Solved Rootkits & Bootkits

crazycolin · 2018/06/13

PLEASE HELP ME. I'm concerned my machine may be infected by Rootkits/Bootkits. I purchased Spybot S&D Technician Edition last night and updated the program, immunised then ran a malware scan (clean) followed by a rootkit scan. There were hundreds of "Unknown ADS" results with ":$DATA" strings at the end and 9 Registry Keys with "No admin in ACL" results.

So I found the WindowsBBS.com site. I've ran FRST64.exe. The results are in the posts that follow...

crazycolin · 2018/06/13

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by crazy (administrator) on COBRA-DELL (14-06-2018 04:07:17)
Running from C:\Users\crazy\Downloads
Loaded Profiles: crazy (Available Profiles: crazy)
Platform: Windows 10 Pro Version 1803 17134.112 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (All) =================
(Microsoft Corporation) C:\Windows\System32\smss.exe
(Microsoft Corporation) C:\Windows\System32\csrss.exe
(Microsoft Corporation) C:\Windows\System32\wininit.exe
(Microsoft Corporation) C:\Windows\System32\csrss.exe
(Microsoft Corporation) C:\Windows\System32\services.exe
(Microsoft Corporation) C:\Windows\System32\lsass.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\fontdrvhost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\winlogon.exe
(Microsoft Corporation) C:\Windows\System32\fontdrvhost.exe
(Microsoft Corporation) C:\Windows\System32\dwm.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardCore.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFiltering.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardSentry.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFirewall.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFileScanner.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthService.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\sihost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\taskhostw.exe
(iolo technologies, LLC) C:\Program Files (x86)\Phoenix360\System Mechanic\ioloGovernor64.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\ctfmon.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardTray.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Microsoft Corporation) C:\Windows\System32\ApplicationFrameHost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(Microsoft Corporation) C:\Windows\System32\SgrmBroker.exe
() C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BgGameMon.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Palo Alto Networks) C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe
(Palo Alto Networks) C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe
(Microsoft Corporation) C:\Windows\System32\taskhostw.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1805.1201.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BgScan.exe
(Microsoft Corporation) C:\Windows\explorer.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\explorer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.20915.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.20915.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Farbar) C:\Users\crazy\Downloads\FRST64.exe

crazycolin · 2018/06/13

==================== Registry (All) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuardTray.exe [183144 2018-06-04] (BullGuard Ltd.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [585296 2017-12-22] ()
HKLM\...\Run: [GlobalProtect] => C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe [2475848 2017-05-18] (Palo Alto Networks)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-05-22] (Apple Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4630496 2018-04-03] ()
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [775560 2017-01-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [425864 2017-12-22] (Acronis International GmbH)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 9\MMReminderService.exe [38240 2011-02-11] (Mindjet)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe, [32256 2018-04-12] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] explorer.exe [3933184 2018-04-12] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] explorer.exe [3611360 2018-04-12] (Microsoft Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [ForceActiveDesktopOn] 0
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 0
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [20488312 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [20488312 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\Run: [OneDrive] => C:\Users\crazy\AppData\Local\Microsoft\OneDrive\OneDrive.exe [1624224 2018-05-01] (Microsoft Corporation)
HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\Run: [Amazon Music Helper] => C:\Users\crazy\AppData\Local\Amazon Music\Amazon Music Helper.exe [3051960 2018-05-16] (Amazon Services LLC)
HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\Run: [Amazon Music] => C:\Users\crazy\AppData\Local\Amazon Music\Amazon Music.exe [20028856 2018-05-16] (Amazon Services LLC)
HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\root\Office16\lync.exe [27114672 2018-05-30] (Microsoft Corporation)
HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\Run: [VideoGuardMonitor] => C:\Users\crazy\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe [2345736 2017-11-02] (Cisco)
HKLM\...\Providers\Internet Print Provider: C:\WINDOWS\system32\inetpp.dll [174080 2018-04-12] (Microsoft Corporation)
HKLM\...\Providers\LanMan Print Services: C:\WINDOWS\system32\win32spl.dll [836608 2018-04-12] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] DPPassFilter scecli
SecurityProviders: credssp.dll
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HMA! Pro VPN.lnk [2018-01-28]
ShortcutTarget: HMA! Pro VPN.lnk -> C:\Program Files (x86)\HMA! Pro VPN\Vpn.exe (Privax Limited)
BootExecute: autocheck autochk * sdnclean64.exe
AlternateShell: cmd.exe
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (All) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784 2018-04-12] (Microsoft Corporation)
Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2018-04-12] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2018-04-12] (Microsoft Corporation)
Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [64000 2018-04-12] (Microsoft Corporation)
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [341920 2018-04-12] (Microsoft Corporation)
Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [24064 2018-04-12] (Microsoft Corporation)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [341920 2018-04-12] (Microsoft Corporation)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [341920 2018-04-12] (Microsoft Corporation)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [341920 2018-04-12] (Microsoft Corporation)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [341920 2018-04-12] (Microsoft Corporation)
Winsock: Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [341920 2018-04-12] (Microsoft Corporation)
Winsock: Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [341920 2018-04-12] (Microsoft Corporation)
Winsock: Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [341920 2018-04-12] (Microsoft Corporation)
Winsock: Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [341920 2018-04-12] (Microsoft Corporation)
Winsock: Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [341920 2018-04-12] (Microsoft Corporation)
Winsock: Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [341920 2018-04-12] (Microsoft Corporation)
Winsock: Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [341920 2018-04-12] (Microsoft Corporation)
Winsock: Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [341920 2018-04-12] (Microsoft Corporation)
Winsock: Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [341920 2018-04-12] (Microsoft Corporation)
Winsock: Catalog5-x64 01 C:\Windows\system32\napinsp.dll [67072 2018-04-12] (Microsoft Corporation)
Winsock: Catalog5-x64 02 C:\Windows\system32\pnrpnsp.dll [84992 2018-04-12] (Microsoft Corporation)
Winsock: Catalog5-x64 03 C:\Windows\system32\pnrpnsp.dll [84992 2018-04-12] (Microsoft Corporation)
Winsock: Catalog5-x64 04 C:\Windows\system32\NLAapi.dll [80896 2018-04-12] (Microsoft Corporation)
Winsock: Catalog5-x64 05 C:\Windows\System32\mswsock.dll [401968 2018-04-12] (Microsoft Corporation)
Winsock: Catalog5-x64 06 C:\Windows\System32\winrnr.dll [31232 2018-04-12] (Microsoft Corporation)
Winsock: Catalog9-x64 01 C:\Windows\system32\mswsock.dll [401968 2018-04-12] (Microsoft Corporation)
Winsock: Catalog9-x64 02 C:\Windows\system32\mswsock.dll [401968 2018-04-12] (Microsoft Corporation)
Winsock: Catalog9-x64 03 C:\Windows\system32\mswsock.dll [401968 2018-04-12] (Microsoft Corporation)
Winsock: Catalog9-x64 04 C:\Windows\system32\mswsock.dll [401968 2018-04-12] (Microsoft Corporation)
Winsock: Catalog9-x64 05 C:\Windows\system32\mswsock.dll [401968 2018-04-12] (Microsoft Corporation)
Winsock: Catalog9-x64 06 C:\Windows\system32\mswsock.dll [401968 2018-04-12] (Microsoft Corporation)
Winsock: Catalog9-x64 07 C:\Windows\system32\mswsock.dll [401968 2018-04-12] (Microsoft Corporation)
Winsock: Catalog9-x64 08 C:\Windows\system32\mswsock.dll [401968 2018-04-12] (Microsoft Corporation)
Winsock: Catalog9-x64 09 C:\Windows\system32\mswsock.dll [401968 2018-04-12] (Microsoft Corporation)
Winsock: Catalog9-x64 10 C:\Windows\system32\mswsock.dll [401968 2018-04-12] (Microsoft Corporation)
Winsock: Catalog9-x64 11 C:\Windows\system32\mswsock.dll [401968 2018-04-12] (Microsoft Corporation)
Winsock: Catalog9-x64 12 C:\Windows\system32\mswsock.dll [401968 2018-04-12] (Microsoft Corporation)
Winsock: Catalog9-x64 13 C:\Windows\system32\mswsock.dll [401968 2018-04-12] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{23a0c6d8-3d06-4276-9724-144bda4d691f}: [DhcpNameServer] 192.168.101.101 192.168.101.101
Tcpip\..\Interfaces\{f83d8d6d-5d37-4962-afe8-78e6a952b88c}: [NameServer] 77.234.40.79

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
URLSearchHook: HKU\S-1-5-21-3035246220-1795647210-3486064107-1001 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-3035246220-1795647210-3486064107-1001 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-3035246220-1795647210-3486064107-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-3035246220-1795647210-3486064107-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2018-05-30] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-05-01] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll [2011-02-11] (Mindjet)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-3035246220-1795647210-3486064107-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2018-06-08] (Microsoft Corporation)
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2018-06-08] (Microsoft Corporation)
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll [2018-06-08] (Microsoft Corporation)
Handler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll [2018-06-08] (Microsoft Corporation)
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll [2018-04-12] (Microsoft Corporation)
Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll [2018-04-12] (Microsoft Corporation)
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2018-06-08] (Microsoft Corporation)
Handler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2018-06-08] (Microsoft Corporation)
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2018-06-08] (Microsoft Corporation)
Handler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2018-06-08] (Microsoft Corporation)
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2018-06-08] (Microsoft Corporation)
Handler-x32: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2018-06-08] (Microsoft Corporation)
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2018-06-08] (Microsoft Corporation)
Handler-x32: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2018-06-08] (Microsoft Corporation)
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll [2018-05-15] (Microsoft Corporation)
Handler-x32: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll [2018-05-15] (Microsoft Corporation)
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2018-06-08] (Microsoft Corporation)
Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2018-06-08] (Microsoft Corporation)
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2018-06-08] (Microsoft Corporation)
Handler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2018-06-08] (Microsoft Corporation)
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2018-06-08] (Microsoft Corporation)
Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2018-06-08] (Microsoft Corporation)
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll [2018-04-12] (Microsoft Corporation)
Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll [2018-04-12] (Microsoft Corporation)
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2018-06-08] (Microsoft Corporation)
Handler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2018-06-08] (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [2015-08-19] (Microsoft Corporation)
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll [2018-05-15] (Microsoft Corporation)
Handler-x32: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll [2018-05-15] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2018-02-15] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL [2018-02-15] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-05-30] (Microsoft Corporation)
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2018-06-08] (Microsoft Corporation)
Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2018-06-08] (Microsoft Corporation)
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2018-06-08] (Microsoft Corporation)
Handler-x32: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2018-06-08] (Microsoft Corporation)
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll [2018-04-12] (Microsoft Corporation)
Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll [2018-04-12] (Microsoft Corporation)
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2018-06-08] (Microsoft Corporation)
Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2018-06-08] (Microsoft Corporation)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2018-06-08] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2018-06-08] (Microsoft Corporation)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2018-04-12] (Microsoft Corporation)
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll [2018-04-12] (Microsoft Corporation)
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2018-04-12] (Microsoft Corporation)
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll [2018-04-12] (Microsoft Corporation)
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2018-04-12] (Microsoft Corporation)
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll [2018-04-12] (Microsoft Corporation)
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL [2015-08-19] (Microsoft Corporation)
Filter-x32: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL [2018-05-30] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe

crazycolin · 2018/06/13

Edge:
======
Edge Extension: (AutoFormFill) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [2018-04-12]
Edge Extension: (LearningTools) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [2018-04-12]

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard => not found
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-05-30] (Microsoft Corporation)
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=16.0 -> C:\Program Files (x86)\PerkinElmerInformatics\ChemOffice2016\Chem3D\npChem3DPlugin.dll [2016-10-05] (PerkinElmer)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=16.0 -> C:\Program Files (x86)\PerkinElmerInformatics\ChemOffice2016\ChemDraw\npcdp32.dll [2016-10-05] (PerkinElmer)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2017-10-17] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-04-08] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-04-08] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-04-08] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-04-08] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-04-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3035246220-1795647210-3486064107-1001: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\crazy\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-06-16] (RocketLife, LLP)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.co.uk/
CHR StartupUrls: Default -> "hxxps://internetbanking.tsb.co.uk/personal/logon/login/#/login","hxxps://www.hsbc.co.uk/","hxxps://onlinedmp.stepchange.org/Home/Login","hxxps://creditcards.virginmoney.com/VM_Consumer/Login.do","hxxps://onlinebanking.nationwide.co.uk/AccessManagement/Login"
CHR DefaultSearchURL: Default -> {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:iOSSearchLanguage}{google:searchClient}{google:sourceId}{google:contextualSearchVersion}ie={inputEncoding}
CHR DefaultSearchKeyword: Default -> google.com
CHR DefaultNewTabURL: Default -> {google:baseURL}_/chrome/newtab?{google:RLZ}ie={inputEncoding}
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{googleageClassification}{google:searchVersion}{google:sessionToken}{googlerefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\crazy\AppData\Local\Google\Chrome\User Data\Default [2018-06-14]
CHR Extension: (Lucidchart Diagrams) - C:\Users\crazy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn [2018-05-25]
CHR Extension: (Honey) - C:\Users\crazy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-06-14]
CHR Extension: (Add to Amazon Wish List) - C:\Users\crazy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2018-01-28]
CHR Extension: (PDF Editor for Docs:Edit, Fill, Sign, Print) - C:\Users\crazy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjboohgkgchdnfnjiaggdbkdmpieoagi [2018-01-28]
CHR Extension: (Daum Equation Editor) - C:\Users\crazy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dinfmiceliiomokeofbocegmacmagjhe [2018-01-28]
CHR Extension: (Adobe Acrobat) - C:\Users\crazy\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-05-31]
CHR Extension: (Gmail Offline) - C:\Users\crazy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2018-01-28]
CHR Extension: (Trusted Shops extension for Google Chrome) - C:\Users\crazy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcpnemckonbbmnoakbjgjkgokkbaeo [2018-03-24]
CHR Extension: (PDF Compressor - Smallpdf.com) - C:\Users\crazy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gealeehfjeflamgnohlhabaefbfjfjgc [2018-01-28]
CHR Extension: (Space) - C:\Users\crazy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hifhddjdplehpbndiikdofeaopbimfmi [2018-01-28]
CHR Extension: (Privacy Guardian™ Online Privacy Protection) - C:\Users\crazy\AppData\Local\Google\Chrome\User Data\Default\Extensions\higopmjdpgolhfdefeicklcmgifipcbh [2018-01-28]
CHR Extension: (Grammarly for Chrome) - C:\Users\crazy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-06-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\crazy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Khan Academy) - C:\Users\crazy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pahdiadnidmaaoohjmlkcjffbfcapgko [2018-01-28]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\crazy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2018-06-14]
CHR Extension: (Chrome Media Router) - C:\Users\crazy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-30]
CHR Extension: (Privacy Badger) - C:\Users\crazy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2018-05-19]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
CHR crx: C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.87\default_apps\docs.crx [2018-06-12]
CHR crx: C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.87\default_apps\drive.crx [2018-06-12]
CHR crx: C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.87\default_apps\gmail.crx [2018-06-12]
CHR crx: C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.87\default_apps\youtube.crx [2018-06-12]

==================== Services (All) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [2725920 2018-04-03] (Acronis International GmbH)
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1216760 2017-12-22] ()
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [83984 2018-02-10] (Adobe Systems Incorporated)
R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [6096688 2018-04-10] ()
S3 AJRouter; C:\WINDOWS\System32\AJRouter.dll [25088 2018-04-12] (Microsoft Corporation)
S3 ALG; C:\WINDOWS\System32\alg.exe [91136 2018-04-12] (Microsoft Corporation)
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [254480 2017-12-17] (AMD)
S3 AppIDSvc; C:\WINDOWS\System32\appidsvc.dll [77312 2018-04-12] (Microsoft Corporation)
R3 Appinfo; C:\WINDOWS\System32\appinfo.dll [166912 2018-04-12] (Microsoft Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc.)
S3 AppMgmt; C:\WINDOWS\System32\appmgmts.dll [197120 2018-04-12] (Microsoft Corporation)
S3 AppMgmt; C:\WINDOWS\SysWOW64\appmgmts.dll [164864 2018-04-12] (Microsoft Corporation)
S3 AppReadiness; C:\WINDOWS\system32\AppReadiness.dll [667648 2018-06-08] (Microsoft Corporation)
S4 AppVClient; C:\WINDOWS\system32\AppVClient.exe [826776 2018-05-15] (Microsoft Corporation)
S3 AppXSvc; C:\WINDOWS\system32\appxdeploymentserver.dll [3392512 2018-06-08] (Microsoft Corporation)
S3 AssignedAccessManagerSvc; C:\WINDOWS\System32\assignedaccessmanagersvc.dll [604672 2018-04-12] (Microsoft Corporation)
R2 AudioEndpointBuilder; C:\WINDOWS\System32\AudioEndpointBuilder.dll [684544 2018-06-08] (Microsoft Corporation)
R2 Audiosrv; C:\WINDOWS\System32\Audiosrv.dll [1767936 2018-06-08] (Microsoft Corporation)
S3 AxInstSV; C:\WINDOWS\System32\AxInstSV.dll [110080 2018-04-12] (Microsoft Corporation)
S3 BcastDVRUserService; C:\WINDOWS\System32\BcastDVRUserService.dll [1364992 2018-06-08] (Microsoft Corporation)
S3 BcastDVRUserService_4374f; C:\WINDOWS\system32\svchost.exe [51288 2018-04-12] (Microsoft Corporation)
S3 BcastDVRUserService_4374f; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation)
S3 BDESVC; C:\WINDOWS\System32\bdesvc.dll [402944 2018-04-12] (Microsoft Corporation)
R2 BFE; C:\WINDOWS\System32\bfe.dll [778752 2018-06-08] (Microsoft Corporation)
R2 BITS; C:\WINDOWS\System32\qmgr.dll [1374208 2018-04-12] (Microsoft Corporation)
S3 BluetoothUserService; C:\WINDOWS\System32\Microsoft.Bluetooth.UserService.dll [464384 2018-04-12] (Microsoft Corporation)
S3 BluetoothUserService_4374f; C:\WINDOWS\system32\svchost.exe [51288 2018-04-12] (Microsoft Corporation)
S3 BluetoothUserService_4374f; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation)
S2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [462096 2015-08-12] (Apple Inc.)
R2 BrokerInfrastructure; C:\WINDOWS\System32\bisrv.dll [847360 2018-05-20] (Microsoft Corporation)
S3 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBackup.exe [1639272 2018-06-04] (BullGuard Ltd.)
R2 BsFileScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFileScanner.exe [573800 2018-06-04] (BullGuard Ltd.)
R2 BsMailProxy; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFiltering.exe [5875048 2018-06-08] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardCore.exe [980840 2018-06-04] (BullGuard Ltd.)
R2 BsNet; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardFirewall.exe [817512 2018-06-08] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [304488 2018-06-04] (BullGuard Ltd.)
R2 BsSentry; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardSentry.exe [479080 2018-06-08] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [505704 2018-06-04] (BullGuard Ltd.)
S3 BTAGService; C:\WINDOWS\System32\BTAGService.dll [514048 2018-04-12] (Microsoft Corporation)
S3 BthAvctpSvc; C:\WINDOWS\System32\BthAvctpSvc.dll [395264 2018-04-12] (Microsoft Corporation)
S3 bthserv; C:\WINDOWS\system32\bthserv.dll [183808 2018-04-12] (Microsoft Corporation)
R3 camsvc; C:\WINDOWS\system32\CapabilityAccessManager.dll [266752 2018-06-08] (Microsoft Corporation)
S3 CaptureService; C:\WINDOWS\System32\CaptureService.dll [125952 2018-04-12] (Microsoft Corporation)
S3 CaptureService_4374f; C:\WINDOWS\system32\svchost.exe [51288 2018-04-12] (Microsoft Corporation)
S3 CaptureService_4374f; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation)
R2 CDPSvc; C:\WINDOWS\System32\CDPSvc.dll [632320 2018-04-12] (Microsoft Corporation)
S2 CDPUserSvc; C:\WINDOWS\System32\CDPUserSvc.dll [453120 2018-04-12] (Microsoft Corporation)
R2 CDPUserSvc_4374f; C:\WINDOWS\system32\svchost.exe [51288 2018-04-12] (Microsoft Corporation)
R2 CDPUserSvc_4374f; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation)
S3 CertPropSvc; C:\WINDOWS\System32\certprop.dll [188928 2018-04-12] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8652976 2018-05-24] (Microsoft Corporation)
S3 ClipSVC; C:\WINDOWS\System32\ClipSVC.dll [1033584 2018-04-12] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\WINDOWS\system32\coremessaging.dll [885880 2018-06-08] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\WINDOWS\SysWOW64\coremessaging.dll [567144 2018-06-08] (Microsoft Corporation)
R2 CryptSvc; C:\WINDOWS\system32\cryptsvc.dll [94720 2018-04-12] (Microsoft Corporation)
R2 CscService; C:\WINDOWS\System32\cscsvc.dll [727040 2018-04-12] (Microsoft Corporation)
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [1160192 2018-06-08] (Microsoft Corporation)
S3 defragsvc; C:\WINDOWS\System32\defragsvc.dll [491520 2018-04-12] (Microsoft Corporation)
R2 DeviceAssociationService; C:\WINDOWS\system32\das.dll [463360 2018-04-12] (Microsoft Corporation)
S3 DeviceInstall; C:\WINDOWS\system32\umpnpmgr.dll [119296 2018-04-12] (Microsoft Corporation)
S3 DevicePickerUserSvc; C:\WINDOWS\System32\Windows.Devices.Picker.dll [400896 2018-04-12] (Microsoft Corporation)
S3 DevicePickerUserSvc; C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll [312832 2018-04-12] (Microsoft Corporation)
S3 DevicePickerUserSvc_4374f; C:\WINDOWS\system32\svchost.exe [51288 2018-04-12] (Microsoft Corporation)
S3 DevicePickerUserSvc_4374f; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation)
S3 DevicesFlowUserSvc; C:\WINDOWS\System32\DevicesFlowBroker.dll [750080 2018-04-12] (Microsoft Corporation)
S3 DevicesFlowUserSvc_4374f; C:\WINDOWS\system32\svchost.exe [51288 2018-04-12] (Microsoft Corporation)
S3 DevicesFlowUserSvc_4374f; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation)
S3 DevQueryBroker; C:\WINDOWS\system32\DevQueryBroker.dll [33792 2018-04-12] (Microsoft Corporation)
R2 Dhcp; C:\WINDOWS\system32\dhcpcore.dll [352768 2018-04-12] (Microsoft Corporation)
R2 Dhcp; C:\WINDOWS\SysWOW64\dhcpcore.dll [317440 2018-04-12] (Microsoft Corporation)
S3 diagnosticshub.standardcollector.service; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [90624 2018-04-12] (Microsoft Corporation)
S3 diagsvc; C:\WINDOWS\system32\DiagSvc.dll [219648 2018-04-12] (Microsoft Corporation)
R2 DiagTrack; C:\WINDOWS\system32\diagtrack.dll [3086336 2018-05-15] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\WINDOWS\system32\Windows.Internal.Management.dll [824320 2018-04-12] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll [592384 2018-04-12] (Microsoft Corporation)
S3 dmwappushservice; C:\WINDOWS\system32\dmwappushsvc.dll [57856 2018-04-12] (Microsoft Corporation)
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [300032 2018-04-12] (Microsoft Corporation)
S3 DoSvc; C:\WINDOWS\system32\dosvc.dll [1458176 2018-04-12] (Microsoft Corporation)
S3 dot3svc; C:\WINDOWS\System32\dot3svc.dll [252928 2018-04-12] (Microsoft Corporation)
R2 DPS; C:\WINDOWS\system32\dps.dll [168448 2018-04-12] (Microsoft Corporation)
S3 DsmSvc; C:\WINDOWS\System32\DeviceSetupManager.dll [235008 2018-04-12] (Microsoft Corporation)
S3 DsSvc; C:\WINDOWS\System32\DsSvc.dll [149504 2018-06-08] (Microsoft Corporation)
R2 DusmSvc; C:\WINDOWS\System32\dusmsvc.dll [356352 2018-04-12] (Microsoft Corporation)
S3 Eaphost; C:\WINDOWS\System32\eapsvc.dll [109568 2018-04-12] (Microsoft Corporation)
R3 EFS; C:\WINDOWS\system32\efssvc.dll [58880 2018-04-12] (Microsoft Corporation)
S3 embeddedmode; C:\WINDOWS\System32\embeddedmodesvc.dll [167424 2018-04-12] (Microsoft Corporation)
S3 EntAppSvc; C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll [307712 2018-04-12] (Microsoft Corporation)
R2 EventLog; C:\WINDOWS\System32\wevtsvc.dll [1854976 2018-06-08] (Microsoft Corporation)
R2 EventSystem; C:\WINDOWS\system32\es.dll [486400 2018-04-12] (Microsoft Corporation)
R2 EventSystem; C:\WINDOWS\SysWOW64\es.dll [331264 2018-04-12] (Microsoft Corporation)
S3 Fax; C:\WINDOWS\system32\fxssvc.exe [642048 2018-04-12] (Microsoft Corporation)
S3 fdPHost; C:\WINDOWS\system32\fdPHost.dll [20992 2018-04-12] (Microsoft Corporation)
S4 FDResPub; C:\WINDOWS\system32\fdrespub.dll [34816 2018-04-12] (Microsoft Corporation)
S3 fhsvc; C:\WINDOWS\system32\fhsvc.dll [121344 2018-04-12] (Microsoft Corporation)
R2 FontCache; C:\WINDOWS\system32\FntCache.dll [1919488 2018-04-12] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [43648 2018-05-15] (Microsoft Corporation)
S2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1659456 2018-04-17] (Foxit Software Inc.)
S3 FrameServer; C:\WINDOWS\system32\FrameServer.dll [673792 2018-06-08] (Microsoft Corporation)
S2 gpsvc; C:\WINDOWS\System32\gpsvc.dll [1267712 2018-04-12] (Microsoft Corporation)
S3 GraphicsPerfSvc; C:\WINDOWS\System32\GraphicsPerfSvc.dll [90624 2018-04-12] (Microsoft Corporation)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-27] (Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-27] (Google Inc.)
R3 hidserv; C:\WINDOWS\system32\hidserv.dll [33792 2018-04-12] (Microsoft Corporation)
R3 hidserv; C:\WINDOWS\SysWOW64\hidserv.dll [29696 2018-04-12] (Microsoft Corporation)
S2 HmaProVpn; C:\Program Files (x86)\HMA! Pro VPN\VpnSvc.exe [5599520 2018-05-18] (Privax Limited)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332656 2018-05-02] (HP Inc.)
S3 HvHost; C:\WINDOWS\System32\hvhostsvc.dll [60320 2018-04-12] (Microsoft Corporation)
S3 icssvc; C:\WINDOWS\System32\tetheringservice.dll [241152 2018-04-12] (Microsoft Corporation)
R2 IKEEXT; C:\WINDOWS\System32\ikeext.dll [990208 2018-04-12] (Microsoft Corporation)
S3 InstallService; C:\WINDOWS\system32\InstallService.dll [1485312 2018-06-08] (Microsoft Corporation)
S3 InstallService; C:\WINDOWS\SysWOW64\InstallService.dll [1108992 2018-06-08] (Microsoft Corporation)
R2 iphlpsvc; C:\WINDOWS\System32\iphlpsvc.dll [786432 2018-04-12] (Microsoft Corporation)
S3 iPod Service; C:\Program Files\iPod\bin\iPodService.exe [673592 2018-05-22] (Apple Inc.)
S3 IpxlatCfgSvc; C:\WINDOWS\System32\IpxlatCfg.dll [63488 2018-04-12] (Microsoft Corporation)
S3 irmon; C:\WINDOWS\System32\irmon.dll [24576 2018-04-12] (Microsoft Corporation)
R3 KeyIso; C:\WINDOWS\system32\keyiso.dll [89088 2018-04-12] (Microsoft Corporation)
R3 KeyIso; C:\WINDOWS\SysWOW64\keyiso.dll [70656 2018-04-12] (Microsoft Corporation)
S3 KtmRm; C:\WINDOWS\system32\msdtckrm.dll [368128 2018-04-12] (Microsoft Corporation)
R2 LanmanServer; C:\WINDOWS\system32\srvsvc.dll [271360 2018-04-12] (Microsoft Corporation)
R2 LanmanWorkstation; C:\WINDOWS\System32\wkssvc.dll [271872 2018-04-12] (Microsoft Corporation)
R3 lfsvc; C:\WINDOWS\System32\lfsvc.dll [44544 2018-04-12] (Microsoft Corporation)
R3 LicenseManager; C:\WINDOWS\system32\LicenseManagerSvc.dll [48640 2018-04-12] (Microsoft Corporation)
S3 lltdsvc; C:\WINDOWS\System32\lltdsvc.dll [269312 2018-04-12] (Microsoft Corporation)
R3 lmhosts; C:\WINDOWS\System32\lmhsvc.dll [26112 2018-04-12] (Microsoft Corporation)
R2 LSM; C:\WINDOWS\System32\lsm.dll [671744 2018-04-12] (Microsoft Corporation)
S3 LxpSvc; C:\WINDOWS\System32\LanguageOverlayServer.dll [199680 2018-04-12] (Microsoft Corporation)
S2 MapsBroker; C:\WINDOWS\System32\moshost.dll [91136 2018-04-12] (Microsoft Corporation)
S3 MessagingService; C:\WINDOWS\System32\MessagingService.dll [52224 2018-04-12] (Microsoft Corporation)
S3 MessagingService_4374f; C:\WINDOWS\system32\svchost.exe [51288 2018-04-12] (Microsoft Corporation)
S3 MessagingService_4374f; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4808088 2017-12-22] (Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2017-12-22] (Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1747304 2018-04-03] ()
R2 mpssvc; C:\WINDOWS\system32\mpssvc.dll [883712 2018-04-12] (Microsoft Corporation)
S3 MSDTC; C:\WINDOWS\System32\msdtc.exe [148480 2018-04-12] (Microsoft Corporation)
S3 MSiSCSI; C:\WINDOWS\system32\iscsiexe.dll [150528 2018-04-12] (Microsoft Corporation)
S3 msiserver; C:\WINDOWS\System32\msiexec.exe [66048 2018-04-12] (Microsoft Corporation)
S3 msiserver; C:\WINDOWS\SysWOW64\msiexec.exe [59904 2018-04-12] (Microsoft Corporation)
S3 NaturalAuthentication; C:\WINDOWS\System32\NaturalAuth.dll [824832 2018-04-12] (Microsoft Corporation)
S3 NcaSvc; C:\WINDOWS\System32\ncasvc.dll [167936 2018-04-12] (Microsoft Corporation)
R3 NcbService; C:\WINDOWS\System32\ncbservice.dll [376832 2018-04-12] (Microsoft Corporation)
S3 NcdAutoSetup; C:\WINDOWS\System32\NcdAutoSetup.dll [88064 2018-04-12] (Microsoft Corporation)
S3 Netlogon; C:\WINDOWS\system32\netlogon.dll [773632 2018-04-12] (Microsoft Corporation)
S3 Netlogon; C:\WINDOWS\SysWOW64\netlogon.dll [659456 2018-04-12] (Microsoft Corporation)
S3 Netman; C:\WINDOWS\System32\netman.dll [262656 2018-04-12] (Microsoft Corporation)
R3 netprofm; C:\WINDOWS\System32\netprofmsvc.dll [507392 2018-04-12] (Microsoft Corporation)
S3 NetSetupSvc; C:\WINDOWS\System32\NetSetupSvc.dll [335360 2018-04-12] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [136296 2018-04-12] (Microsoft Corporation)
R3 NgcCtnrSvc; C:\WINDOWS\System32\NgcCtnrSvc.dll [582144 2018-04-12] (Microsoft Corporation)
R3 NgcSvc; C:\WINDOWS\system32\ngcsvc.dll [785408 2018-04-12] (Microsoft Corporation)
R2 NlaSvc; C:\WINDOWS\System32\nlasvc.dll [367616 2018-04-12] (Microsoft Corporation)
R2 nsi; C:\WINDOWS\system32\nsisvc.dll [30720 2018-04-12] (Microsoft Corporation)
S2 OneSyncSvc; C:\WINDOWS\System32\APHostService.dll [324608 2018-04-10] (Microsoft Corporation)
R2 OneSyncSvc_4374f; C:\WINDOWS\system32\svchost.exe [51288 2018-04-12] (Microsoft Corporation)
R2 OneSyncSvc_4374f; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation)
S3 ose64; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [263344 2018-05-24] (Microsoft Corporation)
S3 p2pimsvc; C:\WINDOWS\system32\pnrpsvc.dll [343552 2018-04-12] (Microsoft Corporation)
S3 p2psvc; C:\WINDOWS\system32\p2psvc.dll [424960 2018-04-12] (Microsoft Corporation)
R2 PanGPS; C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe [3478344 2017-05-18] (Palo Alto Networks)
R3 PcaSvc; C:\WINDOWS\System32\pcasvc.dll [541080 2018-04-12] (Microsoft Corporation)
S3 PeerDistSvc; C:\WINDOWS\system32\peerdistsvc.dll [1967104 2018-04-12] (Microsoft Corporation)
S3 PerfHost; C:\WINDOWS\SysWow64\perfhost.exe [21504 2018-04-12] (Microsoft Corporation)
S3 PhoneSvc; C:\WINDOWS\System32\PhoneService.dll [835584 2018-05-20] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc; C:\WINDOWS\System32\PimIndexMaintenance.dll [185856 2018-04-12] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_4374f; C:\WINDOWS\system32\svchost.exe [51288 2018-04-12] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_4374f; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation)
S3 pla; C:\WINDOWS\system32\pla.dll [1463296 2018-04-12] (Microsoft Corporation)
S3 pla; C:\WINDOWS\SysWOW64\pla.dll [1537536 2018-04-12] (Microsoft Corporation)
R3 PlugPlay; C:\WINDOWS\system32\umpnpmgr.dll [119296 2018-04-12] (Microsoft Corporation)
S3 PNRPAutoReg; C:\WINDOWS\system32\pnrpauto.dll [26624 2018-04-12] (Microsoft Corporation)
S3 PNRPsvc; C:\WINDOWS\system32\pnrpsvc.dll [343552 2018-04-12] (Microsoft Corporation)
R3 PolicyAgent; C:\WINDOWS\System32\ipsecsvc.dll [441856 2018-04-12] (Microsoft Corporation)
R2 Power; C:\WINDOWS\system32\umpo.dll [152576 2018-04-12] (Microsoft Corporation)
S3 PrintNotify; C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll [3441152 2018-04-12] (Microsoft Corporation)
S3 PrintWorkflowUserSvc; C:\WINDOWS\System32\PrintWorkflowService.dll [170496 2018-04-12] (Microsoft Corporation)
S3 PrintWorkflowUserSvc; C:\WINDOWS\SysWOW64\PrintWorkflowService.dll [138240 2018-04-12] (Microsoft Corporation)
S3 PrintWorkflowUserSvc_4374f; C:\WINDOWS\system32\svchost.exe [51288 2018-04-12] (Microsoft Corporation)
S3 PrintWorkflowUserSvc_4374f; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation)
R2 ProfSvc; C:\WINDOWS\system32\profsvc.dll [394240 2018-04-12] (Microsoft Corporation)
S3 PushToInstall; C:\WINDOWS\system32\PushToInstall.dll [262144 2018-04-12] (Microsoft Corporation)
S3 QWAVE; C:\WINDOWS\system32\qwave.dll [278016 2018-04-12] (Microsoft Corporation)
S3 QWAVE; C:\WINDOWS\SysWOW64\qwave.dll [236032 2018-04-12] (Microsoft Corporation)
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [104960 2018-04-12] (Microsoft Corporation)
R2 RasMan; C:\WINDOWS\System32\rasmans.dll [932352 2018-06-08] (Microsoft Corporation)
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [497664 2018-04-12] (Microsoft Corporation)
S4 RemoteAccess; C:\WINDOWS\SysWOW64\mprdim.dll [407552 2018-04-12] (Microsoft Corporation)
S4 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [155648 2018-04-12] (Microsoft Corporation)
S3 RetailDemo; C:\WINDOWS\system32\RDXService.dll [681984 2018-04-12] (Microsoft Corporation)
S3 RmSvc; C:\WINDOWS\System32\RMapi.dll [153600 2018-04-12] (Microsoft Corporation)
R2 RpcEptMapper; C:\WINDOWS\System32\RpcEpMap.dll [78336 2018-04-12] (Microsoft Corporation)
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [10752 2018-04-12] (Microsoft Corporation)
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [1160192 2018-06-08] (Microsoft Corporation)
R2 SamSs; C:\WINDOWS\system32\lsass.exe [57976 2018-04-12] (Microsoft Corporation)
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.dll [258560 2018-04-12] (Microsoft Corporation)
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [198144 2018-04-12] (Microsoft Corporation)
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [889344 2018-04-12] (Microsoft Corporation)
S3 SCPolicySvc; C:\WINDOWS\System32\certprop.dll [188928 2018-04-12] (Microsoft Corporation)
S3 SDRSVC; C:\WINDOWS\System32\SDRSVC.dll [146944 2018-04-12] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
S3 seclogon; C:\WINDOWS\system32\seclogon.dll [30720 2018-04-12] (Microsoft Corporation)
R2 SecurityHealthService; C:\WINDOWS\system32\SecurityHealthService.exe [761440 2018-04-12] (Microsoft Corporation)
R3 SEMgrSvc; C:\WINDOWS\system32\SEMgrSvc.dll [1248768 2018-04-12] (Microsoft Corporation)
R2 SENS; C:\WINDOWS\System32\sens.dll [73216 2018-04-12] (Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
S3 SensorDataService; C:\WINDOWS\System32\SensorDataService.exe [1273344 2018-04-12] (Microsoft Corporation)
S3 SensorService; C:\WINDOWS\system32\SensorService.dll [712192 2018-04-12] (Microsoft Corporation)
S3 SensrSvc; C:\WINDOWS\system32\sensrsvc.dll [207872 2018-04-12] (Microsoft Corporation)
S3 SessionEnv; C:\WINDOWS\system32\sessenv.dll [397312 2018-04-12] (Microsoft Corporation)
S3 SessionEnv; C:\WINDOWS\SysWOW64\sessenv.dll [346112 2018-04-12] (Microsoft Corporation)
R2 SgrmBroker; C:\WINDOWS\system32\SgrmBroker.exe [163336 2018-04-12] (Microsoft Corporation)
S3 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [604672 2018-04-12] (Microsoft Corporation)
S3 SharedRealitySvc; C:\WINDOWS\System32\SharedRealitySvc.dll [712704 2018-04-12] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [613376 2018-04-12] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINDOWS\SysWOW64\shsvcs.dll [564736 2018-04-12] (Microsoft Corporation)
S4 shpamsvc; C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll [195584 2018-04-12] (Microsoft Corporation)
S3 smphost; C:\WINDOWS\System32\smphost.dll [23552 2018-04-12] (Microsoft Corporation)
S3 smphost; C:\WINDOWS\SysWOW64\smphost.dll [20992 2018-04-12] (Microsoft Corporation)
S3 SmsRouter; C:\WINDOWS\system32\SmsRouterSvc.dll [590336 2018-04-12] (Microsoft Corporation)
S3 SNMPTRAP; C:\WINDOWS\System32\snmptrap.exe [15360 2018-04-12] (Microsoft Corporation)
S3 spectrum; C:\WINDOWS\system32\spectrum.exe [976384 2018-06-08] (Microsoft Corporation)
S2 Spooler; C:\WINDOWS\System32\spoolsv.exe [768512 2018-04-12] (Microsoft Corporation)
S2 sppsvc; C:\WINDOWS\system32\sppsvc.exe [4527680 2018-06-08] (Microsoft Corporation)
R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [228864 2018-04-12] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R3 SstpSvc; C:\WINDOWS\system32\sstpsvc.dll [207872 2018-04-12] (Microsoft Corporation)
R3 StateRepository; C:\WINDOWS\system32\windows.staterepository.dll [4970360 2018-06-08] (Microsoft Corporation)
R3 StateRepository; C:\WINDOWS\SysWOW64\windows.staterepository.dll [4469832 2018-06-08] (Microsoft Corporation)
R2 stisvc; C:\WINDOWS\System32\wiaservc.dll [611840 2018-04-12] (Microsoft Corporation)
R3 StorSvc; C:\WINDOWS\system32\storsvc.dll [960512 2018-05-20] (Microsoft Corporation)
S3 svsvc; C:\WINDOWS\system32\svsvc.dll [13824 2018-04-12] (Microsoft Corporation)
S3 swprv; C:\WINDOWS\System32\swprv.dll [467456 2018-04-12] (Microsoft Corporation)
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7003048 2017-12-22] ()
R2 SysMain; C:\WINDOWS\system32\sysmain.dll [972800 2018-04-12] (Microsoft Corporation)
R2 SystemEventsBroker; C:\WINDOWS\System32\SystemEventsBrokerServer.dll [281600 2018-04-12] (Microsoft Corporation)
R3 TabletInputService; C:\WINDOWS\System32\TabSvc.dll [221696 2018-04-12] (Microsoft Corporation)
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [308224 2018-04-12] (Microsoft Corporation)
R3 TapiSrv; C:\WINDOWS\SysWOW64\tapisrv.dll [254464 2018-04-12] (Microsoft Corporation)
S3 TermService; C:\WINDOWS\System32\termsrv.dll [1030656 2018-04-12] (Microsoft Corporation)
R2 Themes; C:\WINDOWS\system32\themeservice.dll [69632 2018-04-12] (Microsoft Corporation)
S3 TieringEngineService; C:\WINDOWS\system32\TieringEngineService.exe [303616 2018-04-12] (Microsoft Corporation)
R3 TimeBrokerSvc; C:\WINDOWS\System32\TimeBrokerServer.dll [176128 2018-04-12] (Microsoft Corporation)
R3 TokenBroker; C:\WINDOWS\System32\TokenBroker.dll [1395200 2018-06-08] (Microsoft Corporation)
R3 TokenBroker; C:\WINDOWS\SysWOW64\TokenBroker.dll [999936 2018-06-08] (Microsoft Corporation)
R2 TrkWks; C:\WINDOWS\System32\trkwks.dll [110592 2018-04-12] (Microsoft Corporation)
S3 TrustedInstaller; C:\WINDOWS\servicing\TrustedInstaller.exe [131584 2018-04-11] (Microsoft Corporation)
S3 tzautoupdate; C:\WINDOWS\system32\tzautoupdate.dll [92160 2018-04-12] (Microsoft Corporation)
S3 tzautoupdate; C:\WINDOWS\SysWOW64\tzautoupdate.dll [72192 2018-04-12] (Microsoft Corporation)
S4 UevAgentService; C:\WINDOWS\system32\AgentService.exe [1189376 2018-04-12] (Microsoft Corporation)
S3 UmRdpService; C:\WINDOWS\System32\umrdp.dll [367104 2018-04-12] (Microsoft Corporation)
S3 UnistoreSvc; C:\WINDOWS\System32\unistore.dll [1220096 2018-04-12] (Microsoft Corporation)
S3 UnistoreSvc; C:\WINDOWS\SysWOW64\unistore.dll [965632 2018-04-12] (Microsoft Corporation)
R3 UnistoreSvc_4374f; C:\WINDOWS\System32\svchost.exe [51288 2018-04-12] (Microsoft Corporation)
R3 UnistoreSvc_4374f; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation)
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [451072 2018-04-12] (Microsoft Corporation)
S3 upnphost; C:\WINDOWS\SysWOW64\upnphost.dll [331264 2018-04-12] (Microsoft Corporation)
S3 UserDataSvc; C:\WINDOWS\System32\userdataservice.dll [1495040 2018-04-12] (Microsoft Corporation)
R3 UserDataSvc_4374f; C:\WINDOWS\system32\svchost.exe [51288 2018-04-12] (Microsoft Corporation)
R3 UserDataSvc_4374f; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation)
R2 UserManager; C:\WINDOWS\System32\usermgr.dll [1027584 2018-04-12] (Microsoft Corporation)
R2 UsoSvc; C:\WINDOWS\system32\usocore.dll [1371648 2018-06-08] (Microsoft Corporation)
S3 VacSvc; C:\WINDOWS\System32\vac.dll [411256 2018-04-12] (Microsoft Corporation)
R3 VaultSvc; C:\Windows\System32\vaultsvc.dll [345600 2018-04-12] (Microsoft Corporation)
S3 vds; C:\WINDOWS\System32\vds.exe [642560 2018-04-12] (Microsoft Corporation)
S3 vmicguestinterface; C:\WINDOWS\System32\icsvc.dll [289792 2018-04-12] (Microsoft Corporation)
S3 vmicheartbeat; C:\WINDOWS\System32\icsvc.dll [289792 2018-04-12] (Microsoft Corporation)
S3 vmickvpexchange; C:\WINDOWS\System32\icsvc.dll [289792 2018-04-12] (Microsoft Corporation)
S3 vmicrdv; C:\WINDOWS\System32\icsvcext.dll [309760 2018-04-12] (Microsoft Corporation)
S3 vmicshutdown; C:\WINDOWS\System32\icsvc.dll [289792 2018-04-12] (Microsoft Corporation)
S3 vmictimesync; C:\WINDOWS\System32\icsvc.dll [289792 2018-04-12] (Microsoft Corporation)
S3 vmicvmsession; C:\WINDOWS\System32\icsvc.dll [289792 2018-04-12] (Microsoft Corporation)
S3 vmicvss; C:\WINDOWS\System32\icsvcext.dll [309760 2018-04-12] (Microsoft Corporation)
S3 VSS; C:\WINDOWS\system32\vssvc.exe [1540096 2018-04-12] (Microsoft Corporation)
S3 W32Time; C:\WINDOWS\system32\w32time.dll [579584 2018-04-12] (Microsoft Corporation)
S3 WaaSMedicSvc; C:\WINDOWS\System32\WaaSMedicSvc.dll [392704 2018-04-12] (Microsoft Corporation)
S3 WalletService; C:\WINDOWS\system32\WalletService.dll [427520 2018-04-12] (Microsoft Corporation)
S3 WarpJITSvc; C:\WINDOWS\System32\Windows.WARP.JITService.dll [31744 2018-04-12] (Microsoft Corporation)
S3 wbengine; C:\WINDOWS\system32\wbengine.exe [1535488 2018-04-12] (Microsoft Corporation)
S3 WbioSrvc; C:\WINDOWS\System32\wbiosrvc.dll [983040 2018-06-08] (Microsoft Corporation)
R2 Wcmsvc; C:\WINDOWS\System32\wcmsvc.dll [950272 2018-04-12] (Microsoft Corporation)
S3 wcncsvc; C:\WINDOWS\System32\wcncsvc.dll [468992 2018-04-12] (Microsoft Corporation)
R3 WdiServiceHost; C:\WINDOWS\system32\wdi.dll [99840 2018-04-12] (Microsoft Corporation)
R3 WdiServiceHost; C:\WINDOWS\SysWOW64\wdi.dll [89088 2018-04-12] (Microsoft Corporation)
S3 WdiSystemHost; C:\WINDOWS\system32\wdi.dll [99840 2018-04-12] (Microsoft Corporation)
S3 WdiSystemHost; C:\WINDOWS\SysWOW64\wdi.dll [89088 2018-04-12] (Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe [4682552 2018-05-30] (Microsoft Corporation)
S3 WebClient; C:\WINDOWS\System32\webclnt.dll [217088 2018-04-12] (Microsoft Corporation)
S3 WebClient; C:\WINDOWS\SysWOW64\webclnt.dll [191488 2018-04-12] (Microsoft Corporation)
S3 Wecsvc; C:\WINDOWS\system32\wecsvc.dll [202240 2018-04-12] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [27136 2018-04-12] (Microsoft Corporation)
S3 wercplsupport; C:\WINDOWS\System32\wercplsupport.dll [119808 2018-04-12] (Microsoft Corporation)
S3 WerSvc; C:\WINDOWS\System32\WerSvc.dll [204288 2018-04-12] (Microsoft Corporation)
S3 WFDSConMgrSvc; C:\WINDOWS\System32\wfdsconmgrsvc.dll [637440 2018-04-12] (Microsoft Corporation)
S3 WiaRpc; C:\WINDOWS\System32\wiarpc.dll [81920 2018-04-12] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe [101096 2018-05-30] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; C:\WINDOWS\system32\winhttp.dll [900336 2018-04-12] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; C:\WINDOWS\SysWOW64\winhttp.dll [719552 2018-04-12] (Microsoft Corporation)
R2 Winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [224256 2018-04-12] (Microsoft Corporation)
S3 WinRM; C:\WINDOWS\system32\WsmSvc.dll [2612736 2018-04-12] (Microsoft Corporation)
S3 WinRM; C:\WINDOWS\SysWOW64\WsmSvc.dll [2378752 2018-04-12] (Microsoft Corporation)
S3 wisvc; C:\WINDOWS\system32\flightsettings.dll [858112 2018-06-08] (Microsoft Corporation)
S3 wisvc; C:\WINDOWS\SysWOW64\flightsettings.dll [729088 2018-06-08] (Microsoft Corporation)
S3 WlanSvc; C:\WINDOWS\System32\wlansvc.dll [2583552 2018-04-12] (Microsoft Corporation)
S3 wlidsvc; C:\WINDOWS\system32\wlidsvc.dll [2248192 2018-06-08] (Microsoft Corporation)
S3 wlpasvc; C:\WINDOWS\System32\lpasvc.dll [1359360 2018-04-12] (Microsoft Corporation)
S3 wmiApSrv; C:\WINDOWS\system32\wbem\WmiApSrv.exe [203264 2018-04-12] (Microsoft Corporation)
S4 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1184256 2018-04-11] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [2197408 2018-04-12] (Microsoft Corporation)
S3 WpcMonSvc; C:\WINDOWS\System32\WpcDesktopMonSvc.dll [1456640 2018-05-20] (Microsoft Corporation)
S3 WPDBusEnum; C:\WINDOWS\system32\wpdbusenum.dll [82432 2018-04-12] (Microsoft Corporation)
R2 WpnService; C:\WINDOWS\system32\WpnService.dll [280576 2018-04-12] (Microsoft Corporation)
S2 WpnUserService; C:\WINDOWS\System32\WpnUserService.dll [96768 2018-04-12] (Microsoft Corporation)
R2 WpnUserService_4374f; C:\WINDOWS\system32\svchost.exe [51288 2018-04-12] (Microsoft Corporation)
R2 WpnUserService_4374f; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation)
R2 wscsvc; C:\WINDOWS\System32\wscsvc.dll [266240 2018-04-12] (Microsoft Corporation)
R2 WSearch; C:\WINDOWS\system32\SearchIndexer.exe [1057792 2018-04-12] (Microsoft Corporation)
R2 WSearch; C:\WINDOWS\SysWOW64\SearchIndexer.exe [856064 2018-04-12] (Microsoft Corporation)
R3 wuauserv; C:\WINDOWS\system32\wuaueng.dll [2902016 2018-06-08] (Microsoft Corporation)
S3 WwanSvc; C:\WINDOWS\System32\wwansvc.dll [1679360 2018-04-12] (Microsoft Corporation)
S3 xbgm; C:\WINDOWS\system32\xbgmsvc.exe [59512 2018-04-12] (Microsoft Corporation)
S3 XblAuthManager; C:\WINDOWS\System32\XblAuthManager.dll [1115648 2018-04-12] (Microsoft Corporation)
S3 XblGameSave; C:\WINDOWS\System32\XblGameSave.dll [1308672 2018-04-12] (Microsoft Corporation)
S3 XboxGipSvc; C:\WINDOWS\System32\XboxGipSvc.dll [58880 2018-04-12] (Microsoft Corporation)
S3 XboxNetApiSvc; C:\WINDOWS\system32\XboxNetApiSvc.dll [1148928 2018-04-12] (Microsoft Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

crazycolin · 2018/06/13

===================== Drivers (All) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394ohci; C:\WINDOWS\System32\drivers\1394ohci.sys [237568 2018-04-12] (Microsoft Corporation)
S0 3ware; C:\WINDOWS\System32\drivers\3ware.sys [107416 2018-04-12] (LSI)
R0 ACPI; C:\WINDOWS\System32\drivers\ACPI.sys [654232 2018-04-12] (Microsoft Corporation)
S3 AcpiDev; C:\WINDOWS\System32\drivers\AcpiDev.sys [20480 2018-04-12] (Microsoft Corporation)
R0 acpiex; C:\WINDOWS\System32\Drivers\acpiex.sys [127904 2018-04-12] (Microsoft Corporation)
S3 acpipagr; C:\WINDOWS\System32\drivers\acpipagr.sys [12800 2018-04-12] (Microsoft Corporation)
S3 AcpiPmi; C:\WINDOWS\System32\drivers\acpipmi.sys [14848 2018-04-12] (Microsoft Corporation)
S3 acpitime; C:\WINDOWS\System32\drivers\acpitime.sys [13824 2018-04-12] (Microsoft Corporation)
S0 ADP80XX; C:\WINDOWS\System32\drivers\ADP80XX.SYS [1135520 2018-04-12] (PMC-Sierra)
R1 AFD; C:\WINDOWS\system32\drivers\afd.sys [626592 2018-04-12] (Microsoft Corporation)
R1 afunix; C:\WINDOWS\system32\drivers\afunix.sys [39424 2018-04-12] (Microsoft Corporation)
R1 afunix; C:\Windows\SysWOW64\drivers\afunix.sys [29696 2018-04-12] (Microsoft Corporation)
R1 ahcache; C:\WINDOWS\System32\DRIVERS\ahcache.sys [254464 2018-04-12] (Microsoft Corporation)
S3 AmdK8; C:\WINDOWS\System32\drivers\amdk8.sys [181760 2018-04-12] (Microsoft Corporation)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [21620752 2017-12-17] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [672272 2017-12-17] (Advanced Micro Devices, Inc.)
S3 AmdPPM; C:\WINDOWS\System32\drivers\amdppm.sys [179712 2018-04-12] (Microsoft Corporation)
S0 amdsata; C:\WINDOWS\System32\drivers\amdsata.sys [83360 2018-04-12] (Advanced Micro Devices)
S0 amdsbs; C:\WINDOWS\System32\drivers\amdsbs.sys [259480 2018-04-12] (AMD Technologies Inc.)
S0 amdxata; C:\WINDOWS\System32\drivers\amdxata.sys [27032 2018-04-12] (Advanced Micro Devices)
S3 AppID; C:\WINDOWS\System32\drivers\appid.sys [192928 2018-04-12] (Microsoft Corporation)
S3 applockerfltr; C:\WINDOWS\System32\drivers\applockerfltr.sys [18432 2018-04-12] (Microsoft Corporation)
S3 AppvStrm; C:\WINDOWS\system32\drivers\AppvStrm.sys [127384 2018-04-12] (Microsoft Corporation)
S3 AppvVemgr; C:\WINDOWS\system32\drivers\AppvVemgr.sys [162712 2018-04-12] (Microsoft Corporation)
S3 AppvVfs; C:\WINDOWS\system32\drivers\AppvVfs.sys [143768 2018-04-12] (Microsoft Corporation)
S0 arcsas; C:\WINDOWS\System32\drivers\arcsas.sys [132000 2018-04-12] (PMC-Sierra, Inc.)
S3 AsyncMac; C:\WINDOWS\System32\drivers\asyncmac.sys [28672 2018-04-12] (Microsoft Corporation)
S0 atapi; C:\WINDOWS\System32\drivers\atapi.sys [28568 2018-04-12] (Microsoft Corporation)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110096 2017-12-17] (Advanced Micro Devices)
S0 b06bdrv; C:\WINDOWS\System32\drivers\bxvbda.sys [533912 2018-04-12] (QLogic Corporation)
R1 bam; C:\WINDOWS\System32\drivers\bam.sys [60320 2018-04-12] (Microsoft Corporation)
R1 BasicDisplay; C:\WINDOWS\System32\drivers\BasicDisplay.sys [63488 2018-04-12] (Microsoft Corporation)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [34816 2018-04-12] (Microsoft Corporation)
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [39840 2018-04-12] (Microsoft Corporation)
S3 bcmfn2; C:\WINDOWS\System32\drivers\bcmfn2.sys [9728 2018-04-12] (Windows (R) Win 7 DDK provider)
R1 BdAgent; C:\WINDOWS\System32\DRIVERS\BdAgent.sys [174744 2017-09-16] (BullGuard Ltd.)
R0 BdNet; C:\WINDOWS\System32\DRIVERS\BdNet.sys [155568 2017-08-25] (BullGuard Ltd.)
R1 BdSentry; C:\WINDOWS\System32\DRIVERS\BdSentry.sys [86384 2018-04-26] (BullGuard Ltd.)
R1 BdSpy; C:\WINDOWS\System32\DRIVERS\BdSpy.sys [94952 2017-08-25] (BullGuard Ltd.)
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [10240 2018-04-12] (Microsoft Corporation)
S3 bindflt; C:\WINDOWS\system32\drivers\bindflt.sys [92056 2018-04-12] (Microsoft Corporation)
R3 bowser; C:\WINDOWS\System32\DRIVERS\bowser.sys [101888 2018-04-12] (Microsoft Corporation)
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [112128 2018-04-12] (Microsoft Corporation)
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [67072 2018-04-12] (Microsoft Corporation)
S0 bttflt; C:\WINDOWS\System32\drivers\bttflt.sys [38304 2018-04-12] (Microsoft Corporation)
S3 buttonconverter; C:\WINDOWS\System32\drivers\buttonconverter.sys [39936 2018-04-12] (Microsoft Corporation)
S3 CAD; C:\WINDOWS\System32\drivers\CAD.sys [60320 2018-04-12] (Microsoft Corporation)
S3 CapImg; C:\WINDOWS\System32\drivers\capimg.sys [123392 2018-04-12] (Microsoft Corporation)
S4 cdfs; C:\WINDOWS\System32\DRIVERS\cdfs.sys [93696 2018-04-12] (Microsoft Corporation)
R1 cdrom; C:\WINDOWS\System32\drivers\cdrom.sys [159744 2018-04-12] (Microsoft Corporation)
S0 cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [321432 2018-04-12] (Chelsio Communications)
S3 cht4vbd; C:\WINDOWS\System32\drivers\cht4vx64.sys [1836952 2018-04-12] (Chelsio Communications)
S3 circlass; C:\WINDOWS\System32\drivers\circlass.sys [49152 2018-04-12] (Microsoft Corporation)
R2 CldFlt; C:\WINDOWS\System32\drivers\cldflt.sys [414208 2018-04-12] (Microsoft Corporation)
R0 CLFS; C:\WINDOWS\System32\drivers\CLFS.sys [382872 2018-05-15] (Microsoft Corporation)
S3 CmBatt; C:\WINDOWS\System32\drivers\CmBatt.sys [32256 2018-04-12] (Microsoft Corporation)
R0 CNG; C:\WINDOWS\System32\Drivers\cng.sys [709824 2018-06-08] (Microsoft Corporation)
S4 cnghwassist; C:\WINDOWS\System32\DRIVERS\cnghwassist.sys [39328 2018-04-12] (Microsoft Corporation)
S3 CompFilter64; C:\WINDOWS\System32\drivers\lvbflt64.sys [26784 2012-10-23] (Logitech Inc.)
R3 CompositeBus; C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_bcb89b3386563bd7\CompositeBus.sys [40448 2018-04-12] (Microsoft Corporation)
R3 condrv; C:\WINDOWS\System32\drivers\condrv.sys [55200 2018-04-12] (Microsoft Corporation)
R1 CSC; C:\WINDOWS\System32\drivers\csc.sys [561152 2018-04-12] (Microsoft Corporation)
S1 dam; C:\WINDOWS\System32\drivers\dam.sys [91544 2018-04-12] (Microsoft Corporation)
S3 dcdbas; C:\WINDOWS\System32\drivers\dcdbas64.sys [39016 2012-08-16] (Dell Inc.)
R1 Dfsc; C:\WINDOWS\System32\Drivers\dfsc.sys [141312 2018-04-12] (Microsoft Corporation)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R0 Disk; C:\WINDOWS\System32\drivers\disk.sys [94112 2018-04-12] (Microsoft Corporation)
S3 dmvsc; C:\WINDOWS\System32\drivers\dmvsc.sys [47104 2018-04-12] (Microsoft Corporation)
S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [16232 2018-04-12] (Microsoft Corporation)
R1 DXGKrnl; C:\WINDOWS\System32\drivers\dxgkrnl.sys [2836384 2018-06-08] (Microsoft Corporation)
R3 e1cexpress; C:\WINDOWS\system32\DRIVERS\e1c65x64.sys [488736 2015-08-03] (Intel Corporation)
S0 ebdrv; C:\WINDOWS\System32\drivers\evbda.sys [3419032 2018-04-12] (QLogic Corporation)
S0 EhStorClass; C:\WINDOWS\System32\drivers\EhStorClass.sys [88472 2018-04-12] (Microsoft Corporation)
S0 EhStorTcgDrv; C:\WINDOWS\System32\drivers\EhStorTcgDrv.sys [118680 2018-04-12] (Microsoft Corporation)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [40344 2014-12-20] (Elaborate Bytes AG)
S3 ErrDev; C:\WINDOWS\System32\drivers\errdev.sys [13824 2018-04-12] (Microsoft Corporation)
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [357888 2018-04-12] (Microsoft Corporation)
R3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [375200 2018-04-12] (Microsoft Corporation)
S3 fdc; C:\WINDOWS\System32\drivers\fdc.sys [32768 2018-04-12] (Microsoft Corporation)
R1 FileCrypt; C:\WINDOWS\System32\drivers\filecrypt.sys [55808 2018-04-12] (Microsoft Corporation)
R0 FileInfo; C:\WINDOWS\System32\drivers\fileinfo.sys [86432 2018-04-12] (Microsoft Corporation)
S3 Filetrace; C:\WINDOWS\System32\drivers\filetrace.sys [36352 2018-04-12] (Microsoft Corporation)
R2 file_protector; C:\WINDOWS\System32\DRIVERS\file_protector.sys [569392 2018-04-10] (Acronis International GmbH)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [379664 2018-04-10] (Acronis International GmbH)
S3 flpydisk; C:\WINDOWS\System32\drivers\flpydisk.sys [26624 2018-04-12] (Microsoft Corporation)
R0 FltMgr; C:\WINDOWS\System32\drivers\fltmgr.sys [402848 2018-04-12] (Microsoft Corporation)
R0 fltsrv; C:\WINDOWS\System32\DRIVERS\fltsrv.sys [182832 2018-04-10] (Acronis International GmbH)
S3 FsDepends; C:\WINDOWS\System32\drivers\FsDepends.sys [62872 2018-04-12] (Microsoft Corporation)
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [34208 2018-04-12] (Microsoft Corporation)
R0 fvevol; C:\WINDOWS\System32\DRIVERS\fvevol.sys [744864 2018-04-12] (Microsoft Corporation)
S3 gencounter; C:\WINDOWS\System32\drivers\vmgencounter.sys [13312 2018-04-12] (Microsoft Corporation)
S3 genericusbfn; C:\WINDOWS\System32\drivers\genericusbfn.sys [20992 2018-04-12] (Microsoft Corporation)
S3 GPIOClx0101; C:\WINDOWS\System32\Drivers\msgpioclx.sys [169368 2018-04-12] (Microsoft Corporation)
R1 GpuEnergyDrv; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [8192 2018-04-12] (Microsoft Corporation)
R3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [436736 2018-04-12] (Microsoft Corporation)
R3 HDAudBus; C:\WINDOWS\System32\drivers\HDAudBus.sys [86016 2018-04-12] (Microsoft Corporation)
S3 HidBatt; C:\WINDOWS\System32\drivers\HidBatt.sys [38304 2018-04-12] (Microsoft Corporation)
S3 HidBth; C:\WINDOWS\System32\drivers\hidbth.sys [115200 2018-04-12] (Microsoft Corporation)
S3 hidi2c; C:\WINDOWS\System32\drivers\hidi2c.sys [54272 2018-04-12] (Microsoft Corporation)
S3 hidinterrupt; C:\WINDOWS\System32\drivers\hidinterrupt.sys [50592 2018-04-12] (Microsoft Corporation)
S3 HidIr; C:\WINDOWS\System32\drivers\hidir.sys [47104 2018-04-12] (Microsoft Corporation)
R3 HidUsb; C:\WINDOWS\System32\drivers\hidusb.sys [42496 2018-04-12] (Microsoft Corporation)
R3 hmatap; C:\WINDOWS\System32\drivers\hmatap.sys [36456 2017-12-05] (The OpenVPN Project)
S0 HpSAMD; C:\WINDOWS\System32\drivers\HpSAMD.sys [64408 2018-04-12] (Hewlett-Packard Company)
R3 HTTP; C:\WINDOWS\System32\drivers\HTTP.sys [1026976 2018-06-08] (Microsoft Corporation)
S4 hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [33184 2018-04-12] (Microsoft Corporation)
S3 hvservice; C:\WINDOWS\System32\drivers\hvservice.sys [73632 2018-04-12] (Microsoft Corporation)
S3 HwNClx0101; C:\WINDOWS\System32\Drivers\mshwnclx.sys [27136 2018-04-12] (Microsoft Corporation)
S0 hwpolicy; C:\WINDOWS\System32\drivers\hwpolicy.sys [29592 2018-04-12] (Microsoft Corporation)
S3 hyperkbd; C:\WINDOWS\System32\drivers\hyperkbd.sys [16896 2018-04-12] (Microsoft Corporation)
S3 HyperVideo; C:\WINDOWS\System32\drivers\HyperVideo.sys [28672 2018-04-12] (Microsoft Corporation)
S3 i8042prt; C:\WINDOWS\System32\drivers\i8042prt.sys [105984 2018-04-12] (Microsoft Corporation)
S3 iagpio; C:\WINDOWS\System32\drivers\iagpio.sys [36864 2018-04-12] (Intel(R) Corporation)
S3 iai2c; C:\WINDOWS\System32\drivers\iai2c.sys [91648 2018-04-12] (Intel(R) Corporation)
S3 iaLPSS2i_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [79360 2018-04-12] (Intel Corporation)
S3 iaLPSS2i_GPIO2_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [88576 2018-04-12] (Intel Corporation)
S3 iaLPSS2i_I2C; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [171520 2018-04-12] (Intel Corporation)
S3 iaLPSS2i_I2C_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [174592 2018-04-12] (Intel Corporation)
S3 iaLPSSi_GPIO; C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [38128 2018-04-12] (Intel Corporation)
S3 iaLPSSi_I2C; C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [113152 2018-04-12] (Intel Corporation)
S0 iaStorAVC; C:\WINDOWS\System32\drivers\iaStorAVC.sys [885144 2018-04-12] (Intel Corporation)
S0 iaStorV; C:\WINDOWS\System32\drivers\iaStorV.sys [412064 2018-04-12] (Intel Corporation)
S3 ibbus; C:\WINDOWS\System32\drivers\ibbus.sys [526232 2018-04-12] (Mellanox)
S3 IndirectKmd; C:\WINDOWS\System32\drivers\IndirectKmd.sys [38912 2018-04-12] (Microsoft Corporation)
S0 intelide; C:\WINDOWS\System32\drivers\intelide.sys [19360 2018-04-12] (Microsoft Corporation)
R0 intelpep; C:\WINDOWS\System32\drivers\intelpep.sys [177192 2018-04-12] (Microsoft Corporation)
R3 intelppm; C:\WINDOWS\System32\drivers\intelppm.sys [200704 2018-04-12] (Microsoft Corporation)
R0 iorate; C:\WINDOWS\System32\drivers\iorate.sys [58272 2018-04-12] (Microsoft Corporation)
S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [85504 2018-04-12] (Microsoft Corporation)
S3 IPMIDRV; C:\WINDOWS\System32\drivers\IPMIDrv.sys [92064 2018-04-12] (Microsoft Corporation)
S3 IPNAT; C:\WINDOWS\System32\drivers\ipnat.sys [214528 2018-04-12] (Microsoft Corporation)
S3 IPT; C:\WINDOWS\System32\drivers\ipt.sys [32256 2018-04-12] (Microsoft Corporation)
S3 irda; C:\WINDOWS\system32\drivers\irda.sys [119808 2018-04-12] (Microsoft Corporation)
S3 IRENUM; C:\WINDOWS\System32\drivers\irenum.sys [19968 2018-04-12] (Microsoft Corporation)
S0 isapnp; C:\WINDOWS\System32\drivers\isapnp.sys [22944 2018-04-12] (Microsoft Corporation)
S3 iScsiPrt; C:\WINDOWS\System32\drivers\msiscsi.sys [280984 2018-04-12] (Microsoft Corporation)
S0 ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [145816 2018-04-12] (Avago Technologies)
R3 kbdclass; C:\WINDOWS\System32\drivers\kbdclass.sys [63904 2018-04-12] (Microsoft Corporation)
R3 kbdhid; C:\WINDOWS\System32\drivers\kbdhid.sys [40448 2018-04-12] (Microsoft Corporation)
R3 kdnic; C:\WINDOWS\System32\drivers\kdnic.sys [23040 2018-04-12] (Microsoft Corporation)
R0 KSecDD; C:\WINDOWS\System32\Drivers\ksecdd.sys [139672 2018-04-12] (Microsoft Corporation)
R0 KSecPkg; C:\WINDOWS\System32\Drivers\ksecpkg.sys [170912 2018-06-08] (Microsoft Corporation)
R3 ksthunk; C:\WINDOWS\system32\drivers\ksthunk.sys [27136 2018-04-12] (Microsoft Corporation)
R2 lltdio; C:\WINDOWS\System32\drivers\lltdio.sys [65024 2018-04-12] (Microsoft Corporation)
S0 LSI_SAS; C:\WINDOWS\System32\drivers\lsi_sas.sys [108952 2018-04-12] (LSI Corporation)
S0 LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [124312 2018-04-12] (LSI Corporation)
S0 LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [128408 2018-04-12] (Avago Technologies)
S0 LSI_SSS; C:\WINDOWS\System32\drivers\lsi_sss.sys [82848 2018-04-12] (LSI Corporation)
R2 luafv; C:\WINDOWS\system32\drivers\luafv.sys [128000 2018-04-12] (Microsoft Corporation)
S3 lvrs64; C:\WINDOWS\system32\DRIVERS\lvrs64.sys [351520 2017-12-17] (Logitech Inc.)
S3 mausbhost; C:\WINDOWS\System32\drivers\mausbhost.sys [505240 2018-04-12] (Microsoft Corporation)
S3 mausbip; C:\WINDOWS\System32\drivers\mausbip.sys [56736 2018-04-12] (Microsoft Corporation)
S0 megasas; C:\WINDOWS\System32\drivers\megasas.sys [59800 2018-04-12] (Avago Technologies)
S0 megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [75160 2018-04-12] (Avago Technologies)
S0 megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [82328 2018-04-12] (Avago Technologies)
S0 megasr; C:\WINDOWS\System32\drivers\megasr.sys [575896 2018-04-12] (LSI Corporation, Inc.)
R3 MEIx64; C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys [202032 2017-12-17] (Intel Corporation)
S3 mlx4_bus; C:\WINDOWS\System32\drivers\mlx4_bus.sys [842648 2018-04-12] (Mellanox)
R2 MMCSS; C:\WINDOWS\system32\drivers\mmcss.sys [43520 2018-04-12] (Microsoft Corporation)
S3 Modem; C:\WINDOWS\System32\drivers\modem.sys [42496 2018-04-12] (Microsoft Corporation)
R3 monitor; C:\WINDOWS\System32\drivers\monitor.sys [44544 2018-04-12] (Microsoft Corporation)
R3 mouclass; C:\WINDOWS\System32\drivers\mouclass.sys [56728 2018-04-12] (Microsoft Corporation)
R3 mouhid; C:\WINDOWS\System32\drivers\mouhid.sys [33280 2018-04-12] (Microsoft Corporation)
R0 mountmgr; C:\WINDOWS\System32\drivers\mountmgr.sys [104352 2018-04-12] (Microsoft Corporation)
R3 mpsdrv; C:\WINDOWS\System32\drivers\mpsdrv.sys [75776 2018-06-08] (Microsoft Corporation)
S3 MRxDAV; C:\WINDOWS\system32\drivers\mrxdav.sys [144384 2018-06-08] (Microsoft Corporation)
R3 mrxsmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [500632 2018-04-12] (Microsoft Corporation)
R3 mrxsmb20; C:\WINDOWS\System32\DRIVERS\mrxsmb20.sys [226208 2018-04-12] (Microsoft Corporation)
S3 MsBridge; C:\WINDOWS\System32\drivers\bridge.sys [116736 2018-04-12] (Microsoft Corporation)
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [31232 2018-04-12] (Microsoft Corporation)
S3 msgpiowin32; C:\WINDOWS\System32\drivers\msgpiowin32.sys [50592 2018-04-12] (Microsoft Corporation)
S3 mshidkmdf; C:\WINDOWS\System32\drivers\mshidkmdf.sys [8704 2018-04-12] (Microsoft Corporation)
S3 mshidumdf; C:\WINDOWS\System32\drivers\mshidumdf.sys [11776 2018-04-12] (Microsoft Corporation)
R0 msisadrv; C:\WINDOWS\System32\drivers\msisadrv.sys [18848 2018-04-12] (Microsoft Corporation)
S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [32256 2018-06-08] (Microsoft Corporation)
R2 MsLldp; C:\WINDOWS\System32\drivers\mslldp.sys [84480 2018-04-12] (Microsoft Corporation)
S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [10752 2018-04-12] (Microsoft Corporation)
S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [10752 2018-04-12] (Microsoft Corporation)
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [375712 2018-06-08] (Microsoft Corporation)
R0 MsSecFlt; C:\WINDOWS\System32\drivers\mssecflt.sys [304032 2018-04-12] (Microsoft Corporation)
R1 mssmbios; C:\WINDOWS\System32\drivers\mssmbios.sys [40864 2018-04-12] (Microsoft Corporation)
S3 MSTEE; C:\WINDOWS\System32\drivers\MSTEE.sys [12800 2018-04-12] (Microsoft Corporation)
S3 MTConfig; C:\WINDOWS\System32\drivers\MTConfig.sys [16896 2018-04-12] (Microsoft Corporation)
R0 Mup; C:\WINDOWS\System32\Drivers\mup.sys [124832 2018-04-12] (Microsoft Corporation)
S0 mvumis; C:\WINDOWS\System32\drivers\mvumis.sys [63904 2018-04-12] (Marvell Semiconductor, Inc.)
S3 NativeWifiP; C:\WINDOWS\System32\DRIVERS\nwifi.sys [528384 2018-04-12] (Microsoft Corporation)
S3 ndfltr; C:\WINDOWS\System32\drivers\ndfltr.sys [108952 2018-04-12] (Mellanox)
R0 NDIS; C:\WINDOWS\System32\drivers\ndis.sys [1285536 2018-04-12] (Microsoft Corporation)
S3 NdisCap; C:\WINDOWS\System32\drivers\ndiscap.sys [53760 2018-04-12] (Microsoft Corporation)
S3 NdisImPlatform; C:\WINDOWS\System32\drivers\NdisImPlatform.sys [128512 2018-04-12] (Microsoft Corporation)
R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [27136 2018-04-12] (Microsoft Corporation)
S3 Ndisuio; C:\WINDOWS\System32\drivers\ndisuio.sys [65024 2018-04-12] (Microsoft Corporation)
R3 NdisVirtualBus; C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [20992 2018-04-12] (Microsoft Corporation)
R3 NdisWan; C:\WINDOWS\System32\drivers\ndiswan.sys [192512 2018-04-12] (Microsoft Corporation)
S3 ndiswanlegacy; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [192512 2018-04-12] (Microsoft Corporation)
R3 ndproxy; C:\WINDOWS\System32\DRIVERS\NDProxy.sys [63488 2018-04-12] (Microsoft Corporation)
R2 Ndu; C:\WINDOWS\System32\drivers\Ndu.sys [128000 2018-04-12] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [175104 2018-04-12] (Microsoft Corporation)
R1 NetBIOS; C:\WINDOWS\System32\drivers\netbios.sys [58264 2018-04-12] (Microsoft Corporation)
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [311296 2018-04-12] (Microsoft Corporation)
S3 netvsc; C:\WINDOWS\System32\drivers\netvsc.sys [197632 2018-04-12] (Microsoft Corporation)
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [73216 2018-04-12] (Microsoft Corporation)
R1 npsvctrig; C:\WINDOWS\System32\drivers\npsvctrig.sys [26112 2018-04-12] (Microsoft Corporation)
R1 nsiproxy; C:\WINDOWS\System32\drivers\nsiproxy.sys [44544 2018-04-12] (Microsoft Corporation)
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [2422688 2018-06-08] (Microsoft Corporation)
R1 Null; C:\Windows\System32\Drivers\Null.sys [7168 2018-04-12] (Microsoft Corporation)
S3 nvdimm; C:\WINDOWS\System32\drivers\nvdimm.sys [104448 2018-04-12] (Microsoft Corporation)
S0 nvraid; C:\WINDOWS\System32\drivers\nvraid.sys [150424 2018-04-12] (NVIDIA Corporation)
S0 nvstor; C:\WINDOWS\System32\drivers\nvstor.sys [166304 2018-04-12] (NVIDIA Corporation)
R3 PanGpd; C:\WINDOWS\system32\DRIVERS\pangpd.sys [36352 2017-05-18] (Palo Alto Networks)
S3 Parport; C:\WINDOWS\System32\drivers\parport.sys [98816 2018-04-12] (Microsoft Corporation)
R0 partmgr; C:\WINDOWS\System32\drivers\partmgr.sys [166816 2018-04-12] (Microsoft Corporation)
R0 pci; C:\WINDOWS\System32\drivers\pci.sys [375712 2018-04-12] (Microsoft Corporation)
S0 pciide; C:\WINDOWS\System32\drivers\pciide.sys [16288 2018-04-12] (Microsoft Corporation)
S0 pcmcia; C:\WINDOWS\System32\drivers\pcmcia.sys [120216 2018-04-12] (Microsoft Corporation)
R0 pcw; C:\WINDOWS\System32\drivers\pcw.sys [53152 2018-04-12] (Microsoft Corporation)
R0 pdc; C:\WINDOWS\System32\drivers\pdc.sys [140192 2018-04-12] (Microsoft Corporation)
R2 PDFsFilter; C:\WINDOWS\System32\DRIVERS\PDFsFilter.sys [82160 2018-02-21] (Raxco Software, Inc.)
R2 PEAUTH; C:\WINDOWS\System32\drivers\peauth.sys [726528 2018-04-12] (Microsoft Corporation)
R0 percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [58776 2018-04-12] (Avago Technologies)
S0 percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [61848 2018-04-12] (Avago Technologies)
S3 pmem; C:\WINDOWS\System32\drivers\pmem.sys [105984 2018-04-12] (Microsoft Corporation)
S3 PNPMEM; C:\WINDOWS\System32\drivers\pnpmem.sys [16896 2018-04-12] (Microsoft Corporation)
R3 PptpMiniport; C:\WINDOWS\System32\drivers\raspptp.sys [97280 2018-04-12] (Microsoft Corporation)
S3 Processor; C:\WINDOWS\System32\drivers\processr.sys [178176 2018-04-12] (Microsoft Corporation)
R1 Psched; C:\WINDOWS\System32\drivers\pacer.sys [152984 2018-04-12] (Microsoft Corporation)
S3 QWAVEdrv; C:\WINDOWS\system32\drivers\qwavedrv.sys [49152 2018-04-12] (Microsoft Corporation)
S0 Ramdisk; C:\WINDOWS\System32\DRIVERS\ramdisk.sys [39840 2018-04-12] (Microsoft Corporation)
S3 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [17408 2018-04-12] (Microsoft Corporation)
R3 RasAgileVpn; C:\WINDOWS\System32\drivers\AgileVpn.sys [108032 2018-04-12] (Microsoft Corporation)
R3 Rasl2tp; C:\WINDOWS\System32\drivers\rasl2tp.sys [106496 2018-04-12] (Microsoft Corporation)
R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [82944 2018-04-12] (Microsoft Corporation)
R3 RasSstp; C:\WINDOWS\System32\drivers\rassstp.sys [78848 2018-04-12] (Microsoft Corporation)
R1 RawDisk3; C:\WINDOWS\system32\drivers\rawdsk3.sys [41576 2016-02-19] (EldoS Corporation)
R1 rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [434584 2018-04-12] (Microsoft Corporation)
R3 rdpbus; C:\WINDOWS\System32\drivers\rdpbus.sys [27136 2018-04-12] (Microsoft Corporation)
S3 RDPDR; C:\WINDOWS\System32\drivers\rdpdr.sys [182784 2018-04-12] (Microsoft Corporation)
S3 RdpVideoMiniport; C:\WINDOWS\System32\drivers\rdpvideominiport.sys [30616 2018-04-12] (Microsoft Corporation)
R0 rdyboost; C:\WINDOWS\System32\drivers\rdyboost.sys [284064 2018-04-12] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [1921952 2018-06-08] (Microsoft Corporation)
S3 ReFSv1; C:\Windows\System32\Drivers\ReFSv1.sys [945568 2018-06-08] (Microsoft Corporation)
S3 rhproxy; C:\WINDOWS\System32\drivers\rhproxy.sys [104448 2018-04-12] (Microsoft Corporation)
R2 rspndr; C:\WINDOWS\System32\drivers\rspndr.sys [81920 2018-04-12] (Microsoft Corporation)
S3 s3cap; C:\WINDOWS\System32\drivers\vms3cap.sys [9216 2018-04-12] (Microsoft Corporation)
S0 sbp2port; C:\WINDOWS\System32\drivers\sbp2port.sys [109984 2018-04-12] (Microsoft Corporation)
S3 scfilter; C:\WINDOWS\System32\DRIVERS\scfilter.sys [43008 2018-04-12] (Microsoft Corporation)
S0 scmbus; C:\WINDOWS\System32\drivers\scmbus.sys [128416 2018-04-12] (Microsoft Corporation)
S3 sdbus; C:\WINDOWS\System32\drivers\sdbus.sys [287128 2018-04-12] (Microsoft Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [33176 2018-04-12] (Microsoft Corporation)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [92032 2018-03-19] (Safer-Networking Ltd.)
S3 sdstor; C:\WINDOWS\System32\drivers\sdstor.sys [97176 2018-04-12] (Microsoft Corporation)
S3 SerCx; C:\WINDOWS\System32\drivers\SerCx.sys [75680 2018-04-12] (Microsoft Corporation)
S3 SerCx2; C:\WINDOWS\System32\drivers\SerCx2.sys [154528 2018-04-12] (Microsoft Corporation)
R3 Serenum; C:\WINDOWS\System32\drivers\serenum.sys [25088 2018-04-12] (Microsoft Corporation)
R3 Serial; C:\WINDOWS\System32\drivers\serial.sys [84992 2018-04-12] (Microsoft Corporation)
S3 sermouse; C:\WINDOWS\System32\drivers\sermouse.sys [28160 2018-04-12] (Microsoft Corporation)
S3 sfloppy; C:\WINDOWS\System32\drivers\sfloppy.sys [17920 2018-04-12] (Microsoft Corporation)
R0 SgrmAgent; C:\WINDOWS\System32\drivers\SgrmAgent.sys [63896 2018-04-12] (Microsoft Corporation)
S0 SiSRaid2; C:\WINDOWS\System32\drivers\SiSRaid2.sys [44952 2018-04-12] (Silicon Integrated Systems Corp.)
S0 SiSRaid4; C:\WINDOWS\System32\drivers\sisraid4.sys [81816 2018-04-12] (Silicon Integrated Systems)
S3 smbdirect; C:\WINDOWS\System32\DRIVERS\smbdirect.sys [152064 2018-04-12] (Microsoft Corporation)
R0 snapman; C:\WINDOWS\System32\DRIVERS\snapman.sys [372784 2018-04-10] (Acronis International GmbH)
R0 spaceport; C:\WINDOWS\System32\drivers\spaceport.sys [611232 2018-04-12] (Microsoft Corporation)
S3 SpatialGraphFilter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [57752 2018-04-12] (Microsoft Corporation)
S3 SpbCx; C:\WINDOWS\System32\drivers\SpbCx.sys [82328 2018-04-12] (Microsoft Corporation)
R3 srv2; C:\WINDOWS\System32\DRIVERS\srv2.sys [737792 2018-04-12] (Microsoft Corporation)
R3 srvnet; C:\WINDOWS\System32\DRIVERS\srvnet.sys [266752 2018-05-20] (Microsoft Corporation)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18] (QUALCOMM Incorporated)
S3 ST7007; C:\WINDOWS\System32\drivers\ST7007.sys [69896 2013-02-22] (STMicroelectronics)
S0 stexstor; C:\WINDOWS\System32\drivers\stexstor.sys [31128 2018-04-12] (Promise Technology, Inc.)
R3 StillCam; C:\WINDOWS\system32\DRIVERS\serscan.sys [13312 2018-04-12] (Microsoft Corporation)
R0 storahci; C:\WINDOWS\System32\drivers\storahci.sys [156056 2018-04-12] (Microsoft Corporation)
S0 storflt; C:\WINDOWS\System32\drivers\vmstorfl.sys [47520 2018-04-12] (Microsoft Corporation)
S0 stornvme; C:\WINDOWS\System32\drivers\stornvme.sys [105368 2018-05-20] (Microsoft Corporation)
R2 storqosflt; C:\WINDOWS\System32\drivers\storqosflt.sys [82432 2018-04-12] (Microsoft Corporation)
S0 storufs; C:\WINDOWS\System32\drivers\storufs.sys [48544 2018-04-12] (Microsoft Corporation)
S0 storvsc; C:\WINDOWS\System32\drivers\storvsc.sys [40352 2018-04-12] (Microsoft Corporation)
R3 swenum; C:\WINDOWS\System32\DriverStore\FileRepository\swenum.inf_amd64_ea7b19c04e7a8136\swenum.sys [18336 2018-04-12] (Microsoft Corporation)
S3 Synth3dVsc; C:\WINDOWS\System32\drivers\Synth3dVsc.sys [64512 2018-04-12] (Microsoft Corporation)
R0 Tcpip; C:\WINDOWS\System32\drivers\tcpip.sys [2718104 2018-04-12] (Microsoft Corporation)
S3 Tcpip6; C:\WINDOWS\System32\drivers\tcpip.sys [2718104 2018-04-12] (Microsoft Corporation)
R2 tcpipreg; C:\WINDOWS\System32\drivers\tcpipreg.sys [51712 2018-04-12] (Microsoft Corporation)
R1 tdx; C:\WINDOWS\system32\DRIVERS\tdx.sys [121248 2018-04-12] (Microsoft Corporation)
S3 terminpt; C:\WINDOWS\System32\drivers\terminpt.sys [37280 2018-04-12] (Microsoft Corporation)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1310552 2018-04-10] (Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [213336 2018-04-10] (Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [690520 2018-04-10] (Acronis International GmbH)
S3 TPM; C:\WINDOWS\System32\drivers\tpm.sys [232352 2018-04-12] (Microsoft Corporation)
R3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [442848 2018-04-23] (BitDefender S.R.L.)
S3 TsUsbFlt; C:\WINDOWS\System32\drivers\tsusbflt.sys [63488 2018-04-12] (Microsoft Corporation)
S3 TsUsbGD; C:\WINDOWS\System32\drivers\TsUsbGD.sys [35328 2018-04-12] (Microsoft Corporation)
S3 tsusbhub; C:\WINDOWS\System32\drivers\tsusbhub.sys [126464 2018-04-12] (Microsoft Corporation)
S3 tunnel; C:\WINDOWS\System32\drivers\tunnel.sys [119296 2018-04-12] (Microsoft Corporation)
R3 UASPStor; C:\WINDOWS\System32\drivers\uaspstor.sys [79776 2018-04-12] (Microsoft Corporation)
S3 UcmCx0101; C:\WINDOWS\System32\Drivers\UcmCx.sys [128512 2018-04-12] (Microsoft Corporation)
S3 UcmTcpciCx0101; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [152576 2018-04-12] (Microsoft Corporation)
S3 UcmUcsi; C:\WINDOWS\System32\drivers\UcmUcsi.sys [57856 2018-04-12] (Microsoft Corporation)
R3 Ucx01000; C:\WINDOWS\System32\drivers\ucx01000.sys [226720 2018-06-08] (Microsoft Corporation)
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [45056 2018-04-12] (Microsoft Corporation)
S4 udfs; C:\WINDOWS\System32\DRIVERS\udfs.sys [324608 2018-04-12] (Microsoft Corporation)
S3 UEFI; C:\WINDOWS\System32\drivers\UEFI.sys [29600 2018-06-08] (Microsoft Corporation)
S4 UevAgentDriver; C:\WINDOWS\system32\drivers\UevAgentDriver.sys [40344 2018-04-12] (Microsoft Corporation)
S3 Ufx01000; C:\WINDOWS\System32\drivers\ufx01000.sys [282008 2018-04-12] (Microsoft Corporation)
S3 UfxChipidea; C:\WINDOWS\System32\drivers\UfxChipidea.sys [98200 2018-04-12] (Microsoft Corporation)
S3 ufxsynopsys; C:\WINDOWS\System32\drivers\ufxsynopsys.sys [144288 2018-04-12] (Microsoft Corporation)
R3 umbus; C:\WINDOWS\System32\drivers\umbus.sys [56832 2018-04-12] (Microsoft Corporation)
S3 UmPass; C:\WINDOWS\System32\drivers\umpass.sys [14336 2018-04-12] (Microsoft Corporation)
S3 UrsChipidea; C:\WINDOWS\System32\drivers\urschipidea.sys [29088 2018-04-12] (Microsoft Corporation)
S3 UrsCx01000; C:\WINDOWS\System32\drivers\urscx01000.sys [67992 2018-04-12] (Microsoft Corporation)
S3 UrsSynopsys; C:\WINDOWS\System32\drivers\urssynopsys.sys [28064 2018-04-12] (Microsoft Corporation)
S3 usbaudio; C:\WINDOWS\system32\drivers\usbaudio.sys [151552 2018-04-12] (Microsoft Corporation)
R3 usbccgp; C:\WINDOWS\System32\drivers\usbccgp.sys [168864 2018-04-12] (Microsoft Corporation)
S3 usbcir; C:\WINDOWS\System32\drivers\usbcir.sys [102912 2018-04-12] (Microsoft Corporation)
R3 usbehci; C:\WINDOWS\System32\drivers\usbehci.sys [95648 2018-04-12] (Microsoft Corporation)
R3 usbhub; C:\WINDOWS\System32\drivers\usbhub.sys [514464 2018-04-12] (Microsoft Corporation)
R3 USBHUB3; C:\WINDOWS\System32\drivers\UsbHub3.sys [565152 2018-06-08] (Microsoft Corporation)
S3 usbohci; C:\WINDOWS\System32\drivers\usbohci.sys [30208 2018-04-12] (Microsoft Corporation)
S3 usbprint; C:\WINDOWS\System32\drivers\usbprint.sys [27136 2018-04-12] (Microsoft Corporation)
S3 usbser; C:\WINDOWS\System32\drivers\usbser.sys [72192 2018-04-12] (Microsoft Corporation)
R3 USBSTOR; C:\WINDOWS\System32\drivers\USBSTOR.SYS [131488 2018-04-12] (Microsoft Corporation)
S3 usbuhci; C:\WINDOWS\System32\drivers\usbuhci.sys [35328 2018-04-12] (Microsoft Corporation)
S3 usbvideo; C:\WINDOWS\System32\Drivers\usbvideo.sys [289696 2018-04-12] (Microsoft Corporation)
R3 USBXHCI; C:\WINDOWS\System32\drivers\USBXHCI.SYS [434592 2018-04-12] (Microsoft Corporation)
R3 VClone; C:\WINDOWS\System32\drivers\VClone.sys [34816 2014-05-03] (Elaborate Bytes AG)
R0 vdrvroot; C:\WINDOWS\System32\drivers\vdrvroot.sys [56224 2018-04-12] (Microsoft Corporation)
S3 VerifierExt; C:\WINDOWS\System32\drivers\VerifierExt.sys [217496 2018-04-12] (Microsoft Corporation)
S3 vhdmp; C:\WINDOWS\System32\drivers\vhdmp.sys [705440 2018-06-08] (Microsoft Corporation)
S3 vhf; C:\WINDOWS\System32\drivers\vhf.sys [35328 2018-04-12] (Microsoft Corporation)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [331976 2018-04-10] (Acronis International GmbH)
S0 vmbus; C:\WINDOWS\System32\drivers\vmbus.sys [114080 2018-04-12] (Microsoft Corporation)
S3 VMBusHID; C:\WINDOWS\System32\drivers\VMBusHID.sys [25088 2018-04-12] (Microsoft Corporation)
S3 vmgid; C:\WINDOWS\System32\drivers\vmgid.sys [10240 2018-04-12] (Microsoft Corporation)
R0 volmgr; C:\WINDOWS\System32\drivers\volmgr.sys [83360 2018-04-12] (Microsoft Corporation)
R0 volmgrx; C:\WINDOWS\System32\drivers\volmgrx.sys [373144 2018-04-12] (Microsoft Corporation)
R0 volsnap; C:\WINDOWS\System32\drivers\volsnap.sys [398240 2018-04-12] (Microsoft Corporation)
R0 volume; C:\WINDOWS\System32\drivers\volume.sys [16288 2018-04-12] (Microsoft Corporation)
R0 volume_tracker; C:\WINDOWS\System32\DRIVERS\volume_tracker.sys [243472 2018-04-10] (Acronis International GmbH)
S3 vpci; C:\WINDOWS\System32\drivers\vpci.sys [75168 2018-04-12] (Microsoft Corporation)
S0 vsmraid; C:\WINDOWS\System32\drivers\vsmraid.sys [166808 2018-04-12] (VIA Technologies Inc.,Ltd)
S0 VSTXRAID; C:\WINDOWS\System32\drivers\vstxraid.sys [305560 2018-04-12] (VIA Corporation)
S3 vwifibus; C:\WINDOWS\System32\drivers\vwifibus.sys [27136 2018-04-12] (Microsoft Corporation)
R1 vwififlt; C:\WINDOWS\System32\drivers\vwififlt.sys [76288 2018-04-12] (Microsoft Corporation)
S3 WacomPen; C:\WINDOWS\System32\drivers\wacompen.sys [30720 2018-04-12] (Microsoft Corporation)
R2 wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [81920 2018-04-12] (Microsoft Corporation)
S3 wanarpv6; C:\WINDOWS\System32\DRIVERS\wanarp.sys [81920 2018-04-12] (Microsoft Corporation)
R2 wcifs; C:\WINDOWS\system32\drivers\wcifs.sys [151960 2018-04-12] (Microsoft Corporation)
S3 wcnfs; C:\WINDOWS\system32\drivers\wcnfs.sys [82944 2018-04-12] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-05-30] (Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2017-12-17] (Western Digital Technologies, Inc.)
R0 Wdf01000; C:\WINDOWS\System32\drivers\Wdf01000.sys [924856 2018-04-12] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [313384 2018-05-30] (Microsoft Corporation)
S3 wdiwifi; C:\WINDOWS\System32\DRIVERS\wdiwifi.sys [781824 2018-06-08] (Microsoft Corporation)
S3 WdmCompanionFilter; C:\WINDOWS\System32\drivers\WdmCompanionFilter.sys [21408 2018-04-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-05-30] (Microsoft Corporation)
R0 WFPLWFS; C:\WINDOWS\System32\drivers\wfplwfs.sys [164768 2018-06-08] (Microsoft Corporation)
S3 WIMMount; C:\WINDOWS\System32\drivers\wimmount.sys [35744 2018-04-12] (Microsoft Corporation)
R0 WindowsTrustedRT; C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [72232 2018-04-12] (Microsoft Corporation)
R0 WindowsTrustedRTProxy; C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [18472 2018-04-12] (Microsoft Corporation)
S3 WinMad; C:\WINDOWS\System32\drivers\winmad.sys [32152 2018-04-12] (Mellanox)
S3 WinNat; C:\WINDOWS\System32\drivers\winnat.sys [227840 2018-04-12] (Microsoft Corporation)
S3 WINUSB; C:\WINDOWS\System32\drivers\WinUSB.SYS [92672 2018-04-12] (Microsoft Corporation)
S3 WinVerbs; C:\WINDOWS\System32\drivers\winverbs.sys [64920 2018-04-12] (Mellanox)
S3 WmiAcpi; C:\WINDOWS\System32\drivers\wmiacpi.sys [18432 2018-04-12] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [209816 2018-04-12] (Microsoft Corporation)
R3 WpdUpFltr; C:\WINDOWS\System32\drivers\WpdUpFltr.sys [30112 2018-04-12] (Microsoft Corporation)
S4 ws2ifsl; C:\WINDOWS\system32\drivers\ws2ifsl.sys [23040 2018-04-12] (Microsoft Corporation)
R3 WSDPrintDevice; C:\WINDOWS\System32\drivers\WSDPrint.sys [23040 2018-04-12] (Microsoft Corporation)
R3 WSDScan; C:\WINDOWS\system32\DRIVERS\WSDScan.sys [25088 2018-04-12] (Microsoft Corporation)
S3 WudfPf; C:\WINDOWS\System32\drivers\WudfPf.sys [125440 2018-04-12] (Microsoft Corporation)
R3 WUDFRd; C:\WINDOWS\System32\drivers\WudfRd.sys [264192 2018-04-12] (Microsoft Corporation)
R3 WUDFWpdFs; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [264192 2018-04-12] (Microsoft Corporation)
S3 xboxgip; C:\WINDOWS\System32\drivers\xboxgip.sys [292864 2018-04-12] (Microsoft Corporation)
S3 xinputhid; C:\WINDOWS\System32\drivers\xinputhid.sys [46592 2018-04-12] (Microsoft Corporation)

crazycolin · 2018/06/13

========================== Drivers MD5 =======================

C:\WINDOWS\System32\drivers\1394ohci.sys 4B45A2D37CCE3CC0F161B7C7286081A6
C:\WINDOWS\System32\drivers\3ware.sys F5E5BA493B7C497F1F769942E2EA4CE2
C:\WINDOWS\System32\drivers\ACPI.sys CA51BB1B81F97E896E116C839B92D9D8
C:\WINDOWS\System32\drivers\AcpiDev.sys 75795E4B19BB3ED8D3C25A17CD15DC30
C:\WINDOWS\System32\Drivers\acpiex.sys DDA0FC1400A24988A7D3E746AEDF2C0F
C:\WINDOWS\System32\drivers\acpipagr.sys 1F2EC25DA23D1DF3ADA12FE5A26D321C
C:\WINDOWS\System32\drivers\acpipmi.sys 6AFFD57803BBB6FBCB483F983900A5C4
C:\WINDOWS\System32\drivers\acpitime.sys 0FC8673FAFC7D78C1CDC000F892CAC64
C:\WINDOWS\System32\drivers\ADP80XX.SYS A3D4CF2F3A433BE18CD4AD3E6665DC63
C:\WINDOWS\system32\drivers\afd.sys 4DCCC3E02A22ED4A4ADB11386F226071
C:\WINDOWS\system32\drivers\afunix.sys F267095A11A461BEF39FB180750BE801
C:\Windows\SysWOW64\drivers\afunix.sys 254921C0E1C35BBF22728BE95AD31950
C:\WINDOWS\System32\DRIVERS\ahcache.sys 0CD0F0C62414217DE9EA7EC8D425277E
C:\WINDOWS\System32\drivers\amdk8.sys 6DF48AD26E6285FB137F11328B64A376
C:\WINDOWS\System32\drivers\amdkmafd.sys B28145E732EDEBBEDABC311DBA56D52A
C:\WINDOWS\system32\DRIVERS\atikmdag.sys 70C81F7E07A227D298210DB81A3DAEE5
C:\WINDOWS\system32\DRIVERS\atikmpag.sys 10FE66EB53A9E19884350BC89FC1FE65
C:\WINDOWS\System32\drivers\amdppm.sys D8804032BCDE4077A6D8D431D12AC6CC
C:\WINDOWS\System32\drivers\amdsata.sys A88F5E24B65228FB25F2051B3408A0E4
C:\WINDOWS\System32\drivers\amdsbs.sys AECD39E51DABC2BF045B2857F02FA2BD
C:\WINDOWS\System32\drivers\amdxata.sys B4CC9943230CAEB05B46CC30C220E141
C:\WINDOWS\System32\drivers\appid.sys E4A18157BF5D8D714C05169A8A8D604C
C:\WINDOWS\System32\drivers\applockerfltr.sys 769316CA5884FBBD02D45C28FE105922
C:\WINDOWS\system32\drivers\AppvStrm.sys 5CD58F779237F533D5F30C294DA04C0E
C:\WINDOWS\system32\drivers\AppvVemgr.sys A4354E3EF779E4CDC6C9D705FFBD3652
C:\WINDOWS\system32\drivers\AppvVfs.sys 467021D15ED33D9B8CD313C7631A89B6
C:\WINDOWS\System32\drivers\arcsas.sys 013E057DF3D13A4462AD912D7732E7E0
C:\WINDOWS\System32\drivers\asyncmac.sys B25ACCD9BE5F5798E9DD8FFB04D7BE4C
C:\WINDOWS\System32\drivers\atapi.sys 90AB4ED8EBD72A1C096A40CC35404B91
C:\WINDOWS\system32\drivers\AtihdWT6.sys 76350B0D2EF7AE93CAEDE0C916ADFE1E
C:\WINDOWS\System32\drivers\bxvbda.sys F10E4C9444A9FC6DCBAB2C42F6999FA1
C:\WINDOWS\System32\drivers\bam.sys 982FAA5686F67BFEF3E6094705C2621F
C:\WINDOWS\System32\drivers\BasicDisplay.sys FA4973E379E872C61D0CF4E39F807833
C:\WINDOWS\System32\drivers\BasicRender.sys F024B80EA0076A318598DAB795F9C3D0
C:\WINDOWS\System32\drivers\bcmfn2.sys 739D089777D2B66DBE7201E5EA4BA2D7
C:\WINDOWS\System32\DRIVERS\BdAgent.sys 0B5DF12623BD11761C5880D9E6277875
C:\WINDOWS\System32\DRIVERS\BdNet.sys 4159D2340ED3B4DDD7A741ED501446DA
C:\WINDOWS\System32\DRIVERS\BdSentry.sys 54EF313B21A040CB9D95C1EE57F84E18
C:\WINDOWS\System32\DRIVERS\BdSpy.sys 674900289FA1061426B95CC83D31E406
C:\Windows\System32\Drivers\Beep.sys 9B068DF7B7B3DDF768D06DFD69B49FD0
C:\WINDOWS\system32\drivers\bindflt.sys BC1E5F20251E0AFDB955E7D91093B619
C:\WINDOWS\System32\DRIVERS\bowser.sys 00C33AC3096BB64BACD5554A55025F8F
C:\WINDOWS\System32\drivers\bthhfenum.sys 02FEC31842DD153D966AC227B6DDF8BB
C:\WINDOWS\System32\drivers\bthmodem.sys A0EC1D5C937995A2C5F1179538A8A6B4
C:\WINDOWS\System32\drivers\bttflt.sys E3786BEBB7E4003DE324A18069DDA081
C:\WINDOWS\System32\drivers\buttonconverter.sys 03C13BB635635B9152DBF49AA07B728C
C:\WINDOWS\System32\drivers\CAD.sys 9983FF8D9834F2E67787F4BDC42A8E36
C:\WINDOWS\System32\drivers\capimg.sys 407B33DE151A3DFCF564AC4270E44B1D
C:\WINDOWS\System32\DRIVERS\cdfs.sys D3CBC6DE5955D014407C7BD1FFE80F00
C:\WINDOWS\System32\drivers\cdrom.sys AD4D24434C058AFAFD5AB319B4BF5B66
C:\WINDOWS\System32\drivers\cht4sx64.sys 4A08B239F92B319AD31E3916D27AD4B9
C:\WINDOWS\System32\drivers\cht4vx64.sys C8EA9376E4D284F9DF24B27AC6E3AB85
C:\WINDOWS\System32\drivers\circlass.sys 3AA86DA04A561E8162C2DBBF92D12074
C:\WINDOWS\System32\drivers\cldflt.sys 5619FC2A3AE4F43D4B20D95472ED948E
C:\WINDOWS\System32\drivers\CLFS.sys DB26170CF6555B9AFF76CFA067ABCF90
C:\WINDOWS\System32\drivers\CmBatt.sys 66CBF6F8FE6F436B315D7FEAF5D2BB40
C:\WINDOWS\System32\Drivers\cng.sys 8C309A23F86F5B0E8E6B738754EE448F
C:\WINDOWS\System32\DRIVERS\cnghwassist.sys 037DCC7A71938729CB12E8174E03031C
C:\WINDOWS\System32\drivers\lvbflt64.sys 81F2B52C47B8AD32CC4FF967FC8D73DA
C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_bcb89b3386563bd7\CompositeBus.sys E40C99A3E0FFF49687F2187BF3E3050D
C:\WINDOWS\System32\drivers\condrv.sys 3799A9DFB162D9AAD6AC12CB8185FD19
C:\WINDOWS\System32\drivers\csc.sys 87463F1AE447874675F1CBB55CBF7136
C:\WINDOWS\System32\drivers\dam.sys 8711386E9B04357F8F58166760759F3A
C:\WINDOWS\System32\drivers\dcdbas64.sys E1617EC33B0B88FEC429BF6EB7B9FA52
C:\WINDOWS\System32\Drivers\dfsc.sys 9E74A900CCCA3EA6C8533CF94B3F8223
C:\WINDOWS\System32\drivers\ssudbus.sys 5F78930AAB3900102EA8ACDD38F97324
C:\WINDOWS\System32\drivers\disk.sys A79FCB89805FA9EA9F48B671A4591D4E
C:\WINDOWS\System32\drivers\dmvsc.sys F69D7A5D7EDEE16B85F08040836FB09C
C:\WINDOWS\System32\drivers\drmkaud.sys AD1BEFBF96C0273925EDC9282557D984
C:\WINDOWS\System32\drivers\dxgkrnl.sys E99FACCC3100E15B1520A67EDFF37231
C:\WINDOWS\system32\DRIVERS\e1c65x64.sys 40C02799EE2421B0BE402D972CDC49CA
C:\WINDOWS\System32\drivers\evbda.sys 75CA88887850A74DDAAAF92500B6D9B9
C:\WINDOWS\System32\drivers\EhStorClass.sys 7E838D857FC55535710C316441459C38
C:\WINDOWS\System32\drivers\EhStorTcgDrv.sys 49023DD6F646B8C70AE1C105415F3E2B
C:\WINDOWS\System32\Drivers\ElbyCDIO.sys BDD265EEB37DF5953A547FE412E2472F
C:\WINDOWS\System32\drivers\errdev.sys 1DF19D7A941CB06F8EADF89FA0BF59AD
C:\Windows\System32\Drivers\exfat.sys B2858C386B99A68C3E3F0DFAB935C232
C:\Windows\System32\Drivers\fastfat.sys CE38CED74D85849BB2C9894DCA712615
C:\WINDOWS\System32\drivers\fdc.sys 6701B9973DE98578A491721B4BDE0926
C:\WINDOWS\System32\drivers\filecrypt.sys 9BC7FE262AF52B341048234809AA7D91
C:\WINDOWS\System32\drivers\fileinfo.sys A0AF205465482EE0FC6261782629566B
C:\WINDOWS\System32\drivers\filetrace.sys 01D83D284E6B37902DB3C4D4DB0649E0
C:\WINDOWS\System32\DRIVERS\file_protector.sys 9133FDDC24C8DD946C4E692844614E9E
C:\WINDOWS\System32\DRIVERS\file_tracker.sys A5BDB9D2E9502D6E3C98E4515AE6C8E8
C:\WINDOWS\System32\drivers\flpydisk.sys CE9CB1DB00B5007ABFFF0717E748E919
C:\WINDOWS\System32\drivers\fltmgr.sys C5374BA2CAE89DE7269EC61A969EF5D5
C:\WINDOWS\System32\DRIVERS\fltsrv.sys 1C55D52D031C12B3B44BF560F110B3BD
C:\WINDOWS\System32\drivers\FsDepends.sys 835F9C7193B6F9A796DE76897DC56968
C:\Windows\System32\Drivers\Fs_Rec.sys A01BA0506E07F316483E99D7AD9B6E75
C:\WINDOWS\System32\DRIVERS\fvevol.sys F00AA662A862BA1B5B0BB9FBDFAE2DFC
C:\WINDOWS\System32\drivers\vmgencounter.sys 71DBED7FB264DB60341BC796EC2E8135
C:\WINDOWS\System32\drivers\genericusbfn.sys EA5EE5EF9765A9157B346DF671952F18
C:\WINDOWS\System32\Drivers\msgpioclx.sys 6BE6550F1A32796A11EBC58BBC72C44D
C:\WINDOWS\System32\drivers\gpuenergydrv.sys 508614CAC7BF8AEE4FB9002A413919B1
C:\WINDOWS\System32\drivers\HdAudio.sys 99FB3BA9180CDD9E71A6DDCB07F91140
C:\WINDOWS\System32\drivers\HDAudBus.sys DED74127C7A2266715C0B8EA2EE75214
C:\WINDOWS\System32\drivers\HidBatt.sys 95888B85956AF97320D1F5C354632957
C:\WINDOWS\System32\drivers\hidbth.sys 33346BD26BB0AE4361DF1ED00D2876CF
C:\WINDOWS\System32\drivers\hidi2c.sys 6D767FEB02DF712F783BEEFF09E06431
C:\WINDOWS\System32\drivers\hidinterrupt.sys 542AB7A14235C5227A9307ACF1636F0B
C:\WINDOWS\System32\drivers\hidir.sys 1553DF41F4EE4F60B4BEEEC62264BE71
C:\WINDOWS\System32\drivers\hidusb.sys 6E3FB2047B8AE72E1B5F1C00A5F3E475
C:\WINDOWS\System32\drivers\hmatap.sys D8F8BB866A81A79D695EDC5CA467F784
C:\WINDOWS\System32\drivers\HpSAMD.sys 621B1FFB2E4E4745484EA01B013BF1D2
C:\WINDOWS\System32\drivers\HTTP.sys 744428491FA6BB37EC8070886C49CB12
C:\WINDOWS\System32\drivers\hvcrash.sys 9E1F3BA540DB9F4942A3F50A92E5754F
C:\WINDOWS\System32\drivers\hvservice.sys 621042C19113527CF8FA89F3454576BF
C:\WINDOWS\System32\Drivers\mshwnclx.sys B149905CD7451160B6BFA2191A3F6182
C:\WINDOWS\System32\drivers\hwpolicy.sys FE36689912DEC37D45B7A6C6414046FE
C:\WINDOWS\System32\drivers\hyperkbd.sys A1133368F47D514D73DD7FB4C4FD2B75
C:\WINDOWS\System32\drivers\HyperVideo.sys B68252C53556FFB52CCE18FF30FACA99
C:\WINDOWS\System32\drivers\i8042prt.sys DA179667B8CEC22E4ECBBF4210DC0E35
C:\WINDOWS\System32\drivers\iagpio.sys B5EC43755E62591197DE5CBBDAA9FEB7
C:\WINDOWS\System32\drivers\iai2c.sys D8CA23F9C5FEF44296FDE1E005C06EC0
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys 7B769C9D19C013F94874C4B15D59A005
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys E0F1B3A2A70FABE3BE1C9140BB55E607
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys 89A869BCC0588A3009ECB875B09ECD39
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys 2E693DF3C02A0859DB8DE25772751100
C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\WINDOWS\System32\drivers\iaStorAVC.sys 26405FA714257E449581DE5D6E6200E6
C:\WINDOWS\System32\drivers\iaStorV.sys 11AC0355FE52CC8813EE6864DE7531E4
C:\WINDOWS\System32\drivers\ibbus.sys 62CD9FA7394BCDF7784CCEFC9D00C9AA
C:\WINDOWS\System32\drivers\IndirectKmd.sys AA38C19A3D65E8228D822EB18037E19D
C:\WINDOWS\System32\drivers\intelide.sys F1B552F7ACDF6E3E4DDDB76118CAFDE3
C:\WINDOWS\System32\drivers\intelpep.sys E6CC7C1E7CEDC81D6B15BF2CF4C99109
C:\WINDOWS\System32\drivers\intelppm.sys 2CEF9DEB97B2CA327175EE8AD5F195A1
C:\WINDOWS\System32\drivers\iorate.sys 917931A6116F03DB3CA56CFCE8634667
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys FB72A49FAD5C343C8C38948F92D87BBF
C:\WINDOWS\System32\drivers\IPMIDrv.sys 5C58142E0F1F8AA379748CC123BA7527
C:\WINDOWS\System32\drivers\ipnat.sys 7408B83959A4B8271EF67FD06A6B366B
C:\WINDOWS\System32\drivers\ipt.sys 7BEA2228C81FB6E1EADDD54D615B4C7E
C:\WINDOWS\system32\drivers\irda.sys 030AE3773151CFA728C67E38416FAD8D
C:\WINDOWS\System32\drivers\irenum.sys 79D02DC54AB4F85D2C13A728A0E36193
C:\WINDOWS\System32\drivers\isapnp.sys 38A6EC08D0067DECF7B5BA4C871B846C
C:\WINDOWS\System32\drivers\msiscsi.sys 5529131AAB75E07D9295B19E20C54DAE
C:\WINDOWS\System32\drivers\ItSas35i.sys C35FD802C800F3CBB4FD426D5A542A22
C:\WINDOWS\System32\drivers\kbdclass.sys 17F3B012B28F27E7B813A7B037A3D790
C:\WINDOWS\System32\drivers\kbdhid.sys 843B4BBD15DD0340C5C293CD419D4A76
C:\WINDOWS\System32\drivers\kdnic.sys 5BBB86F3F1700E0ACE1DF10F0EF7B227
C:\WINDOWS\System32\Drivers\ksecdd.sys D54931F61470509C2DEBF6B99F9C314F
C:\WINDOWS\System32\Drivers\ksecpkg.sys 5A90888D3D1B8E0C5DD0643C1FBBD53F
C:\WINDOWS\system32\drivers\ksthunk.sys 10F2EBC1F1C4549C355781715DE47B66
C:\WINDOWS\System32\drivers\lltdio.sys 3CF979AFF0196DF3DF5E54DFC049EB1F
C:\WINDOWS\System32\drivers\lsi_sas.sys 48380096385DB46E43D85CD92B9500DB
C:\WINDOWS\System32\drivers\lsi_sas2i.sys F708223E5829510DF0D5AF209D11C8B8
C:\WINDOWS\System32\drivers\lsi_sas3i.sys B91BCC8F670F128A4BB826ACF2C2B9D5
C:\WINDOWS\System32\drivers\lsi_sss.sys FA31CDF977CD31AF9AEAAA422966ACC1
C:\WINDOWS\system32\drivers\luafv.sys E86400D7B6E095E89CF63667D94D3F50
C:\WINDOWS\system32\DRIVERS\lvrs64.sys A0A527569856B9814E8920F52EBB67F5
C:\WINDOWS\System32\drivers\mausbhost.sys BD3D311802427608403C5E73A8D6137D
C:\WINDOWS\System32\drivers\mausbip.sys 61C2D9790943D8E3AD05AE35E4A313EF
C:\WINDOWS\System32\drivers\megasas.sys 61BCE12529E96E6F0335A2A8DEB83C61
C:\WINDOWS\System32\drivers\MegaSas2i.sys CA22763F12783A9C81C512ED747CECDD
C:\WINDOWS\System32\drivers\megasas35i.sys FDB06D857FC43D654547BBB31D039DB4
C:\WINDOWS\System32\drivers\megasr.sys 230361AF74DDB91705284E024A22DF4F
C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys 6D1671CB2E5402F01D2F13ECF764CAA1
C:\WINDOWS\System32\drivers\mlx4_bus.sys A8931C3820D5F392D89176E0628E766E
C:\WINDOWS\system32\drivers\mmcss.sys EB4D7C9354CB88DE4B085EA3EEA5BC76
C:\WINDOWS\System32\drivers\modem.sys CA25F2D78FDD0D36E3F3071B4B317BD4
C:\WINDOWS\System32\drivers\monitor.sys 13142B3B30F633F407D5256B2FFCCEF0
C:\WINDOWS\System32\drivers\mouclass.sys 66C9CCC6A100ACF7A4514BD3091CE566
C:\WINDOWS\System32\drivers\mouhid.sys 6BE61DAF4CDC0E13940096EAC4A9F490
C:\WINDOWS\System32\drivers\mountmgr.sys 2CFB54C638F75E39FBB22723401A8A56
C:\WINDOWS\System32\drivers\mpsdrv.sys 11B4962A359DCE5F80C4D5F9E492EE93
C:\WINDOWS\system32\drivers\mrxdav.sys C12373EC998C6F17C0FE2D6C3CBB9C04
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 3C0FA2ED75875481D00F3D77B1A3E336
C:\WINDOWS\System32\DRIVERS\mrxsmb20.sys 42FE3D84EFE835443151DC2A50D05643
C:\WINDOWS\System32\drivers\bridge.sys F14DE177087F9E990EDE95ACE1F94662
C:\Windows\System32\Drivers\Msfs.sys 128E1D8C23F690DF1DD7AFDB214DB6ED
C:\WINDOWS\System32\drivers\msgpiowin32.sys 5A5ABA987943317300A4E55A5C5EB8C4
C:\WINDOWS\System32\drivers\mshidkmdf.sys D727DEA75E316C80793C7098225D3F56
C:\WINDOWS\System32\drivers\mshidumdf.sys E12A703CE10B068727499276340D5296
C:\WINDOWS\System32\drivers\msisadrv.sys 8E42D6B92CB4567467E29F58F2E31715
C:\WINDOWS\System32\drivers\MSKSSRV.sys 2F3B9A23F8DEE9C3AD58CB3D966D83DD
C:\WINDOWS\System32\drivers\mslldp.sys AECFFBE104D428E8A74BCABF5B3B9912
C:\WINDOWS\System32\drivers\MSPCLOCK.sys 83364A92271339D8042C9DD5FD938A84
C:\WINDOWS\System32\drivers\MSPQM.sys AE5A4B89CDFF544B6481970BFD48A056
C:\Windows\System32\Drivers\MsRPC.sys 999433544A4136A9B879C98049821EE6
C:\WINDOWS\System32\drivers\mssecflt.sys 234715501CF129ECD718D70FDA074C57
C:\WINDOWS\System32\drivers\mssmbios.sys 4566CB65F176CE5CD8FCA487D2E3A64B
C:\WINDOWS\System32\drivers\MSTEE.sys 8A11E03B32840C0B73C14D16794F1A8A
C:\WINDOWS\System32\drivers\MTConfig.sys 794285C4F166B8108292E63FEA3C41E3
C:\WINDOWS\System32\Drivers\mup.sys EEB9D3E90B83546864211D63C1A0A74A
C:\WINDOWS\System32\drivers\mvumis.sys 69CECA6726FAD321F5643B16A1FF3934
C:\WINDOWS\System32\DRIVERS\nwifi.sys B66E5DDF484DE03D61B83118E45D5E11
C:\WINDOWS\System32\drivers\ndfltr.sys AB9EB3CADF4D415B598487397476A23A
C:\WINDOWS\System32\drivers\ndis.sys 5269DDC879DF5FEA2B7DB91AA4726CCA
C:\WINDOWS\System32\drivers\ndiscap.sys AF73B18F3096B165A6F4417C5ED36B01
C:\WINDOWS\System32\drivers\NdisImPlatform.sys 1A9B1F5B8B131CE461A01C9424E149D7
C:\WINDOWS\System32\DRIVERS\ndistapi.sys 4C8BBD7EE829CE9BFB8E21134AC477E0
C:\WINDOWS\System32\drivers\ndisuio.sys 76DB7B344F90A29A16CB6B7C67B87CF6
C:\WINDOWS\System32\drivers\NdisVirtualBus.sys A76D79B71300EB3FEDD3D12D4C6F1D76
C:\WINDOWS\System32\drivers\ndiswan.sys DA9896F6ED9EAFDAC19177ADF99DD932
C:\WINDOWS\System32\DRIVERS\ndiswan.sys DA9896F6ED9EAFDAC19177ADF99DD932
C:\WINDOWS\System32\DRIVERS\NDProxy.sys 934E4A5CFD9CB891CD338052FA3467C6
C:\WINDOWS\System32\drivers\Ndu.sys 0E3B0F3645D1BAE79397C66FE8AF6402
C:\WINDOWS\System32\drivers\NetAdapterCx.sys A704515CF3038668E9E2CA66E31A0700
C:\WINDOWS\System32\drivers\netbios.sys DD09E3115DF2CDB36FED21E67149EB91
C:\WINDOWS\System32\DRIVERS\netbt.sys 045A018E0BA5F9B75C5928A31C0E822C
C:\WINDOWS\System32\drivers\netvsc.sys DA8548D75434CE421BF921BAAC0916D9
C:\Windows\System32\Drivers\Npfs.sys 7190932DB00BE83B57C01B5EAC4D746B
C:\WINDOWS\System32\drivers\npsvctrig.sys 218DB396170D77BB94F69B526CC51B8F
C:\WINDOWS\System32\drivers\nsiproxy.sys A4952889D7C5804F17ABB9F454A371C2
C:\Windows\System32\Drivers\Ntfs.sys 60B42947B51D1C6D2DD7250295DF4161
C:\Windows\System32\Drivers\Null.sys C029E5408EEE26C3B4E5BA5D29738DB8
C:\WINDOWS\System32\drivers\nvdimm.sys 189E5FCB96ABFEA84239A16062256EE4
C:\WINDOWS\System32\drivers\nvraid.sys 1F50ED95984009BF3634D6BD1A16FA5B
C:\WINDOWS\System32\drivers\nvstor.sys D6C14906B78F235461EEF96A886830D4
C:\WINDOWS\system32\DRIVERS\pangpd.sys DA9F8AB4DB719426FAD2119C3CF6C4A3
C:\WINDOWS\System32\drivers\parport.sys 13B175715A4391E4E5D2AB2EBC8CDBB5
C:\WINDOWS\System32\drivers\partmgr.sys 428B9FAFB0EE6EF66EAAB7B49A96487A
C:\WINDOWS\System32\drivers\pci.sys 7B6C0AFE5029A791F23B03EB13194797
C:\WINDOWS\System32\drivers\pciide.sys C447CDA030A3415711E4E940D2E9B399
C:\WINDOWS\System32\drivers\pcmcia.sys 753174DF234EA8BBF732986D5F78FCE7
C:\WINDOWS\System32\drivers\pcw.sys 1D05B6DE437515281CD91A16C16529E6
C:\WINDOWS\System32\drivers\pdc.sys F5F1A092463D6E46E71CC709A65403D1
C:\WINDOWS\System32\DRIVERS\PDFsFilter.sys 8570C04D9DBFDDD2CCF655DEB4D84715
C:\WINDOWS\System32\drivers\peauth.sys 42B12A76D3C98AE69C97727E3BEC7D8A
C:\WINDOWS\System32\drivers\percsas2i.sys CD9BA1C279BE0E92E971C2B45A7F3D9B
C:\WINDOWS\System32\drivers\percsas3i.sys 6D5EA79E82A48B181E18C2C39416E8C8
C:\WINDOWS\System32\drivers\pmem.sys E8BE4041A69023B6A4D1096EE8436347
C:\WINDOWS\System32\drivers\pnpmem.sys 99ECEDA6B2E1FDB6892FBD5AED1E5D99
C:\WINDOWS\System32\drivers\raspptp.sys 1FB09FD846D5030B82EB345E9970A105
C:\WINDOWS\System32\drivers\processr.sys E0E55CDA29C80A9520FCFC78D7F8A73D
C:\WINDOWS\System32\drivers\pacer.sys E4BF8BE7B3711BCBBC95EE983C0236F4
C:\WINDOWS\system32\drivers\qwavedrv.sys 00F72861538B6C4E925A21BAE397A49D
C:\WINDOWS\System32\DRIVERS\ramdisk.sys 0FFABEB2D06CD74DDE0BCA510EEAEEBC
C:\WINDOWS\System32\DRIVERS\rasacd.sys B834761352403111D0113284D8736025
C:\WINDOWS\System32\drivers\AgileVpn.sys FA99CE309B66586A0AA6EF9CFF7BC467
C:\WINDOWS\System32\drivers\rasl2tp.sys 775ED7E51B58CF9EB415A1DBA540DACF
C:\WINDOWS\System32\DRIVERS\raspppoe.sys E2433A620ABF4083157944E4692C500D
C:\WINDOWS\System32\drivers\rassstp.sys EE5D1D51FA74ECCE57CF2DB8F6A417D8
C:\WINDOWS\system32\drivers\rawdsk3.sys 11A199CE5EF5BCC314946F54ED2D823B
C:\WINDOWS\System32\DRIVERS\rdbss.sys FFE99C3066FCBC23AA957BD23EC39839
C:\WINDOWS\System32\drivers\rdpbus.sys 206AB796793FDBD518B82E2F308A7176
C:\WINDOWS\System32\drivers\rdpdr.sys 52A6CC99F5934CFAE88353C47B6193E7
C:\WINDOWS\System32\drivers\rdpvideominiport.sys 0600DF60EF88FD10663EC84709E5E245
C:\WINDOWS\System32\drivers\rdyboost.sys 65652EFAAF4A8A59E60A2D7BE15317E8
C:\Windows\System32\Drivers\ReFS.sys FA757EB9DEFEDB2F13FE2FC99834C58B
C:\Windows\System32\Drivers\ReFSv1.sys 9779FAC96B0337F257CA843FD2ADFBFF
C:\WINDOWS\System32\drivers\rhproxy.sys 3D4F4CCE0364CD3F1B539D2630686F24
C:\WINDOWS\System32\drivers\rspndr.sys FFFB16EF6E0B8B5F7F19B425923E7D12
C:\WINDOWS\System32\drivers\vms3cap.sys A2939E69027B97105014434BFBFF7195
C:\WINDOWS\System32\drivers\sbp2port.sys 04C51BBD8C9F54E5F2C5D831B03B11E3
C:\WINDOWS\System32\DRIVERS\scfilter.sys 0070C2DC6563C48EDA63A282748F3FCD
C:\WINDOWS\System32\drivers\scmbus.sys 6538E939E55B589AA4F5BC22D35A6B36
C:\WINDOWS\System32\drivers\sdbus.sys 495273177E87B0C34D7E431E9254FA23
C:\WINDOWS\System32\drivers\SDFRd.sys 9EF09DE84CE20B787C02395394AC2A7E
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys 180AEDFCAAE40326F30F5CCF149B80B8
C:\WINDOWS\System32\drivers\sdstor.sys F80D6C03FEA2F7DEE14023B7229DA8C2
C:\WINDOWS\System32\drivers\SerCx.sys C5CF2941AA9E417B3A224601255C002E
C:\WINDOWS\System32\drivers\SerCx2.sys B9C113BD9FCA4F3E23F03708A7DA07CC
C:\WINDOWS\System32\drivers\serenum.sys 1845736FA47A1DFBBB642FE21095B4E0
C:\WINDOWS\System32\drivers\serial.sys F1BABF50469041797ED9928C31318832
C:\WINDOWS\System32\drivers\sermouse.sys 340116988930B07629A2D0C2B380A365
C:\WINDOWS\System32\drivers\sfloppy.sys 77FF0A5BA023D8E8C82EACCD54EA5C78
C:\WINDOWS\System32\drivers\SgrmAgent.sys 1941F5CA54C469E16957587FD56ED842
C:\WINDOWS\System32\drivers\SiSRaid2.sys 1443CF919C2A3207CE7724E0A31686A2
C:\WINDOWS\System32\drivers\sisraid4.sys C0B1EAD6CC127CAE4E84EBF54105B3B8
C:\WINDOWS\System32\DRIVERS\smbdirect.sys 7DDE76ABF8C7E92252343340FFC9C0D8
C:\WINDOWS\System32\DRIVERS\snapman.sys FD89C51FF022F6244B9BB650AEF00D18
C:\WINDOWS\System32\drivers\spaceport.sys 3F11BAB1C9963BFD648A80C0BE71AAAC
C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys FE1776E587227120DC04EAEC45473245
C:\WINDOWS\System32\drivers\SpbCx.sys D05EB2BB52EC6B665D1631EC33241B80
C:\WINDOWS\System32\DRIVERS\srv2.sys 3EB4023AC700182D84CB6761D3727394
C:\WINDOWS\System32\DRIVERS\srvnet.sys 71E9A27EE90D45174AECE1F37BAC6EAA
C:\WINDOWS\System32\drivers\ssudqcfilter.sys 182AC1B3186952E7226153C9B9FBFE46
C:\WINDOWS\System32\drivers\ST7007.sys 9E7956263A2A7A421E727B9B144BFF1B
C:\WINDOWS\System32\drivers\stexstor.sys DA82903F26AE12034CC5229F61098948
C:\WINDOWS\system32\DRIVERS\serscan.sys 306FF12041780273C371794F4CBCB055
C:\WINDOWS\System32\drivers\storahci.sys F2D1983C7BEF5E3AB8978A7796C59A75
C:\WINDOWS\System32\drivers\vmstorfl.sys 76C9E2AA3400C22FC7091AD2F2999F95
C:\WINDOWS\System32\drivers\stornvme.sys 701078F20919BD635EA25F691880F651
C:\WINDOWS\System32\drivers\storqosflt.sys 47CE4211A40C2C023A8138E18757F3D2
C:\WINDOWS\System32\drivers\storufs.sys 99DE14B208B6F3EE07E8B7FB16940D50
C:\WINDOWS\System32\drivers\storvsc.sys 1FC7B7BE58A29DF27F5E6F6C2F061FA3
C:\WINDOWS\System32\DriverStore\FileRepository\swenum.inf_amd64_ea7b19c04e7a8136\swenum.sys 54255DF324C621A97220EBFA832237D2
C:\WINDOWS\System32\drivers\Synth3dVsc.sys A2A42A570524C975259E3B81C4D80DCA
C:\WINDOWS\System32\drivers\tcpip.sys BFCBA5F57D278720718B8CB39C50A8EC
C:\WINDOWS\System32\drivers\tcpip.sys BFCBA5F57D278720718B8CB39C50A8EC
C:\WINDOWS\System32\drivers\tcpipreg.sys 085F8A5F09E64CC27309AF160EF4F9BA
C:\WINDOWS\system32\DRIVERS\tdx.sys 16071C42E21CE3378FA449322FB9AB1D
C:\WINDOWS\System32\drivers\terminpt.sys B2C4D7CB291293CAC636748E695D111E
C:\WINDOWS\System32\DRIVERS\tib.sys 0CF805DC042A1AA2BA4080760E226B3B
C:\WINDOWS\system32\DRIVERS\tib_mounter.sys 71ABFB9851DCB1DAE76D6E185C245D8A
C:\WINDOWS\system32\DRIVERS\tnd.sys BA5B8FEE11BFE58FDB7D935B3F8203AE
C:\WINDOWS\System32\drivers\tpm.sys BF705C64C1522646BF00E72393DC5D6F
C:\WINDOWS\System32\DRIVERS\Trufos.sys B9E5E3CFD096A5D60F2F7061A6FBB67B
C:\WINDOWS\System32\drivers\tsusbflt.sys 0D721F40C179EC5737C15E551F22C69B
C:\WINDOWS\System32\drivers\TsUsbGD.sys DE1296871208D1F13B7AC57C4B1FA46C
C:\WINDOWS\System32\drivers\tsusbhub.sys 3A84A09CBC42148A0C7D00B3E82517F1
C:\WINDOWS\System32\drivers\tunnel.sys BC938ABBF586272BD4063CA51F09149F
C:\WINDOWS\System32\drivers\uaspstor.sys BDFACE024EFF2398214797143AD76C87
C:\WINDOWS\System32\Drivers\UcmCx.sys 00C4396DE1CD3502884BB2E2B6D6861C
C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys ED9CBD1541C8AFDAA9B8255A384E2B53
C:\WINDOWS\System32\drivers\UcmUcsi.sys F58F1BC6A6972437CE18516F8ACCEB9F
C:\WINDOWS\System32\drivers\ucx01000.sys EE62D07172014C8BBE7C80A3AAF56E8F
C:\WINDOWS\System32\drivers\udecx.sys 12E2B6B642360E66396502B62B048694
C:\WINDOWS\System32\DRIVERS\udfs.sys 6A442723D4D05D9F15D24C9942CDA00D
C:\WINDOWS\System32\drivers\UEFI.sys D30AF38971B6670C222250AC2CBB6227
C:\WINDOWS\system32\drivers\UevAgentDriver.sys AD58EA78772B8163CFDE9BF671B6F8F1
C:\WINDOWS\System32\drivers\ufx01000.sys 588B9212DEE84F5192C09A147AA5C316
C:\WINDOWS\System32\drivers\UfxChipidea.sys 78B5C069C9AA1463ACC833FD7E2A3BD5
C:\WINDOWS\System32\drivers\ufxsynopsys.sys 533BF4F456A1C6E7581E8C0A4EC59300
C:\WINDOWS\System32\drivers\umbus.sys 360FEE6F687D98EFFE46A5433FE6182E
C:\WINDOWS\System32\drivers\umpass.sys F6F1A9D91F684AA02951B96EE8127DAE
C:\WINDOWS\System32\drivers\urschipidea.sys 49A5E1B43C59DC0E363AD9C2D7D10BE4
C:\WINDOWS\System32\drivers\urscx01000.sys 53F1DA2D92D1D8CE4BB9D33E58D7DF01
C:\WINDOWS\System32\drivers\urssynopsys.sys 09518A324B95BBC0B472BD5A472CB916
C:\WINDOWS\system32\drivers\usbaudio.sys C7AD46F101A681B0F4D7F15534A5FF04
C:\WINDOWS\System32\drivers\usbccgp.sys B7211393225AB05324C52BA47B31FEB4
C:\WINDOWS\System32\drivers\usbcir.sys 250D21958EE5F45CD13FE6BE3788EE70
C:\WINDOWS\System32\drivers\usbehci.sys 4269DE1EB8029D55B3BB3A8A330FCF90
C:\WINDOWS\System32\drivers\usbhub.sys D67AABAE0C9EBAC9BBA2E20E0AF52EF1
C:\WINDOWS\System32\drivers\UsbHub3.sys D1F6348F41DFCE25AA918E38F02E80FD
C:\WINDOWS\System32\drivers\usbohci.sys A547E7B1B3FB2228259AA85AC7E82698
C:\WINDOWS\System32\drivers\usbprint.sys 692C0BA4109C8F78392A299369F51129
C:\WINDOWS\System32\drivers\usbser.sys 45A9E57185B79420EFEA5A4AED655809
C:\WINDOWS\System32\drivers\USBSTOR.SYS CEF7527514EC49EBE0C760D784643EF0
C:\WINDOWS\System32\drivers\usbuhci.sys A4124036C4FD2B94C6157C4588EEB4E3
C:\WINDOWS\System32\Drivers\usbvideo.sys 9431F7E997A8750139517709B04D8629
C:\WINDOWS\System32\drivers\USBXHCI.SYS 9F4CCFCD4B4C6008C940510E43D54AEC
C:\WINDOWS\System32\drivers\VClone.sys F257A2737280F0076EAE3AB489C06474
C:\WINDOWS\System32\drivers\vdrvroot.sys 8DCB7E5A9497C030484E5AD9E541B85C
C:\WINDOWS\System32\drivers\VerifierExt.sys 5C25C1A89650C95D15F7988D71487B08
C:\WINDOWS\System32\drivers\vhdmp.sys E8E5F722A699EF037891D735CB588F8D
C:\WINDOWS\System32\drivers\vhf.sys 209A34F4BE17B0A56328C86F8CCC5577
C:\WINDOWS\System32\DRIVERS\virtual_file.sys 570F45AF425D5FAA74047251AD9AE661
C:\WINDOWS\System32\drivers\vmbus.sys 44F4ED5D8FC0CFA7C3755D44C575D994
C:\WINDOWS\System32\drivers\VMBusHID.sys E2D57FB1A62F0BB7F70570806A09CE2B
C:\WINDOWS\System32\drivers\vmgid.sys C9F69EBA06A703CE726CC6FC0AEFB5E9
C:\WINDOWS\System32\drivers\volmgr.sys 229CD4485458C9D11E35E1F00F21857D
C:\WINDOWS\System32\drivers\volmgrx.sys 1514506CA7462A64DC38C48108DDBB45
C:\WINDOWS\System32\drivers\volsnap.sys F0EE4E6028CCA58BEA9A04E7BEAB7DB4
C:\WINDOWS\System32\drivers\volume.sys 77FD1607F2C371ABD241EC7699C58884
C:\WINDOWS\System32\DRIVERS\volume_tracker.sys 617328BA1BA72C3A3BF05F67BE5EFB8D
C:\WINDOWS\System32\drivers\vpci.sys CB90DACF9194DD9D60A2C1DBFBC1E0D1
C:\WINDOWS\System32\drivers\vsmraid.sys ED0B3436E1DE601C6C8EB86789AC8BAB
C:\WINDOWS\System32\drivers\vstxraid.sys 3D706FBED35DF3B17809C6714F31F9B0
C:\WINDOWS\System32\drivers\vwifibus.sys 0B11DBB8173AD374D67893D54EBEE9F3
C:\WINDOWS\System32\drivers\vwififlt.sys 95540F74893235C189409C98643D7A77
C:\WINDOWS\System32\drivers\wacompen.sys 87A01F65BD16C9FCCDD1B65F56CB93B0
C:\WINDOWS\System32\DRIVERS\wanarp.sys 85E187443F68F285DB78BD2279AE3701
C:\WINDOWS\System32\DRIVERS\wanarp.sys 85E187443F68F285DB78BD2279AE3701
C:\WINDOWS\system32\drivers\wcifs.sys 8A304D6CDC067922448CBA1EBB9FFCA8
C:\WINDOWS\system32\drivers\wcnfs.sys FCA1B5465213EF4DE373A1F7E76D260E
C:\WINDOWS\System32\drivers\wd\WdBoot.sys 042ABE47A7BA6722AA5B61E267B28DFC
C:\WINDOWS\System32\drivers\wdcsam64.sys A556768CC1FA4F36022BEE2F0EDE2566
C:\WINDOWS\System32\drivers\Wdf01000.sys 152926023B401D1F5F8852929572F5C3
C:\WINDOWS\System32\drivers\wd\WdFilter.sys C8C75E56CDDBCDF597055343B641C910
C:\WINDOWS\System32\DRIVERS\wdiwifi.sys 5DDA2C4B9AAED51E73DD6D580406F07A
C:\WINDOWS\System32\drivers\WdmCompanionFilter.sys EAF4FB729E94561EE31BDE5BEF869C65
C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys 318AE771614EE4919ED68830C13EA2AE
C:\WINDOWS\System32\drivers\wfplwfs.sys EB0B154F12F78DE232F38EF61BCDEEA2
C:\WINDOWS\System32\drivers\wimmount.sys 3AE28A996C9EB8A6F2AC12BC55035126
C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys EC7C1A7397988EFAF37BF685CA25525D
C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys 5F0EDDA201630E132C2251BC9DA85023
C:\WINDOWS\System32\drivers\winmad.sys 762D8D839C44C5A0BE0449AA84034522
C:\WINDOWS\System32\drivers\winnat.sys 48194110C410B335AC985D9194275A1C
C:\WINDOWS\System32\drivers\WinUSB.SYS 6FA3D810FE082001B16ADE19829F1E8E
C:\WINDOWS\System32\drivers\winverbs.sys D2D6DB37E06608A5AF5B68D8E677B219
C:\WINDOWS\System32\drivers\wmiacpi.sys EAEF2A087812BB7110C744446AB731D5
C:\Windows\System32\Drivers\Wof.sys E122AD60BF4D7E4B28CCBABF33B28C1F
C:\WINDOWS\System32\drivers\WpdUpFltr.sys 15C1131EA0216F799C86B03EDAE0BE45
C:\WINDOWS\system32\drivers\ws2ifsl.sys C1C2E769FCD3B00A59FF876FB2AD4336
C:\WINDOWS\System32\drivers\WSDPrint.sys A3317B8C6765C18F3BD9FE9DD352B05D
C:\WINDOWS\system32\DRIVERS\WSDScan.sys 3C15A5AC47B1CA4D9A9F8680E224996F
C:\WINDOWS\System32\drivers\WudfPf.sys 813DC18CC654CFB1875074139B0FEFD3
C:\WINDOWS\System32\drivers\WudfRd.sys FB64BAD6DEDB27EA39B03685AC0A8EB4
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys FB64BAD6DEDB27EA39B03685AC0A8EB4
C:\WINDOWS\System32\drivers\xboxgip.sys 0AA38B54EB292CB3EB13FFF948473DBA
C:\WINDOWS\System32\drivers\xinputhid.sys CE1F78B5C1F14F74242008B2B3153FA2

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

crazycolin · 2018/06/13

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {24afb990-e32a-11e7-9f07-b03b460fc059}
{24afb98f-e32a-11e7-9f07-b03b460fc059}
{24afb98e-e32a-11e7-9f07-b03b460fc059}
{24afb993-e32a-11e7-9f07-b03b460fc059}
{24afb991-e32a-11e7-9f07-b03b460fc059}
{bootmgr}
{7c370703-e32b-11e7-9bc1-806e6f6e6963}
timeout 2

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume3
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale en-GB
inherit {globalsettings}
default {current}
resumeobject {ee954bfb-039d-11e8-8e97-9e3531fd96e5}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Firmware Application (101fffff)
-------------------------------
identifier {24afb98e-e32a-11e7-9f07-b03b460fc059}
description Diskette Drive

Firmware Application (101fffff)
-------------------------------
identifier {24afb98f-e32a-11e7-9f07-b03b460fc059}
description Onboard NIC

Firmware Application (101fffff)
-------------------------------
identifier {24afb990-e32a-11e7-9f07-b03b460fc059}
description CD/DVD/CD-RW Drive

Firmware Application (101fffff)
-------------------------------
identifier {24afb991-e32a-11e7-9f07-b03b460fc059}
description USB Storage Device

Firmware Application (101fffff)
-------------------------------
identifier {24afb993-e32a-11e7-9f07-b03b460fc059}
description (Bus 02 Dev 00)PCI RAID Adapter

Firmware Application (101fffff)
-------------------------------
identifier {7c370703-e32b-11e7-9bc1-806e6f6e6963}
device partition=\Device\HarddiskVolume3
description UEFI: SCSI Hard Drive

Windows Boot Loader
-------------------
identifier {e37b171e-5842-11e8-910f-e8b0e8a24ab1}
device ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{e37b171f-5842-11e8-910f-e8b0e8a24ab1}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-GB
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{e37b171f-5842-11e8-910f-e8b0e8a24ab1}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.efi
description Windows 10
locale en-GB
inherit {bootloadersettings}
recoverysequence {e37b171e-5842-11e8-910f-e8b0e8a24ab1}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {ee954bfb-039d-11e8-8e97-9e3531fd96e5}
nx OptIn
bootmenupolicy Standard

Resume from Hibernate
---------------------
identifier {ee954bfb-039d-11e8-8e97-9e3531fd96e5}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale en-GB
inherit {resumeloadersettings}
recoverysequence {e37b171e-5842-11e8-910f-e8b0e8a24ab1}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume3
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-GB
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems No

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {e37b171f-5842-11e8-910f-e8b0e8a24ab1}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume2
ramdisksdipath \Recovery\WindowsRE\boot.sdi

LastRegBack: 2018-05-15 14:21

==================== End of FRST.txt ============================

crazycolin · 2018/06/13

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by crazy (14-06-2018 04:09:04)
Running from C:\Users\crazy\Downloads
Windows 10 Pro Version 1803 17134.112 (X64) (2018-05-15 13:29:33)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3035246220-1795647210-3486064107-500 - Administrator - Disabled)
crazy (S-1-5-21-3035246220-1795647210-3486064107-1001 - Administrator - Enabled) => C:\Users\crazy
DefaultAccount (S-1-5-21-3035246220-1795647210-3486064107-503 - Limited - Disabled)
Guest (S-1-5-21-3035246220-1795647210-3486064107-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3035246220-1795647210-3486064107-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: BullGuard Antivirus (Enabled - Up to date) {13E9CAA5-762A-794E-2DA9-245D5622A105}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: BullGuard Antispyware (Enabled - Up to date) {A8882B41-5010-76C0-1719-1F2F2DA5EBB8}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: BullGuard Firewall (Enabled) {2BD24B80-3C45-7816-06F6-8D68A8F1E67E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACD/Labs Software in C:\ACDFREE12\ (HKLM-x32\...\ACDLabs in C__ACDFREE12_) (Version: v12.00, FREE - ACD/Labs)
Acronis True Image (HKLM-x32\...\{A9815535-66D1-4031-8845-0DF6DAB5B453}) (Version: 22.5.11530 - Acronis) Hidden
Acronis True Image (HKLM-x32\...\{A9815535-66D1-4031-8845-0DF6DAB5B453}Visible) (Version: 22.5.11530 - Acronis)
Acronis Universal Restore Bootable Media Builder (HKLM-x32\...\{D120EC0E-61A7-48BD-9917-7B0715D20F01}) (Version: 11.5.40058 - Acronis)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\Amazon Amazon Music) (Version: 6.6.1.1350 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{5046BE8A-72FD-1EE9-5114-539B7BDEF9BE}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C8087B7C-8496-45BE-92FB-91D31EB73969}) (Version: 6.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BullGuard Internet Security (HKLM\...\BullGuard) (Version: 18.1 - BullGuard Ltd.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.7.0 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.6.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.6.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.0 - Canon Inc.)
Cisco VideoGuard Player (HKLM-x32\...\{0d415397-2ac8-4273-afde-e6c887ffc827}) (Version: 9.0.1.4396 - Cisco Systems, Inc)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.1.0.5096 - Foxit Software Inc.)
GlobalProtect (HKLM\...\{51FEFA7F-12E3-45BA-8667-B6FAB36A6924}) (Version: 4.0.2 - Palo Alto Networks)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
GoToMeeting 8.29.1.8953 (HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\GoToMeeting) (Version: 8.29.1.8953 - LogMeIn, Inc.)
Grammarly (HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\GrammarlyForWindows) (Version: 1.5.36 - Grammarly)
Grammarly for Microsoft® Office Suite (HKLM\...\{A7DFB089-B91A-4EF4-AB8D-66FB66E5114F}) (Version: 6.6.133 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\{c82ddcda-ec3f-45d9-a5e7-7628b4459848}) (Version: 6.6.133 - Grammarly)
HMA! Pro VPN (HKLM\...\{60A560F2-CB75-4C94-9C36-39AD2161DE73}_is1) (Version: 3.7.87 - Privax)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP OfficeJet Pro 7740 series Basic Device Software (HKLM\...\{F1FD1844-666E-4968-B873-3B92897D51C1}) (Version: 40.12.1161.1896 - HP Inc.)
HP OfficeJet Pro 7740 series Help (HKLM-x32\...\{7217DB76-9244-47AB-9541-C6BE8EE2209B}) (Version: 39.0.0 - HP)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Photo Creations (HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\HP Photo Creations) (Version: 1.0.0.22192 - HP)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.9.18.3 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{11ED31EC-7EFA-4D56-B71D-E0214C8984CC}) (Version: 12.3.7.0 - HP)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iTunes (HKLM\...\{EA44188A-5042-4CFB-8F8D-AF048872B7A7}) (Version: 12.7.5.9 - Apple Inc.)
LibreOffice 6.0.4.2 (HKLM\...\{CBC4E8DF-CCBD-4260-A6A5-B682BA706DC4}) (Version: 6.0.4.2 - The Document Foundation)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Maple 2016 (HKLM\...\Maple 2016) (Version: 2016 - Maplesoft)
MapleSim 2016 (HKLM\...\MapleSim 2016) (Version: 2016 - Maplesoft)
Microsoft InfoPath 2013 (HKLM\...\Office15.InfoPathr) (Version: 15.0.4753.1001 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.9330.2087 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Support and Recovery Assistant for Office 365 (HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\dacae1bed46e81d5) (Version: 16.0.2250.6 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mindjet MindManager 9 (HKLM-x32\...\{483AEC7E-EA54-4433-B2BF-D75C33D2A488}) (Version: 9.2.504 - Mindjet)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden
Origin 2017 SR2 (HKLM-x32\...\{AF3ADEE1-29D0-4FE5-9934-711D28EE94E9}) (Version: 9.40.00 - OriginLab Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4753.1001 - Microsoft Corporation) Hidden
PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version: - Tracker Software)
PerkinElmer ChemDraw Professional 16.0 (HKLM-x32\...\{8A0B423C-0C04-4B45-8456-ABCE29A0E831}) (Version: 16.0 - PerkinElmer Informatics, Inc.)
PerkinElmer ChemOffice 64-bit Support 16.0 (HKLM\...\{BCE6E6EC-0D89-4BA9-AF5B-272D8F057411}) (Version: 16.0 - PerkinElmer Informatics, Inc.)
PerkinElmer ChemScript 16.0 (HKLM-x32\...\{6D9CF922-C5B2-4E47-9097-26FC925CE9C5}) (Version: 16.0 - PerkinElmer Informatics, Inc.)
Product Improvement Study for HP OfficeJet Pro 7740 series (HKLM\...\{129F87F7-02AA-4301-9E00-860E58C12B67}) (Version: 40.12.1161.1896 - HP Inc.)
Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Python 3.2 pywin32-217 (HKLM-x32\...\pywin32-py3.2) (Version: - )
Python 3.2.2 (HKLM-x32\...\{4CDE3168-D060-4b7c-BC74-4D8F9BB01AFD}) (Version: 3.2.2150 - Python Software Foundation)
Readiris Pro 14 (HKLM-x32\...\{038CE681-B496-4ACA-90A7-BE78EF30A076}) (Version: 14.00.10803 - I.R.I.S.)
Sky Go 1.0.19.0 (HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\com.bskyb.skygoplayer_is1) (Version: 1.0.19.0 - Sky)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
System Mechanic (HKLM-x32\...\{95129D61-FF52-4FA8-A403-3E31FC5D9696}) (Version: 17.5.1.43 - iolo technologies, LLC)
Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium)
Turtle Beach (HKLM-x32\...\{E419774F-EF17-46FD-BC6E-A3D3EE0251FC}) (Version: 7.4.2.0 - Turtle Beach)
Turtle Beach Drivers (HKLM\...\{8B919EFB-9572-4560-8379-8C6935FAD3F3}) (Version: 8.1.0.11 - Turtle Beach)
Update for Skype for Business 2015 (KB4022170) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.InfoPathr_{623DC402-8FDC-490D-9881-E60F5337036E}) (Version: - Microsoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Wolfram Mathematica 11.3 (M-WIN-L 11.3.0 5944644) (HKLM\...\M-WIN-L 11.3.0 5944644_is1) (Version: 11.3.0 - Wolfram Research, Inc.)
WolframScript (A-WIN32-WolframScript 11.3.0 2018030401) (HKLM-x32\...\{F8D88AF3-43F1-4818-B6DB-0D38F8E42833}) (Version: 11.3.49 - Wolfram Research, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3035246220-1795647210-3486064107-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\crazy\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.6.133\3ECC5AC4B0\GrammarlyShim64.dll (CompanyName)
CustomCLSID: HKU\S-1-5-21-3035246220-1795647210-3486064107-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3035246220-1795647210-3486064107-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\crazy\AppData\Local\GoToMeeting\8569\G2MOutlookAddin64.dll (LogMeIn, Inc.)
ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-12-22] ()
ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-12-22] ()
ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-12-22] ()
ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-12-22] ()
ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2018-06-04] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2018-06-04] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2018-06-04] (BullGuard Ltd.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2018-04-16] (Foxit Software Inc.)
ContextMenuHandlers1: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files (x86)\Phoenix360\System Mechanic\Incinerator.dll [2018-02-21] (iolo technologies, LLC)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers4: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files (x86)\Phoenix360\System Mechanic\Incinerator.dll [2018-02-21] (iolo technologies, LLC)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2017-01-30] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [bgshellext] -> {F4BF1657-195F-4A0F-ACA2-9AE99D65BC0E} => C:\Program Files\BullGuard Ltd\BullGuard\BgShellExt.dll [2018-06-04] (BullGuard Ltd.)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2018-04-16] (Foxit Software Inc.)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)

crazycolin · 2018/06/13

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02ADA5D9-E34F-4D0C-B8F9-35D89A78C90C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {048C8EBD-1320-48CD-BF70-6FBC8E77DD95} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {09AE65BB-CC01-484D-9B25-0D305D9D15F0} - System32\Tasks\ioloSystemShield => C:\Program Files (x86)\Phoenix360\System Mechanic\ioloSSTray.exe [2018-02-21] (iolo technologies, LLC)
Task: {0AB7EDCF-F9C9-4389-88A0-04BDAD2BDAC8} - System32\Tasks\ioloActiveCare => C:\Program Files (x86)\Phoenix360\System Mechanic\systemmechanic.exe [2018-02-21] (iolo technologies, LLC)
Task: {0CBE0990-2843-42AA-B839-7AA6DCDD7981} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-3035246220-1795647210-3486064107-1001
Task: {0F561727-254E-4C20-8C8D-83F249C78FB6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-24] (Microsoft Corporation)
Task: {0FE8D249-D1A8-4746-BB96-4796CD6815AA} - System32\Tasks\HMA! Pro VPN Update => C:\Program Files (x86)\HMA! Pro VPN\VpnUpdate.exe [2018-05-18] (Privax Limited)
Task: {131B42C7-9CFE-44B7-ACD3-11D84E7E376A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-05-30] (Microsoft Corporation)
Task: {20AC4234-EFAF-4BCF-B44E-37B84BE5E0FC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-05-30] (Microsoft Corporation)
Task: {238CB803-65D2-49D6-A7FB-71D48BCD0E15} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {25B5F37A-E8C6-480C-B016-EA10AE938081} - System32\Tasks\G2MUploadTask-S-1-5-21-3035246220-1795647210-3486064107-1001 => C:\Users\crazy\AppData\Local\GoToMeeting\8953\g2mupload.exe [2018-06-10] (LogMeIn, Inc.)
Task: {32A3DCC1-0B82-404B-8DD9-670F2EDC2385} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2015-08-19] (Microsoft Corporation)
Task: {33B89D2B-8117-4B68-BF44-A4388D8D3F1C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {36645DF0-2C34-42FA-9453-DACB6A1A814E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-30] (Microsoft Corporation)
Task: {3BA12802-A3CF-496C-BE19-70C28800222B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-30] (Microsoft Corporation)
Task: {404E7ACE-A945-475E-B649-9980E652D090} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {40A6A0DD-B65A-4F6F-B721-B7CBBBE5C5C0} - System32\Tasks\HPCeeScheduleForcrazy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-06-24] (HP Inc.)
Task: {43400089-2A78-4A5F-AC66-475FFDCE6C63} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-30] (Microsoft Corporation)
Task: {59C8D6E6-0BB7-420A-B89E-35FE1CCA75CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-27] (Google Inc.)
Task: {60014318-FC14-4C03-88B7-D49B09F19D4A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {61EA3CDB-CE2D-4269-B0B6-0C8D429E8CF7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-05-02] (HP Inc.)
Task: {654EB266-2F35-4304-A05F-F7D8BF47CCD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-05-11] (HP Inc.)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {675A3699-1438-452B-A112-D10D4189ECD7} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {67B29416-41C2-4081-A3D4-87FA98F7FE8A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-27] (Google Inc.)
Task: {77EF26F0-DDE4-47A4-8E4A-6F123D50D964} - System32\Tasks\ioloTUDsDownloader => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\activesync.exe [2018-02-21] (iolo technologies, LLC)
Task: {8601E209-908C-4209-849F-5DC1EEE391B4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-10] (Adobe Systems Incorporated)
Task: {8926CAB6-38F6-47A0-841B-F3EF0A7B083A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-05-30] (Microsoft Corporation)
Task: {89A4D2F4-1BF7-44ED-AFC5-96C18B86BF68} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {89BBCB28-EDCB-4082-9A16-5EEBF3A7B52D} - System32\Tasks\ioloAVDefsDownloader => C:\Program Files (x86)\Phoenix360\System Mechanic\SSDefs.exe [2018-02-21] (iolo technologies, LLC)
Task: {948835AC-D386-484C-B4F2-535F0458D624} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2015-08-19] (Microsoft Corporation)
Task: {A80DF52F-49C7-4E85-B6ED-94C782251AB0} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {AD54B791-F88A-4996-B9B1-CB755EA198BB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-30] (Microsoft Corporation)
Task: {B429E364-D449-4DEC-87E9-A3057CBF417D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-24] (Microsoft Corporation)
Task: {B7B11D00-E6C9-418E-AD05-3A643E463542} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2015-08-19] (Microsoft Corporation)
Task: {BD727CCB-BEFB-45C5-BF42-95510E849E09} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-30] (Microsoft Corporation)
Task: {CB9B70C6-5E84-4B70-BD74-565B15B71419} - System32\Tasks\G2MUpdateTask-S-1-5-21-3035246220-1795647210-3486064107-1001 => C:\Users\crazy\AppData\Local\GoToMeeting\8953\g2mupdate.exe [2018-06-10] (LogMeIn, Inc.)
Task: {CC7953E2-F887-4751-9939-88B6EA999309} - System32\Tasks\HPCustParticipation HP OfficeJet Pro 7740 series => C:\Program Files\HP\HP OfficeJet Pro 7740 series\Bin\HPCustPartic.exe [2018-04-06] (HP Inc.)
Task: {D3A00E0A-B8A0-427B-B9F8-051DB59E0487} - System32\Tasks\ActiveMessenger-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\ActiveMessenger.exe [2018-02-21] (iolo technologies, LLC)
Task: {D41F20FC-87BE-4ABB-A9C1-876D3D702A95} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {D44984B0-FF1D-4EB1-9AF3-334C803A343C} - System32\Tasks\HP Photo Creations Communicator => C:\Users\crazy\AppData\Roaming\HP Photo Creations\Communicator.exe [2018-01-27] ()
Task: {D8DB87C3-F0D0-4073-A8BA-4B0980B3D539} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {E9A2570F-92E9-45BC-B755-5FBF232B9981} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {EA792D35-58F9-46B9-B946-3112F492438F} - System32\Tasks\BullGuard\BullGuardUpdate2 => C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate2.exe [2018-06-04] (BullGuard Ltd.)
Task: {EFED177C-690C-4FEC-A91B-0A8985FCC3BC} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\osfinstaller.exe [2018-05-30] (Microsoft Corporation)
Task: {F35D8454-4E9D-4CB7-A08F-69D79C160E49} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\Phoenix360\System Mechanic\iologovernor64.exe [2018-02-21] (iolo technologies, LLC)
Task: {F4A97D54-7A78-483C-9ABD-0CAA628FD167} - System32\Tasks\ActiveSync-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\activesync.exe [2018-02-21] (iolo technologies, LLC)
Task: {F6821634-DBA8-4198-8C92-64745C1EF854} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-30] (Microsoft Corporation)
Task: {F893915F-53FA-4DDE-B797-84EEB7D9DFB2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2018-04-20] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3035246220-1795647210-3486064107-1001.job => C:\Users\crazy\AppData\Local\GoToMeeting\8953\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3035246220-1795647210-3486064107-1001.job => C:\Users\crazy\AppData\Local\GoToMeeting\8953\g2mupload.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\Users\crazy\AppData\Roaming\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForcrazy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2018-06-04 17:34 - 2018-06-04 17:34 - 000744296 _____ () C:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll
2018-06-04 17:34 - 2018-06-04 17:34 - 000088936 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
2018-06-04 17:34 - 2018-06-04 17:34 - 000637800 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll
2018-06-04 17:34 - 2018-06-04 17:34 - 000072552 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
2017-12-22 02:00 - 2017-12-22 02:00 - 001216760 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
2018-04-10 23:52 - 2018-04-10 23:52 - 006096688 _____ () C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-22 01:46 - 2017-12-22 01:46 - 000585296 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
2018-04-03 10:01 - 2018-04-03 10:01 - 004630496 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
2018-06-13 12:21 - 2018-06-08 09:56 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-12-22 01:45 - 2017-12-22 01:45 - 007003048 _____ () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
2018-05-23 20:42 - 2018-05-23 20:42 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-05-23 20:42 - 2018-05-23 20:42 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-06-07 09:33 - 2018-06-07 09:34 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-06-07 09:33 - 2018-06-07 09:34 - 067232256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-05-30 21:08 - 2018-05-30 21:08 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-05-04 12:08 - 2018-05-04 12:08 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-05-30 21:08 - 2018-05-30 21:08 - 004214784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-05-30 21:08 - 2018-05-30 21:08 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-04-03 02:11 - 2018-04-03 02:12 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-01-28 21:56 - 2018-01-28 21:58 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-06-07 09:33 - 2018-06-07 09:34 - 014851072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-05-30 21:08 - 2018-05-30 21:08 - 004058624 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-06-07 09:33 - 2018-06-07 09:34 - 003266048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-05-30 21:08 - 2018-05-30 21:08 - 001393664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-05-30 21:08 - 2018-05-30 21:08 - 004218080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-05-30 21:08 - 2018-05-30 21:08 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-06-07 09:33 - 2018-06-07 09:34 - 000165376 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\SKU.dll
2018-05-30 21:08 - 2018-05-30 21:08 - 000103424 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\BendRealityNode.dll
2018-04-03 02:11 - 2018-04-03 02:12 - 000043008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2018-05-18 14:22 - 2018-05-18 14:23 - 004193792 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1805.1201.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-05-03 15:16 - 2018-05-03 15:16 - 000634880 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1805.1201.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-05-15 18:58 - 2018-05-15 18:58 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-22 01:45 - 2017-12-22 01:45 - 005825576 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-06-13 12:12 - 2018-06-12 06:36 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.87\libglesv2.dll
2018-06-13 12:12 - 2018-06-12 06:36 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.87\libegl.dll
2018-06-02 10:47 - 2018-06-02 10:48 - 001280176 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.20915.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2017-12-22 01:45 - 2017-12-22 01:45 - 000277538 _____ () C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\LIBMAGIC.dll
2017-12-22 01:45 - 2017-12-22 01:45 - 002386352 _____ () C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\xerces_c.dll
2017-12-22 01:45 - 2017-12-22 01:45 - 000160168 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\libevent.dll
2017-12-22 01:45 - 2017-12-22 01:45 - 000685488 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sqlite3.dll
2017-12-22 01:34 - 2017-12-22 01:34 - 000136736 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll
2017-12-22 01:45 - 2017-12-22 01:45 - 000796192 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_supp.dll
2018-04-03 08:53 - 2018-04-03 08:53 - 008988888 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_resources.dll
2018-04-03 08:55 - 2018-04-03 08:55 - 000414936 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\resource.dll
2018-04-03 09:59 - 2018-04-03 09:59 - 022740976 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2018-04-03 08:53 - 2018-04-03 08:53 - 000057048 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\rpc_client.dll
2017-12-22 01:45 - 2017-12-22 01:45 - 000255008 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll
2017-12-22 01:45 - 2017-12-22 01:45 - 000444336 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2017-12-22 01:34 - 2017-12-22 01:34 - 000115632 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\expat.dll
2018-04-03 10:00 - 2018-04-03 10:00 - 003489632 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\atih_mms_addon.dll
2018-04-03 10:00 - 2018-04-03 10:00 - 001334496 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\services_mms_addon.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE trusted site: HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\sharepoint.com -> hxxps://livemanchesterac-files.sharepoint.com
IE restricted site: HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

crazycolin · 2018/06/13

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-01-27 21:03 - 2018-06-14 00:44 - 000450709 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15463 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\crazy\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\Chemistry-Wallpaper-021.jpg
DNS Servers: 192.168.101.101
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\StartupApproved\Run: => "HP Officejet Pro 8610 (NET)"
HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\StartupApproved\Run: => "Amazon Music Helper"
HKU\S-1-5-21-3035246220-1795647210-3486064107-1001\...\StartupApproved\Run: => "Lync"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3E37DDD0-9DA6-44F8-8059-205423DAF22C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{8F7674D8-F3A2-468D-82F0-1157807BF0EA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{01D1AEBC-14D6-4447-89B6-FC85F1605798}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 7740 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{74829F45-98DE-41B9-BD20-C5B08D8D7D7C}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 7740 series\Bin\DeviceSetup.exe
FirewallRules: [{BCC6E8EE-D495-440A-9958-51CDB03F4887}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 7740 series\bin\FaxPrinterUtility.exe
FirewallRules: [{591AFC63-0D1F-4E57-8924-541B97BF766A}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 7740 series\bin\SendAFax.exe
FirewallRules: [{904A15F3-4A0A-4EE0-819D-DD6B33C2834E}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 7740 series\bin\DigitalWizards.exe
FirewallRules: [{CEDE3A7C-DCC6-41F3-AC59-4B88BCA0F1D4}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 7740 series\bin\FaxApplications.exe
FirewallRules: [{992DED12-606A-446F-A530-5EAF4AED861F}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
FirewallRules: [{B78DF2B5-FCBA-471F-900D-2A227A51D8AC}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\ga_service.exe
FirewallRules: [{CD49772F-E143-4635-AB48-B6F6A4C1D8EB}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
FirewallRules: [{AE9FB90D-A072-4E28-90A9-124A3F56A9EA}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
FirewallRules: [{74DFF584-8F6A-4652-9D7E-E4E9F5811487}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe
FirewallRules: [{C48062EC-7CE4-47DC-BCAC-156A7E8BB052}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe
FirewallRules: [{AA591EEA-09F9-41A6-8CD2-F8945A390E30}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe
FirewallRules: [{7B5DC19E-FECC-4C2E-AC16-73E0E372B82E}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe
FirewallRules: [{002E30BE-3ED4-40C0-B587-CB7BF28B3F85}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe
FirewallRules: [{9EAB3114-6CE5-4C56-9255-121A1646F13D}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
FirewallRules: [{69660E50-4B0F-493E-8EBA-BF8E6D03D732}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe
FirewallRules: [{CCE31A30-F5B1-4B14-B58F-D06B2E733FF2}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{66CA87E8-BAB6-434C-A2A6-89842D1D3582}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{46C735C1-9615-4577-A7C5-577A9428BB41}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.3\SystemFiles\Components\WSMCore\bin\WSMKernelX.exe
FirewallRules: [{FADA7447-B5C0-4751-8A5A-D71EC8BEA994}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.3\SystemFiles\Components\WSMCore\bin\WSMKernelX.exe
FirewallRules: [{D92E78EC-46CD-4651-B2E0-CB1AC8163C14}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.3\SystemFiles\Components\WSMCore\bin\SessionManager.exe
FirewallRules: [{1E6C59CC-5328-4870-95A2-EFBD607002CA}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.3\SystemFiles\Components\WSMCore\bin\SessionManager.exe
FirewallRules: [{6696F881-9251-4D88-AABC-C4F694EA122C}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.3\math.exe
FirewallRules: [{98CE90C6-DFCB-4E6A-B34F-A019EBB944F3}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.3\math.exe
FirewallRules: [{CF62EAD0-35AA-4DCD-B944-9D7E522D06B4}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.3\MathKernel.exe
FirewallRules: [{27A18EC3-A9A2-47D5-833D-6BF619547368}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.3\MathKernel.exe
FirewallRules: [{BEF4BC82-8A36-481B-BE71-8AC24738AAF8}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.3\Mathematica.exe
FirewallRules: [{1A77DF23-A158-4E9B-9E27-797D4947912A}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.3\Mathematica.exe
FirewallRules: [{4F0159CB-E8BC-48C5-B814-4587CA95F7EC}] => (Allow) C:\Program Files\OriginLab\Origin2017\Origin94_64.exe
FirewallRules: [{EEE44176-EE5B-4BC9-A082-B120F469756E}] => (Allow) C:\Program Files\OriginLab\Origin2017\Origin94_64.exe
FirewallRules: [{DD074984-5692-4820-9624-E0905B46D8DB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{4EDBA97D-B818-41B1-A854-363E8288E115}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{750368DC-8FF4-4E10-A951-60DE514D5A78}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [UDP Query User{9BA7F3F7-8793-4BA7-94BE-56719B753B0B}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{FCC274B0-D4AF-412A-8F34-FCCCF0F4F8B5}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{7D87D61F-7011-46FC-8608-834FDCF81CFE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{51AF9B54-4DB3-4F87-9461-18F7AA566A94}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{33FD5C4F-DCAA-4079-98A9-A4E2E9908565}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1E5D1062-3934-475A-8585-ABB5E2B461D5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{D637883B-44F4-47A1-9BD0-CD76C900D0D6}C:\program files (x86)\perkinelmerinformatics\chemoffice2016\chemdraw\chemdraw.exe] => (Allow) C:\program files (x86)\perkinelmerinformatics\chemoffice2016\chemdraw\chemdraw.exe
FirewallRules: [TCP Query User{355E608E-2DD7-44D3-88CA-03ADCB66FDC7}C:\program files (x86)\perkinelmerinformatics\chemoffice2016\chemdraw\chemdraw.exe] => (Allow) C:\program files (x86)\perkinelmerinformatics\chemoffice2016\chemdraw\chemdraw.exe
FirewallRules: [UDP Query User{355200DF-8EA5-480E-83D7-ABBAF558B27A}C:\program files (x86)\perkinelmerinformatics\chemoffice2016\chem3d\chem3d.exe] => (Allow) C:\program files (x86)\perkinelmerinformatics\chemoffice2016\chem3d\chem3d.exe
FirewallRules: [TCP Query User{3AFEC72F-1EA1-4543-8F4E-16359CC09FF9}C:\program files (x86)\perkinelmerinformatics\chemoffice2016\chem3d\chem3d.exe] => (Allow) C:\program files (x86)\perkinelmerinformatics\chemoffice2016\chem3d\chem3d.exe
FirewallRules: [{A63B2F38-2926-4F70-97E7-61FF04A3B9F8}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{F70B2F88-3007-4E89-991B-AD83FD906E74}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{DB5E90BF-85EF-42C5-90E8-F674401DF58B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{E1008D30-848C-45E9-880F-2A6CFC72E9F6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{001595D7-94F4-4E60-BDDD-98B93E2AF8EE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{CD7859A3-AFE5-47DB-A041-02471F78E26B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{777D95AF-F0A4-4855-86D9-8F1C136CF871}] => (Allow) C:\Users\crazy\AppData\Local\Temp\7zS6276\HPDiagnosticCoreUI.exe
FirewallRules: [{95E2EB99-E113-408F-9623-2A0FEA9A40EF}] => (Allow) C:\Users\crazy\AppData\Local\Temp\7zS6276\HPDiagnosticCoreUI.exe
FirewallRules: [{D7249AC9-C559-425B-B149-2ECE01E9321C}] => (Allow) C:\Users\crazy\AppData\Local\Temp\7zS528E\HP.EasyStart.exe
FirewallRules: [{4CF2C21A-C130-4974-8D2C-7B9A931CDBFC}] => (Allow) LPort=5357
FirewallRules: [{022B16D3-8D95-4396-9785-1A5AE6F7C391}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{152C604F-5B16-41B0-946A-B5157D61131F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.82.454.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{A058CD10-63C5-40FE-8CA1-AAD42B528BC0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.82.454.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{732366BE-C9A3-4235-A682-573CB9DDDB28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.82.454.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{F9EDC72D-6522-483A-8EB4-1B17838E25B5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.82.454.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{8F6CDAED-098F-4CD3-8621-838362C31C4A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.82.454.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{B544D82B-D861-44EA-BFF4-6DB086313DB2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.82.454.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{8344E54E-A82C-4FDC-AB09-33F369961D29}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.82.454.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{34C6C4B0-4093-4C7D-AA7F-56F997D6D1C9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.82.454.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{12DA6570-E2D5-4FE7-9C56-9112E58BBFB2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.82.454.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{06207A0E-F2AD-4B62-BC3B-ACC05678B732}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.82.454.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{6EC50153-BF68-4182-91E0-C6454E30F1E0}] => (Allow) C:\Users\crazy\AppData\Local\Temp\7zS3AC1\HPDiagnosticCoreUI.exe
FirewallRules: [{3AD3106A-BB8A-4C37-8E0A-19530C1CA87A}] => (Allow) C:\Users\crazy\AppData\Local\Temp\7zS3AC1\HPDiagnosticCoreUI.exe
FirewallRules: [TCP Query User{4DFF971E-D632-41A1-8D12-B4C2C0EB4ADA}C:\users\crazy\appdata\local\temp\7zs2735\enterprisedu.exe] => (Allow) C:\users\crazy\appdata\local\temp\7zs2735\enterprisedu.exe
FirewallRules: [UDP Query User{9AF27308-F532-46DE-9749-DABC1C1B4AA8}C:\users\crazy\appdata\local\temp\7zs2735\enterprisedu.exe] => (Allow) C:\users\crazy\appdata\local\temp\7zs2735\enterprisedu.exe
FirewallRules: [{B9E68EE0-4B02-42AB-B68F-66F6B33209BA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

31-05-2018 20:11:10 Scheduled Checkpoint
02-06-2018 10:55:55 Installed LibreOffice 6.0.4.2
08-06-2018 10:20:03 Windows Update
13-06-2018 12:21:12 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/14/2018 12:42:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDScan.exe, version: 2.7.64.191, time stamp: 0x5ad9a8f3
Faulting module name: SDAdvancedCheckLibrary.dll, version: 2.7.64.98, time stamp: 0x5ad9a8cc
Exception code: 0xc0000005
Fault offset: 0x00004378
Faulting process ID: 0xf40
Faulting application start time: 0x01d4036e40084ad8
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDAdvancedCheckLibrary.dll
Report ID: f0ad1162-4e96-4a1e-a0c3-84eadf61d708
Faulting package full name:
Faulting package-relative application ID:

Error: (06/13/2018 11:21:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: soffice.bin, version: 6.0.4.2, time stamp: 0x5aef21a7
Faulting module name: ucrtbase.dll, version: 10.0.17134.1, time stamp: 0x587decd7
Exception code: 0xc0000409
Fault offset: 0x000000000006e75e
Faulting process ID: 0x2f74
Faulting application start time: 0x01d4034dc3551fb7
Faulting application path: C:\Program Files\LibreOffice\program\soffice.bin
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report ID: d03a4e6e-5907-4344-acdd-fff58bc15f3f
Faulting package full name:
Faulting package-relative application ID:

Error: (06/13/2018 12:14:11 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (06/12/2018 11:24:54 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (06/12/2018 07:22:37 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (06/10/2018 10:29:48 PM) (Source: Acronis Scheduler) (EventID: 1) (User: NT AUTHORITY)
Description: Scheduler failed to run task >> "" with GUID '9C979F54-D0D1-47D4-A754-6140A5043161' because of error 87> (Scheduler has received a request with an invalid parameter.).

Error: (06/10/2018 12:22:04 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (06/09/2018 11:24:55 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

System errors:
=============
Error: (06/14/2018 03:08:46 AM) (Source: DCOM) (EventID: 10016) (User: COBRA-DELL)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user COBRA-DELL\crazy SID (S-1-5-21-3035246220-1795647210-3486064107-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/14/2018 02:59:02 AM) (Source: DCOM) (EventID: 10016) (User: COBRA-DELL)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user COBRA-DELL\crazy SID (S-1-5-21-3035246220-1795647210-3486064107-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/14/2018 02:15:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s).

Error: (06/14/2018 02:15:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/14/2018 12:54:54 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/14/2018 12:54:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/14/2018 12:36:39 AM) (Source: DCOM) (EventID: 10016) (User: COBRA-DELL)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user COBRA-DELL\crazy SID (S-1-5-21-3035246220-1795647210-3486064107-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/14/2018 12:31:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Windows Defender:
===================================
Date: 2018-06-12 11:45:03.719
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {2C4F3189-3687-474E-A1F5-D18D24E38A55}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-12 11:37:09.050
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {85ED1C39-59A4-45CF-8131-9CF84481375F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-12 10:09:09.100
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {0F7FE3AB-79E3-4CE4-8AEF-BB615D598334}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-07 10:15:06.555
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D763728D-9242-427C-A5DF-D4CD8C048AE4}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-07 09:54:56.505
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5F728E88-8A73-4793-989D-FC25AF35B2D4}
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===================================

Date: 2018-06-14 03:58:00.601
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2018-06-14 03:57:54.589
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2018-06-14 03:51:52.724
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-06-14 03:51:16.351
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2018-06-14 03:43:00.996
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2018-06-14 03:28:00.699
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2018-06-14 03:27:48.193
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2018-06-14 03:21:47.408
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Xeon(R) CPU E5-1620 0 @ 3.60GHz
Percentage of memory in use: 59%
Total physical RAM: 8117.76 MB
Available physical RAM: 3267.24 MB
Total Virtual: 9397.76 MB
Available Virtual: 3836.44 MB

==================== Drives ================================

Drive b: (MUSIC) (Fixed) (Total:1863.02 GB) (Free:1716.37 GB) NTFS
Drive c: () (Fixed) (Total:237.32 GB) (Free:75.54 GB) NTFS
Drive f: (WD 5.45TB) (Fixed) (Total:5589 GB) (Free:4942.2 GB) NTFS
Drive g: (SEAGATE 4.54TB) (Fixed) (Total:4657.52 GB) (Free:4470.34 GB) NTFS

\\?\Volume{6d3dea9b-e980-43b0-b22c-82b39aa01a7a}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS
\\?\Volume{4c9339d6-9a02-4604-97f4-9448c863aa20}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Protective MBR) (Size: 237.9 GB) (Disk ID: 00000000)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 2.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 3.

==================== End of Addition.txt ============================

crazycolin · 2018/06/13

P.S. The **** URL's were inserted into the hosts file by Spybot's Immunisation. See below:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com

broni · 2018/06/13

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================

So far I don't see much there but we'll run some additional checks.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs

Double click on downloaded setup.exe file to install the program.

Click on Start Scan button.

Click on another Start Scan button.

Wait until the Status box shows Scan Finished

Click on Remove Selected.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.

Then click Finish.

Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.

If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.

When the scan is complete, make sure that all Threats are selected, and click Remove Selected.

Restart your computer when prompted to do so.

The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8/10 users right-click and select Run As Administrator

The tool will start to update the database if one is required.

Click on the Scan button.

AdwCleaner will begin...be patient as the scan may take some time to complete.

After the scan has finished, click on the Logfile button.

A window will open which lists the logs of your scans.

Click on the Scan tab.

Double-click the most recent scan which will be at the top of the list....the log will appear.

Review the results...see note below

After reviewing the log, click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.

Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).

To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.

Copy and paste the contents of AdwCleaner[CX].txt in your next reply.

A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

crazycolin · 2018/06/13

broni, the AdwCleaner link you gave was broken, but I found it at AdwCleaner via CNET

crazycolin · 2018/06/13

RogueKiller V12.12.21.0 (x64) [Jun 11 2018] (Premium) by Adlice Software
mail : Contact - Adlice Software
Feedback : Adlice forum - Home
Website : RogueKiller Anti-Malware Free Download - Official Website
Blog : Adlice Software - The Best Security Software, for FREE

Operating System : Windows 10 (10.0.17134) 64 bits version
Started in : Normal mode
User : crazy [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 06/14/2018 05:07:11 (Duration : 00:29:25)
Switches : -register -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {777D95AF-F0A4-4855-86D9-8F1C136CF871} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\crazy\AppData\Local\Temp\7zS6276\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {95E2EB99-E113-408F-9623-2A0FEA9A40EF} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\crazy\AppData\Local\Temp\7zS6276\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D7249AC9-C559-425B-B149-2ECE01E9321C} : v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\crazy\AppData\Local\Temp\7zS528E\HP.EasyStart.exe|Name=HP EasyStart|Desc=Allow HP EasyStart| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6EC50153-BF68-4182-91E0-C6454E30F1E0} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\crazy\AppData\Local\Temp\7zS3AC1\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3AD3106A-BB8A-4C37-8E0A-19530C1CA87A} : v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\crazy\AppData\Local\Temp\7zS3AC1\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{4DFF971E-D632-41A1-8D12-B4C2C0EB4ADA}C:\users\crazy\appdata\local\temp\7zs2735\enterprisedu.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\crazy\appdata\local\temp\7zs2735\enterprisedu.exe|Name=enterprisedu.exe|Desc=enterprisedu.exe|Defer=User| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{9AF27308-F532-46DE-9749-DABC1C1B4AA8}C:\users\crazy\appdata\local\temp\7zs2735\enterprisedu.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\crazy\appdata\local\temp\7zs2735\enterprisedu.exe|Name=enterprisedu.exe|Desc=enterprisedu.exe|Defer=User| [x] -> Deleted
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3035246220-1795647210-3486064107-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3035246220-1795647210-3486064107-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Replaced (1)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : Honey [bmnlcjabgnpnenekpadlanbbkooimhnj] -> Not selected
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [Login] -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ATA TOSHIBA DT01ACA2 SCSI Disk Device +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 2048 | Size: 1907728 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: DELL PERC H310 SCSI Disk Device +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 99 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1126400 | Size: 16 MB
3 - Basic data partition | Offset (sectors): 1159168 | Size: 243017 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive2: WD My Book 1230 USB Device +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! ([79] The semaphore timeout period has expired. )
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Seagate Expansion Desk SCSI Disk Device +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! ([45d] The request could not be performed because of an I/O device error. )
Error reading LL2 MBR! ([1] Incorrect function. )

crazycolin · 2018/06/13

Two false positives - a Chrome addon called Honey (which finds voucher codes and applies them automatically at checkouts) and my startup URLs in Chrome

crazycolin · 2018/06/13

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 14/06/2018
Scan Time: 05:45
Log File: b5292bfa-6f8d-11e8-92f1-b8ca3af219e1.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.374
Update Package Version: 1.0.5474
Licence: Trial

-System Information-
OS: Windows 10 (Build 17134.112)
CPU: x64
File System: NTFS
User: COBRA-DELL\crazy

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 312275
Threats Detected: 1
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 1 min, 12 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 1
PUP.Optional.IoloSC, C:\PROGRAM FILES (X86)\IOLO\SYSTEM CHECKUP, No Action By User, [1055], [349237],1.0.5474

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

crazycolin · 2018/06/13

Malwarebytes found one false positive - Iolo System Checkup (associated with their System Mechanic program)

crazycolin · 2018/06/13

I ran the Malwarebytes scan again, after whitelisting the false positive PUP and enabling rootkit scan:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 14/06/2018
Scan Time: 05:50
Log File: 7abf3d00-6f8e-11e8-b955-b8ca3af219e1.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.374
Update Package Version: 1.0.5474
Licence: Trial

-System Information-
OS: Windows 10 (Build 17134.112)
CPU: x64
File System: NTFS
User: COBRA-DELL\crazy

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 315016
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 2 min, 14 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

crazycolin · 2018/06/14

# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build: 06-05-2018
# Database: 2018-06-12.1
# Support: Customer Support & Help Center
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-14-2018
# Duration: 00:00:17
# OS: Windows 10 Pro
# Cleaned: 0
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete IFEO
[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset BITS
[+] Reset Windows Firewall
[+] Reset IPSec
[+] Reset Proxy Settings
[+] Reset TCP/IP
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1471 octets] - [14/06/2018 05:57:15]
AdwCleaner[C00].txt - [1513 octets] - [14/06/2018 05:57:58]
AdwCleaner[S01].txt - [1433 octets] - [14/06/2018 06:01:05]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

crazycolin · 2018/06/14

Hey broni,
My login page is now minus the annotation junk, and my PC seems to boot a few seconds quicker on a restart. Not tried a cold boot yet, but I'm hopeful. Even if there was nothing major, I've done things that needed doing - including deleting the firewall rules for Windows Defender Firewall and BullGuard Antivirus Firewall (so that new rules are generated for the programs that need them and nothing else). Thanks for your input and advice thus-far. Is there anything else I need to do, please?
crazycolin.

Log in or Sign up

Solved Rootkits & Bootkits

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

broni Moderator Malware Analyst

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

Share This Page

Log in or Sign up

Solved Rootkits & Bootkits

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

broni Moderator Malware Analyst

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

crazycolin Member Thread Starter

Share This Page

Useful Searches