Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop has issues including Recovery partition corruption among others


  • This topic is locked This topic is locked
4 replies to this topic

#1 Rachael Stacey

Rachael Stacey

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Quantum Computer
  • Local time:07:38 AM

Posted 09 October 2016 - 09:59 PM

I'm pretty sure I'm being used as a "server" for "web hosting".  This is a pretty deep infection that has followed me onto a 2nd laptop.  I have reset to factory settings but all the old info is still there even though I specifically clicked to delete all files and folders and do a clean install.  I very rarely get to a private web page, I have apps downloading by themselves and being attached to my IE 11, which I never use.  My settings are constantly changed and I'm getting extremely frustrated.
 
Here's the Farbar Scan:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-10-2016
Ran by Rachael (administrator) on DESKTOP-B36RF3G (09-10-2016 19:17:12)
Running from C:\Users\Rachael\Desktop
Loaded Profiles: Rachael (Available Profiles: defaultuser0 & Rachael)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsEngineSvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\AMD\ATI.ACE\a4\AdaptiveSleepService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.190.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8496344 2015-07-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4255840 2016-09-02] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-22] (Microsoft Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13823216 2016-10-04] (Zemana Ltd.)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [229592 2015-07-09] (Realtek Semiconductor Corporation)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2015-09-03] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-10-29] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3340580180-3008455056-2496869024-1001\...\Run: [HijackThis startup scan] => C:\Users\Rachael\Desktop\HijackThis.exe [388608 2016-10-04] (Trend Micro Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{78178d05-9208-453d-9599-c31c21981edf}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{b2d9e452-e328-4466-b5e0-565ab2ee2a11}: [DhcpNameServer] 40.22.1.11
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-3340580180-3008455056-2496869024-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-05-06] (Hewlett-Packard)
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-02] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default [2016-10-09]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; c:\Program Files\AMD\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-08-06] () [File not signed]
R2 AMD FUEL Service; c:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-06] (Advanced Micro Devices, Inc.) [File not signed]
S3 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2015-07-06] (Advanced Micro Devices) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [125656 2015-09-18] ()
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4366288 2016-08-31] (SecureMix LLC)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2015-09-03] (Hewlett-Packard Development Company, L.P.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [254232 2016-10-04] ()
R2 rsEngineSvc; C:\Program Files\Reason\Security\rsEngineSvc.exe [89880 2016-09-29] (Reason Software Company Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-07-06] (Realtek Semiconductor)
S3 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260704 2016-09-02] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13823216 2016-10-04] (Zemana Ltd.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [315104 2016-01-21] (Advanced Micro Devices)
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [18968 2015-07-14] (Advanced Micro Devices, INC.)
R2 AODDriver4.3; c:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [118848 2016-07-22] (Advanced Micro Devices)
S3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (SecureMix LLC)
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2016-10-02] (REALiX™)
R1 MpKsld1ff06a9; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D798B224-5D45-46C9-B5C6-3F80E60EDD6F}\MpKsld1ff06a9.sys [44928 2016-10-09] (Microsoft Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [301784 2015-06-09] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-06-01] (Realtek                                            )
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [602352 2015-08-11] (Realtek Semiconductor Corporation)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-06-09] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [5144064 2016-07-16] (Realtek Semiconductor Corporation                           )
R3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [67680 2016-09-02] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [71264 2016-09-02] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-10-09] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-10-09] (Zemana Ltd.)
            
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-09 19:17 - 2016-10-09 19:17 - 00011944 _____ C:\Users\Rachael\Desktop\FRST.txt
2016-10-09 19:16 - 2016-10-09 19:17 - 00000000 ____D C:\FRST
2016-10-09 19:14 - 2016-10-09 19:16 - 02407424 _____ (Farbar) C:\Users\Rachael\Desktop\FRST64.exe
2016-10-09 19:12 - 2016-10-09 19:13 - 33624128 _____ (Adlice Software ) C:\Users\Rachael\Desktop\setup.exe
2016-10-09 19:08 - 2016-10-09 19:08 - 00228140 _____ C:\Users\Rachael\Downloads\WMIExplorer_2.0.0.0.zip
2016-10-09 18:54 - 2016-10-09 18:57 - 05659993 _____ (Swearware) C:\Users\Rachael\Desktop\ComboFix.exe
2016-10-09 17:11 - 2016-10-09 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2016-10-09 17:11 - 2016-10-09 17:11 - 00000000 ____D C:\ProgramData\AMD
2016-10-09 17:09 - 2016-10-09 17:09 - 00000000 ____D C:\Users\Rachael\AppData\Roaming\ATI
2016-10-09 17:09 - 2016-10-09 17:09 - 00000000 ____D C:\Users\Rachael\AppData\Local\ATI
2016-10-09 17:09 - 2016-10-09 17:09 - 00000000 ____D C:\Program Files (x86)\AMD
2016-10-09 16:53 - 2016-10-09 16:53 - 00000000 ____D C:\Users\Rachael\AppData\Local\ElevatedDiagnostics
2016-10-09 15:53 - 2016-10-09 16:53 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-10-09 15:36 - 2016-10-09 15:36 - 00000000 ____D C:\Program Files (x86)\HP
2016-10-09 15:04 - 2016-10-09 16:02 - 00000000 ____D C:\Users\Rachael\Downloads\New folder
2016-10-09 13:39 - 2016-10-09 13:46 - 00000000 ____D C:\Users\Rachael\Downloads\HP Downloads
2016-10-09 12:45 - 2016-10-09 12:45 - 00009873 _____ C:\Users\Rachael\Downloads\htinfofile.txt
2016-10-09 12:41 - 2016-10-09 12:41 - 00001241 _____ C:\Users\Rachael\Desktop\uninstall_list.txt
2016-10-09 12:38 - 2016-10-09 12:38 - 00070128 _____ C:\Users\Rachael\Desktop\startuplist.txt
2016-10-09 12:20 - 2016-10-09 12:20 - 00000000 ____D C:\Users\Rachael\Desktop\backups
2016-10-09 11:19 - 2016-10-09 19:16 - 00222981 _____ C:\Windows\ZAM.krnl.trace
2016-10-09 11:19 - 2016-10-09 19:16 - 00074216 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-10-09 11:19 - 2016-10-09 11:19 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-10-09 11:19 - 2016-10-09 11:19 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-10-09 11:19 - 2016-10-09 11:19 - 00001188 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-10-09 11:19 - 2016-10-09 11:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-10-09 11:18 - 2016-10-09 11:19 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-10-09 11:18 - 2016-10-09 11:18 - 00000000 ____D C:\Users\Rachael\AppData\Local\Zemana
2016-10-09 11:15 - 2016-10-09 11:16 - 00001636 _____ C:\Users\Rachael\Desktop\ZHPCleaner.txt
2016-10-09 11:06 - 2016-10-09 11:16 - 00000000 ____D C:\Users\Rachael\AppData\Roaming\ZHP
2016-10-09 11:06 - 2016-10-09 11:06 - 00000922 _____ C:\Users\Rachael\Desktop\ZHPCleaner.lnk
2016-10-09 10:41 - 2016-10-09 10:41 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2016-10-09 10:41 - 2016-10-09 10:41 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2016-10-09 10:39 - 2016-10-09 11:17 - 05363600 _____ ( ) C:\Users\Rachael\Desktop\Zemana.AntiMalware.Setup.exe
2016-10-09 10:38 - 2016-10-09 11:05 - 01917440 _____ C:\Users\Rachael\Desktop\ZHPCleaner-2015.8.13.324.exe
2016-10-09 10:37 - 2016-10-09 10:40 - 00752296 _____ C:\Users\Rachael\Downloads\Adware Removal Tool by TSA.exe
2016-10-09 10:10 - 2016-10-09 17:16 - 00214896 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-09 09:45 - 2016-10-09 09:45 - 00000876 _____ C:\Users\Rachael\Desktop\JRT.txt
2016-10-09 09:37 - 2016-10-09 09:38 - 01631928 _____ (Malwarebytes) C:\Users\Rachael\Downloads\JRT (1).exe
2016-10-09 09:33 - 2016-10-09 09:36 - 00005276 _____ C:\Users\Rachael\Desktop\Rkill.txt
2016-10-09 08:53 - 2016-10-09 08:55 - 00000022 _____ C:\Users\Rachael\Downloads\cc_config.ini
2016-10-09 08:47 - 2016-10-09 09:32 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Rachael\Downloads\rkill (2).com
2016-10-09 08:42 - 2016-10-09 08:43 - 01065376 _____ (Google Inc.) C:\Users\Rachael\Downloads\GoogleEarthProSetup (2).exe
2016-10-08 21:53 - 2016-10-08 21:53 - 00061954 _____ C:\Users\Rachael\Downloads\CuAvqtSXYAABLjI.jpg-small
2016-10-07 22:35 - 2016-10-07 22:35 - 00000000 ____D C:\Users\Rachael\Documents\CyberLink
2016-10-07 22:34 - 2016-10-07 22:34 - 00000000 ____D C:\Users\Rachael\AppData\Roaming\CyberLink
2016-10-06 15:02 - 2016-10-06 15:02 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-05 09:44 - 2016-10-05 09:44 - 00221227 _____ C:\Users\Rachael\Downloads\master-west-tracker-2-5k-1-1-2010-7-10-2015.xlsx
2016-10-04 12:33 - 2016-10-09 09:54 - 00000000 ____D C:\Users\Rachael\Desktop\New folder
2016-10-04 09:39 - 2016-10-04 09:39 - 00000000 ____D C:\029dc585766da2680d961f
2016-10-04 09:18 - 2016-10-04 09:19 - 00000000 ____D C:\Users\Rachael\Downloads\backups
2016-10-04 09:12 - 2016-10-04 09:15 - 00069993 _____ C:\Users\Rachael\Downloads\startuplist.txt
2016-10-04 08:49 - 2016-10-04 08:51 - 00388608 _____ (Trend Micro Inc.) C:\Users\Rachael\Desktop\HijackThis.exe
2016-10-04 04:33 - 2016-10-04 04:33 - 00000000 _____ C:\Recovery.txt
2016-10-04 04:04 - 2016-10-04 04:18 - 04619752 _____ (Piriform Ltd) C:\Users\Rachael\Downloads\dfsetup221.exe
2016-10-04 03:46 - 2016-10-04 03:47 - 00282112 _____ (SingularLabs) C:\Users\Rachael\Downloads\CCEnhancer-4.4.1.exe
2016-10-04 02:55 - 2016-10-04 02:55 - 00002490 _____ C:\Users\Rachael\Documents\bookmark.htm
2016-10-04 02:54 - 2016-10-04 02:54 - 00000069 _____ C:\Users\Rachael\Documents\feeds.opml
2016-10-04 01:46 - 2016-10-04 01:46 - 00002874 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-10-04 01:45 - 2016-10-04 01:45 - 00000000 ____D C:\Users\Rachael\AppData\Local\Publishers
2016-10-04 00:52 - 2016-10-09 09:24 - 00002650 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-10-04 00:35 - 2016-10-04 00:36 - 00003644 _____ C:\Windows\System32\Tasks\ReasonSecurityScheduledScan
2016-10-04 00:35 - 2016-10-04 00:35 - 00000000 ____D C:\ProgramData\Reason
2016-10-03 20:09 - 2016-10-03 20:12 - 00000955 _____ C:\Users\Public\Desktop\Reason Core Security.lnk
2016-10-03 20:09 - 2016-10-03 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2016-10-03 20:09 - 2016-10-03 20:09 - 00000000 ____D C:\Program Files\Reason
2016-10-03 20:08 - 2016-10-03 20:11 - 06406240 _____ (Reason Software Company Inc.) C:\Users\Rachael\Downloads\reason-core-security-setup.exe
2016-10-03 18:31 - 2016-10-09 09:49 - 03861056 _____ C:\Users\Rachael\Downloads\AdwCleaner.exe
2016-10-03 16:22 - 2016-10-03 16:22 - 00000000 ____D C:\Users\Rachael\AppData\LocalLow\Temp
2016-10-03 11:49 - 2016-10-09 17:12 - 00000000 ____D C:\Users\Rachael\AppData\Local\CrashDumps
2016-10-03 11:49 - 2016-10-03 11:49 - 00000000 ____D C:\Users\Rachael\AppData\Roaming\WildTangent
2016-10-02 20:42 - 2016-10-02 20:42 - 00000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-10-02 20:42 - 2016-10-02 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-10-02 20:41 - 2016-10-09 08:55 - 00000000 ____D C:\Program Files\CCleaner
2016-10-02 20:40 - 2016-10-02 20:41 - 08243736 _____ (Piriform Ltd) C:\Users\Rachael\Downloads\ccsetup522pro.exe
2016-10-02 20:24 - 2016-10-02 20:24 - 00000000 ____D C:\Users\Rachael\AppData\Roaming\hpqLog
2016-10-02 19:49 - 2016-10-02 19:49 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Rachael\Downloads\rkill.com
2016-10-02 19:08 - 2016-10-02 19:08 - 00001177 _____ C:\Users\Public\Desktop\Spybot Anti-Beacon.lnk
2016-10-02 19:08 - 2016-10-02 19:08 - 00000000 ____D C:\Windows\SysWOW64\PolicyDefinitions
2016-10-02 19:08 - 2016-10-02 19:08 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-10-02 19:08 - 2016-10-02 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot Anti-Beacon
2016-10-02 19:08 - 2016-10-02 19:08 - 00000000 ____D C:\Program Files (x86)\Spybot Anti-Beacon
2016-10-02 19:07 - 2016-10-02 19:07 - 02691400 _____ (Safer-Networking Ltd. ) C:\Users\Rachael\Downloads\SpybotAntiBeacon-1.5-setup.exe
2016-10-02 19:07 - 2016-10-02 19:07 - 00000000 ____D C:\Users\Rachael\AppData\Local\GlassWire
2016-10-02 19:05 - 2016-10-02 19:05 - 00001981 _____ C:\Users\Public\Desktop\GlassWire.lnk
2016-10-02 19:05 - 2016-10-02 19:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2016-10-02 19:04 - 2016-10-02 19:04 - 00000000 ____D C:\ProgramData\GlassWire
2016-10-02 19:04 - 2015-05-28 23:30 - 00008392 _____ C:\Windows\system32\Drivers\gwdrv.cat
2016-10-02 19:04 - 2015-05-28 23:15 - 00033152 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys
2016-10-02 19:03 - 2016-10-02 19:05 - 00000000 ____D C:\Program Files (x86)\GlassWire
2016-10-02 18:52 - 2016-10-02 18:52 - 30562448 _____ (SecureMix LLC) C:\Users\Rachael\Downloads\GlassWireSetup.exe
2016-10-02 18:51 - 2016-10-02 18:51 - 00027552 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2016-10-02 18:48 - 2016-10-02 18:48 - 03497512 _____ (Martin Malík - REALiX ) C:\Users\Rachael\Downloads\hw32_536.exe
2016-10-02 18:48 - 2016-10-02 18:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO32
2016-10-02 18:48 - 2016-10-02 18:48 - 00000000 ____D C:\Program Files (x86)\HWiNFO32
2016-10-02 18:47 - 2016-10-02 18:47 - 03632760 _____ (Martin Malík - REALiX ) C:\Users\Rachael\Downloads\hw64_536.exe
2016-10-02 18:43 - 2016-10-02 18:43 - 00002355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-02 18:43 - 2016-10-02 18:43 - 00002343 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-02 18:41 - 2016-10-09 10:10 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-02 18:41 - 2016-10-09 09:25 - 00003280 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-10-02 18:36 - 2016-10-02 18:36 - 01065376 _____ (Google Inc.) C:\Users\Rachael\Downloads\ChromeSetup.exe
2016-10-02 17:59 - 2016-10-01 18:22 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-02 17:51 - 2016-10-02 20:23 - 00000000 ____D C:\Users\Rachael\AppData\Roaming\DropboxOEM
2016-10-02 16:30 - 2016-10-02 16:30 - 00000003 _____ C:\Users\Administrator\Desktop\Untitled1.ps1
2016-10-02 15:18 - 2016-10-02 15:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft_Corporation
2016-10-02 12:17 - 2016-10-02 12:17 - 00212360 _____ C:\ProgramData\cl.1475428557.bdinstall.bin
2016-10-02 12:15 - 2016-10-02 12:15 - 00020031 _____ C:\ProgramData\agent.1475428542.bdinstall.bin
2016-10-02 01:43 - 2016-10-02 01:43 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2016-10-01 21:25 - 2016-10-01 23:32 - 00000000 ____D C:\Users\Administrator\Desktop\New folder (2)
2016-10-01 20:42 - 2016-10-02 13:11 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2016-10-01 19:20 - 2016-10-02 05:23 - 00000000 ____D C:\Users\Administrator\Desktop\New folder
2016-10-01 18:53 - 2016-10-01 18:53 - 00000000 ____H C:\Users\Administrator\Documents\Default.rdp
2016-10-01 13:09 - 2016-10-01 13:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2016-10-01 03:41 - 2016-10-06 16:26 - 00000000 ____D C:\Windows\system32\MRT
2016-10-01 02:57 - 2016-10-01 02:57 - 00035285 _____ C:\ProgramData\dm.1475308633.bdinstall.bin
2016-10-01 02:55 - 2016-10-01 02:55 - 00054244 _____ C:\ProgramData\dm.1475308501.bdinstall.bin
2016-10-01 02:55 - 2016-10-01 02:55 - 00000000 ____D C:\ProgramData\Bitdefender Device Management
2016-10-01 02:54 - 2016-10-02 10:29 - 00003150 _____ C:\bdlog.txt
2016-10-01 02:29 - 2016-10-01 02:29 - 00000000 ____D C:\ProgramData\BDLogging
2016-10-01 02:28 - 2016-10-02 12:16 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Bitdefender
2016-10-01 02:25 - 2016-10-02 12:16 - 00000000 ____D C:\ProgramData\Bitdefender
2016-10-01 02:24 - 2016-10-01 02:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\QuickScan
2016-10-01 02:20 - 2016-10-02 20:19 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-10-01 02:20 - 2016-10-01 02:20 - 00046783 _____ C:\ProgramData\agent.1475306406.bdinstall.bin
2016-10-01 02:20 - 2016-10-01 02:20 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2016-10-01 02:09 - 2016-10-01 02:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software
2016-10-01 02:01 - 2016-10-09 10:22 - 00000000 ____D C:\AdwCleaner
2016-10-01 01:59 - 2016-10-01 01:59 - 00000906 _____ C:\Users\Administrator\Desktop\JRT.txt
2016-10-01 01:59 - 2016-10-01 01:59 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comms
2016-10-01 01:58 - 2016-10-01 02:09 - 00000000 ____D C:\Users\Administrator\Downloads\New folder
2016-10-01 01:56 - 2016-10-01 01:57 - 00003796 _____ C:\Users\Administrator\Desktop\Rkill.txt
2016-10-01 01:46 - 2016-10-01 01:47 - 00000000 ____D C:\Program Files (x86)\Google
2016-10-01 01:45 - 2016-10-01 03:25 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2016-10-01 01:44 - 2016-10-01 01:44 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Hewlett-Packard
2016-10-01 01:42 - 2016-10-02 01:44 - 00000000 ___RD C:\Users\Administrator\OneDrive
2016-10-01 01:42 - 2016-10-01 01:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\MicrosoftEdge
2016-10-01 01:41 - 2016-10-02 20:18 - 00000000 ___RD C:\Users\Administrator\Documents\YouCam
2016-10-01 01:41 - 2016-10-01 01:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\CyberLink
2016-10-01 01:41 - 2016-10-01 01:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\Hewlett-Packard
2016-10-01 01:40 - 2016-10-02 20:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\TileDataLayer
2016-10-01 01:40 - 2016-10-02 20:18 - 00000000 ____D C:\Users\Administrator
2016-10-01 01:40 - 2016-10-01 18:23 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2016-10-01 01:40 - 2016-10-01 10:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2016-10-01 01:40 - 2016-10-01 01:40 - 00000000 _SHDL C:\Users\Administrator\My Documents
2016-10-01 01:40 - 2016-10-01 01:40 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2016-10-01 01:40 - 2016-10-01 01:40 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2016-10-01 01:40 - 2016-10-01 01:40 - 00000000 _RHDL C:\Users\Administrator\Documents\My Videos
2016-10-01 01:40 - 2016-10-01 01:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Synaptics
2016-10-01 01:40 - 2016-10-01 01:40 - 00000000 ____D C:\Users\Administrator\AppData\Local\VirtualStore
2016-10-01 01:40 - 2016-10-01 01:40 - 00000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2016-10-01 01:40 - 2016-09-30 05:41 - 00000000 ____D C:\Users\Administrator\Documents\hp.system.package.metadata
2016-10-01 01:40 - 2016-09-30 05:41 - 00000000 ____D C:\Users\Administrator\Documents\hp.applications.package.appdata
2016-10-01 01:13 - 2016-10-02 20:21 - 00000000 ____D C:\Users\Rachael\AppData\Local\Google
2016-10-01 00:18 - 2016-10-02 20:17 - 00000000 ____D C:\Windows\Minidump
2016-09-30 19:44 - 2016-09-30 19:44 - 00000000 ____D C:\Users\Rachael\AppData\Local\Microsoft_Corporation
2016-09-30 11:20 - 2016-09-30 11:20 - 00000000 ____D C:\Users\Rachael\AppData\Roaming\Macromedia
2016-09-30 10:58 - 2016-09-30 10:58 - 00000000 ____D C:\Users\Rachael\AppData\Local\Comms
2016-09-30 08:46 - 2016-09-30 08:46 - 00000000 ____D C:\Users\Public\CyberLink
2016-09-30 07:08 - 2016-10-01 01:11 - 00000000 ____D C:\Users\Rachael\AppData\Local\MicrosoftEdge
2016-09-30 07:08 - 2016-09-30 07:08 - 00002380 _____ C:\Users\Rachael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-09-30 07:08 - 2016-09-30 07:08 - 00000000 ___RD C:\Users\Rachael\OneDrive
2016-09-30 07:07 - 2016-09-30 07:08 - 00000000 ____D C:\Users\Rachael\AppData\Roaming\Hewlett-Packard
2016-09-30 07:07 - 2016-09-30 07:07 - 00000000 ____D C:\Users\Rachael\AppData\Local\HP_Inc
2016-09-30 07:05 - 2016-10-09 13:39 - 00000000 ____D C:\Users\Rachael\AppData\Local\Hewlett-Packard
2016-09-30 07:05 - 2016-10-04 01:47 - 00000000 ____D C:\Users\Rachael\Documents\YouCam
2016-09-30 07:05 - 2016-09-30 07:07 - 00000000 ____D C:\Users\Rachael\AppData\Local\CyberLink
2016-09-30 07:04 - 2016-10-09 09:42 - 00000000 ____D C:\Users\Rachael\AppData\Local\Packages
2016-09-30 07:04 - 2016-10-04 08:53 - 00000000 ____D C:\Users\Rachael\AppData\Local\VirtualStore
2016-09-30 07:04 - 2016-09-30 17:37 - 00000000 ____D C:\Users\Rachael\AppData\Local\ConnectedDevicesPlatform
2016-09-30 07:04 - 2016-09-30 07:04 - 00000000 ____D C:\Users\Rachael\Documents\My Bluetooth
2016-09-30 07:04 - 2016-09-30 07:04 - 00000000 ____D C:\Users\Rachael\AppData\Roaming\Synaptics
2016-09-30 07:04 - 2016-09-30 07:04 - 00000000 ____D C:\Users\Rachael\AppData\Roaming\Adobe
2016-09-30 07:04 - 2016-09-30 07:04 - 00000000 ____D C:\Users\Rachael\AppData\Local\TileDataLayer
2016-09-30 07:03 - 2016-10-09 17:43 - 00000000 ____D C:\Users\Rachael
2016-09-30 07:03 - 2016-09-30 07:03 - 00000020 ___SH C:\Users\Rachael\ntuser.ini
2016-09-30 07:03 - 2016-09-30 07:03 - 00000000 _SHDL C:\Users\Rachael\My Documents
2016-09-30 07:03 - 2016-09-30 07:03 - 00000000 _SHDL C:\Users\Rachael\Documents\My Videos
2016-09-30 07:03 - 2016-09-30 07:03 - 00000000 _SHDL C:\Users\Rachael\Documents\My Pictures
2016-09-30 07:03 - 2016-09-30 07:03 - 00000000 _SHDL C:\Users\Rachael\Documents\My Music
2016-09-30 07:03 - 2016-09-30 05:41 - 00000000 ____D C:\Users\Rachael\Documents\hp.system.package.metadata
2016-09-30 07:03 - 2016-09-30 05:41 - 00000000 ____D C:\Users\Rachael\Documents\hp.applications.package.appdata
2016-09-30 07:00 - 2016-09-30 07:00 - 00000000 ____D C:\Users\defaultuser0\AppData\Roaming\Hewlett-Packard
2016-09-30 06:58 - 2016-09-30 06:58 - 00000000 ____D C:\Users\defaultuser0\Documents\YouCam
2016-09-30 06:58 - 2016-09-30 06:58 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\DropboxOEM
2016-09-30 06:58 - 2016-09-30 06:58 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\CyberLink
2016-09-30 06:57 - 2016-09-30 06:57 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\Hewlett-Packard
2016-09-30 06:56 - 2016-09-30 19:05 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\ConnectedDevicesPlatform
2016-09-30 06:56 - 2016-09-30 06:57 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2016-09-30 06:56 - 2016-09-30 06:56 - 00000000 ____D C:\Users\defaultuser0\Documents\My Bluetooth
2016-09-30 06:56 - 2016-09-30 06:56 - 00000000 ____D C:\Users\defaultuser0\AppData\Roaming\Synaptics
2016-09-30 06:56 - 2016-09-30 06:56 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\VirtualStore
2016-09-30 06:56 - 2016-09-30 06:56 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\TileDataLayer
2016-09-30 06:52 - 2016-10-02 20:22 - 00000000 ____D C:\Users\defaultuser0
2016-09-30 06:52 - 2016-09-30 06:52 - 00000020 ___SH C:\Users\defaultuser0\ntuser.ini
2016-09-30 06:52 - 2016-09-30 06:52 - 00000000 _SHDL C:\Users\defaultuser0\My Documents
2016-09-30 06:52 - 2016-09-30 06:52 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Videos
2016-09-30 06:52 - 2016-09-30 06:52 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Pictures
2016-09-30 06:52 - 2016-09-30 06:52 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Music
2016-09-30 06:52 - 2016-09-30 05:41 - 00000000 ____D C:\Users\defaultuser0\Documents\hp.system.package.metadata
2016-09-30 06:52 - 2016-09-30 05:41 - 00000000 ____D C:\Users\defaultuser0\Documents\hp.applications.package.appdata
2016-09-30 06:03 - 2016-10-09 15:36 - 00000000 ___HD C:\system.sav
2016-09-30 05:50 - 2016-09-30 05:50 - 00000000 _SHDL C:\Users\Default\My Documents
2016-09-30 05:50 - 2016-09-30 05:50 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-09-30 05:50 - 2016-09-30 05:50 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-09-30 05:50 - 2016-09-30 05:50 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-09-30 05:50 - 2016-09-30 05:50 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-09-30 05:50 - 2016-09-30 05:50 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-09-30 05:50 - 2016-09-30 05:50 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-09-30 05:50 - 2016-09-30 05:50 - 00000000 _SHDL C:\Users\Default User
2016-09-30 05:50 - 2016-09-30 05:50 - 00000000 _SHDL C:\Users\All Users
2016-09-30 05:49 - 2016-09-30 05:49 - 00022744 _____ C:\Windows\system32\emptyregdb.dat
2016-09-30 05:46 - 2016-07-16 06:41 - 02716672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2016-09-30 05:41 - 2016-09-30 05:41 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-09-30 05:41 - 2016-09-30 05:41 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata
2016-09-30 05:41 - 2016-09-30 05:41 - 00000000 ____D C:\Users\Default\Documents\hp.applications.package.appdata
2016-09-30 05:41 - 2016-09-30 05:41 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata
2016-09-30 05:41 - 2016-09-30 05:41 - 00000000 ____D C:\Users\Default User\Documents\hp.applications.package.appdata
2016-09-30 05:21 - 2016-09-30 05:21 - 00000000 ____D C:\Windows\system32\config\bbimigrate
2016-09-30 05:14 - 2016-10-09 17:15 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-09-30 05:14 - 2016-10-09 17:15 - 00007084 _____ C:\Windows\system32\Drivers\rtkhdasetting.zip
2016-09-30 05:14 - 2016-10-09 17:11 - 00000000 ____D C:\Program Files\AMD
2016-09-30 05:14 - 2016-10-09 16:53 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2016-09-30 05:14 - 2016-10-09 15:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2016-09-30 05:14 - 2016-09-30 05:14 - 00000000 ____D C:\Windows\system32\SRSLabs
2016-09-30 05:14 - 2016-09-30 05:14 - 00000000 ____D C:\Program Files\Realtek
2016-09-30 05:14 - 2016-09-30 05:14 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-09-30 05:14 - 2016-09-30 05:14 - 00000000 _____ C:\Windows\ativpsrm.bin
2016-09-30 05:13 - 2016-09-30 05:13 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2016-09-30 05:13 - 2016-09-30 05:13 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_AMDASF_01011.Wdf
2016-09-30 05:09 - 2016-09-30 05:09 - 00000000 ____D C:\ProgramData\USOShared
2016-09-30 05:08 - 2016-10-09 17:16 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-30 05:07 - 2016-10-09 17:40 - 00000000 ____D C:\Windows\system32\SleepStudy
2016-09-30 05:07 - 2016-09-30 05:07 - 00000000 ____D C:\Windows\ServiceProfiles
2016-09-30 01:49 - 2016-10-02 20:57 - 00000000 ___DC C:\Windows\Panther
2016-09-30 01:49 - 2016-09-30 01:49 - 00000000 ____D C:\Windows\InfusedApps
2016-09-30 01:48 - 2016-09-30 01:48 - 00008192 _____ C:\Windows\system32\config\userdiff
2016-09-30 01:47 - 2016-09-30 01:47 - 00000000 ____D C:\Windows\SysWOW64\sda
2016-09-30 01:46 - 2016-09-30 01:46 - 00000000 ____D C:\Program Files\Synaptics
2016-09-30 01:45 - 2016-09-30 01:45 - 00000000 ____D C:\Windows\Setup
2016-09-30 01:44 - 2016-10-02 20:19 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-09-30 01:44 - 2016-10-02 20:19 - 00000000 ____D C:\Program Files\MSBuild
2016-09-30 01:44 - 2016-10-02 20:19 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-09-30 01:44 - 2016-10-02 20:19 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-09-30 01:44 - 2016-09-30 01:44 - 00000000 ____D C:\Windows\OCR
2016-09-30 01:43 - 2016-09-30 01:43 - 00000000 ____D C:\Windows\SysWOW64\winrm
2016-09-30 01:43 - 2016-09-30 01:43 - 00000000 ____D C:\Windows\SysWOW64\WCN
2016-09-30 01:43 - 2016-09-30 01:43 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2016-09-30 01:43 - 2016-09-30 01:43 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2016-09-30 01:43 - 2016-09-30 01:43 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-09-30 01:43 - 2016-09-30 01:43 - 00000000 ____D C:\Windows\SysWOW64\0409
2016-09-30 01:43 - 2016-09-30 01:43 - 00000000 ____D C:\Windows\system32\winrm
2016-09-30 01:43 - 2016-09-30 01:43 - 00000000 ____D C:\Windows\system32\WCN
2016-09-30 01:43 - 2016-09-30 01:43 - 00000000 ____D C:\Windows\system32\slmgr
2016-09-30 01:43 - 2016-09-30 01:43 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2016-09-30 01:43 - 2016-09-30 01:43 - 00000000 ____D C:\Windows\system32\0409
2016-09-30 01:43 - 2016-09-30 01:43 - 00000000 ____D C:\Windows\DigitalLocker
2016-09-30 01:40 - 2016-09-07 11:32 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-30 01:40 - 2016-09-07 11:32 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-30 01:37 - 2016-10-09 17:42 - 00000000 ____D C:\Windows\AppReadiness
2016-09-30 01:37 - 2016-10-09 17:11 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-30 01:37 - 2016-10-09 12:23 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-09-30 01:37 - 2016-10-09 12:23 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-09-30 01:37 - 2016-10-09 12:22 - 00000000 ___SD C:\Windows\system32\F12
2016-09-30 01:37 - 2016-10-09 12:22 - 00000000 ___SD C:\Windows\system32\dsc
2016-09-30 01:37 - 2016-10-09 12:22 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-09-30 01:37 - 2016-10-09 12:22 - 00000000 ___RD C:\Program Files\Windows Defender
2016-09-30 01:37 - 2016-10-09 12:22 - 00000000 ____D C:\Windows\system32\oobe
2016-09-30 01:37 - 2016-10-09 12:22 - 00000000 ____D C:\Windows\system32\Dism
2016-09-30 01:37 - 2016-10-09 12:22 - 00000000 ____D C:\Windows\system32\appraiser
2016-09-30 01:37 - 2016-10-09 12:22 - 00000000 ____D C:\Windows\ShellExperiences
2016-09-30 01:37 - 2016-10-09 12:22 - 00000000 ____D C:\Windows\Provisioning
2016-09-30 01:37 - 2016-10-09 12:22 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-09-30 01:37 - 2016-10-09 09:10 - 00000000 ____D C:\Windows\LiveKernelReports
2016-09-30 01:37 - 2016-10-04 03:58 - 00000000 ____D C:\Windows\system32\AppLocker
2016-09-30 01:37 - 2016-10-02 20:34 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-09-30 01:37 - 2016-10-02 20:22 - 00000000 ___SD C:\Windows\SysWOW64\Nui
2016-09-30 01:37 - 2016-10-02 20:22 - 00000000 ___SD C:\Windows\SysWOW64\F12
2016-09-30 01:37 - 2016-10-02 20:22 - 00000000 ___SD C:\Windows\system32\Nui
2016-09-30 01:37 - 2016-10-02 20:22 - 00000000 ____D C:\Windows\SysWOW64\setup
2016-09-30 01:37 - 2016-10-02 20:22 - 00000000 ____D C:\Windows\system32\Sysprep
2016-09-30 01:37 - 2016-10-02 20:22 - 00000000 ____D C:\Windows\system32\setup
2016-09-30 01:37 - 2016-10-02 20:22 - 00000000 ____D C:\Windows\system32\DDFs
2016-09-30 01:37 - 2016-10-02 20:22 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-09-30 01:37 - 2016-10-02 20:22 - 00000000 ____D C:\Windows\L2Schemas
2016-09-30 01:37 - 2016-10-02 20:22 - 00000000 ____D C:\Windows\bcastdvr
2016-09-30 01:37 - 2016-10-02 20:22 - 00000000 ____D C:\Windows\addins
2016-09-30 01:37 - 2016-10-02 20:22 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-09-30 01:37 - 2016-10-02 20:22 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-09-30 01:37 - 2016-10-02 20:21 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-30 01:37 - 2016-10-02 20:20 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-30 01:37 - 2016-10-02 20:19 - 00000000 ____D C:\Windows\Globalization
2016-09-30 01:37 - 2016-10-02 20:19 - 00000000 ____D C:\Windows\appcompat
2016-09-30 01:37 - 2016-10-02 20:08 - 00000000 ____D C:\Windows\registration
2016-09-30 01:37 - 2016-10-02 19:59 - 00000000 ____D C:\Windows\system32\spool
2016-09-30 01:37 - 2016-10-02 19:58 - 00000000 ___SD C:\Windows\system32\Configuration
2016-09-30 01:37 - 2016-10-02 19:25 - 00000000 ____D C:\Windows\system32\NDF
2016-09-30 01:37 - 2016-09-30 07:38 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-09-30 01:37 - 2016-09-30 07:03 - 00000000 ____D C:\Windows\system32\WinBioDatabase
2016-09-30 01:37 - 2016-09-30 05:52 - 00000000 ____D C:\Windows\rescache
2016-09-30 01:37 - 2016-09-30 05:49 - 00000000 __RHD C:\Users\Public\Libraries
2016-09-30 01:37 - 2016-09-30 05:38 - 00000000 ____D C:\Windows\system32\inetsrv
2016-09-30 01:37 - 2016-09-30 05:21 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-09-30 01:37 - 2016-09-30 05:15 - 00000000 ___RD C:\Windows\PrintDialog
2016-09-30 01:37 - 2016-09-30 05:15 - 00000000 ___RD C:\Windows\MiracastView
2016-09-30 01:37 - 2016-09-30 05:09 - 00000000 ____D C:\ProgramData\USOPrivate
2016-09-30 01:37 - 2016-09-30 01:48 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-09-30 01:37 - 2016-09-30 01:44 - 00000000 ____D C:\Windows\SystemApps
2016-09-30 01:37 - 2016-09-30 01:43 - 00000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2016-09-30 01:37 - 2016-09-30 01:43 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2016-09-30 01:37 - 2016-09-30 01:43 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-09-30 01:37 - 2016-09-30 01:43 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-09-30 01:37 - 2016-09-30 01:43 - 00000000 ____D C:\Windows\SysWOW64\Com
2016-09-30 01:37 - 2016-09-30 01:43 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2016-09-30 01:37 - 2016-09-30 01:43 - 00000000 ____D C:\Windows\system32\MUI
2016-09-30 01:37 - 2016-09-30 01:43 - 00000000 ____D C:\Windows\system32\migwiz
2016-09-30 01:37 - 2016-09-30 01:43 - 00000000 ____D C:\Windows\system32\Com
2016-09-30 01:37 - 2016-09-30 01:43 - 00000000 ____D C:\Windows\IME
2016-09-30 01:37 - 2016-09-30 01:43 - 00000000 ____D C:\Windows\Help
2016-09-30 01:37 - 2016-09-30 01:43 - 00000000 ____D C:\Program Files\Common Files\System
2016-09-30 01:37 - 2016-09-30 01:38 - 00000000 ____D C:\Windows\SysWOW64\WinMetadata
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 __RSD C:\Windows\Media
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ___SD C:\Windows\SysWOW64\Configuration
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ___SD C:\Windows\Downloaded Program Files
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ___RD C:\Windows\Offline Web Pages
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\Web
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\Vss
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\tracing
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\TAPI
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\SysWOW64\SMI
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\SysWOW64\ras
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\SysWOW64\NDF
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\SysWOW64\MsDtc
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\SysWOW64\MailContactsCalendarSync
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\SysWOW64\Ipmi
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\SysWOW64\InputMethod
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\SysWOW64\IME
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\SysWOW64\icsxml
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\SysWOW64\downlevel
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\SysWOW64\Bthprops
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\SysWOW64\AppLocker
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\SystemResources
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\system32\WinMetadata
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\system32\winevt
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\system32\ras
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\system32\ProximityToast
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\system32\PointOfService
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\system32\MsDtc
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\system32\MailContactsCalendarSync
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\system32\Ipmi
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\system32\InputMethod
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\system32\IME
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\system32\icsxml
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\system32\ias
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\system32\downlevel
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\system32\config\Journal
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\system32\Bthprops
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\System
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\SKB
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\security
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\schemas
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\SchCache
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\Resources
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\PLA
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\Performance
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\ModemLogs
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\InputMethod
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\GameBarPresenceWriter
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\Cursors
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Windows\Branding
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\ProgramData\Comms
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Program Files\Windows NT
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Program Files\Common Files\Services
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-09-30 01:37 - 2016-09-30 01:37 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
 
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-10-2016
Ran by Rachael (09-10-2016 19:19:12)
Running from C:\Users\Rachael\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-30 11:55:40)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3340580180-3008455056-2496869024-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3340580180-3008455056-2496869024-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3340580180-3008455056-2496869024-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3340580180-3008455056-2496869024-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3340580180-3008455056-2496869024-1003 - Limited - Enabled)
Rachael (S-1-5-21-3340580180-3008455056-2496869024-1001 - Administrator - Enabled) => C:\Users\Rachael
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ACP Application (Version: 2.15.30.0019 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{2A582D42-F483-B0D7-2926-12F576D0D257}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.2.5829 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
GlassWire 1.2 (remove only) (HKLM-x32\...\GlassWire 1.2) (Version: 1.2.74 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP Documentation (HKLM\...\HP_Documentation) (Version:  - HP)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.0.29.6 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.5.32.37 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{6B1ECC61-B581-400D-BFAF-101B1AAEA5AB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
HWiNFO32 Version 5.36 (HKLM-x32\...\HWiNFO32_is1) (Version: 5.36 - Martin Malík - REALiX)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.46 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.370.87 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.58 - REALTEK Semiconductor Corp.)
Reason Core Security (HKLM-x32\...\Reason Core Security) (Version: 1.2.0.1 - Reason Software Company Inc.)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.5 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.10 - Synaptics Incorporated)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.50.133 - Zemana Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3340580180-3008455056-2496869024-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Rachael\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {78A1B6C5-CD63-490D-BBA5-341CDA843973} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {8278E9DD-8B73-48A1-A0D2-2B55D1D230C7} - \Hewlett-Packard\HP Support Assistant\First Boot -> No File <==== ATTENTION
Task: {9270AA6D-BCCB-4BCC-9D05-88210FD9A9FC} - System32\Tasks\ReasonSecurityScheduledScan => C:\Program Files\Reason\Security\rsUI.exe [2016-09-29] (Reason Software Company Inc.)
Task: {96A679CC-2882-4875-91FF-B5AA96E898A6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {A499B2CC-DF6E-458B-9496-0EE7B36AE438} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-02] (Google Inc.)
Task: {A9D7D785-3A7B-4A9D-AA23-41DFBC586586} - \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start -> No File <==== ATTENTION
Task: {B0EB95A1-3C44-465A-BCC8-A56CB0D432F4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {BAEBFA52-6F76-4229-A097-B70D16B52C58} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {CBB3CFF2-6637-46CF-BD04-E116241FCE4C} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe [2015-10-19] (Safer-Networking Ltd.)
Task: {CF2FDEBA-5D5F-4F4D-9120-D941905A5454} - \Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater -> No File <==== ATTENTION
Task: {DEDFEFAE-7543-4BAD-9FFE-8A310521DE5E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {E30696FD-B315-4CA3-822C-7FB307A1F521} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 ____N () C:\Windows\SYSTEM32\ism32k.dll
2016-09-22 08:32 - 2016-09-22 08:32 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-07-16 06:42 - 2016-07-16 06:42 - 00236488 ____N () c:\windows\system32\WerEtw.dll
2015-09-29 14:37 - 2014-04-14 20:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-09-29 13:38 - 2015-09-18 16:27 - 00125656 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2015-08-06 21:39 - 2015-08-06 21:39 - 00127488 _____ () c:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-10-04 00:35 - 2016-10-04 00:35 - 00254232 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
2015-08-06 21:39 - 2015-08-06 21:39 - 00138752 _____ () c:\Program Files\AMD\ATI.ACE\A4\AdaptiveSleepService.exe
2016-10-04 00:35 - 2016-10-04 00:35 - 00570648 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
2016-09-22 08:32 - 2016-09-22 08:32 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-09-30 07:07 - 2016-09-30 07:07 - 00959168 _____ () C:\Users\Rachael\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
2016-10-09 11:19 - 2016-10-09 11:19 - 00152944 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2016-07-16 06:42 - 2016-07-16 06:42 - 00130048 ____N () C:\Windows\SYSTEM32\CHARTV.dll
2016-09-22 08:32 - 2016-09-22 08:32 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
 
 
DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.14393.0
Run by Rachael at 20:42:57 on 2016-10-09
#Option Extended Search is enabled.
Microsoft Windows 10 Home  10.0.14393.0.1252.1.1033.18.7118.4509 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\Hpservice.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
C:\Program Files\Reason\Security\rsEngineSvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
c:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k appmodel
C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files\AMD\ATI.ACE\A4\AdaptiveSleepService.exe
c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\sihost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup
C:\Windows\system32\taskhostw.exe
C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files (x86)\GlassWire\GWIdlMon.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.190.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Windows\System32\SystemSettingsBroker.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Defender\msascui.exe
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
C:\Users\Rachael\Desktop\FRST64.exe
C:\Windows\SYSTEM32\notepad.exe
C:\Windows\SYSTEM32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\smartscreen.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [HijackThis startup scan] C:\Users\Rachael\Desktop\HijackThis.exe /startupscan
mRun: [HPMessageService] C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
mRun: [PowerDVD14Agent] "C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe"
mRun: [StartCCC] "c:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: FilterAdministratorToken = dword:1
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: NameServer = 192.168.1.254
 
Hijack This Startup List

StartupList report, 10/9/2016, 12:38:15 PM
StartupList version: 1.52.2
Started from : C:\Users\Rachael\Desktop\HijackThis.EXE
Detected: Unknown Windows (WinNT 6.02.1008)
Detected: Internet Explorer v11.0 (11.00.14393.0000)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
 
Running processes:
 
C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\Program Files (x86)\GlassWire\GWIdlMon.exe
C:\Users\Rachael\Desktop\HijackThis.exe
 
--------------------------------------------------
 
Listing of startup folders:
 
Shell folders Startup:
[C:\Users\Rachael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
*No files*
 
Shell folders AltStartup:
*Folder not found*
 
User shell folders Startup:
*Folder not found*
 
User shell folders AltStartup:
*Folder not found*
 
Shell folders Common Startup:
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
*No files*
 
Shell folders Common AltStartup:
*Folder not found*
 
User shell folders Common Startup:
*Folder not found*
 
User shell folders Alternate Common Startup:
*Folder not found*
 
--------------------------------------------------
 
Checking Windows NT UserInit:
 
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\SYSTEM32\Userinit.exe,
 
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
 
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
 
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
 
--------------------------------------------------
 
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
 
*No values found*
 
--------------------------------------------------
 
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
 
*No values found*
 
--------------------------------------------------
 
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
 
*Registry key not found*
 
--------------------------------------------------
 
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
 
*Registry key not found*
 
--------------------------------------------------
 
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
 
*Registry key not found*
 
--------------------------------------------------
 
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
 
*No values found*
 
--------------------------------------------------
 
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
 
*No values found*
 
--------------------------------------------------
 
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
 
*Registry key not found*
 
--------------------------------------------------
 
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
 
*Registry key not found*
 
--------------------------------------------------
 
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
 
*Registry key not found*
 
--------------------------------------------------
 
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
 
*Registry key not found*
 
--------------------------------------------------
 
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
 
*Registry key not found*
 
--------------------------------------------------
 
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
 
--------------------------------------------------
 
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
 
--------------------------------------------------
 
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
 
--------------------------------------------------
 
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
 
--------------------------------------------------
 
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
 
--------------------------------------------------
 
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
 
--------------------------------------------------
 
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
 
--------------------------------------------------
 
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
 
--------------------------------------------------
 
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
 
--------------------------------------------------
 
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
 
--------------------------------------------------
 
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
 
--------------------------------------------------
 
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
 
--------------------------------------------------
 
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
 
(Default) = "%1" %*
 
--------------------------------------------------
 
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
 
(Default) = "%1" %*
 
--------------------------------------------------
 
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
 
(Default) = "%1" %*
 
--------------------------------------------------
 
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
 
(Default) = "%1" %*
 
--------------------------------------------------
 
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
 
(Default) = "%1" /S
 
--------------------------------------------------
 
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
 
(Default) = C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*
 
--------------------------------------------------
 
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
 
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
 
--------------------------------------------------
 
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
 
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
 
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = %SystemRoot%\system32\unregmp2.exe /FirstLogon
 
[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
 
--------------------------------------------------
 
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
 
*Registry key not found*
 
--------------------------------------------------
 
Load/Run keys from C:\Windows\WIN.INI:
 
load=*INI section not found*
run=*INI section not found*
 
Load/Run keys from Registry:
 
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
 
--------------------------------------------------
 
Shell & screensaver key from C:\Windows\SYSTEM.INI:
 
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
 
Shell & screensaver key from Registry:
 
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
 
Policies Shell key:
 
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
 
--------------------------------------------------
 
Checking for EXPLORER.EXE instances:
 
C:\Windows\Explorer.exe: PRESENT!
 
C:\Explorer.exe: not present
C:\Windows\Explorer\Explorer.exe: not present
C:\Windows\System\Explorer.exe: not present
C:\Windows\System32\Explorer.exe: not present
C:\Windows\Command\Explorer.exe: not present
C:\Windows\Fonts\Explorer.exe: not present
 
--------------------------------------------------
 
Checking for superhidden extensions:
 
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: *Registry key not found*
.shb: *Registry key not found*
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
 
--------------------------------------------------
 
Verifying REGEDIT.EXE integrity:
 
- Regedit.exe found in C:\Windows
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename NOT OK: 'REGEDIT.EXE.MUI'
- File description: 'Registry Editor'
 
Registry check failed!
 
--------------------------------------------------
 
Enumerating Browser Helper Objects:
 
*No BHO's found*
 
--------------------------------------------------
 
Enumerating Task Scheduler jobs:
 
GoogleUpdateTaskMachineCore.job
 
--------------------------------------------------
 
Enumerating Winsock LSP files:
 
NameSpace #1: C:\Windows\system32\napinsp.dll
NameSpace #2: C:\Windows\system32\pnrpnsp.dll
NameSpace #3: C:\Windows\system32\pnrpnsp.dll
NameSpace #4: C:\Windows\system32\NLAapi.dll
NameSpace #5: C:\Windows\System32\mswsock.dll
NameSpace #6: C:\Windows\System32\winrnr.dll
NameSpace #7: C:\Windows\System32\wshbth.dll
Protocol #1: C:\Windows\system32\mswsock.dll
Protocol #2: C:\Windows\system32\mswsock.dll
Protocol #3: C:\Windows\system32\mswsock.dll
Protocol #4: C:\Windows\system32\mswsock.dll
Protocol #5: C:\Windows\system32\mswsock.dll
Protocol #6: C:\Windows\system32\mswsock.dll
Protocol #7: C:\Windows\system32\mswsock.dll
Protocol #8: C:\Windows\system32\mswsock.dll
Protocol #9: C:\Windows\system32\mswsock.dll
Protocol #10: C:\Windows\system32\mswsock.dll
Protocol #11: C:\Windows\system32\mswsock.dll
Protocol #12: C:\Windows\system32\mswsock.dll
Protocol #13: C:\Windows\system32\mswsock.dll
 
--------------------------------------------------
 
Enumerating Windows NT/2000/XP services
 
@1394.inf,%PCI\CC_0C0010.DeviceDesc%;1394 OHCI Compliant Host Controller: \SystemRoot\System32\drivers\1394ohci.sys (manual start)
3ware: System32\drivers\3ware.sys (system)
@oem16.inf,%accelerometer_desc%;HP Mobile Data Protection Sensor: \SystemRoot\System32\drivers\Accelerometer.sys (manual start)
@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver: System32\drivers\ACPI.sys (system)
@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver: \SystemRoot\System32\drivers\AcpiDev.sys (manual start)
Microsoft ACPIEx Driver: System32\Drivers\acpiex.sys (system)
@acpipagr.inf,%SvcDesc%;ACPI Processor Aggregator Driver: \SystemRoot\System32\drivers\acpipagr.sys (manual start)
@acpipmi.inf,%AcpiPmi.SvcDesc%;ACPI Power Meter Driver: \SystemRoot\System32\drivers\acpipmi.sys (manual start)
@acpitime.inf,%AcpiTime.SvcDesc%;ACPI Wake Alarm Driver: \SystemRoot\System32\drivers\acpitime.sys (manual start)
AdaptiveSleepService: "c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe" (disabled)
ADP80XX: System32\drivers\ADP80XX.SYS (system)
@%systemroot%\system32\drivers\afd.sys,-1000: \SystemRoot\system32\drivers\afd.sys (system)
@%systemroot%\system32\drivers\ahcache.sys,-102: system32\DRIVERS\ahcache.sys (system)
@%SystemRoot%\system32\AJRouter.dll,-2: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\Alg.exe,-112: %SystemRoot%\System32\alg.exe (manual start)
AMD External Events Utility: %SystemRoot%\system32\atiesrxx.exe (autostart)
ACP Kernel Service Driver: \??\C:\Windows\system32\drivers\amdacpksd.sys (autostart)
ACP User Service: "C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe" (manual start)
@oem7.inf,%AmdAS4.SVCDESC%;AmdAS4 service: \SystemRoot\System32\drivers\AmdAS4.sys (manual start)
@cpu.inf,%AmdK8.SvcDesc%;AMD K8 Processor Driver: \SystemRoot\System32\drivers\amdk8.sys (manual start)
amdkmdag: \SystemRoot\system32\DRIVERS\atikmdag.sys (manual start)
amdkmdap: \SystemRoot\system32\DRIVERS\atikmpag.sys (manual start)
@cpu.inf,%AmdPPM.SvcDesc%;AMD Processor Driver: \SystemRoot\System32\drivers\amdppm.sys (manual start)
amdsata: System32\drivers\amdsata.sys (system)
amdsbs: System32\drivers\amdsbs.sys (system)
amdxata: System32\drivers\amdxata.sys (system)
@%systemroot%\system32\srpapi.dll,-100: system32\drivers\appid.sys (manual start)
@%systemroot%\system32\appidsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%systemroot%\system32\appinfo.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
@%systemroot%\system32\srpapi.dll,-102: system32\drivers\applockerfltr.sys (manual start)
@%SystemRoot%\System32\AppReadiness.dll,-1000: %SystemRoot%\System32\svchost.exe -k AppReadiness (manual start)
@%SystemRoot%\system32\appxdeploymentserver.dll,-1: %systemroot%\system32\svchost.exe -k wsappx (manual start)
@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver: System32\drivers\arcsas.sys (system)
@%systemroot%\system32\mprmsg.dll,-32000: \SystemRoot\System32\drivers\asyncmac.sys (manual start)
@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel: System32\drivers\atapi.sys (system)
@oem27.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service: \SystemRoot\system32\drivers\AtihdWT6.sys (manual start)
@%SystemRoot%\system32\AudioEndpointBuilder.dll,-204: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\audiosrv.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%SystemRoot%\system32\AxInstSV.dll,-103: %SystemRoot%\system32\svchost.exe -k AxInstSVGroup (manual start)
@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD: System32\drivers\bxvbda.sys (system)
BasicDisplay: \SystemRoot\System32\drivers\BasicDisplay.sys (system)
BasicRender: \SystemRoot\System32\drivers\BasicRender.sys (system)
@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service: \SystemRoot\System32\drivers\bcmfn.sys (manual start)
@bcmfn2.inf,%bcmfn2.SVCDESC%;bcmfn2 Service: \SystemRoot\System32\drivers\bcmfn2.sys (manual start)
BitLocker Drive Encryption Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\bfe.dll,-1001: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
@%SystemRoot%\system32\qmgr.dll,-1000: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\browser.dll,-102: system32\DRIVERS\bowser.sys (manual start)
@%windir%\system32\bisrv.dll,-100: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
BTDevManager: "C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe" (disabled)
@bthaudhid.inf,%BthAvrcpTg_SvcDesc%;Bluetooth Audio/Video Remote Control HID: \SystemRoot\System32\drivers\BthAvrcpTg.sys (manual start)
@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service: \SystemRoot\System32\drivers\BthEnum.sys (manual start)
@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator: \SystemRoot\System32\drivers\bthhfenum.sys (manual start)
@bthaudhid.inf,%BthAudioHFHid.SVCDESC%;Bluetooth Hands-Free Call Control HID: \SystemRoot\System32\drivers\BthHFHid.sys (manual start)
@%SystemRoot%\System32\BthHFSrv.dll,-103: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@BthLEEnum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver: \SystemRoot\System32\drivers\BthLEEnum.sys (manual start)
@mdmbtmdm.inf,%BthModem.DisplayName%;Bluetooth Modem Communications Driver: \SystemRoot\System32\drivers\bthmodem.sys (manual start)
@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network): \SystemRoot\System32\drivers\bthpan.sys (manual start)
@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver: \SystemRoot\System32\drivers\BTHport.sys (manual start)
@%SystemRoot%\System32\bthserv.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver: \SystemRoot\System32\drivers\BTHUSB.sys (manual start)
@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices: \SystemRoot\System32\drivers\buttonconverter.sys (manual start)
@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen: \SystemRoot\System32\drivers\capimg.sys (manual start)
CD/DVD File System Reader: system32\DRIVERS\cdfs.sys (disabled)
@%SystemRoot%\system32\cdpsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
@%SystemRoot%\system32\cdpusersvc.dll,-100: %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup (autostart)
CDPUserSvc_44849d: C:\Windows\system32\svchost.exe -k UnistackSvcGroup (autostart)
@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver: \SystemRoot\System32\drivers\cdrom.sys (system)
@%SystemRoot%\System32\certprop.dll,-11: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
cht4iscsi: System32\drivers\cht4sx64.sys (manual start)
@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver: \SystemRoot\System32\drivers\cht4vx64.sys (manual start)
@circlass.inf,%circlass.SVCDESC%;Consumer IR Devices: \SystemRoot\System32\drivers\circlass.sys (manual start)
@%SystemRoot%\system32\drivers\clfs.sys,-100: System32\drivers\CLFS.sys (system)
@%SystemRoot%\system32\ClipSVC.dll,-103: %SystemRoot%\System32\svchost.exe -k wsappx (manual start)
@%SystemRoot%\system32\drivers\registry.sys,-100: \SystemRoot\System32\drivers\registry.sys (autostart)
@oem22.inf,%clwvd.DeviceDesc% Service;CyberLink WebCam Virtual Driver 6.0 Service: \SystemRoot\system32\DRIVERS\clwvd6.sys (manual start)
@cmbatt.inf,%CmBatt.SvcDesc%;Microsoft ACPI Control Method Battery Driver: \SystemRoot\System32\drivers\CmBatt.sys (manual start)
: System32\Drivers\cng.sys (system)
@%SystemRoot%\system32\drivers\cnghwassist.sys,-100: System32\DRIVERS\cnghwassist.sys (disabled)
@compositebus.inf,%CompositeBus.SVCDESC%;Composite Bus Enumerator Driver: \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys (manual start)
@comres.dll,-947: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Console Driver: System32\drivers\condrv.sys (manual start)
@%SystemRoot%\system32\coremessaging.dll,-1: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
@%SystemRoot%\system32\cryptsvc.dll,-1001: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
@%SystemRoot%\system32\drivers\dam.sys,-100: system32\drivers\dam.sys (system)
@combase.dll,-5012: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%SystemRoot%\system32\dcpsvc.dll,-3001: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\defragsvc.dll,-101: %SystemRoot%\system32\svchost.exe -k defragsvc (manual start)
@%SystemRoot%\system32\das.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\system32\umpnpmgr.dll,-100: %SystemRoot%\system32\svchost.exe -k DcomLaunch (manual start)
@%SystemRoot%\system32\DevQueryBroker.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\wkssvc.dll,-1008: System32\Drivers\dfsc.sys (system)
@%SystemRoot%\system32\dhcpcore.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000: %SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (manual start)
@%SystemRoot%\system32\diagtrack.dll,-3001: %SystemRoot%\System32\svchost.exe -k utcsvc (disabled)
@disk.inf,%disk_ServiceDesc%;Disk Driver: System32\drivers\disk.sys (system)
@%systemroot%\system32\Windows.Internal.Management.dll,-100: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
dmvsc: \SystemRoot\System32\drivers\dmvsc.sys (manual start)
@%SystemRoot%\system32\dmwappushsvc.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
@%SystemRoot%\System32\dnsapi.dll,-101: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
@%systemroot%\system32\dosvc.dll,-100: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\dot3svc.dll,-1102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\dps.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (autostart)
@wdmaudio.inf,%drmkaud.SvcDesc%;Microsoft Trusted Audio Drivers: \SystemRoot\system32\DRIVERS\drmkaud.sys (manual start)
Device Setup Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\dssvc.dll,-10003: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
LDDM Graphics Subsystem: \SystemRoot\System32\drivers\dxgkrnl.sys (manual start)
@%systemroot%\system32\eapsvc.dll,-1: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD: System32\drivers\evbda.sys (system)
@%SystemRoot%\system32\efssvc.dll,-100: %SystemRoot%\System32\lsass.exe (manual start)
@%SystemRoot%\system32\drivers\EhStorClass.sys,-100: System32\drivers\EhStorClass.sys (system)
@EhStorTcgDrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols: System32\drivers\EhStorTcgDrv.sys (system)
@%SystemRoot%\system32\embeddedmodesvc.dll,-201: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@EnterpriseAppMgmtSvc.dll,-1: %systemroot%\system32\svchost.exe -k appmodel (manual start)
@errdev.inf,%ERRDEV.SvcDesc%;Microsoft Hardware Error Device Driver: \SystemRoot\System32\drivers\errdev.sys (manual start)
@%SystemRoot%\system32\wevtsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@comres.dll,-2450: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
@%systemroot%\system32\fxsresm.dll,-118: %systemroot%\system32\fxssvc.exe (manual start)
@fdc.inf,%fdc_ServiceDesc%;Floppy Disk Controller Driver: \SystemRoot\System32\drivers\fdc.sys (manual start)
@%systemroot%\system32\fdPHost.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%systemroot%\system32\fdrespub.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%systemroot%\system32\fhsvc.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\drivers\filecrypt.sys,-100: system32\drivers\filecrypt.sys (system)
@%SystemRoot%\system32\drivers\fileinfo.sys,-100: System32\drivers\fileinfo.sys (system)
@%SystemRoot%\system32\drivers\filetrace.sys,-10001: system32\drivers\filetrace.sys (manual start)
@flpydisk.inf,%floppy_ServiceDesc%;Floppy Disk Driver: \SystemRoot\System32\drivers\flpydisk.sys (manual start)
@%SystemRoot%\system32\drivers\fltmgr.sys,-10001: system32\drivers\fltmgr.sys (system)
@%systemroot%\system32\FntCache.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
@%SystemRoot%\system32\PresentationHost.exe,-3309: %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (manual start)
@%systemroot%\system32\FrameServer.dll,-100: %SystemRoot%\System32\svchost.exe -k Camera (manual start)
@%SystemRoot%\system32\drivers\fsdepends.sys,-10001: System32\drivers\FsDepends.sys (manual start)
@%SystemRoot%\system32\drivers\fvevol.sys,-100: System32\DRIVERS\fvevol.sys (system)
@wgencounter.inf,%GenCounter.SVCDESC%;Microsoft Hyper-V Generation Counter: \SystemRoot\System32\drivers\vmgencounter.sys (manual start)
@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class: \SystemRoot\System32\drivers\genericusbfn.sys (manual start)
GlassWire Control Service: "C:\Program Files (x86)\GlassWire\GWCtlSrv.exe" (autostart)
Microsoft GPIO Class Extension Driver: System32\Drivers\msgpioclx.sys (manual start)
@gpapi.dll,-112: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100: System32\drivers\gpuenergydrv.sys (system)
Google Update Service (gupdate): "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (autostart)
Google Update Service (gupdatem): "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (manual start)
GlassWire Driver: \SystemRoot\system32\DRIVERS\gwdrv.sys (system)
@hdaudio.inf,યunctionDriverForHdAudio.SvcDesc%;Microsoft 1.1 UAA Function Driver for High Definition Audio Service: \SystemRoot\system32\DRIVERS\HdAudio.sys (manual start)
@hdaudbus.inf,%HDAudBus.SVCDESC%;Microsoft UAA Bus Driver for High Definition Audio: \SystemRoot\System32\drivers\HDAudBus.sys (manual start)
@hidbatt.inf,%HidBatt.SvcDesc%;HID UPS Battery Driver: \SystemRoot\System32\drivers\HidBatt.sys (manual start)
@hidbth.inf,%HIDBTH.SvcDesc%;Microsoft Bluetooth HID Miniport: \SystemRoot\System32\drivers\hidbth.sys (manual start)
@hidi2c.inf,%hidi2c.SVCDESC%;Microsoft I2C HID Miniport Driver: \SystemRoot\System32\drivers\hidi2c.sys (manual start)
@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts: \SystemRoot\System32\drivers\hidinterrupt.sys (manual start)
@hidir.inf,%HIDIR.SvcDesc%;Microsoft Infrared HID Driver: \SystemRoot\System32\drivers\hidir.sys (manual start)
@%SystemRoot%\System32\hidserv.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@input.inf,%HID.SvcDesc%;Microsoft HID Class Driver: \SystemRoot\System32\drivers\hidusb.sys (manual start)
@%SystemRoot%\System32\ListSvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\System32\provsvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@oem16.inf,%service_desc%;HP Filter: System32\drivers\hpdskflt.sys (system)
HP Software Framework Service: "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" (manual start)
HpSAMD: System32\drivers\HpSAMD.sys (system)
@oem16.inf,%hpservice_desc%;HP Service: %SystemRoot%\system32\Hpservice.exe (autostart)
HP Support Solutions Framework Service: "c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" (autostart)
HPWMISVC: c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (disabled)
@%SystemRoot%\system32\drivers\http.sys,-1: system32\drivers\HTTP.sys (manual start)
@%SystemRoot%\system32\hvhostsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\system32\drivers\hvservice.sys,-16: system32\drivers\hvservice.sys (manual start)
HWiNFO32/64 Kernel Driver: \??\C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS (system)
@%systemroot%\system32\drivers\hwpolicy.sys,-101: System32\drivers\hwpolicy.sys (system)
hyperkbd: \SystemRoot\System32\drivers\hyperkbd.sys (manual start)
@msmouse.inf,%i8042prt.SvcDesc%;PS/2 Keyboard and Mouse Port Driver: \SystemRoot\System32\drivers\i8042prt.sys (manual start)
@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver: \SystemRoot\System32\drivers\iagpio.sys (manual start)
@iai2c.inf,%iai2c.SVCDESC%;Intel® Serial IO I2C Host Controller: \SystemRoot\System32\drivers\iai2c.sys (manual start)
@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel® Serial IO GPIO Driver v2: \SystemRoot\System32\drivers\iaLPSS2i_GPIO2.sys (manual start)
@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel® Serial IO I2C Driver v2: \SystemRoot\System32\drivers\iaLPSS2i_I2C.sys (manual start)
@ialpssi_gpio.inf,%iaLPSSi_GPIO.SVCDESC%;Intel® Serial IO GPIO Controller Driver: \SystemRoot\System32\drivers\iaLPSSi_GPIO.sys (manual start)
@ialpssi_i2c.inf,%iaLPSSi_I2C.SVCDESC%;Intel® Serial IO I2C Controller Driver: \SystemRoot\System32\drivers\iaLPSSi_I2C.sys (manual start)
@iastorav.inf,%iaStorAV.DeviceDesc%;Intel® SATA RAID Controller Windows: System32\drivers\iaStorAV.sys (system)
@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7: System32\drivers\iaStorV.sys (system)
@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver): \SystemRoot\System32\drivers\ibbus.sys (manual start)
@%SystemRoot%\System32\tetheringservice.dll,-4097: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\ikeext.dll,-501: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100: \SystemRoot\System32\drivers\IndirectKmd.sys (manual start)
Service for Realtek HD Audio (WDM): \SystemRoot\system32\drivers\RTKVHD64.sys (manual start)
intelide: System32\drivers\intelide.sys (system)
@intelpep.inf,%INTELPEP.SVCDESC%;Intel® Power Engine Plug-in Driver: System32\drivers\intelpep.sys (system)
@cpu.inf,%IntelPPM.SvcDesc%;Intel Processor Driver: \SystemRoot\System32\drivers\intelppm.sys (manual start)
@%SystemRoot%\system32\drivers\iorate.sys,-100: system32\drivers\iorate.sys (system)
@%systemroot%\system32\mprmsg.dll,-32013: system32\DRIVERS\ipfltdrv.sys (manual start)
@%SystemRoot%\system32\iphlpsvc.dll,-500: %SystemRoot%\System32\svchost.exe -k NetSvcs (autostart)
IPMIDRV: \SystemRoot\System32\drivers\IPMIDrv.sys (manual start)
IP Network Address Translator: System32\drivers\ipnat.sys (manual start)
IrDA: \SystemRoot\system32\drivers\irda.sys (manual start)
@%SystemRoot%\system32\drivers\irenum.sys,-100: system32\drivers\irenum.sys (manual start)
@%SystemRoot%\System32\irmon.dll,-2000: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
isapnp: System32\drivers\isapnp.sys (system)
@iscsi.inf,%iScsiPortName%;iScsiPort Driver: \SystemRoot\System32\drivers\msiscsi.sys (manual start)
@keyboard.inf,%kbdclass.SvcDesc%;Keyboard Class Driver: \SystemRoot\System32\drivers\kbdclass.sys (manual start)
@keyboard.inf,%KBDHID.SvcDesc%;Keyboard HID Driver: \SystemRoot\System32\drivers\kbdhid.sys (manual start)
@kdnic.inf,%KdNic.Service.DispName%;Microsoft Kernel Debug Network Miniport (NDIS 6.20): \SystemRoot\System32\drivers\kdnic.sys (manual start)
@keyiso.dll,-100: %SystemRoot%\system32\lsass.exe (manual start)
: System32\Drivers\ksecdd.sys (system)
: System32\Drivers\ksecpkg.sys (system)
Kernel Streaming Thunks: \SystemRoot\system32\drivers\ksthunk.sys (manual start)
@comres.dll,-2946: %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation (manual start)
@%systemroot%\system32\srvsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\wkssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
@%SystemRoot%\System32\lfsvc.dll,-1: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\licensemanagersvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\lltdres.dll,-6: system32\drivers\lltdio.sys (autostart)
@%SystemRoot%\system32\lltdres.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\lmhsvc.dll,-101: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
LSI_SAS: System32\drivers\lsi_sas.sys (system)
LSI_SAS2i: System32\drivers\lsi_sas2i.sys (system)
LSI_SAS3i: System32\drivers\lsi_sas3i.sys (system)
LSI_SSS: System32\drivers\lsi_sss.sys (system)
@%windir%\system32\lsm.dll,-1001: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%systemroot%\system32\drivers\luafv.sys,-100: \SystemRoot\system32\drivers\luafv.sys (autostart)
@%SystemRoot%\System32\moshost.dll,-100: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
megasas: System32\drivers\megasas.sys (system)
megasr: System32\drivers\megasr.sys (system)
@%SystemRoot%\system32\MessagingService.dll,-100: %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup (manual start)
MessagingService_44849d: C:\Windows\system32\svchost.exe -k UnistackSvcGroup (manual start)
@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator: \SystemRoot\System32\drivers\mlx4_bus.sys (manual start)
@%systemroot%\system32\drivers\mmcss.sys,-100: \SystemRoot\system32\drivers\mmcss.sys (autostart)
: system32\drivers\modem.sys (manual start)
@monitor.inf,%Monitor.SVCDESC%;Microsoft Monitor Class Function Driver Service: \SystemRoot\System32\drivers\monitor.sys (manual start)
@msmouse.inf,%mouclass.SvcDesc%;Mouse Class Driver: \SystemRoot\System32\drivers\mouclass.sys (manual start)
@msmouse.inf,%MOUHID.SvcDesc%;Mouse HID Driver: \SystemRoot\System32\drivers\mouhid.sys (manual start)
@%SystemRoot%\system32\drivers\mountmgr.sys,-100: System32\drivers\mountmgr.sys (system)
@%SystemRoot%\system32\drivers\mpsdrv.sys,-23092: System32\drivers\mpsdrv.sys (manual start)
@%SystemRoot%\system32\FirewallAPI.dll,-23090: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
@%systemroot%\system32\webclnt.dll,-104: \SystemRoot\system32\drivers\mrxdav.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1002: system32\DRIVERS\mrxsmb.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1004: system32\DRIVERS\mrxsmb10.sys (autostart)
@%systemroot%\system32\wkssvc.dll,-1006: system32\DRIVERS\mrxsmb20.sys (manual start)
@%SystemRoot%\system32\bridgeres.dll,-1: System32\drivers\bridge.sys (manual start)
@comres.dll,-2797: %SystemRoot%\System32\msdtc.exe (manual start)
@msgpiowin32.inf,%GPIO.SvcDesc%;Common Driver for Buttons, DockMode and Laptop/Slate Indicator: \SystemRoot\System32\drivers\msgpiowin32.sys (manual start)
@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100: \SystemRoot\System32\drivers\mshidkmdf.sys (manual start)
@%SystemRoot%\system32\drivers\mshidumdf.sys,-100: \SystemRoot\System32\drivers\mshidumdf.sys (manual start)
msisadrv: System32\drivers\msisadrv.sys (system)
@%SystemRoot%\system32\iscsidsc.dll,-5000: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\msimsg.dll,-27: %systemroot%\system32\msiexec.exe /V (manual start)
@ksfilter.inf,%MSKSSRV.DeviceDesc%;Microsoft Streaming Service Proxy: \SystemRoot\system32\DRIVERS\MSKSSRV.sys (manual start)
@%SystemRoot%\system32\drivers\mslldp.sys,-200: system32\drivers\mslldp.sys (autostart)
@ksfilter.inf,%MSPCLOCK.DeviceDesc%;Microsoft Streaming Clock Proxy: \SystemRoot\system32\DRIVERS\MSPCLOCK.sys (manual start)
@ksfilter.inf,%MSPQM.DeviceDesc%;Microsoft Streaming Quality Manager Proxy: \SystemRoot\system32\DRIVERS\MSPQM.sys (manual start)
@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver: \SystemRoot\System32\drivers\mssmbios.sys (system)
@ksfilter.inf,%MSTEE.DeviceDesc%;Microsoft Streaming Tee/Sink-to-Sink Converter: \SystemRoot\system32\DRIVERS\MSTEE.sys (manual start)
@mtconfig.inf,%MTConfig.SVCDESC%;Microsoft Input Configuration Driver: \SystemRoot\System32\drivers\MTConfig.sys (manual start)
@%systemroot%\system32\drivers\mup.sys,-101: System32\Drivers\mup.sys (system)
mvumis: System32\drivers\mvumis.sys (system)
@%SystemRoot%\System32\drivers\nwifi.sys,-101: system32\DRIVERS\nwifi.sys (manual start)
@%SystemRoot%\system32\ncasvc.dll,-3009: %SystemRoot%\System32\svchost.exe -k NetSvcs (manual start)
@%SystemRoot%\system32\ncbservice.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\system32\NcdAutoSetup.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (manual start)
@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service: \SystemRoot\System32\drivers\ndfltr.sys (manual start)
@%SystemRoot%\system32\drivers\ndis.sys,-200: system32\drivers\ndis.sys (system)
@%SystemRoot%\System32\drivers\ndiscap.sys,-5000: System32\drivers\ndiscap.sys (manual start)
@%SystemRoot%\System32\drivers\ndisimplatform.sys,-501: System32\drivers\NdisImPlatform.sys (manual start)
@%systemroot%\system32\mprmsg.dll,-32001: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\drivers\ndisuio.sys (manual start)
@%SystemRoot%\System32\drivers\NdisVirtualBus.sys,-200: \SystemRoot\System32\drivers\NdisVirtualBus.sys (manual start)
@%systemroot%\system32\mprmsg.dll,-32002: \SystemRoot\System32\drivers\ndiswan.sys (manual start)
@%systemroot%\system32\mprmsg.dll,-32014: System32\DRIVERS\ndiswan.sys (manual start)
@%SystemRoot%\system32\drivers\todo.sys,-101;NDIS Proxy: System32\DRIVERS\NDProxy.sys (manual start)
@%SystemRoot%\system32\drivers\Ndu.sys,-10001: system32\drivers\Ndu.sys (autostart)
Network Adapter Wdf Class Extension Library: system32\drivers\NetAdapterCx.sys (manual start)
@%windir%\system32\drivers\netbios.sys,-503: system32\drivers\netbios.sys (system)
@%SystemRoot%\system32\drivers\netbt.sys,-2: System32\DRIVERS\netbt.sys (system)
@%SystemRoot%\System32\netlogon.dll,-102: %systemroot%\system32\lsass.exe (manual start)
@%SystemRoot%\system32\netman.dll,-109: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\system32\netprofmsvc.dll,-202: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\NetSetupSvc.dll,-3: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8201: %systemroot%\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (disabled)
@%SystemRoot%\System32\NgcCtnrSvc.dll,-1: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\System32\ngcsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\System32\nlasvc.dll,-1: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider: \SystemRoot\System32\drivers\npsvctrig.sys (system)
@%SystemRoot%\system32\nsisvc.dll,-200: %systemroot%\system32\svchost.exe -k LocalService (autostart)
@%SystemRoot%\system32\drivers\nsiproxy.sys,-2: system32\drivers\nsiproxy.sys (system)
nvraid: System32\drivers\nvraid.sys (system)
nvstor: System32\drivers\nvstor.sys (system)
@%SystemRoot%\system32\APHostRes.dll,-10002: %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup (disabled)
Sync Host_44849d: C:\Windows\system32\svchost.exe -k UnistackSvcGroup (disabled)
@%SystemRoot%\system32\pnrpsvc.dll,-8004: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
@%SystemRoot%\system32\p2psvc.dll,-8006: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
@msports.inf,%Parport.SVCDESC%;Parallel port driver: \SystemRoot\System32\drivers\parport.sys (manual start)
@%SystemRoot%\system32\drivers\partmgr.sys,-100: System32\drivers\partmgr.sys (system)
@%SystemRoot%\system32\pcasvc.dll,-1: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@pci.inf,%pci_svcdesc%;PCI Bus Driver: System32\drivers\pci.sys (system)
pciide: System32\drivers\pciide.sys (system)
pcmcia: System32\drivers\pcmcia.sys (system)
Performance Counters for Windows Driver: System32\drivers\pcw.sys (system)
@%SystemRoot%\system32\drivers\pdc.sys,-100: system32\drivers\pdc.sys (system)
PEAUTH: system32\drivers\peauth.sys (autostart)
percsas2i: System32\drivers\percsas2i.sys (system)
percsas3i: System32\drivers\percsas3i.sys (system)
@%systemroot%\sysWow64\perfhost.exe,-2: %SystemRoot%\SysWow64\perfhost.exe (manual start)
@%SystemRoot%\system32\PhoneserviceRes.dll,-10000: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\UserDataAccessRes.dll,-15001: %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup (manual start)
Contact Data_44849d: C:\Windows\system32\svchost.exe -k UnistackSvcGroup (manual start)
@%systemroot%\system32\pla.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (manual start)
@%SystemRoot%\system32\umpnpmgr.dll,-200: %SystemRoot%\system32\svchost.exe -k DcomLaunch (manual start)
@%SystemRoot%\system32\pnrpauto.dll,-8002: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
@%SystemRoot%\system32\pnrpsvc.dll,-8000: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
@%SystemRoot%\System32\polstore.dll,-5010: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\umpo.dll,-100: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%systemroot%\system32\mprmsg.dll,-32006: \SystemRoot\System32\drivers\raspptp.sys (manual start)
@C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll,-1: %SystemRoot%\system32\svchost.exe -k print (manual start)
@cpu.inf,%Processor.SvcDesc%;Processor Driver: \SystemRoot\System32\drivers\processr.sys (manual start)
@%systemroot%\system32\profsvc.dll,-300: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%windir%\System32\drivers\pacer.sys,-101: System32\drivers\pacer.sys (system)
@%SystemRoot%\system32\qwave.dll,-1: %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\drivers\qwavedrv.sys,-1: \SystemRoot\system32\drivers\qwavedrv.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (manual start)
@netavpna.inf,%Svc-Mp-AgileVpn-DispName%;WAN Miniport (IKEv2): \SystemRoot\System32\drivers\AgileVpn.sys (manual start)
@%Systemroot%\system32\rasauto.dll,-200: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%systemroot%\system32\mprmsg.dll,-32005: \SystemRoot\System32\drivers\rasl2tp.sys (manual start)
@%Systemroot%\system32\rasmans.dll,-200: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%systemroot%\system32\mprmsg.dll,-32007: System32\DRIVERS\raspppoe.sys (manual start)
@%systemroot%\system32\sstpsvc.dll,-202: \SystemRoot\System32\drivers\rassstp.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1000: system32\DRIVERS\rdbss.sys (system)
@rdpbus.inf,%rdpbus_svcdesc%;Remote Desktop Device Redirector Bus Driver: \SystemRoot\System32\drivers\rdpbus.sys (manual start)
@%SystemRoot%\System32\DRIVERS\rdpdr.sys,-100: System32\drivers\rdpdr.sys (manual start)
Remote Desktop Video Miniport Driver: System32\drivers\rdpvideominiport.sys (manual start)
ReadyBoost: System32\drivers\rdyboost.sys (system)
@%Systemroot%\system32\mprdim.dll,-200: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
@regsvc.dll,-1: %SystemRoot%\system32\svchost.exe -k localService (disabled)
@%SystemRoot%\System32\RDXService.dll,-256: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI): \SystemRoot\System32\drivers\rfcomm.sys (manual start)
Cyberlink RichVideo64 Service(CRVS): "C:\Program Files\CyberLink\Shared files\RichVideo64.exe" (autostart)
@%SystemRoot%\system32\RMapi.dll,-1001: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%windir%\system32\RpcEpMap.dll,-1001: %SystemRoot%\system32\svchost.exe -k RPCSS (autostart)
@%systemroot%\system32\Locator.exe,-2: %SystemRoot%\system32\locator.exe (manual start)
@combase.dll,-5010: %SystemRoot%\system32\svchost.exe -k rpcss (autostart)
Reason Core Security Bundle Protection: "C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe" (autostart)
Reason Core Security Engine Service: "C:\Program Files\Reason\Security\rsEngineSvc.exe" (autostart)
@oem26.inf,%Rts5229%;Realtek PCIE CardReader Driver - P2: \SystemRoot\system32\DRIVERS\RtsP2Stor.sys (manual start)
@%SystemRoot%\system32\lltdres.dll,-5: system32\drivers\rspndr.sys (autostart)
@oem11.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver: \SystemRoot\System32\drivers\rt640x64.sys (manual start)
Realtek Audio Service: "C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe" (autostart)
@oem10.inf,%BtFilt.SvcDesc%;Realtek Bluetooth Filter Driver: \SystemRoot\system32\DRIVERS\RtkBtfilter.sys (manual start)
@oem20.inf,%RtsUER%;Realtek USB Card Reader - UER: \SystemRoot\system32\Drivers\RtsUer.sys (manual start)
@netrtwlane.inf,%RTWlanE.DeviceDesc.DispName%;Realtek Wireless LAN 802.11n PCI-E Network Adapter: \SystemRoot\System32\drivers\rtwlane.sys (manual start)
s3cap: \SystemRoot\System32\drivers\vms3cap.sys (manual start)
@%SystemRoot%\system32\samsrv.dll,-1: %SystemRoot%\system32\lsass.exe (autostart)
@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver: System32\drivers\sbp2port.sys (system)
Smart Card: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (autostart)
@%SystemRoot%\System32\ScDeviceEnum.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\System32\drivers\scfilter.sys,-11: System32\DRIVERS\scfilter.sys (manual start)
@%SystemRoot%\system32\schedsvc.dll,-100: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver: System32\drivers\scmbus.sys (system)
@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver: \SystemRoot\System32\drivers\scmdisk0101.sys (manual start)
@%SystemRoot%\System32\certprop.dll,-13: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
sdbus: \SystemRoot\System32\drivers\sdbus.sys (manual start)
@%SystemRoot%\system32\sdrsvc.dll,-107: %SystemRoot%\system32\svchost.exe -k SDRSVC (manual start)
@sdstor.inf,%sdstor_ServiceDesc%;SD Storage Port Driver: \SystemRoot\System32\drivers\sdstor.sys (manual start)
@%SystemRoot%\system32\seclogon.dll,-7001: %windir%\system32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\Sens.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\SensorDataService.exe,-101: %SystemRoot%\System32\SensorDataService.exe (manual start)
@%SystemRoot%\System32\sensorservice.dll,-1000: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\System32\sensrsvc.dll,-1000: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
Serial UART Support Library: system32\drivers\SerCx.sys (manual start)
Serial UART Support Library: system32\drivers\SerCx2.sys (manual start)
@msports.inf,%Serenum.SVCDESC%;Serenum Filter Driver: \SystemRoot\System32\drivers\serenum.sys (manual start)
@msports.inf,%Serial.SVCDESC%;Serial port driver: \SystemRoot\System32\drivers\serial.sys (manual start)
@msmouse.inf,%sermouse.SvcDesc%;Serial Mouse Driver: \SystemRoot\System32\drivers\sermouse.sys (manual start)
@%SystemRoot%\System32\SessEnv.dll,-1026: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@flpydisk.inf,%sfloppy_devdesc%;High-Capacity Floppy Disk Drive: \SystemRoot\System32\drivers\sfloppy.sys (manual start)
@%SystemRoot%\system32\ipnathlp.dll,-106: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\System32\shsvcs.dll,-12288: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
SiSRaid2: System32\drivers\SiSRaid2.sys (system)
SiSRaid4: System32\drivers\sisraid4.sys (system)
SmbDrv: \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys (manual start)
SmbDrvI: \SystemRoot\System32\drivers\Smb_driver_Intel.sys (manual start)
@%SystemRoot%\System32\smphost.dll,-102: %SystemRoot%\System32\svchost.exe -k smphost (manual start)
@%SystemRoot%\System32\SmsRouterSvc.dll,-10001: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\system32\snmptrap.exe,-3: %SystemRoot%\System32\snmptrap.exe (manual start)
@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver: System32\drivers\spaceport.sys (system)
Simple Peripheral Bus Support Library: system32\drivers\SpbCx.sys (manual start)
@%systemroot%\system32\spoolsv.exe,-1: %SystemRoot%\System32\spoolsv.exe (autostart)
@%SystemRoot%\system32\sppsvc.exe,-101: %SystemRoot%\system32\sppsvc.exe (autostart)
@%systemroot%\system32\srvsvc.dll,-102: System32\DRIVERS\srv.sys (autostart)
@%systemroot%\system32\srvsvc.dll,-104: System32\DRIVERS\srv2.sys (manual start)
: System32\DRIVERS\srvnet.sys (manual start)
@%systemroot%\system32\ssdpsrv.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\sstpsvc.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\windows.staterepository.dll,-1: %SystemRoot%\system32\svchost.exe -k appmodel (manual start)
stexstor: System32\drivers\stexstor.sys (system)
@%SystemRoot%\system32\wiaservc.dll,-9: %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver: System32\drivers\storahci.sys (system)
@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator: System32\drivers\vmstorfl.sys (system)
@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver: System32\drivers\stornvme.sys (system)
@%SystemRoot%\System32\drivers\storqosflt.sys,-101: system32\drivers\storqosflt.sys (autostart)
@%SystemRoot%\System32\StorSvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@storufs.inf,sServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver: System32\drivers\storufs.sys (system)
storvsc: System32\drivers\storvsc.sys (system)
@%SystemRoot%\system32\svsvc.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@swenum.inf,%SWENUM.SVCDESC%;Software Bus Driver: \SystemRoot\System32\drivers\swenum.sys (manual start)
@%SystemRoot%\System32\swprv.dll,-103: %SystemRoot%\System32\svchost.exe -k swprv (manual start)
Synth3dVsc: \SystemRoot\System32\drivers\Synth3dVsc.sys (manual start)
@oem4.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver: \SystemRoot\System32\drivers\SynTP.sys (manual start)
SynTPEnh Caller Service: "C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe" (manual start)
@%SystemRoot%\system32\sysmain.dll,-1000: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%windir%\system32\SystemEventsBrokerServer.dll,-1001: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%SystemRoot%\system32\TabSvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\tapisrv.dll,-10100: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\system32\drivers\tcpip.sys,-10001: System32\drivers\tcpip.sys (system)
@todo.dll,-100;Microsoft IPv6 Protocol Driver: System32\drivers\tcpip.sys (manual start)
TCP/IP Registry Compatibility: System32\drivers\tcpipreg.sys (autostart)
@%SystemRoot%\system32\tcpipcfg.dll,-50004: \SystemRoot\system32\DRIVERS\tdx.sys (system)
@termmou.inf,%TermInpt.SVCDESC%;Microsoft Remote Desktop Input Driver: \SystemRoot\System32\drivers\terminpt.sys (manual start)
@%SystemRoot%\System32\termsrv.dll,-268: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\System32\themeservice.dll,-8192: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\TieringEngineService.exe,-702: %SystemRoot%\system32\TieringEngineService.exe (manual start)
@%SystemRoot%\system32\tileobjserver.dll,-1: %systemroot%\system32\svchost.exe -k appmodel (autostart)
@%windir%\system32\TimeBrokerServer.dll,-1001: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@tpm.inf,%TPM%;TPM: \SystemRoot\System32\drivers\tpm.sys (manual start)
@%SystemRoot%\system32\trkwks.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\servicing\TrustedInstaller.exe,-100: %SystemRoot%\servicing\TrustedInstaller.exe (manual start)
: system32\drivers\tsusbflt.sys (manual start)
@tsgenericusbdriver.inf,%TsUsbGD.DeviceDesc.Generic%;Remote Desktop Generic USB Device: \SystemRoot\System32\drivers\TsUsbGD.sys (manual start)
@nettun.inf,%TUNNEL.Service.DisplayName%;Microsoft Tunnel Miniport Adapter Driver: \SystemRoot\System32\drivers\tunnel.sys (manual start)
@%SystemRoot%\system32\tzautoupdate.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
@uaspstor.inf, SPortName%;USB Attached SCSI (UAS) Driver: \SystemRoot\System32\drivers\uaspstor.sys (manual start)
USB Connector Manager KMDF Class Extension: System32\Drivers\UcmCx.sys (manual start)
UCM-TCPCI KMDF Class Extension: System32\Drivers\UcmTcpciCx.sys (manual start)
@UcmUcsi.inf,mUcsi.ServiceName%;USB Connector Manager UCSI Client: \SystemRoot\System32\drivers\UcmUcsi.sys (manual start)
USB Host Support Library: system32\drivers\ucx01000.sys (manual start)
USB Device Emulation Support Library: system32\drivers\udecx.sys (manual start)
udfs: system32\DRIVERS\udfs.sys (disabled)
@uefi.inf,ïI.SvcDesc%;Microsoft UEFI Driver: \SystemRoot\System32\drivers\UEFI.sys (manual start)
USB Function Class Extension: system32\drivers\ufx01000.sys (manual start)
@ufxchipidea.inf,xChipidea.ServiceName%;USB Chipidea Controller: \SystemRoot\System32\drivers\UfxChipidea.sys (manual start)
@ufxsynopsys.inf,xsynopsys.ServiceName%;USB Synopsys Controller: \SystemRoot\System32\drivers\ufxsynopsys.sys (manual start)
@%SystemRoot%\system32\ui0detect.exe,-101: %SystemRoot%\system32\UI0Detect.exe (manual start)
@umbus.inf,%umbus.SVCDESC%;UMBus Enumerator Driver: \SystemRoot\System32\drivers\umbus.sys (manual start)
@umpass.inf,%UmPass.SVCDESC%;Microsoft UMPass Driver: \SystemRoot\System32\drivers\umpass.sys (manual start)
@%SystemRoot%\system32\umrdp.dll,-1000: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\system32\UserDataAccessRes.dll,-10003: %SystemRoot%\System32\svchost.exe -k UnistackSvcGroup (manual start)
User Data Storage_44849d: C:\Windows\System32\svchost.exe -k UnistackSvcGroup (manual start)
@%systemroot%\system32\upnphost.dll,-213: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@urschipidea.inf,%UrsChipidea.ServiceName%;Chipidea USB Role-Switch Driver: \SystemRoot\System32\drivers\urschipidea.sys (manual start)
USB Role-Switch Support Library: system32\drivers\urscx01000.sys (manual start)
@urssynopsys.inf,%UrsSynopsys.ServiceName%;Synopsys USB Role-Switch Driver: \SystemRoot\System32\drivers\urssynopsys.sys (manual start)
@usb.inf,%GenericParent.SvcDesc%;Microsoft USB Generic Parent Driver: \SystemRoot\System32\drivers\usbccgp.sys (manual start)
@usbcir.inf,%usbcir.SVCDESC%;eHome Infrared Receiver (USBCIR): \SystemRoot\System32\drivers\usbcir.sys (manual start)
@usbport.inf,%EHCIMP.SvcDesc%;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: \SystemRoot\System32\drivers\usbehci.sys (manual start)
AMD USB Filter Driver: \SystemRoot\system32\DRIVERS\usbfilter.sys (manual start)
@usbport.inf,%ROOTHUB.SvcDesc%;Microsoft USB Standard Hub Driver: \SystemRoot\System32\drivers\usbhub.sys (manual start)
@usbhub3.inf,%UsbHub3.SVCDESC%;SuperSpeed Hub: \SystemRoot\System32\drivers\UsbHub3.sys (manual start)
@usbport.inf,%OHCIMP.SvcDesc%;Microsoft USB Open Host Controller Miniport Driver: \SystemRoot\System32\drivers\usbohci.sys (manual start)
@usbprint.inf,%USBPRINT.SvcDesc%;Microsoft USB PRINTER Class: \SystemRoot\System32\drivers\usbprint.sys (manual start)
@usbser.inf,%UsbSerial.DriverDesc%;Microsoft USB Serial Driver: \SystemRoot\System32\drivers\usbser.sys (manual start)
@usbstor.inf,%USBSTOR.SvcDesc%;USB Mass Storage Driver: \SystemRoot\System32\drivers\USBSTOR.SYS (manual start)
@usbport.inf,%UHCIMP.SvcDesc%;Microsoft USB Universal Host Controller Miniport Driver: \SystemRoot\System32\drivers\usbuhci.sys (manual start)
@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM): \SystemRoot\System32\Drivers\usbvideo.sys (manual start)
@usbxhci.inf,%PCI\CC_0C0330.DeviceDesc%;USB xHCI Compliant Host Controller: \SystemRoot\System32\drivers\USBXHCI.SYS (manual start)
@%SystemRoot%\system32\UserDataAccessRes.dll,-14001: %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup (manual start)
User Data Access_44849d: C:\Windows\system32\svchost.exe -k UnistackSvcGroup (manual start)
@%systemroot%\system32\usermgr.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\usocore.dll,-102: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\vaultsvc.dll,-1003: %SystemRoot%\system32\lsass.exe (manual start)
@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator: System32\drivers\vdrvroot.sys (system)
@%SystemRoot%\system32\vds.exe,-100: %SystemRoot%\System32\vds.exe (manual start)
@%SystemRoot%\system32\drivers\VerifierExt.sys,-1000: system32\drivers\VerifierExt.sys (manual start)
vhdmp: \SystemRoot\System32\drivers\vhdmp.sys (manual start)
@%SystemRoot%\system32\drivers\vhf.sys,-100: \SystemRoot\System32\drivers\vhf.sys (manual start)
@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus: System32\drivers\vmbus.sys (system)
VMBusHID: \SystemRoot\System32\drivers\VMBusHID.sys (manual start)
@wvmgid.inf,%VmGid.SVCDESC%;Microsoft Hyper-V Guest Infrastructure Driver: \SystemRoot\System32\drivers\vmgid.sys (manual start)
@%systemroot%\system32\icsvc.dll,-801: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\icsvc.dll,-101: %systemroot%\system32\svchost.exe -k ICService (manual start)
@%systemroot%\system32\icsvc.dll,-201: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\icsvcext.dll,-601: %systemroot%\system32\svchost.exe -k ICService (manual start)
@%systemroot%\system32\icsvc.dll,-301: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\icsvc.dll,-401: %systemroot%\system32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%systemroot%\system32\icsvc.dll,-901: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\icsvcext.dll,-501: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver: System32\drivers\volmgr.sys (system)
@%SystemRoot%\system32\drivers\volmgrx.sys,-100: System32\drivers\volmgrx.sys (system)
@%SystemRoot%\system32\drivers\volsnap.sys,-100: System32\drivers\volsnap.sys (system)
@volume.inf,%VolumeServiceDesc%;Volume driver: System32\drivers\volume.sys (system)
@wvpci.inf,%vpci.SVCDESC%;Microsoft Hyper-V Virtual PCI Bus: \SystemRoot\System32\drivers\vpci.sys (manual start)
vsmraid: System32\drivers\vsmraid.sys (system)
@%systemroot%\system32\vssvc.exe,-102: %systemroot%\system32\vssvc.exe (manual start)
@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver: System32\drivers\vstxraid.sys (system)
@%SystemRoot%\System32\drivers\vwifibus.sys,-257: \SystemRoot\System32\drivers\vwifibus.sys (manual start)
@%SystemRoot%\System32\drivers\vwififlt.sys,-259: System32\drivers\vwififlt.sys (system)
@%SystemRoot%\System32\drivers\vwifimp.sys,-261: \SystemRoot\System32\drivers\vwifimp.sys (manual start)
@%SystemRoot%\system32\w32time.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@hiddigi.inf,%WacomPen.SVCDESC%;Wacom Serial Pen HID Driver: \SystemRoot\System32\drivers\wacompen.sys (manual start)
@%SystemRoot%\System32\WalletService.dll,-1000: %SystemRoot%\System32\svchost.exe -k appmodel (manual start)
@%systemroot%\system32\mprmsg.dll,-32011: System32\DRIVERS\wanarp.sys (autostart)
@%systemroot%\system32\mprmsg.dll,-32012: System32\DRIVERS\wanarp.sys (manual start)
@%systemroot%\system32\wbengine.exe,-104: "%systemroot%\system32\wbengine.exe" (manual start)
@%systemroot%\system32\wbiosrvc.dll,-100: %SystemRoot%\system32\svchost.exe -k WbioSvcGroup (autostart)
@%systemroot%\system32\drivers\wcifs.sys,-100: \SystemRoot\system32\drivers\wcifs.sys (autostart)
@%SystemRoot%\System32\wcmsvc.dll,-4097: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%SystemRoot%\system32\wcncsvc.dll,-3: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%systemroot%\system32\drivers\wcnfs.sys,-100: \SystemRoot\system32\drivers\wcnfs.sys (autostart)
@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390: system32\drivers\WdBoot.sys (system)
@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000: system32\drivers\Wdf01000.sys (system)
@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330: system32\drivers\WdFilter.sys (system)
@%systemroot%\system32\wdi.dll,-502: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%systemroot%\system32\wdi.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
WDI Driver Framework: system32\DRIVERS\wdiwifi.sys (manual start)
@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-370: system32\Drivers\WdNisDrv.sys (manual start)
@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320: "%ProgramFiles%\Windows Defender\NisSrv.exe" (manual start)
@%systemroot%\system32\webclnt.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\wecsvc.dll,-200: %SystemRoot%\system32\svchost.exe -k NetworkService (manual start)
@%systemroot%\system32\wephostsvc.dll,-100: %systemroot%\system32\svchost.exe -k WepHostSvcGroup (manual start)
@%SystemRoot%\System32\wercplsupport.dll,-101: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Error Reporting Service: %SystemRoot%\System32\svchost.exe -k WerSvcGroup (autostart)
@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000: System32\drivers\wfplwfs.sys (system)
@%SystemRoot%\system32\wiarpc.dll,-2: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\system32\drivers\wimmount.sys,-101: system32\drivers\wimmount.sys (manual start)
@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310: "%ProgramFiles%\Windows Defender\MsMpEng.exe" (autostart)
Windows Trusted Execution Environment Class Extension: system32\drivers\WindowsTrustedRT.sys (system)
@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service: System32\drivers\WindowsTrustedRTProxy.sys (system)
@%SystemRoot%\system32\winhttp.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@mlx4_bus.inf,%WinMad.ServiceDesc%;WinMad Service: \SystemRoot\System32\drivers\winmad.sys (manual start)
@%Systemroot%\system32\wbem\wmisvc.dll,-205: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%Systemroot%\system32\wsmsvc.dll,-101: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
@winusb.inf,%WINUSB_SvcDesc%;WinUsb Driver: \SystemRoot\System32\drivers\WinUSB.SYS (manual start)
@mlx4_bus.inf,%WinVerbs.ServiceDesc%;WinVerbs Service: \SystemRoot\System32\drivers\winverbs.sys (manual start)
@oem18.inf,%ServiceDesc%;HP Wireless Button Driver Service: \SystemRoot\System32\drivers\WirelessButtonDriver64.sys (manual start)
@%SystemRoot%\system32\flightsettings.dll,-104: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\System32\wlansvc.dll,-257: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\wlidsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
@wmiacpi.inf,%WMIMAP.SvcDesc%;Microsoft Windows Management Interface for ACPI: \SystemRoot\System32\drivers\wmiacpi.sys (manual start)
@%Systemroot%\system32\wbem\wmiapsrv.exe,-110: %systemroot%\system32\wbem\WmiApSrv.exe (manual start)
@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101: "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" (autostart)
@%systemroot%\system32\workfolderssvc.dll,-102: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\wpdbusenum.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\System32\drivers\WpdUpFltr.sys,-100: System32\drivers\WpdUpFltr.sys (manual start)
@%SystemRoot%\system32\wpnservice.dll,-1: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\WpnUserService.dll,-1: %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup (manual start)
Windows Push Notifications User Service_44849d: C:\Windows\system32\svchost.exe -k UnistackSvcGroup (manual start)
@%systemroot%\System32\drivers\ws2ifsl.sys,-1000: \SystemRoot\system32\drivers\ws2ifsl.sys (disabled)
@%SystemRoot%\System32\wscsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%systemroot%\system32\SearchIndexer.exe,-103: %systemroot%\system32\SearchIndexer.exe /Embedding (autostart)
@%systemroot%\system32\wuaueng.dll,-105: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000: system32\drivers\WudfPf.sys (manual start)
@%SystemRoot%\system32\drivers\WudfRd.sys,-1000: system32\drivers\WudfRd.sys (manual start)
@%SystemRoot%\system32\wudfsvc.dll,-1000: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
WUDFWpdFs: \SystemRoot\system32\DRIVERS\WUDFRd.sys (manual start)
@%SystemRoot%\System32\wwansvc.dll,-257: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork (manual start)
@%systemroot%\system32\XblAuthManager.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
@%systemroot%\system32\XblGameSave.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
@xboxgip.inf,%XBOXGIP_Desc%;Xbox Game Input Protocol Driver: \SystemRoot\System32\drivers\xboxgip.sys (manual start)
@%systemroot%\system32\XboxNetApiSvc.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
@xinputhid.inf,%xinputhid.SvcDesc%;XINPUT HID Filter Driver: \SystemRoot\System32\drivers\xinputhid.sys (manual start)
ZAM Helper Driver: \??\C:\Windows\System32\drivers\zam64.sys (system)
ZAM Controller Service: "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service (autostart)
ZAM Guard Driver: \??\C:\Windows\System32\drivers\zamguard64.sys (system)
 
 
--------------------------------------------------
 
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
 
Windows NT checkdisk command:
BootExecute = autocheck autochk *
 
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
 
--------------------------------------------------
 
Enumerating ShellServiceObjectDelayLoad items:
 
WebCheck: *Registry key not found*
 
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
 
*Registry key not found*
 
--------------------------------------------------
 
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
 
*Registry key not found*
 
--------------------------------------------------
 
End of report, 70,844 bytes
Report generated in 0.547 seconds
 
Command line options:
   /verbose  - to add additional info on each section
   /complete - to include empty sections and unsuspicious data
   /full     - to include several rarely-important sections
   /force9x  - to include Win9x-only startups even if running on WinNT
   /forcent  - to include WinNT-only startups even if running on Win9x
   /forceall - to include all Win9x and WinNT startups, regardless of platform
   /history  - to list version history only
 
 
I would very much appreciate some help.  I had thought I could handle this myself, but I cannot.

Edit: Moved topic from Windows Crashes, BSOD, and Hangs Help and Support to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 14 October 2016 - 10:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/629050 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:38 AM

Posted 19 October 2016 - 02:54 PM

Greetings Rachael Stacey and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. The only entry that looks odd at all is C:\Users\Rachael\Downloads\CuAvqtSXYAABLjI.jpg-small. Do you recognize it?

Have you reset your modem and/or router?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:38 AM

Posted 23 October 2016 - 09:16 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:38 AM

Posted 25 October 2016 - 08:46 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users