windows\SpacePort
No Task SpeechModelDownloadTask Microsoft Corporation %windir%\system32\speech_onecore\common\SpeechModelDownload.exe \Microsoft\Windows\Speech
No Task Sqm-Tasks \Microsoft\Windows\PI
No Task SR Microsoft Corporation %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation \Microsoft\Windows\SystemRestore
No Task StartComponentCleanup \Microsoft\Windows\Servicing
Yes Task StartupAppTask Microsoft Corporation %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask \Microsoft\Windows\Application Experience
No Task Storage Tiers Management Initialization \Microsoft\Windows\Storage Tiers Management
No Task Storage Tiers Optimization Microsoft Corp. %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500 \Microsoft\Windows\Storage Tiers Management
Yes Task StorageCardEncryption Task \Microsoft\Windows\EDP
Yes Task StorageSense \Microsoft\Windows\DiskFootprint
No Task SynchronizeTime Microsoft Corporation %windir%\system32\sc.exe start w32time task_started \Microsoft\Windows\Time Synchronization
No Task SynchronizeTimeZone Microsoft Corporation %windir%\system32\tzsync.exe \Microsoft\Windows\Time Zone
No Task Sysprep Generalize Drivers Microsoft Corporation %SystemRoot%\System32\drvinst.exe 6 \Microsoft\Windows\Plug and Play
Yes Task SystemSoundsService \Microsoft\Windows\Multimedia
No Task SystemTask \Microsoft\Windows\CertificateServicesClient
No Task Tpm-HASCertRetr \Microsoft\Windows\TPM
No Task Tpm-Maintenance \Microsoft\Windows\TPM
No Task Uninstallation \Microsoft\Windows\LanguageComponentsInstaller
No Task UninstallDeviceTask Microsoft Corporation BthUdTask.exe $(Arg0) \Microsoft\Windows\Bluetooth
No Task UninstallSMB1ClientTask Microsoft Corporation %windir%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& %windir%\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client" \Microsoft\Windows\SMB
No Task UninstallSMB1ServerTask Microsoft Corporation %windir%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& %windir%\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server" \Microsoft\Windows\SMB
Yes Task UpdateLibrary "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" \Microsoft\Windows\Windows Media Sharing
No Task UPnPHostConfig Microsoft Corporation sc.exe config upnphost start= auto \Microsoft\Windows\UPnP
Yes Task UserTask \Microsoft\Windows\CertificateServicesClient
Yes Task UserTask-Roam \Microsoft\Windows\CertificateServicesClient
Yes Task USO_Broker_Display Microsoft Corporation %systemroot%\system32\MusNotification.exe Display \Microsoft\Windows\UpdateOrchestrator
Yes Task VerifiedPublisherCertStoreCheck Microsoft Corporation %windir%\system32\appidcertstorecheck.exe \Microsoft\Windows\AppID
No Task WIM-Hash-Management \Microsoft\Windows\WOF
No Task WIM-Hash-Validation \Microsoft\Windows\WOF
No Task Windows Defender Cache Maintenance Microsoft Corporation C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance \Microsoft\Windows\Windows Defender
No Task Windows Defender Cleanup Microsoft Corporation C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup \Microsoft\Windows\Windows Defender
No Task Windows Defender Scheduled Scan Microsoft Corporation C:\Program Files\Windows Defender\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55 \Microsoft\Windows\Windows Defender
No Task Windows Defender Verification Microsoft Corporation C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification \Microsoft\Windows\Windows Defender
Yes Task WindowsActionDialog Microsoft Corporation %windir%\System32\WindowsActionDialog.exe \Microsoft\Windows\Location
Yes Task WinSAT \Microsoft\Windows\Maintenance
Yes Task Work Folders Logon Synchronization \Microsoft\Windows\Work Folders
Yes Task Work Folders Maintenance Work \Microsoft\Windows\Work Folders
No Task WsSwapAssessmentTask Microsoft Corporation %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask \Microsoft\Windows\Sysmain
No Task XblGameSaveTask Microsoft Corporation %windir%\System32\XblGameSaveTask.exe standby \Microsoft\XblGameSave
#3 disabled more and others appeared
Yes Task appuriverifierdaily Microsoft Corporation %windir%\system32\AppHostRegistrationVerifier.exe \Microsoft\Windows\ApplicationData
Yes Task appuriverifierinstall Microsoft Corporation %windir%\system32\AppHostRegistrationVerifier.exe \Microsoft\Windows\ApplicationData
Yes Task Automatic App Update \Microsoft\Windows\WindowsUpdate
Yes Task BitLocker MDM policy Refresh \Microsoft\Windows\BitLocker
Yes Task CacheTask \Microsoft\Windows\Wininet
No Task CryptoPolicyTask \Microsoft\Windows\CertificateServicesClient
No Task Data Integrity Scan \Microsoft\Windows\Data Integrity Scan
No Task Device Microsoft Corporation %windir%\system32\devicecensus.exe \Microsoft\Windows\Device Information
No Task Diagnostics Microsoft Corporation %windir%\system32\disksnapshot.exe -z \Microsoft\Windows\DiskFootprint
No Task DmClient Microsoft Corporation %windir%\system32\dmclient.exe \Microsoft\Windows\Feedback\Siuf
No Task DmClientOnScenarioDownload Microsoft Corporation %windir%\system32\dmclient.exe utcwnf \Microsoft\Windows\Feedback\Siuf
No Task DsSvcCleanup Microsoft Corporation %windir%\system32\dstokenclean.exe \Microsoft\Windows\ApplicationData
Yes Task dusmtask Microsoft Corporation %SystemRoot%\System32\dusmtask.exe \Microsoft\Windows\DUSM
Yes Task EDP App Launch Task \Microsoft\Windows\EDP
Yes Task EDP Auth Task \Microsoft\Windows\EDP
Yes Task EDP Inaccessible Credentials Task \Microsoft\Windows\EDP
No Task EDP Policy Manager \Microsoft\Windows\AppID
Yes Task EduPrintProv Microsoft Corporation %windir%\system32\eduprintprov.exe \Microsoft\Windows\Printing
No Task ExploitGuard MDM policy Refresh \Microsoft\Windows\ExploitGuard
No Task FamilySafetyMonitor Microsoft Corporation %windir%\System32\wpcmon.exe \Microsoft\Windows\Shell
No Task FamilySafetyMonitorToastTask \Microsoft\Windows\Shell
No Task FamilySafetyRefreshTask \Microsoft\Windows\Shell
No Task File History (maintenance mode) \Microsoft\Windows\FileHistory
No Task ForceSynchronizeTime \Microsoft\Windows\Time Synchronization
Yes Task GatherNetworkInfo %windir%\system32\gatherNetworkInfo.vbs \Microsoft\Windows\NetTrace
No Task HiveUploadTask \Microsoft\Windows\User Profile Service
Yes Task HybridDriveCachePrepopulate \Microsoft\Windows\Sysmain
Yes Task HybridDriveCacheRebalance \Microsoft\Windows\Sysmain
Yes Task IndexerAutomaticMaintenance \Microsoft\Windows\Shell
Yes Task Installation \Microsoft\Windows\LanguageComponentsInstaller
No Task KeyPreGenTask \Microsoft\Windows\CertificateServicesClient
No Task LoginCheck Microsoft Corporation %windir%\system32\sc.exe start pushtoinstall login \Microsoft\Windows\PushToInstall
No Task Logon Synchronization \Microsoft\Windows\Offline Files
No Task LPRemove Microsoft Corporation %windir%\system32\lpremove.exe \Microsoft\Windows\MUI
No Task MapsUpdateTask \Microsoft\Windows\Maps
No Task Microsoft Compatibility Appraiser Microsoft Corporation %windir%\system32\compattelrunner.exe \Microsoft\Windows\Application Experience
No Task MNO Metadata Parser Microsoft Corporation %SystemRoot%\System32\MbaeParserTask.exe \Microsoft\Windows\Mobile Broadband Accounts
No Task MobilityManager \Microsoft\Windows\Ras
Yes Task Notifications Microsoft Corporation %windir%\System32\LocationNotificationWindows.exe \Microsoft\Windows\Location
Yes Task PerformRemediation Microsoft Corporation %systemroot%\System32\WaaSMedic.exe None \Microsoft\Windows\WaaSMedic
Yes Task PolicyConverter Microsoft Corporation %windir%\system32\appidpolicyconverter.exe \Microsoft\Windows\AppID
No Task ProactiveScan \Microsoft\Windows\Chkdsk
No Task ProgramDataUpdater Microsoft Corporation %windir%\system32\compattelrunner.exe -maintenance \Microsoft\Windows\Application Experience
No Task Property Definition Sync \Microsoft\Windows\File Classification Infrastructure
No Task Proxy Microsoft Corporation %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations \Microsoft\Windows\Autochk
No Task QueueReporting Microsoft Corporation %windir%\system32\wermgr.exe -upload \Microsoft\Windows\Windows Error Reporting
Yes Task Reboot Microsoft Corporation %systemroot%\system32\MusNotification.exe \Microsoft\Windows\UpdateOrchestrator
No Task Recovery-Check Microsoft Corporation %SystemRoot%\System32\dsregcmd.exe /checkrecovery \Microsoft\Windows\Workplace Join
No Task Registration Microsoft Corporation %windir%\system32\sc.exe start pushtoinstall registration \Microsoft\Windows\PushToInstall
No Task ResPriStaticDbSync \Microsoft\Windows\Sysmain
No Task RunUpdateNotificationMgr Microsoft Corporation %windir%\System32\UNP\UpdateNotificationMgr.exe \Microsoft\Windows\UNP
Yes Task Schedule Scan Microsoft Corporation %systemroot%\system32\usoclient.exe StartScan \Microsoft\Windows\UpdateOrchestrator
No Task Scheduled Start Microsoft Corporation C:\Windows\system32\sc.exe start wuauserv \Microsoft\Windows\WindowsUpdate
No Task ScheduledDefrag Microsoft Corp. %windir%\system32\defrag.exe -c -h -o -$ \Microsoft\Windows\Defrag
No Task Secure-Boot-Update \Microsoft\Windows\PI
No Task SetupCleanupTask \Microsoft\Windows\Setup
Yes Task SilentCleanup Microsoft Corporation %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive% \Microsoft\Windows\DiskCleanup
No Task SpaceAgentTask Microsoft Corporation %windir%\system32\SpaceAgent.exe \Microsoft\Windows\SpacePort
No Task SpaceManagerTask Microsoft Corporation %windir%\system32\spaceman.exe /Work \Microsoft\Windows\SpacePort
No Task SpeechModelDownloadTask Microsoft Corporation %windir%\system32\speech_onecore\common\SpeechModelDownload.exe \Microsoft\Windows\Speech
No Task Sqm-Tasks \Microsoft\Windows\PI
No Task SR Microsoft Corporation %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation \Microsoft\Windows\SystemRestore
No Task StartComponentCleanup \Microsoft\Windows\Servicing
Yes Task StartupAppTask Microsoft Corporation %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask \Microsoft\Windows\Application Experience
No Task Storage Tiers Management Initialization \Microsoft\Windows\Storage Tiers Management
No Task Storage Tiers Optimization Microsoft Corp. %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500 \Microsoft\Windows\Storage Tiers Management
Yes Task StorageCardEncryption Task \Microsoft\Windows\EDP
Yes Task StorageSense \Microsoft\Windows\DiskFootprint
No Task SynchronizeTime Microsoft Corporation %windir%\system32\sc.exe start w32time task_started \Microsoft\Windows\Time Synchronization
No Task SynchronizeTimeZone Microsoft Corporation %windir%\system32\tzsync.exe \Microsoft\Windows\Time Zone
No Task Sysprep Generalize Drivers Microsoft Corporation %SystemRoot%\System32\drvinst.exe 6 \Microsoft\Windows\Plug and Play
Yes Task SystemSoundsService \Microsoft\Windows\Multimedia
No Task SystemTask \Microsoft\Windows\CertificateServicesClient
No Task Tpm-HASCertRetr \Microsoft\Windows\TPM
No Task Tpm-Maintenance \Microsoft\Windows\TPM
No Task Uninstallation \Microsoft\Windows\LanguageComponentsInstaller
No Task UninstallDeviceTask Microsoft Corporation BthUdTask.exe $(Arg0) \Microsoft\Windows\Bluetooth
No Task UninstallSMB1ClientTask Microsoft Corporation %windir%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& %windir%\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client" \Microsoft\Windows\SMB
No Task UninstallSMB1ServerTask Microsoft Corporation %windir%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& %windir%\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server" \Microsoft\Windows\SMB
Yes Task UpdateLibrary "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" \Microsoft\Windows\Windows Media Sharing
No Task UPnPHostConfig Microsoft Corporation sc.exe config upnphost start= auto \Microsoft\Windows\UPnP
Yes Task UserTask \Microsoft\Windows\CertificateServicesClient
Yes Task UserTask-Roam \Microsoft\Windows\CertificateServicesClient
Yes Task USO_Broker_Display Microsoft Corporation %systemroot%\system32\MusNotification.exe Display \Microsoft\Windows\UpdateOrchestrator
Yes Task VerifiedPublisherCertStoreCheck Microsoft Corporation %windir%\system32\appidcertstorecheck.exe \Microsoft\Windows\AppID
No Task WIM-Hash-Management \Microsoft\Windows\WOF
No Task WIM-Hash-Validation \Microsoft\Windows\WOF
No Task Windows Defender Cache Maintenance Microsoft Corporation C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance \Microsoft\Windows\Windows Defender
No Task Windows Defender Cleanup Microsoft Corporation C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup \Microsoft\Windows\Windows Defender
No Task Windows Defender Scheduled Scan Microsoft Corporation C:\Program Files\Windows Defender\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55 \Microsoft\Windows\Windows Defender
No Task Windows Defender Verification Microsoft Corporation C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification \Microsoft\Windows\Windows Defender
Yes Task WindowsActionDialog Microsoft Corporation %windir%\System32\WindowsActionDialog.exe \Microsoft\Windows\Location
Yes Task WinSAT \Microsoft\Windows\Maintenance
Yes Task Work Folders Logon Synchronization \Microsoft\Windows\Work Folders
Yes Task Work Folders Maintenance Work \Microsoft\Windows\Work Folders
No Task WsSwapAssessmentTask Microsoft Corporation %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask \Microsoft\Windows\Sysmain
No Task XblGameSaveTask Microsoft Corporation %windir%\System32\XblGameSaveTask.exe standby \Microsoft\XblGameSave
last.
Yes Task CCleanerSkipUAC Piriform Ltd "D:\CCleaner\CCleaner.exe" $(Arg0) \
No Task Maintenance Install Microsoft Corporation %systemroot%\system32\usoclient.exe StartInstall \Microsoft\Windows\UpdateOrchestrator
Yes Task Reboot Microsoft Corporation %systemroot%\system32\MusNotification.exe \Microsoft\Windows\UpdateOrchestrator
Yes Task Schedule Scan Microsoft Corporation %systemroot%\system32\usoclient.exe StartScan \Microsoft\Windows\UpdateOrchestrator
Yes Task Scheduled Start Microsoft Corporation C:\Windows\system32\sc.exe start wuauserv \Microsoft\Windows\WindowsUpdate
Yes Task USO_Broker_Display Microsoft Corporation %systemroot%\system32\MusNotification.exe Display \Microsoft\Windows\UpdateOrchestrator
-
This type of stuff always happens too, I download the drivers for my pc from the MSI website, yet its unsigned? Or is TDSkiller lying ? Because it doesn't make any since what os ever.
13:14:26.0904 0x1e28 TDSS rootkit removing tool 3.1.0.16 Jan 24 2018 17:27:43
13:14:26.0905 0x1e28 UEFI system
13:14:28.0919 0x1e28 ============================================================
13:14:28.0919 0x1e28 Current date / time: 2018/02/10 13:14:28.0919
13:14:28.0921 0x1e28 SystemInfo:
13:14:28.0921 0x1e28
13:14:28.0921 0x1e28 OS Version: 10.0.16299 ServicePack: 0.0
13:14:28.0921 0x1e28 Product type: Workstation
13:14:28.0921 0x1e28 ComputerName: DANNYZZ-PC
13:14:28.0921 0x1e28 UserName: Danny
13:14:28.0921 0x1e28 Windows directory: C:\Windows
13:14:28.0921 0x1e28 System windows directory: C:\Windows
13:14:28.0921 0x1e28 Running under WOW64
13:14:28.0921 0x1e28 Processor architecture: Intel x64
13:14:28.0921 0x1e28 Number of processors: 4
13:14:28.0921 0x1e28 Page size: 0x1000
13:14:28.0921 0x1e28 Boot type: Normal boot
13:14:28.0921 0x1e28 CodeIntegrityOptions = 0x0000C001
13:14:28.0921 0x1e28 ============================================================
13:14:28.0922 0x1e28 KLMD ARK init status: drvProperties = 0xFFFF00, osBuild = 16299.15, osProperties = 0x19
13:14:28.0922 0x1e28 KLMD BG init status: drvProperties = 0xFFFF00, osBuild = 16299.15, osProperties = 0x19
13:14:28.0922 0x1e28 BG loaded
13:14:29.0445 0x1e28 System UUID: {CFAEAA13-674E-2CF8-AC25-9CB0E21C2A47}
13:14:31.0127 0x1e28 Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 ( 223.57 Gb ), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:14:31.0127 0x1e28 Drive \Device\Harddisk1\DR1 - Size: 0x37E4896000 ( 223.57 Gb ), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:14:31.0135 0x1e28 Drive \Device\Harddisk2\DR2 - Size: 0x3B2000000 ( 14.78 Gb ), SectorSize: 0x200, Cylinders: 0x789, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:14:31.0137 0x1e28 ============================================================
13:14:31.0137 0x1e28 \Device\Harddisk0\DR0:
13:14:31.0137 0x1e28 GPT partitions:
13:14:31.0138 0x1e28 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {4FA5EAAF-998A-4DA8-8916-E1480A4B3CCB}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xE1000
13:14:31.0138 0x1e28 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {0134AC8B-341E-49A6-A6C4-0B54312A911F}, Name: EFI system partition, StartLBA 0xE1800, BlocksNum 0x32000
13:14:31.0138 0x1e28 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {69CADF7F-258F-4602-97E2-10103050B139}, Name: Microsoft reserved partition, StartLBA 0x113800, BlocksNum 0x8000
13:14:31.0138 0x1e28 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {6C74E4F6-847A-4E53-8BA4-DDB901706606}, Name: Basic data partition, StartLBA 0x11B800, BlocksNum 0x1BE08800
13:14:31.0138 0x1e28 MBR partitions:
13:14:31.0138 0x1e28 \Device\Harddisk1\DR1:
13:14:31.0138 0x1e28 GPT partitions:
13:14:31.0138 0x1e28 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {51BD3C11-AD84-40E4-8EEC-01A734E7B029}, Name: Microsoft reserved partition, StartLBA 0x800, BlocksNum 0x8000
13:14:31.0138 0x1e28 \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {AF49B5AB-C08A-4AF3-8852-D84A8E7B72C0}, Name: Basic data partition, StartLBA 0x8800, BlocksNum 0x1BF1B000
13:14:31.0138 0x1e28 MBR partitions:
13:14:31.0138 0x1e28 \Device\Harddisk2\DR2:
13:14:31.0139 0x1e28 MBR partitions:
13:14:31.0139 0x1e28 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1D8E080
13:14:31.0139 0x1e28 ============================================================
13:14:31.0140 0x1e28 C: <-> \Device\Harddisk0\DR0\Partition4
13:14:31.0141 0x1e28 D: <-> \Device\Harddisk1\DR1\Partition2
13:14:31.0141 0x1e28 ============================================================
13:14:31.0141 0x1e28 Initialize success
13:14:31.0141 0x1e28 ============================================================
13:16:35.0217 0x07fc ============================================================
13:16:35.0217 0x07fc Scan started
13:16:35.0217 0x07fc Mode: Manual;
13:16:35.0217 0x07fc ============================================================
13:16:35.0217 0x07fc KSN ping started
13:16:35.0437 0x07fc KSN ping finished: false
13:16:35.0780 0x07fc ================ Scan system memory ========================
13:16:35.0780 0x07fc System memory - ok
13:16:35.0780 0x07fc ================ Scan services =============================
13:16:35.0820 0x07fc [ 08312DEEF0D3F8647AA53AD90A69094E, E32620323E7EDD3CAB5B04B9E37DDE7CA87B45C 2CB17520D69D03C17E1D5F65A ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
13:16:35.0833 0x07fc 1394ohci - ok
13:16:35.0843 0x07fc [ 645009E711BBF117CCEE917A03FB0CDD, B531951443D961C08428CB0F77F57D9F33C37C0 637F919A9DA9DB5DA18479F70 ] 3ware C:\Windows\system32\drivers\3ware.sys
13:16:35.0845 0x07fc 3ware - ok
13:16:35.0861 0x07fc [ 69481E5474C7E61CDB3FE6A8A0F3B1B4, 415807534C08B7B8D878B9C9475E98C947A6A19 B9952C1087A22B4D4901F57DB ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:16:35.0872 0x07fc ACPI - ok
13:16:35.0876 0x07fc [ 44EA35A4B397898A83BF1B9B4B8DAE35, 023E3BC5CE47518269A812F156EFF1BD4CB14F1 F5DD3FCC317DE046A519E20CE ] AcpiDev C:\Windows\System32\drivers\AcpiDev.sys
13:16:35.0886 0x07fc AcpiDev - ok
13:16:35.0891 0x07fc [ 91D113A1532B8AB1E25B7DE5AB3C2F83, 43134DB92D522FCF537FFA8E829021F43BDD900 06D7F096BA483DA1DAD3D1CC3 ] acpiex C:\Windows\system32\Drivers\acpiex.sys
13:16:35.0893 0x07fc acpiex - ok
13:16:35.0897 0x07fc [ 620BB2682BA625DF037072D89F44F6EE, A1A72F663C75DC65B1BA278CD7F43FAE6D1BDAE 2F3F1D8269F508DECB555FFF9 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
13:16:35.0907 0x07fc acpipagr - ok
13:16:35.0911 0x07fc [ B9805A3C479390CEAEA5AEF5E4A90A2E, D9256734BC46EA43133873BDDE56B9A3597F74C FE82500FFB374A8EE6293ADD3 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
13:16:35.0920 0x07fc AcpiPmi - ok
13:16:35.0923 0x07fc [ ABD4EB55C661143B015BD0B9B47B235C, 5F109BA04010E634D547E86AF67659EA06BD05F CF78A493DB190790C4D7E13EA ] acpitime C:\Windows\System32\drivers\acpitime.sys
13:16:35.0931 0x07fc acpitime - ok
13:16:35.0956 0x07fc [ 8C58BD711FAD5F11E8CFDBC5CED973A5, 340FCD2C492009D5D7732FBF94198C4767125A7 7E0C71BB20E5CB2BDA5AB57CF ] ADP80XX C:\Windows\system32\drivers\ADP80XX.SYS
13:16:35.0972 0x07fc ADP80XX - ok
13:16:35.0987 0x07fc [ 7AE4EBDC221235BF9E1008B515C0B8DB, 662D354042AB164F4E4113E36E558CC081791B1 A826B58A59F34D4560809556A ] AFD C:\Windows\system32\drivers\afd.sys
13:16:35.0994 0x07fc AFD - ok
13:16:36.0002 0x07fc [ 56166D110D3ECFFC595E5FA02D9BA491, E8B08A07C06C7A3FA1996A0B027F316ACBDD2A2 1933DAD5CFFA9872C209DB79B ] ahcache C:\Windows\system32\DRIVERS\ahcache.sys
13:16:36.0012 0x07fc ahcache - ok
13:16:36.0015 0x07fc [ 84FFB4AC2BA923364DF13F73751E05D1, EBD054282D93F290408A2343C0CBF98CEF7619A 8252DC04E15322E51505D45AF ] AJRouter C:\Windows\System32\AJRouter.dll
13:16:36.0016 0x07fc AJRouter - ok
13:16:36.0021 0x07fc [ 084101AB03969D8ED00D5FFBE5F4C3DF, 6425FA16F0CBF5F3008780095364830EBF1F073 BD5109764FE9E88245AFB9367 ] ALG C:\Windows\System32\alg.exe
13:16:36.0023 0x07fc ALG - ok
13:16:36.0028 0x07fc [ 62619E31AFF88F906A7E793AC4A9FF51, 2532FAD310036CC3A5A7C8276EDABA6F0705EEE 46B61288856CEC0DF6CBA50C6 ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
13:16:36.0039 0x07fc AmdK8 - ok
13:16:36.0045 0x07fc [ 735142DD039BEB35632765C41FC6E397, 915373D15B9CCCFBC3DC46582C8EA1251E268DA 8E535F2CC407546FE10662341 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
13:16:36.0057 0x07fc AmdPPM - ok
13:16:36.0061 0x07fc [ F1C16AABA27E9E153AEC7BD2AB853F30, 7CFDBD218E6C161747A21BBACC78BF1061F2427 ED1247F1AE0879BE155C504E7 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:16:36.0063 0x07fc amdsata - ok
13:16:36.0071 0x07fc [ C834D0F1ECB8473E9E6D18EE1BCEECB2, C9B7B9279F96DE4DA1EE096B6463591B3A718F8 7CD75E544C5A07C3639D1F188 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
13:16:36.0076 0x07fc amdsbs - ok
13:16:36.0079 0x07fc [ 49203D2FFE30CBB36BE66A0E70F3D954, E5B5A3B3B4A8FF03B5C902642C776CECD554CA1 DB25419111EDA83602986CCCE ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:16:36.0080 0x07fc amdxata - ok
13:16:36.0086 0x07fc [ 3692C75C47285D388C886D162F54C430, C38263F070F6F9CC5BBE458460BD3715CAC6E0C 5E53AF2486289396CE5557673 ] AppID C:\Windows\system32\drivers\appid.sys
13:16:36.0090 0x07fc AppID - ok
13:16:36.0094 0x07fc [ A78F24AF599EA536C6028D80E4037664, 0FE73CAFAE336D8831225BDCC0158BEEEED2E9E 6086109974BE7F1982A79C9CA ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:16:36.0096 0x07fc AppIDSvc - ok
13:16:36.0101 0x07fc [ 083C727CCAFEDE51D27E21B7D36F62C3, E5DD91F81E014686E10E085E20681B62B3C3458 713F0C7DE4114EAAB03FB779A ] Appinfo C:\Windows\System32\appinfo.dll
13:16:36.0103 0x07fc Appinfo - ok
13:16:36.0109 0x07fc [ 7EB4548BA1B9ECD1D77A7512E4C3777F, CCCF4B4BC5526A3256C6E3D7FE4592B623FD2C0 5DD90CEBC0300A1245A9C68B0 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:16:36.0110 0x07fc Apple Mobile Device Service - ok
13:16:36.0114 0x07fc [ 1E085E2302D568F0CE041732B3E887B0, 0D2A3675FDD04C800B302C84A43F233F0217EB4 B1AD44B11AADDB0D5D8FA0DB2 ] applockerfltr C:\Windows\system32\drivers\applockerfltr.sys
13:16:36.0126 0x07fc applockerfltr - ok
13:16:36.0132 0x07fc [ 043786FF3A1B6A066613E0B166F28F07, CB248FA46D3798487A543344095F8EC5ACD8A4A 5B9FCC7C374CAFE9DB04C6281 ] AppMgmt C:\Windows\System32\appmgmts.dll
13:16:36.0135 0x07fc AppMgmt - ok
13:16:36.0147 0x07fc [ 1D123729F547EEDFBE3F510346848C38, B170860348FBAC054203A7B858866A12944D704 6C01BA3A14AC0860D8C288770 ] AppReadiness C:\Windows\system32\AppReadiness.dll
13:16:36.0156 0x07fc AppReadiness - ok
13:16:36.0209 0x07fc [ 881A32C6E2515FF4CE4FBAC38E0F65E4, FFBA57D6341C47BDC20BB22784501828E4C246C E6FF03873F857C139D512DCD1 ] AppXSvc C:\Windows\system32\appxdeploymentserver.dll
13:16:36.0244 0x07fc AppXSvc - ok
13:16:36.0253 0x07fc [ B42C83DE28776B80DBA1310C56DD4F74, 8E017B73D5AD644EC1D46BC1DC2CAF465A6793E 2AD6DC35A2E3AB907E7719C40 ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:16:36.0256 0x07fc arcsas - ok
13:16:36.0265 0x07fc [ 0D51FFDAE7C906C308369EAB87358304, 684E0405D82C67285FA1586426EA6792BBE7965 24C10DD24C2AF48FEF4E3D92E ] AssignedAccessManagerSvc C:\Windows\System32\assignedaccessmanagersvc.dll
13:16:36.0272 0x07fc AssignedAccessManagerSvc - ok
13:16:36.0277 0x07fc [ C2151380227CD1F7DDA2401C1F151367, 0E76DCD69CAB960DC65942269081436A9DDA255 E908E71A29E72DFCFC5CDCC7C ] AsyncMac C:\Windows\System32\drivers\asyncmac.sys
13:16:36.0286 0x07fc AsyncMac - ok
13:16:36.0290 0x07fc [ 6191B9B2EE0E8CB957C683B9B341CC86, E60ACC6E9C6E90F2E1DA0DE220C890B50887FD9 7E7884F8F4301FF2C9A2F408A ] atapi C:\Windows\system32\drivers\atapi.sys
13:16:36.0291 0x07fc atapi - ok
13:16:36.0304 0x07fc [ E2090FC58D5322185BAD2D7CDDE34AFE, DF4A4399A591EA25DB3D97A97B31B7119566B7A C35CDE548259FAFD9D2D69F39 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
13:16:36.0312 0x07fc AudioEndpointBuilder - ok
13:16:36.0339 0x07fc [ E36FE1B085C2505CF0495E76B2843EC0, FD3D10802ADB5875B29AA7B9744AE90A4E0DC12 CE2EEF3DB9F3AF872E294B6F8 ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:16:36.0355 0x07fc Audiosrv - ok
13:16:36.0361 0x07fc [ 947FF5992E26AFD4CAA34506678B70BC, 0B125EDBD6E740375E45AAA465DC83740F5CD43 A55CDA404F7A81F37EE3BC57C ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:16:36.0362 0x07fc AxInstSV - ok
13:16:36.0374 0x07fc [ A921805C1ED3253DF48FCA4D724173EB, 7DB6A13228812550F066C76273ECA6B3FC12E7C C98C245D16B5A13FBCF6A509D ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
13:16:36.0383 0x07fc b06bdrv - ok
13:16:36.0387 0x07fc [ 763CF81762483E244BAEB83DEFFC53F3, 7445168B30A892871019583534F59EFDA4BC997 B3C605EA724DBD1732F320812 ] bam C:\Windows\system32\drivers\bam.sys
13:16:36.0388 0x07fc bam - ok
13:16:36.0392 0x07fc [ 2A7267AA15E508F6D05A5B562F1FD1CE, 7070123619A3F08864844FF89C9DEA1D4ED48D0 5D2B93E305774BE715583DD51 ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
13:16:36.0401 0x07fc BasicDisplay - ok
13:16:36.0405 0x07fc [ 2E1EE0F10FAF1250D1AC05BFB0E6BD3D, 036821D6EE71AFF59B9DCA28F7F9678E68FD246 CB1C4368B11B4447B389D394F ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
13:16:36.0412 0x07fc BasicRender - ok
13:16:36.0417 0x07fc [ 739D089777D2B66DBE7201E5EA4BA2D7, 9AD12E18A042C5B8EFB19297BC2E7BD1FEF75A1 38FEFB64C6BF0261FD3E53AB1 ] bcmfn2 C:\Windows\System32\drivers\bcmfn2.sys
13:16:36.0425 0x07fc bcmfn2 - ok
13:16:36.0434 0x07fc [ 72963E0676003016B431306A6F4951BF, 3442A7C1AC1EE8E68F15C78CEBAC237D7535F83 4AA13F8BB602645DD183A73D3 ] BDESVC C:\Windows\System32\bdesvc.dll
13:16:36.0440 0x07fc BDESVC - ok
13:16:36.0443 0x07fc [ EDDAA3A563E7EB71C991FE91249C7D81, C095F7DDFB06C73AE28359A9DF2AFF69E715A88 90864610EAE07750BE5AF48CA ] Beep C:\Windows\system32\drivers\Beep.sys
13:16:36.0451 0x07fc Beep - ok
13:16:36.0466 0x07fc [ 86CAB4060251D418B6449D6CBCC852A6, BF4FB8B1DC542CED79AE30A26071F1DA0D10292 84150F99A7C4D2CB9DE732861 ] BFE C:\Windows\System32\bfe.dll
13:16:36.0476 0x07fc BFE - ok
13:16:36.0501 0x07fc [ E223918B4E0B28CF7BE132C30D1E161A, 6F7A88CE04B56C6EE1C8BE1675645B1D730CA2B 069A8D521768542AC4EBF2E77 ] BITS C:\Windows\System32\qmgr.dll
13:16:36.0521 0x07fc BITS - ok
13:16:36.0532 0x07fc [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD 9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:16:36.0537 0x07fc Bonjour Service - ok
13:16:36.0542 0x07fc [ D030A1203680D66716F4E74053468627, C227F266AB7630D03E8ED19695E074B5182E411 2E4931FB9552257EE2BE82848 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:16:36.0551 0x07fc bowser - ok
13:16:36.0566 0x07fc [ 7A637BFC163E24FD1E30D18048B57FD5, 4766AE5EB85F3801A794E8526B550D8F4B892CB C9F4DCB33739929027681872B ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
13:16:36.0575 0x07fc BrokerInfrastructure - ok
13:16:36.0581 0x07fc [ 2BA1BED8E8168C301522AC7CFBFA2141, 07000BEF5ABCF7795B474B69B1113F7EE5C22CF 0F8CAF4A3D5D872B0D452CDD0 ] Browser C:\Windows\System32\browser.dll
13:16:36.0584 0x07fc Browser - ok
13:16:36.0589 0x07fc [ 522888590B0C19BC8128119060AE7901, 9C979FD442E7B189FD156BD5E5E4A3D10FDABB3 C38094B9C67A702103D39B00F ] buttonconverter C:\Windows\System32\drivers\buttonconverter.sys
13:16:36.0598 0x07fc buttonconverter - ok
13:16:36.0602 0x07fc [ 2AB01CE5E233A6FBA3E91BD57772AA4B, DC241810B774BCE651B525885480F05D15AE0E6 23D53E4CB02562A8424C067E2 ] CAD C:\Windows\System32\drivers\CAD.sys
13:16:36.0604 0x07fc CAD - ok
13:16:36.0610 0x07fc [ E2C8EE32C053892E685A989071AAE333, 842228C315BBD5FA802A81833BB0158774969FE D4C5A706F9B904F7C70DB80A3 ] camsvc C:\Windows\system32\CapabilityAccessManager.dll
13:16:36.0614 0x07fc camsvc - ok
13:16:36.0619 0x07fc [ F6F97879F53AD57194C6BC8272FD73EA, C11CB040CC64ABC0A6EAD6D6985659896FBB591 1D2E10B6584E0F90FE6813C57 ] CapImg C:\Windows\System32\drivers\capimg.sys
13:16:36.0637 0x07fc CapImg - ok
13:16:36.0642 0x07fc [ 9E82A95D77AC78C84BA75FF896B060BF, 87905E55724ADE5149D3BBC2DB76A7275580DE2 04BB561B8E1FCD631DEF3D9F9 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:16:36.0651 0x07fc cdfs - ok
13:16:36.0664 0x07fc [ 147CEBE0C5F7A80135C54715521AD9E1, 99ACF25165C0C17822B0FC06F662848CA0DFAD5 1B3E3B440005C2E033BFE4840 ] CDPSvc C:\Windows\System32\CDPSvc.dll
13:16:36.0673 0x07fc CDPSvc - ok
13:16:36.0684 0x07fc [ C2F158F11391F21C7D3FEB572D11C2D2, 5F5E7A1A4E9A8C6AB0C4735BCE9175AE9287041 0ACFB2376F950DACE22E075D7 ] CDPUserSvc C:\Windows\System32\CDPUserSvc.dll
13:16:36.0689 0x07fc CDPUserSvc - ok
13:16:36.0698 0x07fc [ 6D83565C1652E80447EDEA6947FA89D7, A84A3EA45304A9E3F53DA9F4CB9F2D9FF8A2AD6 9A36AEA366D35A2F5C9FDF851 ] cdrom C:\Windows\System32\drivers\cdrom.sys
13:16:36.0708 0x07fc cdrom - ok
13:16:36.0714 0x07fc [ 200A5398C0E7E78DBDF6C0D9E811F366, 91BED3876FCA06AF551939720C0088BD195AF64 C11C6EAD8970EDE8E037A71AA ] CertPropSvc C:\Windows\System32\certprop.dll
13:16:36.0718 0x07fc CertPropSvc - ok
13:16:36.0727 0x07fc [ D81954CE5E016FD716EDDB2B2FD9BA58, C47FF6D6527605238EF46E9BDF4544E2B2F4F9C 5BCE13881F569F996541D7FF7 ] cht4iscsi C:\Windows\system32\drivers\cht4sx64.sys
13:16:36.0733 0x07fc cht4iscsi - ok
13:16:36.0763 0x07fc [ F9A8570805807FFD66488F0A858E1308, 5D8363C5EEB7B92CFA219C466D04D8C625CACAF BDEA5857C5C9FA0C391AC2FEB ] cht4vbd C:\Windows\System32\drivers\cht4vx64.sys
13:16:36.0787 0x07fc cht4vbd - ok
13:16:36.0792 0x07fc [ 9798D58461706930190F1F2F6BF21D80, BD7552297A636E19F5D544BDBF3490DA544E760 02F62B227FA5BDA7A11760040 ] circlass C:\Windows\System32\drivers\circlass.sys
13:16:36.0802 0x07fc circlass - ok
13:16:36.0810 0x07fc [ 3B5973C9D50DE90CEB6D7DC85216AA86, 26B9090A0494CAFBB2EFD94D4C4241C69983A50 033B81B83D594A2C99774B708 ] CldFlt C:\Windows\system32\drivers\cldflt.sys
13:16:36.0823 0x07fc CldFlt - ok
13:16:36.0831 0x07fc [ 59D46CE57A49353A733D162DBA65A4FA, 9701D96B077126AE65370EE64B859B37476200C 98D065581DB955947103277DF ] CLFS C:\Windows\system32\drivers\CLFS.sys
13:16:36.0837 0x07fc CLFS - ok
13:16:36.0853 0x07fc [ 608887CA75B4627183AC3E488D113865, 4255CEDFA8BC1B1BBFD629C6CFD185BDE860285 A93E2D906AC5B78FADBEE8B5D ] ClipSVC C:\Windows\System32\ClipSVC.dll
13:16:36.0864 0x07fc ClipSVC - ok
13:16:36.0874 0x07fc [ 2BA3BA38B5A6A667B0EAEC477276707B, 80AD05C5C7E0398EB7320A82878700C6588B741 1F3DEA02E5784CA599CB548C2 ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
13:16:36.0882 0x07fc CmBatt - ok
13:16:36.0896 0x07fc [ DCA18C81F7DA2023E6EC1E841A732F43, 004C1EB56AF7535060D5739D803C761ED31C4E7 CA3DAAD0605F3FCFAD7C32455 ] CNG C:\Windows\system32\Drivers\cng.sys
13:16:36.0905 0x07fc CNG - ok
13:16:36.0909 0x07fc [ C65AF00EF12A1755E7CA370B0C71935D, C03315A5B999EB9AA5B5F1F000BD8A1C68DFC15 1B23AA2F29F69F7129407AA11 ] cnghwassist C:\Windows\system32\DRIVERS\cnghwassist.sys
13:16:36.0910 0x07fc cnghwassist - ok
13:16:36.0928 0x07fc [ A50300498D56B2448F3593D25478D508, 841D66D4AB9749EE64802611157A9AAED1117B6 B2C411B3DA272CE439E69AE45 ] CompositeBus C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_9c1fb8f4db31c348\CompositeBus.sys
13:16:36.0936 0x07fc CompositeBus - ok
13:16:36.0938 0x07fc COMSysApp - ok
13:16:36.0941 0x07fc [ 65602B0DB49199647FECB2D1212147BE, DC25D2DED7C31B4691B61FC69BB12E50CA5EDA9 705339CCC82BE145EFD6D47C5 ] condrv C:\Windows\system32\drivers\condrv.sys
13:16:36.0942 0x07fc condrv - ok
13:16:36.0961 0x07fc [ CBA59790FE62C6896A7020DE0ADE2006, DDBACEFB25D55E4AFB24E7BC58349C5D11E0EC6 6CD7D7C2FD5BA17BD8994DC7C ] CoreMessagingRegistrar C:\Windows\system32\coremessaging.dll
13:16:36.0971 0x07fc CoreMessagingRegistrar - ok
13:16:36.0994 0x07fc [ 27EC856A11F2804B82E9E3671278E3DA, E50790FB8DA66515A63545D62E76FB5CC458878 D759913AFF4311381754D4D21 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
13:16:36.0998 0x07fc cphs - ok
13:16:37.0004 0x07fc [ D64EF74FC6DA47EC2E460076F299E77D, 1F77E9F777FA6996222DE45B3AB2C01CD94C80A 4A7F5CA092DDF1F18D74F93AA ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:16:37.0005 0x07fc CryptSvc - ok
13:16:37.0015 0x07fc [ 0AAC6E3138AB83C466281642D1A48F15, 31AEBAE422BFDC9EBE0B8CBAEE5ABAA27E8EA47 387D4A24C91A3CE92EF7E0C92 ] CSC C:\Windows\system32\drivers\csc.sys
13:16:37.0031 0x07fc CSC - ok
13:16:37.0046 0x07fc [ 9D4FA712339A09110809A4CC270AF4F0, 6403633EB0061CE3E4665E7A757EB697FD47DEE 540EEDEC035CC13184FC62947 ] CscService C:\Windows\System32\cscsvc.dll
13:16:37.0056 0x07fc CscService - ok
13:16:37.0060 0x07fc [ 72BE43ABD786E86AAE7EA2193201E100, A013CF10AA4158082B5D0D7F885969C5C92710A 6084E57E9DDBDA84420D97367 ] dam C:\Windows\system32\drivers\dam.sys
13:16:37.0061 0x07fc dam - ok
13:16:37.0082 0x07fc [ 79BDBB684629A526CCD958F06B9D6FAD, 489A85A5F63E5F012740B538878D6DAEBBB474D 64F27A6847D3E387A704E5297 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:16:37.0096 0x07fc DcomLaunch - ok
13:16:37.0107 0x07fc [ F7FB921F438C3566CEC55657EA4E7D9C, 17FA956E3B89F9B6C154975E7E1AAFB204F5EDE ACC14A8424827DE13440A9299 ] defragsvc C:\Windows\System32\defragsvc.dll
13:16:37.0114 0x07fc defragsvc - ok
13:16:37.0125 0x07fc [ B5F9123D6537856EA698386ABA27A232, C60DD499254B4A3741ECE71AF1685763BD6A6F8 28F879D54E175A6198C89ABF0 ] DeviceAssociationService C:\Windows\system32\das.dll
13:16:37.0130 0x07fc DeviceAssociationService - ok
13:16:37.0136 0x07fc [ 64A80A746FC460126FA4124AA2D93848, 851ECA69489FF9A834B6A5ACF9D51283FD3796E 21316D8A22E57DED2F415782C ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
13:16:37.0139 0x07fc DeviceInstall - ok
13:16:37.0152 0x07fc [ A19F51A044B62C994144ED87A7A5A887, 91ECE0E067E138817CD46A876B2D28CB47A2CCB E9C924EA91A1966FDF69AF7DF ] DevicesFlowUserSvc C:\Windows\System32\DevicesFlowBroker.dll
13:16:37.0162 0x07fc DevicesFlowUserSvc - ok
13:16:37.0168 0x07fc [ 0D2A4CA81D1F7B5E5FBFE1E4F60246B8, EF425C2FB1191720F9B53EB26EC904F53851D29 6B222E20B0733615575D4B7E5 ] DevQueryBroker C:\Windows\system32\DevQueryBroker.dll
13:16:37.0169 0x07fc DevQueryBroker - ok
13:16:37.0175 0x07fc [ 9910E9CFF5ECDCB225F82E72CE9DE459, BF38E53FC993C4F8170341C7798E2FC18BDB540 E7543979581ABCA9E24B4494E ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
13:16:37.0185 0x07fc Dfsc - ok
13:16:37.0194 0x07fc [ 309F4FBA6AC2CA70663C99690AE900C2, D38E3A5AD818DBB165C8C141236AE0C684E67FA 1ACCD2914EEA1E6A771B06C33 ] Dhcp C:\Windows\system32\dhcpcore.dll
13:16:37.0198 0x07fc Dhcp - ok
13:16:37.0206 0x07fc [ 8C46ADC4354DDE94CA459CB4BA822073, 8B0597866B6BAD22641B70836B29FC01433A00A FDABF31E5672DD5DF6ADCC3BB ] diagnosticshub.standardcollector.servic e C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
13:16:37.0219 0x07fc diagnosticshub.standardcollector.servic e - ok
13:16:37.0225 0x07fc [ E2BF09B816393AF73EDCB8ECF9BBDB2D, DBDFFC2450E4EC684DD59383799ACF1D207B088 2C301B8D562FB76307AFCC553 ] diagsvc C:\Windows\system32\DiagSvc.dll
13:16:37.0229 0x07fc diagsvc - ok
13:16:37.0278 0x07fc [ 363519B5143688A7779A51859CFDB863, D7F9D6524872926F69CE4E84D93B47034E0B199 5431F13250C0917EF122F2AC3 ] DiagTrack C:\Windows\system32\diagtrack.dll
13:16:37.0308 0x07fc DiagTrack - ok
13:16:37.0316 0x07fc [ 811173C821171BB910219E53C7FD97AD, F915F90A39F99F6E38082B8077874791BBF21FF 271351A4976494C6708C43E56 ] Disk C:\Windows\system32\drivers\disk.sys
13:16:37.0319 0x07fc Disk - ok
13:16:37.0333 0x07fc [ 133E5277C2A50770EADFAC4AF2232D69, E24933DD2440BA8DBDFD3A583301A9BE56A4ED6 99134242DB52E1AB5721C53D4 ] DmEnrollmentSvc C:\Windows\system32\Windows.Internal.Management.dll
13:16:37.0345 0x07fc DmEnrollmentSvc - ok
13:16:37.0350 0x07fc [ 569FE16775E15A49DC904DE20BF8CAA0, 18C1734AC5D6C4FE1944916B710450F18FAA7F3 594E4EFB8CCEA140FC03A78BE ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
13:16:37.0351 0x07fc dmvsc - ok
13:16:37.0354 0x07fc [ 10E72E3315305461D3F0C7560AE98CA5, 702B5C056DB6B4E337231BBEA48E106FA95F26B 48CDE91857305E4C6E4EE6A12 ] dmwappushservice C:\Windows\system32\dmwappushsvc.dll
13:16:37.0356 0x07fc dmwappushservice - ok
13:16:37.0363 0x07fc [ 4ACA3CE75B4C2243299C24A715E9B3CE, 043610E57C6D87F12D98C1A663B5CA415F64742 D30434863073BD902BAE2EAC0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:16:37.0367 0x07fc Dnscache - ok
13:16:37.0375 0x07fc [ 24F0CF56DF2725291937B32597BA8D51, 810D4B43A4FB4B1738BFDAE51A49FD1725483BA 686C6A3FA1DC1341D08AC743A ] dot3svc C:\Windows\System32\dot3svc.dll
13:16:37.0378 0x07fc dot3svc - ok
13:16:37.0384 0x07fc [ 6D8971C942FEE43A0AB6B3192534AFB4, 44D437DD32E1FDD7922B352CA6C19C83C1ADD82 5FB704B8E07BEF01E866E2B99 ] DPS C:\Windows\system32\dps.dll
13:16:37.0386 0x07fc DPS - ok
13:16:37.0390 0x07fc [ F4800922F4ABA619585CE320A72E6389, CA83BCAA8B37F303E89598F8C93B201A3F000A0 9F4A9963E370D7E59BD79D448 ] drmkaud C:\Windows\System32\drivers\drmkaud.sys
13:16:37.0391 0x07fc drmkaud - ok
13:16:37.0397 0x07fc [ BB73FD1329739982C2915AB827A01362, 70E69942AE14D5012D9A8B1C799B5B4B4FCC2E4 56D8940CB4C104D6AB7C4997B ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
13:16:37.0400 0x07fc DsmSvc - ok
13:16:37.0406 0x07fc [ C7DC50CC0C6B0948A0C040622FCD70EA, F9C6B8F27E3DED8F7A681D0F652CCB6B1AE6D5E 6CA8654E33EFDCF32A2D294EB ] DsSvc C:\Windows\System32\DsSvc.dll
13:16:37.0408 0x07fc DsSvc - ok
13:16:37.0416 0x07fc [ A92C554CC7B6814841D118356B40975B, 20ECA52235D75325B5EF971B14BD6B2B0B5AC13 116DFF324655332A297B56D5D ] DusmSvc C:\Windows\System32\dusmsvc.dll
13:16:37.0420 0x07fc DusmSvc - ok
13:16:37.0461 0x07fc [ 4D3E03DF1BBFBD16671330BA28970739, B3DD8F2E70247B1DC753608B78EF936AC1D7361 AA5CD98AD48D816DAA0A0F4C1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:16:37.0489 0x07fc DXGKrnl - ok
13:16:37.0496 0x07fc [ FA94398748930D840FE35A44F1D225A7, E2D48460413904AAFB50E18A24471157D2A235F 5CCDF89EE49BB139D1CA3B9F6 ] Eaphost C:\Windows\System32\eapsvc.dll
13:16:37.0499 0x07fc Eaphost - ok
13:16:37.0560 0x07fc [ C99D40C97841E0A7F0F90B8629593A97, 2DE7FB6E3CD7B06079C2B05D8C10AD0EDF18768 4ED1DE5BEE98FAB9A4B331824 ] ebdrv C:\Windows\system32\drivers\evbda.sys
13:16:37.0606 0x07fc ebdrv - ok
13:16:37.0613 0x07fc [ 94E06D509D50807774F35BEE3163E806, ADADFA0D533944579BA0E5FE31A68D4D1395E7B 9DB75E58D47E0ADC0DA5AD16C ] EFS C:\Windows\System32\lsass.exe
13:16:37.0615 0x07fc EFS - ok
13:16:37.0619 0x07fc [ 260BBD6B1ED06298E509B452354EDB91, CF794D5AC62C6DBF356BC717910FD2B106A8BD9 0C3C03BA43859FD876F8820BC ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
13:16:37.0622 0x07fc EhStorClass - ok
13:16:37.0626 0x07fc [ F3BEBDC1B9DBA32F183079EAE6244837, 5DE0DA8D2A13BFA852355619C6DE5AC2FDFAB31 4A619A4F209842581E4D82DE1 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
13:16:37.0629 0x07fc EhStorTcgDrv - ok
13:16:37.0636 0x07fc [ A75880A9192B9DA69F46867B06276746, 53856262A5BD4BE93CB45D1F43B87F45CB01C02 B7D94231CF05346B9BDF1F18D ] embeddedmode C:\Windows\System32\embeddedmodesvc.dll
13:16:37.0638 0x07fc embeddedmode - ok
13:16:37.0646 0x07fc [ 9E6CB1D3F6AD67AA7A2C831FB9B7E496, EB9AEC7E780B6FDA8B6082D8F4F88C9393B4E6B B49ACE324C882DFB9AF8D0C78 ] EntAppSvc C:\Windows\system32\EnterpriseAppMgmtSvc.dll
13:16:37.0651 0x07fc EntAppSvc - ok
13:16:37.0655 0x07fc [ 1B63CA857FD03FD0A5A1379F2996784F, 9EE5205DCFADAFC62D36528087FA4E023F7E48F F0D2A8333D8A6111AE09D21B8 ] ErrDev C:\Windows\System32\drivers\errdev.sys
13:16:37.0662 0x07fc ErrDev - ok
13:16:37.0669 0x07fc [ 7D0520A12B31E6858B3BB7E675AFA34E, 40EC97904041D9106A7F28084897462ED7478DF C1C0930A800D416E80A8FB587 ] ESProtectionDriver C:\Windows\system32\drivers\mbae64.sys
13:16:37.0670 0x07fc ESProtectionDriver - ok
13:16:37.0682 0x07fc [ 6A5FA501A2D96001391FF3CBA32935AB, 018DB01ADE957A1A1FF5B168A2EC0EFEF8BFBE0 36079791FDF0C6AA6C12295BA ] EventSystem C:\Windows\system32\es.dll
13:16:37.0688 0x07fc EventSystem - ok
13:16:37.0697 0x07fc [ F1ACA42D448E3986565EA54275EEEA65, C85101D6E7A2204FD73AAACD972F610B6A4BCF7 EB7512412FD34660DCB5E8C5C ] exfat C:\Windows\system32\drivers\exfat.sys
13:16:37.0722 0x07fc exfat - ok
13:16:37.0732 0x07fc [ 0AF4B36754A6EAE794EE4398E219A9E1, A818763D7AE6E7F4BC57294BB4D80FE9E04387B B3EBE8A6088D2AF746FF548A6 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:16:37.0736 0x07fc fastfat - ok
13:16:37.0751 0x07fc [ B1A38C0D977D8738779CA3EFEBDFCA8C, EDD852EF89AFBDDBBBE002E6675EAFCC46742B6 136EB22428C84D737C6229FEA ] Fax C:\Windows\system32\fxssvc.exe
13:16:37.0780 0x07fc Fax - ok
13:16:37.0784 0x07fc [ 7CD8426A33F06EB72BFEC51F7C264AF8, 4FDD5F6A8BDF25D965CE52132DD0EA77D335C1C 5F77A7758F3F6E22DFC12BDF5 ] fdc C:\Windows\System32\drivers\fdc.sys
13:16:37.0793 0x07fc fdc - ok
13:16:37.0801 0x07fc [ 21EB16C5DDFBC19DEBE9EEC10EA423FB, 514327DA987793AFE1DFB4F2C0F033C349432E6 F1F6AACBAE23E24E63EFA51B9 ] fdPHost C:\Windows\system32\fdPHost.dll
13:16:37.0802 0x07fc fdPHost - ok
13:16:37.0805 0x07fc [ 57F98EFE6CB82AE5400BA99C705AF45C, 7AB83C7AF4CA49BFC2976FB707B251C181279B7 E16EBDD43AD0E1A4AB8C4DFC9 ] FDResPub C:\Windows\system32\fdrespub.dll
13:16:37.0808 0x07fc FDResPub - ok
13:16:37.0812 0x07fc [ 02F93E4B9EC2821B6670208044FF5332, 2D947C8AE51E749029B3180751E4486E27A1947 1A7A98087076103D307B5CE64 ] fhsvc C:\Windows\system32\fhsvc.dll
13:16:37.0814 0x07fc fhsvc - ok
13:16:37.0818 0x07fc [ DE51BBBCF358188F9736F031546F9908, E2B80DF63C039663085FA9D63F3F30736EC20C4 9BC678CBD7D7C7231107C3635 ] FileCrypt C:\Windows\system32\drivers\filecrypt.sys
13:16:37.0827 0x07fc FileCrypt - ok
13:16:37.0832 0x07fc [ 822F664952B0F8D11BB6BD2F11779602, B7E9908A305942194E64E834819186CBBF9DD44 69B300DCC8D31E1E5674D6600 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:16:37.0834 0x07fc FileInfo - ok
13:16:37.0838 0x07fc [ 5A4935682A0D47A4EAC4BE3C2ACF74D6, 0DCF2E7928D11F49EBF906233894E81CFFE938A DFCA802CE0207CA58B4A02AAD ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:16:37.0846 0x07fc Filetrace - ok
13:16:37.0850 0x07fc [ 60641F22D1D38EAD197C25F0339C9712, 110ACEADAE92C384C80356C9DE88E3A94141881 E8544DB65736875FFA2716F68 ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
13:16:37.0860 0x07fc flpydisk - ok
13:16:37.0871 0x07fc [ 56F9EAA7099159759B2F6C523007A13F, E29B3CB052FD9776E818B9CE3E805E89A37DD92 5FE64518F768238AB706C24B9 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:16:37.0877 0x07fc FltMgr - ok
13:16:37.0911 0x07fc [ 9DCB91239DE1FE05F870AE3471E70559, 1EA360023B926F4024B602010AFD168A6C61563 2B05900427D765CD228280EEF ] FontCache C:\Windows\system32\FntCache.dll
13:16:37.0934 0x07fc FontCache - ok
13:16:37.0940 0x07fc [ A7C6894FFF261C0FEFDCB41BE83CF430, C3DB55140E4848873BC0004030933402CD39611 2C14F432258D875DB1608700E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:16:37.0941 0x07fc FontCache3.0.0.0 - ok
13:16:37.0954 0x07fc [ 6793F7AE8442C487C55352C78739E77A, EA9FE762B8A339183DB3523CD8E8736B6BEF848 9EC11380EF7F1530D10631500 ] FrameServer C:\Windows\system32\FrameServer.dll
13:16:37.0964 0x07fc FrameServer - ok
13:16:37.0970 0x07fc [ 5D8A0E58E3F82583697E3F07052435AA, 7E1BF49657905950DD24BAF2B270976D7D9D33A EBC24E0DC0A5B16AC944DB9AD ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:16:37.0972 0x07fc FsDepends - ok
13:16:37.0975 0x07fc [ BB82CC2F51F7C3D5DCD13FA3B040D8F8, 24B9735D8E4BC0416AFDEEE534118D98AF363CF E8AEFE8AB23827DC67FC4239B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:16:37.0977 0x07fc Fs_Rec - ok
13:16:37.0992 0x07fc [ 69C669540A850553AF9589DB05A2A7D0, CF5468B7851509400FED4161AB766CE58CC5005 6B561A950D849E0F8BCDF4D3C ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:16:38.0003 0x07fc fvevol - ok
13:16:38.0008 0x07fc [ 3B5DDF1061930A0A891FA63DB0CB878B, BB48865CFAD8299E96AFBC2993A34FB47B52466 C897FF0875836BD48A14B78C7 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
13:16:38.0017 0x07fc gencounter - ok
13:16:38.0022 0x07fc [ 8B34E3F794F652082D7E8AF112F71681, C6CFA239BDF46827BFC89DC9A9BF45B0EBCE3EF 1BB7DCA33980A632E549B37F5 ] genericusbfn C:\Windows\System32\drivers\genericusbfn.sys
13:16:38.0030 0x07fc genericusbfn - ok
13:16:38.0037 0x07fc [ 127C23F4720C8902A3AB0FEE12205317, E3BF55D81B04572D11B41CDA2DB4509FD252561 EB29ED22CC6F616E856E3D86E ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
13:16:38.0039 0x07fc GPIOClx0101 - ok
13:16:38.0062 0x07fc [ A7A85B505944F99CB55C8669E4F7FC0F, AE2B11A0309907949D4BACF32BA487C9A7732D6 47F00ED428102C380F53465A8 ] gpsvc C:\Windows\System32\gpsvc.dll
13:16:38.0077 0x07fc gpsvc - ok
13:16:38.0082 0x07fc [ C7DEA3458E50B691E69EFF0B47CBCCDB, E33330473BDA2025503B2E65DA03C83C884F56B 9E684F90695D4AF1AFB922832 ] GpuEnergyDrv C:\Windows\system32\drivers\gpuenergydrv.sys
13:16:38.0090 0x07fc GpuEnergyDrv - ok
13:16:38.0094 0x07fc [ 141904F0581468B39B579EA33CA57549, 1D947A6079CED7840B0FF4720C36D873F5A69EA 6C94E4C15ADF1A7C0CD0CD0EA ] GraphicsPerfSvc C:\Windows\System32\GraphicsPerfSvc.dll
13:16:38.0096 0x07fc GraphicsPerfSvc - ok
13:16:38.0103 0x07fc [ 605CCC9CE1839BC5583017DF7CAE27A6, F1F67830FC3531DFBDAF5315F59422438AB9F24 3D89491AC75D1818E7ED98B5D ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:16:38.0105 0x07fc gupdate - ok
13:16:38.0110 0x07fc [ 605CCC9CE1839BC5583017DF7CAE27A6, F1F67830FC3531DFBDAF5315F59422438AB9F24 3D89491AC75D1818E7ED98B5D ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:16:38.0112 0x07fc gupdatem - ok
13:16:38.0122 0x07fc [ 6B76F5915654F647B06EDBE63BCB5116, D7949564AD369DD9134C26927252B657C4F8716 1AE958F784AE1515C1DBC6226 ] HdAudAddService C:\Windows\system32\DRIVERS\HdAudio.sys
13:16:38.0136 0x07fc HdAudAddService - ok
13:16:38.0141 0x07fc [ 99A34FD1F6431A10D8C3BB50E170D0F2, 14BFF99BBF9ED53D3A157B096CDE03948242600 21BA96E1F2C7B1CFB598DD850 ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
13:16:38.0143 0x07fc HDAudBus - ok
13:16:38.0147 0x07fc [ 2443FC6EEB9CF092B62127D867901B02, ABD5E907FF066B95C5697C4E470B4EA19976DEC 90C8159B963A82EDA218AB114 ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
13:16:38.0149 0x07fc HidBatt - ok
13:16:38.0154 0x07fc [ 205043CDC16ADE85E252DD54AE925161, F377F046EFEE53C7786AF15C0BB5BADE3651142 7575A712B0098A883F3715DB3 ] HidBth C:\Windows\System32\drivers\hidbth.sys
13:16:38.0164 0x07fc HidBth - ok
13:16:38.0169 0x07fc [ B521DDDC9038C066B1B957BF063A531A, C5FE68FB22C28C4D06A0792FD5AC9A1F0EC01EF 26E1D37B9DF05F22D8B7DFF8C ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
13:16:38.0178 0x07fc hidi2c - ok
13:16:38.0182 0x07fc [ 5AC0EBFA76E93273A806176D3178E986, 679BFEFF9F4172EBB14A6C2E8381F54FBDC9E87 05E8B0F306723DDF48B6E5143 ] hidinterrupt C:\Windows\System32\drivers\hidinterrupt.sys
13:16:38.0185 0x07fc hidinterrupt - ok
13:16:38.0194 0x07fc [ 366AC0E05EBF5D5C375F65CD8BC7F0DF, A6B751864E33EBB5DE2E09403A8C26E72DD5510 F3A380FA502393FC11A14A433 ] HidIr C:\Windows\System32\drivers\hidir.sys
13:16:38.0206 0x07fc HidIr - ok
13:16:38.0209 0x07fc [ 75F4CCB7FF03603E91DD0C7FF83DAABF, 10508A6C36163C9D40C16A47AB4CA8C03C89BB7 795690818E5C562E3FF828D5B ] hidserv C:\Windows\system32\hidserv.dll
13:16:38.0210 0x07fc hidserv - ok
13:16:38.0214 0x07fc [ 7CB54D02746024648FCE184FC3F941FF, 6C7B8E6AD3C05D66868D0268C9C8183021AB241 E576184FAD0BD50ED4E18E9ED ] HidUsb C:\Windows\System32\drivers\hidusb.sys
13:16:38.0224 0x07fc HidUsb - ok
13:16:38.0231 0x07fc [ F17E9B07829FD2E1F91A70B2C9C162C0, 38BEABD9E1721C2DB73B9C1FEB42FD75B7550DB 0D622FB7BC26CC5CA2A4DF1D3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:16:38.0237 0x07fc HomeGroupListener - ok
13:16:38.0248 0x07fc [ 24C900B7296AA9867FB761A5801AFBD1, 4A765E905D0F7C4B450A28FB85F413F4EAD2B53 240E804FA531626ABB0518381 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:16:38.0255 0x07fc HomeGroupProvider - ok
13:16:38.0260 0x07fc [ 835FB95D85D362057A72D21A48C2C7F8, 06A57F9E459E52DAA7B27F232DBC1E0ED0E0475 9D34AF3E15A645D11DFDD6A58 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:16:38.0262 0x07fc HpSAMD - ok
13:16:38.0284 0x07fc [ E717D3E5F69E29C1487E16C93CE22570, AFF79D62BDE28539EB873B24B7AFF8A30F3B047 559FB2157E57BD4FF9A03A4B9 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:16:38.0296 0x07fc HTTP - ok
13:16:38.0302 0x07fc [ AD930879F319969EB09449C015A32104, 3C33CFA1D3452EAB689178D09311DFF84C4A2D5 854837DA75B1D7CC57CE6FB5F ] HvHost C:\Windows\System32\hvhostsvc.dll
13:16:38.0304 0x07fc HvHost - ok
13:16:38.0309 0x07fc [ 9F2CFC90306532866C62BDCDFD2532AA, F27B1087B1E3E06FB49092BBF2DD8CF5B6ADD4C E061FE10C3ED44C58B92BE007 ] hvservice C:\Windows\system32\drivers\hvservice.sys
13:16:38.0312 0x07fc hvservice - ok
13:16:38.0317 0x07fc [ 3737FE486929AFC48F1D10677B698E52, 9E8792F3A494AE3E7CDA65E93B561B6FFFB9C78 1606F5863D524DDD24CFEB9C3 ] HwNClx0101 C:\Windows\system32\Drivers\mshwnclx.sys
13:16:38.0330 0x07fc HwNClx0101 - ok
13:16:38.0337 0x07fc [ 3C65EBF7F1BFD98426C355D66876ECEE, CA1DC462C4D96176C81EF3448238B76B4CDA3C5 21533973B281359D7F436B8A5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:16:38.0339 0x07fc hwpolicy - ok
13:16:38.0342 0x07fc [ 7E00234C67A322988AFEA717D5609C9E, 9210E400200B1313426792A67C27ECA4DBA9872 111DC3C217195FC5DEAC4614D ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
13:16:38.0355 0x07fc hyperkbd - ok
13:16:38.0359 0x07fc [ FBF5BB641DE99AE1DF4835E88D4F8993, 55250C1FCCDA74249D5EE15B2502A68DB1EB60C 7AC24500B9FB2DF2E3319CDAB ] HyperVideo C:\Windows\System32\drivers\HyperVideo.sys
13:16:38.0370 0x07fc HyperVideo - ok
13:16:38.0374 0x07fc [ 56FF074E50F9042FD2856AB3418F4B18, 239C9BF23DE2E36FD7112C425CDF18F29B751D7 5EF3551AEFB048FAD2B0A55E2 ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
13:16:38.0386 0x07fc i8042prt - ok
13:16:38.0389 0x07fc [ B5EC43755E62591197DE5CBBDAA9FEB7, 1B4E0EAB677B09A050925879ECDA311404270DC F020AAD390692427198C73C9F ] iagpio C:\Windows\System32\drivers\iagpio.sys
13:16:38.0397 0x07fc iagpio - ok
13:16:38.0402 0x07fc [ D8CA23F9C5FEF44296FDE1E005C06EC0, 0D7B03EF9E19B9B2A28C3318560488B3F9573CF 364A533A9B4A2CD0A7FFA4F84 ] iai2c C:\Windows\System32\drivers\iai2c.sys
13:16:38.0410 0x07fc iai2c - ok
13:16:38.0416 0x07fc [ 7B769C9D19C013F94874C4B15D59A005, 53A15F0480AEC43B5A01CFB17360188885B6ECB FFF6E566D27E5B6D4C7737243 ] iaLPSS2i_GPIO2 C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys
13:16:38.0426 0x07fc iaLPSS2i_GPIO2 - ok
13:16:38.0430 0x07fc [ E0F1B3A2A70FABE3BE1C9140BB55E607, 34E5B055619F3A26B7BB6054EA49D40B7D6DAFE 234F57F358FE7C8EE83E10618 ] iaLPSS2i_GPIO2_BXT_P C:\Windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys
13:16:38.0442 0x07fc iaLPSS2i_GPIO2_BXT_P - ok
13:16:38.0447 0x07fc [ 89A869BCC0588A3009ECB875B09ECD39, 5ECC2C6E661B326511682D8EA1C82F942C63835 890687285FEF455C5C9DC2476 ] iaLPSS2i_I2C C:\Windows\System32\drivers\iaLPSS2i_I2C.sys
13:16:38.0459 0x07fc iaLPSS2i_I2C - ok
13:16:38.0465 0x07fc [ 2E693DF3C02A0859DB8DE25772751100, 3EFFDA44B247E04258429ADC85E88E23F926FD4 87A3A85BF879E6E5802197B3F ] iaLPSS2i_I2C_BXT_P C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys
13:16:38.0481 0x07fc iaLPSS2i_I2C_BXT_P - ok
13:16:38.0488 0x07fc [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6 ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
13:16:38.0490 0x07fc iaLPSSi_GPIO - ok
13:16:38.0495 0x07fc [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37 A261990B3D6BF4E637A719547 ] iaLPSSi_I2C C:\Windows\System32\drivers\iaLPSSi_I2C.sys
13:16:38.0504 0x07fc iaLPSSi_I2C - ok
13:16:38.0518 0x07fc [ 435883A27A376B125BD4DF888417C85F, 091F9285FCF1D5605D03CB68C062A2DE6FF2D70 5FF43E983A8A7B5DFA0872A96 ] iaStorAV C:\Windows\system32\drivers\iaStorAV.sys
13:16:38.0528 0x07fc iaStorAV - ok
13:16:38.0539 0x07fc [ 7118E4390C4ACDE61E280CE52BCAF44E, 11123C1555344A191283187BF1F4A8D731E29EE 27C7A7A7916873E8D2E95D978 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:16:38.0545 0x07fc iaStorV - ok
13:16:38.0557 0x07fc [ 9DBE8C359ABACE1BE1BBAB687D114506, D2E5CB2BFC42627C1BB38A68F925DD534AEFFF9 354AFD184005EC338E8E6B232 ] ibbus C:\Windows\System32\drivers\ibbus.sys
13:16:38.0567 0x07fc ibbus - ok
13:16:38.0572 0x07fc [ 1B904E09172A2D63CB728F56B9DC72AA, E83D8A55319B378EB76A88EF778F69F560C8F25 41BBD58151754509008D1A2C5 ] ICCWDT C:\Windows\System32\drivers\ICCWDT.sys
13:16:38.0572 0x07fc ICCWDT - ok
13:16:38.0578 0x07fc [ 17565941EE9ACB6BC34DCF6D05B1F1D1, B758B202569F784183F7F60FC7BDD57D179228C EBE85A6BD6239921FA85C1855 ] icssvc C:\Windows\System32\tetheringservice.dll
13:16:38.0582 0x07fc icssvc - ok
13:16:38.0685 0x07fc [ 6BA6031CB08B2B7BB31CCF01C8EB1027, 0D6DCAC9BA65C2BD3EBC71D57A7E16B303C274D 72A5C770C05D869544BCB140D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
13:16:38.0754 0x07fc igfx - ok
13:16:38.0770 0x07fc [ C9071494AFC5B383E84788C91F7CA9D4, 2BACCD7E04B6A5E95960DB96726A6F64E40ADB2 7EABAFF90AB9F660A83CD4549 ] igfxCUIService2.0.0.0 C:\Windows\system32\igfxCUIService.exe
13:16:38.0774 0x07fc igfxCUIService2.0.0.0 - ok
13:16:38.0793 0x07fc [ 72AB18B50053FA57B08FD4065C11B16B, 4D0CDAEF3C168539BEE22F28CBFEA380535FD78 863965EAC6421B9E26048D1F5 ] IKEEXT C:\Windows\System32\ikeext.dll
13:16:38.0805 0x07fc IKEEXT - ok
13:16:38.0809 0x07fc [ 42CAF6216A6E516DC56BA319ACC7EEC5, DF60FF41F06D1101E4A81F7416DB5A34D7BA885 CBA874BC15AD43FB4080F2958 ] IndirectKmd C:\Windows\System32\drivers\IndirectKmd.sys
13:16:38.0818 0x07fc IndirectKmd - ok
13:16:38.0843 0x07fc [ 69B9F13BFF6272FF39D672E1A4C2DBCE, 717AB5FBC018C4FF5B71702F716E61251575E8A D763DA1F06C1460D1DB4B1D08 ] InstallService C:\Windows\system32\InstallService.dll
13:16:38.0861 0x07fc InstallService - ok
13:16:38.0873 0x07fc [ 38E7BD9D8BD9717E544B8B6BA2A4B7B0, EA9B656E9C86D86755C10EBD4B2D7E782C25A6E CEDAF1C010638884F346075F6 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
13:16:38.0878 0x07fc IntcDAud - ok
13:16:38.0898 0x07fc [ AE32376564771525DCDD2F0280619E1A, 233B7B272DCD9080DE7C9593EB7993745D1037E A87B69617E7176F074DFD5968 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
13:16:38.0995 0x07fc Intel(R) Capability Licensing Service TCP IP Interface - ok
13:16:39.0004 0x07fc [ 618667DFB3E9E8D8AB98FD2ED8F6577C, 6F5FF6D710329E2B0FC390B29660B51FF73F418 70F36EE567B2B34AD5044632A ] Intel(R) Security Assist C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
13:16:39.0031 0x07fc Intel(R) Security Assist - ok
13:16:39.0038 0x07fc [ 40943C1CD031ACE06A8374AD56B9E5EA, 05E5AD4330F272C421A8726E9E6555115D8717D C5AFDE3CC1DB53A3D7518BF62 ] intelide C:\Windows\system32\drivers\intelide.sys
13:16:39.0040 0x07fc intelide - ok
13:16:39.0045 0x07fc [ 327D9CCF5492543AEF3979F9EEAD02BE, 1C6CD9ECB785D022A38DF683FACCA737469BF72 E42365CD6DB8C2675F2ED1F1C ] intelpep C:\Windows\system32\drivers\intelpep.sys
13:16:39.0062 0x07fc intelpep - ok
13:16:39.0068 0x07fc [ 10F2757836F41BFAEA2AE19F6FE869B2, 487863EEAEDDC80E39A04030D69950BB58A8BF8 1EEFBC667398F9F4C238DE007 ] intelppm C:\Windows\System32\drivers\intelppm.sys
13:16:39.0071 0x07fc intelppm - ok
13:16:39.0074 0x07fc [ 8387E90B551B9B7F32EDC69909591E9E, 7086B6F2B728D7C46F0A1E7E4F81B3D33C25BD5 F8A2A4ECEBA55F8C68F164500 ] invdimm C:\Windows\System32\drivers\invdimm.sys
13:16:39.0083 0x07fc invdimm - ok
13:16:39.0090 0x07fc [ E207078E0E1BB3524277DB9077E4148E, 309320950095AF83DCBE08BFDD4BFE4EBADBF48 CA255871A6B37BAAA7B4A5B38 ] iorate C:\Windows\system32\drivers\iorate.sys
13:16:39.0091 0x07fc iorate - ok
13:16:39.0095 0x07fc [ FD8F64B7B345E539F2EA7F72846F83B4, 95F232BC2454D68F1A154C9BD8FCCF60D36F542 4B798661D6F1DD8E052ED0D04 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:16:39.0105 0x07fc IpFilterDriver - ok
13:16:39.0121 0x07fc [ 0076CE11539416052A7A79B2DCC53E6D, 0FBBC0948B096922333B54E4DB98BD716CF9534 0CF699BD3D4EC31B0BA7897CB ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:16:39.0131 0x07fc iphlpsvc - ok
13:16:39.0138 0x07fc [ 8AAB863E72A4F9C578FED2EE3541545B, B3278B790DF9F77F8FDDBECAD22E0D2E080D74B 8E61EFF112055478B3B0B2329 ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
13:16:39.0140 0x07fc IPMIDRV - ok
13:16:39.0146 0x07fc [ 7BEC2AF23F586EFF0DB4DBF4331B0C70, D02506CAB19AD1D3ABBB35FCC569ED613EB9D68 28E9BC0389EC8A8DFC548334B ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:16:39.0158 0x07fc IPNAT - ok
13:16:39.0172 0x07fc [ 8A640C05C43A9EB5DCAD2259578A39AF, 10FB01E5DEBAA1502C818EF3758EB3FB5836FB4 AE25DDBE959619BCBE20E52C4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:16:39.0180 0x07fc iPod Service - ok
13:16:39.0185 0x07fc [ 35A54F19E703D4FE5919F812F6CC5D0A, B0AC1C97D115F57390BD2B4F9114429CF1729EB 8D658B3EAEC8ECF28A24369F7 ] IPT C:\Windows\System32\drivers\ipt.sys
13:16:39.0193 0x07fc IPT - ok
13:16:39.0196 0x07fc [ F6C47021C41F721B628161B64D7DECB9, 625227F18518098C00AF2C6F4EE5D96711D2608 0459AD2C9F7CF2A5778DEF191 ] IpxlatCfgSvc C:\Windows\System32\IpxlatCfg.dll
13:16:39.0198 0x07fc IpxlatCfgSvc - ok
13:16:39.0203 0x07fc [ 359CDDBC825959DA28FA886B3C271B53, 27758898F6297E768706CA408E5D0310291D74F E312580E68F8E8A0C2F52B0F3 ] irda C:\Windows\system32\drivers\irda.sys
13:16:39.0213 0x07fc irda - ok
13:16:39.0218 0x07fc [ F88664A2A82DDA456180FFF95A771765, 004BBC715FE6EC0D4D2CAE978EA64C6CEA130EE 10C356B7FACF0C98B51E8AECB ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:16:39.0226 0x07fc IRENUM - ok
13:16:39.0229 0x07fc [ 4F500A0171606B0E37964694140FCA16, 6E29A7348395EE3EB85E2BA97E581FBF605CE1B A4651F5848976AD293CC797E3 ] irmon C:\Windows\System32\irmon.dll
13:16:39.0230 0x07fc irmon - ok
13:16:39.0233 0x07fc [ 8E3D5F919D6FB66557219343BD948B3D, BCE103FA09C75BB705C029356BBBB921584B166 813162424D8E3CED0D20CF24E ] isaHelperSvc C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
13:16:39.0234 0x07fc isaHelperSvc - ok
13:16:39.0240 0x07fc [ 2296B158C43C306B0AC5B4D57EA9F0E1, 7B256FFF111F42EB0BE39B9C6CC5B215F80F810 5E64A2DBC2F228F38AC79DBB5 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:16:39.0242 0x07fc isapnp - ok
13:16:39.0249 0x07fc [ 77A172E651E4A2351975A7DC2370100E, 1F07C431D7B393EEF493BB46BA565751177384E 3789118FAFB21167609E2EAC7 ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
13:16:39.0255 0x07fc iScsiPrt - ok
13:16:39.0262 0x07fc [ 4D9CACDAA9A538857C90A2066C74D258, 810473B5BE929A98EF867FDA59299AA796C6213 12EAFD257B0D8E4C16DF93F4A ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
13:16:39.0265 0x07fc jhi_service - ok
13:16:39.0274 0x07fc [ E320F986BBE0CD9324EA0A193EBF29B1, 9B4C7F1493377CE532361F88A0C88798F24E7EF B093DA2F0A6CB1575B9E3535C ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
13:16:39.0275 0x07fc kbdclass - ok
13:16:39.0279 0x07fc [ AFF5DDCC1A79217C9526FF5E01A69E89, 2BCD49DD8DD977B97521465B981332CA8FA8D16 AB45B45993C87647FA3E9DAF0 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
13:16:39.0280 0x07fc kbdhid - ok
13:16:39.0286 0x07fc [ 916E62AF3386F7A74603E5C545F6FF2D, C5CA784F60B8CA3DE0672A816DCE14F1AD6B678 3A5E6B556ED7C91337F65144F ] kdnic C:\Windows\System32\drivers\kdnic.sys
13:16:39.0297 0x07fc kdnic - ok
13:16:39.0304 0x07fc [ 547E9B25B4407A125D5F187E918BC217, 036C1151A30A9C25AFC961D7305C58CBF8F68E5 E5C1E726565C9A8168C2F3CDB ] keycrypt C:\Windows\system32\DRIVERS\KeyCrypt64.sys
13:16:39.0305 0x07fc keycrypt - ok
13:16:39.0309 0x07fc [ 94E06D509D50807774F35BEE3163E806, ADADFA0D533944579BA0E5FE31A68D4D1395E7B 9DB75E58D47E0ADC0DA5AD16C ] KeyIso C:\Windows\system32\lsass.exe
13:16:39.0310 0x07fc KeyIso - ok
13:16:39.0316 0x07fc [ CDFEB3E0BD19C285AEDB4CE24B1A7AA2, 02DB524DFA404BD1B46F661E570084C65A404EF 1140CBC4439EC0097B4F2B836 ] KillerEth C:\Windows\System32\drivers\e2xw10x64.sys
13:16:39.0318 0x07fc KillerEth - ok
13:16:39.0324 0x07fc [ 69FA8BEBADF807089FEFCD3F59CFAC1E, C8F648618C758E062F9C7043F69E264F1796D91 A6B723C4B35BA0607C659BD5F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:16:39.0326 0x07fc KSecDD - ok
13:16:39.0333 0x07fc [ C1081E2B36F77781167FD9401119B98E, 8D653A39BB03A4CEAAB564A27BFEC853E9B8502 0D511C7A814BCE52AB3D127F3 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:16:39.0337 0x07fc KSecPkg - ok
13:16:39.0340 0x07fc [ DD8C4726127CFE313233372D70787C37, 2420616FEEFC08A3F47420193A3A592D4AC5D2C 817D27E5B7E4FD64153751AFB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:16:39.0348 0x07fc ksthunk - ok
13:16:39.0358 0x07fc [ 6EAF246BC12DB548AC65A4CEFB14B547, F1487051FE459DB5A751DA2A6FF1E552F922269 33AF8C037FA7D660B049896A3 ] KtmRm C:\Windows\system32\msdtckrm.dll
13:16:39.0376 0x07fc KtmRm - ok
13:16:39.0385 0x07fc [ E154D11E1EDAD53DF6A2204F3A604F28, 303106836E2A442264D9F415528F75D1FDEE5C1 757513FC050A68DF5A26AD3D6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:16:39.0389 0x07fc LanmanServer - ok
13:16:39.0397 0x07fc [ DBB81AAC130C4CAAB87E519467846A06, A74A3383757A1C117AE56650119C9A5F87B2B39 9FF936E3AD11FDFBBE18D1457 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:16:39.0403 0x07fc LanmanWorkstation - ok
13:16:39.0409 0x07fc [ D81931EF9914A135F9ECF409DC826266, 8BA15C12B374DE555CB7D3CDFDDC42FE583625A 9C29BCCDDEB432223E4DEEB2D ] lfsvc C:\Windows\System32\lfsvc.dll
13:16:39.0410 0x07fc lfsvc - ok
13:16:39.0415 0x07fc [ F180F46B88044C6F6D3C313A799E5857, 4EBF8B5F5B5C90E6E5811A044ABDA83F1AE2FFA EA112EBD5F0F83C8FE91D8004 ] LicenseManager C:\Windows\system32\LicenseManagerSvc.dll
13:16:39.0417 0x07fc LicenseManager - ok
13:16:39.0422 0x07fc [ CB5A6E117502156794F0DA9E61506006, 4FE96BC006BCB289C5D2F3549638C115441B484 F264600CFB13EC94B4EE800D4 ] lltdio C:\Windows\system32\drivers\lltdio.sys
13:16:39.0431 0x07fc lltdio - ok
13:16:39.0439 0x07fc [ 48199253D7F6119F88294F8845F0808D, 85C014250C14425BEFF2D8B2CCF6A29D9A5DA32 9ECD00F1E6D4F8DB809194FAC ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:16:39.0453 0x07fc lltdsvc - ok
13:16:39.0458 0x07fc [ DCF6F1AA7A51CC08FED089363F83316E, C80FB26A6172510F3AD5E4D636AA49AD5D931FB 47BECD9E8507F781D88917710 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:16:39.0459 0x07fc lmhosts - ok
13:16:39.0471 0x07fc [ 706F68BC43A5B46A37009FA32C78ED10, 27847B5C50694902A3EB01BAC3432D42825EE9C 98411DCB718A3B0C60CC0A4DB ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:16:39.0475 0x07fc LMS - ok
13:16:39.0481 0x07fc [ 20048BEE892138A745B1C23EBB0E069F, B526035CE839BADA6ABC0A0CBFFDFA5267F4EB6 68AE201871E61E0011518843E ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:16:39.0485 0x07fc LSI_SAS - ok
13:16:39.0492 0x07fc [ 9EAB16572B576979D585DDEDB12417CD, 97C37DFEA309E27E4AC50D1F4C7C3D1FB9661E0 DEBB442D620D8E460F9FC9966 ] LSI_SAS2i C:\Windows\system32\drivers\lsi_sas2i.sys
13:16:39.0494 0x07fc LSI_SAS2i - ok
13:16:39.0499 0x07fc [ 3B7B359C0870317106DF3438D4FF491D, 5EDF767D79EF49210DD3BCC00D7629600DD522B 29A2B9A9D7805076ECDCBFD1D ] LSI_SAS3i C:\Windows\system32\drivers\lsi_sas3i.sys
13:16:39.0502 0x07fc LSI_SAS3i - ok
13:16:39.0507 0x07fc [ 2DE03BA338A4B0ACDB416A30F1C7D56F, CF2218EA8C67CC13893B286B0904F28FBFE5AA8 18CC3AD1C77120B7B6E80031F ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
13:16:39.0510 0x07fc LSI_SSS - ok
13:16:39.0524 0x07fc [ 5CA5C3A742F7B2B189053F83426108E6, 46352DFC796432782962719A3CEDC402ACED586 F309FE04DFCDE57E121522EF3 ] LSM C:\Windows\System32\lsm.dll
13:16:39.0535 0x07fc LSM - ok
13:16:39.0542 0x07fc [ 9A497169E145FCE2D8AA7DBC67377F64, 3FA4CE7455ACBB32DECA8BC7EAD0EC1A0E123CB CBF8781FBB16453455AB9F0FE ] luafv C:\Windows\system32\drivers\luafv.sys
13:16:39.0554 0x07fc luafv - ok
13:16:39.0558 0x07fc [ 3520DE00ABC5EFF0DBAFD41129AD970F, 821F9D9AAA6D8B08BEBFB76DAE5A8CCFB598789 510A93D3DD4F149A39EE5D6B5 ] MapsBroker C:\Windows\System32\moshost.dll
13:16:39.0560 0x07fc MapsBroker - ok
13:16:39.0573 0x07fc [ BF56CB9D02DEE8CA9CBA50220BE16F15, C6380ED59AD7B9CC9451A24808E193454CF15D9 0A2C1DAF22FBD3380B150F96F ] mausbhost C:\Windows\System32\drivers\mausbhost.sys
13:16:39.0581 0x07fc mausbhost - ok
13:16:39.0586 0x07fc [ 01BDEE1FFF6D2216797DFEE4ABD937D9, ED247E6F87ECA39A7D479CA7E386D85CE8B2978 164E4E9876196176F393E1235 ] mausbip C:\Windows\System32\drivers\mausbip.sys
13:16:39.0587 0x07fc mausbip - ok
13:16:39.0595 0x07fc [ C3C2C7E2EEFECD88A76FF626E72BF123, 746DC194315FE32E84E55D57CC22FF52BD7C92E F9AB234B27208523B02E0B93E ] MBAMChameleon C:\Windows\System32\Drivers\MbamChameleon.sys
13:16:39.0597 0x07fc MBAMChameleon - ok
13:16:39.0607 0x07fc [ 20046A5DB1466EBD0DCAEB84D00C5432, AC1E264C2D8348FF543193890BE328A8AC4C9BB 32A2BBB14FD36644B930C384F ] MBAMFarflt C:\Windows\system32\DRIVERS\farflt.sys
13:16:39.0608 0x07fc MBAMFarflt - ok
13:16:39.0616 0x07fc [ 29BD0BB2CD7E37B8C248CFA933FBD1F4, E645641CF002F2804976DB761C2B514065957AB 64A25EC478025B8D00BE808E7 ] MBAMProtection C:\Windows\system32\DRIVERS\mbam.sys
13:16:39.0618 0x07fc MBAMProtection - ok
13:16:39.0725 0x07fc [ 734B435E1693386213EEFD4D17A70DEB, EC6288CB37BD420DA071E800FBEF25BCCF22F2A 40F98DB22F1C86D87157EF1AA ] MBAMService C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
13:16:39.0797 0x07fc MBAMService - ok
13:16:39.0812 0x07fc [ B047B9CE5A0D800E6D713B43D0405221, 9A560D6D313476F478629CFCED3DB92F3818EF9 CE5E226124D02CB496549D9E1 ] MBAMSwissArmy C:\Windows\System32\Drivers\mbamswissarmy.sys
13:16:39.0844 0x07fc MBAMSwissArmy - ok
13:16:39.0850 0x07fc [ 482F6D603BDCC825768D86D8228BD65F, BE1977FD2D5AEEE3262BF1AC45368B1CD204951 6DD1E4123B772F9244097A49D ] MBAMWebProtection C:\Windows\system32\DRIVERS\mwac.sys
13:16:39.0853 0x07fc MBAMWebProtection - ok
13:16:39.0857 0x07fc [ C7B8B5053D646CBD30BE1BA6B487D396, E3864D4CE619D67E284C64A4EAA8843FB49BC2B 8CC8659F4C4B89DB6701468CB ] megasas C:\Windows\system32\drivers\megasas.sys
13:16:39.0859 0x07fc megasas - ok
13:16:39.0863 0x07fc [ EB8ED3204499DDB2D3BA094A4563EE3E, A5D0095D575B241CA66CAD86280170803E7042F 51D3654FCB03D7EA2347E261B ] megasas2i C:\Windows\system32\drivers\MegaSas2i.sys
13:16:39.0865 0x07fc megasas2i - ok
13:16:39.0882 0x07fc [ F1C1D4E752DE1D58295040E5BE8813AF, 4DE17C5FCE63AFD545B16FA16A38F7395F29155 FE165E7B21BC028CCD2A4B18E ] megasr C:\Windows\system32\drivers\megasr.sys
13:16:39.0891 0x07fc megasr - ok
13:16:39.0898 0x07fc [ 84178491109A97D0A0CFF0840A644CD9, B822A9F7C9623764430435DBCE1380386D0A0D9 784779DDD3A7A2E59FC29AFF6 ] MEIx64 C:\Windows\System32\drivers\TeeDriverW8x64.sys
13:16:39.0901 0x07fc MEIx64 - ok
13:16:39.0907 0x07fc [ 4965456A1B4B3039E4B9AB233F5E9B1E, 3C303FE2BF9B38D73D005EA673C9500731125D7 93F4C77130F9BA8D745579591 ] MessagingService C:\Windows\System32\MessagingService.dll
13:16:39.0908 0x07fc MessagingService - ok
13:16:39.0926 0x07fc [ 16B078D1089FEA98710C9D07C152DCEE, A42C28E12F1BB21E907C1308447AD63DDF8FA5B 2734A199A6EBE3824F3D1235C ] mlx4_bus C:\Windows\System32\drivers\mlx4_bus.sys
13:16:39.0938 0x07fc mlx4_bus - ok
13:16:39.0945 0x07fc [ 20C57CE47B1A877C48A4B68E9A4E21FA, 35F98286F0665C5E06914F04F174476FBB41823 564EDC55E351FCE211E2C765F ] MMCSS C:\Windows\system32\drivers\mmcss.sys
13:16:39.0956 0x07fc MMCSS - ok
13:16:39.0960 0x07fc [ A4467A5C080318F0CCCF5ED463821F8B, C8ECD63245B19807BAA92C3F3F87643A2F6B178 395ABB15BD54D9DE68CC1A09B ] Modem C:\Windows\system32\drivers\modem.sys
13:16:39.0978 0x07fc Modem - ok
13:16:39.0982 0x07fc [ 78BE85C1F1C7F3AF6C87BCE127007D5A, 5D5229FBCDC855BFF9BA3247BF4EF8E22764CFC 1EC974FD5AB2D9E6293EF15A1 ] monitor C:\Windows\System32\drivers\monitor.sys
13:16:39.0983 0x07fc monitor - ok
13:16:39.0989 0x07fc [ 8E262B34A8BD184B4B3025AA8C396B00, B48AB637A92894318DC0A33CE55519D8FBD7B31 177FA3C4CA33D8609D4FC0058 ] mouclass C:
-
Akamai does not host Microsoft or apple servers
A lot of companies make use of Akamai-based servers as they are a very large CDN (Content Delivery Network). Microsoft in particular have used it for Windows Update for around a decade now. Apple has actually been starting to move away from the Akamai CDN for their own in-house Content Delivery Network for a few years but still utilize a number of nodes (eg. servers for certain geographic areas)
I can't answer your specific questions about why X or Y and such, but that would hardly be evidence to your underlying claims- Occam's Razor and all that. It could very well be user error or just a misinterpretation of errors or stuff happening on your system. By way of example, the other day I couldn't log in to Windows and was told my password was incorrect, and then on another one of my systems, I received an error message regarding my account credentials having been changed. This sounded suspicious of course but it turns out that Microsoft's account services were having problems.
Those lists of services and scheduled tasks appear to be normal services and tasks found in Windows. For scheduled tasks, Some of them don't indicate a executable or DLL file because the associated Actions are attached to a Custom Handler, so you get the "friendly" name for the Custom Handler which as I recall is part of the XML definition for that scheduled task. It lists something known as a "CLSID" which points at a registered Class definition. As an example, AUScheduledInstall is a scheduled task responsible for part of Windows Update. it references CLSID "{F3B4E234-7A68-4E43-B813-E4BA55A065F6}", which itself points at an AppID of "{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" which is the Windows Update Agent itself. When listing Scheduled tasks, it will simply say 'AUScheduledInstall" or list the service path (\Microsoft\Windows\WindowsUpdate\AUScheduledInstall) which of course doesn't exist on the file system.
AppV is a component of windows as are several "vm" named services. They do not appear in the services Snap-in (services.msc) because that only lists services managed by the Service Control Manager. Services with startup type 0 are boot-time services, and services with startup type 1 are services loaded with the initial kernel load. This includes the various HyperV and AppV Services included with Windows 10, many of which are services with names starting with "vm". On my desktop, most of these are disabled- however that is likely because I have VMWare installed, as on my other Windows 10 systems they appear to be enabled. If you have been disabling these it could- somewhat ironically - explain the source of unusual behaviours you might have been having.
I think your latest post was cut-off, or hit the post limit as the log appears to be truncated. FWIW, a search brought up a number of issues surrounding MSI's various driver packages not providing signed/WHQL drivers, so it is not necessarily an indicator of anything untoward.
-
A lot of companies make use of Akamai-based servers as they are a very large CDN (Content Delivery Network). Microsoft in particular have used it for Windows Update for around a decade now. Apple has actually been starting to move away from the Akamai CDN for their own in-house Content Delivery Network for a few years but still utilize a number of nodes (eg. servers for certain geographic areas)
I can't answer your specific questions about why X or Y and such, but that would hardly be evidence to your underlying claims- Occam's Razor and all that. It could very well be user error or just a misinterpretation of errors or stuff happening on your system. By way of example, the other day I couldn't log in to Windows and was told my password was incorrect, and then on another one of my systems, I received an error message regarding my account credentials having been changed. This sounded suspicious of course but it turns out that Microsoft's account services were having problems.
Those lists of services and scheduled tasks appear to be normal services and tasks found in Windows. For scheduled tasks, Some of them don't indicate a executable or DLL file because the associated Actions are attached to a Custom Handler, so you get the "friendly" name for the Custom Handler which as I recall is part of the XML definition for that scheduled task. It lists something known as a "CLSID" which points at a registered Class definition. As an example, AUScheduledInstall is a scheduled task responsible for part of Windows Update. it references CLSID "{F3B4E234-7A68-4E43-B813-E4BA55A065F6}", which itself points at an AppID of "{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" which is the Windows Update Agent itself. When listing Scheduled tasks, it will simply say 'AUScheduledInstall" or list the service path (\Microsoft\Windows\WindowsUpdate\AUScheduledInstall) which of course doesn't exist on the file system.
AppV is a component of windows as are several "vm" named services. They do not appear in the services Snap-in (services.msc) because that only lists services managed by the Service Control Manager. Services with startup type 0 are boot-time services, and services with startup type 1 are services loaded with the initial kernel load. This includes the various HyperV and AppV Services included with Windows 10, many of which are services with names starting with "vm". On my desktop, most of these are disabled- however that is likely because I have VMWare installed, as on my other Windows 10 systems they appear to be enabled. If you have been disabling these it could- somewhat ironically - explain the source of unusual behaviours you might have been having.
I think your latest post was cut-off, or hit the post limit as the log appears to be truncated. FWIW, a search brought up a number of issues surrounding MSI's various driver packages not providing signed/WHQL drivers, so it is not necessarily an indicator of anything untoward.
*context handler. And yah I know what’s a Clsid is, that’s just it though, all of my apps and security devices are used under a different handle /clsid that I don’t control. Obviously there is parts of a pc that provide support for apps and what not but not every single dll And CFg exec file on the pc. A handler is just that it handles operations for that given clsid. A handle. Handler. Mine as we’ll be the same thing. Also why every single program gets added it’s own unsigned service because schost can be controlled from a remote shell. So making everything a service it can look as if ignore Ian my legitimate program but it’s not and it’s not me using it fully.