Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

InprocServer32: COM Object hijacking Remote Administration Tool


  • This topic is locked This topic is locked
9 replies to this topic

#1 Cli7nt

Cli7nt

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:07:33 AM

Posted 17 January 2017 - 06:52 PM

I have months trying to clean my laptop. I have reinstalled over 50 times, every time I reinstall, the viruses come right back. 13 infections. They were as follows: Gen. Variant. Strictor ( multiples), Gen. Variant. Graftor (multiples) and Gen. Varient. Symmi (multiples). I run Bitdefender rescue cd right after an install and they are already detected and it seems to delete theme but my pc is still connected sending and receiving files who knows where? WdBoot.sys and gdelam.sys is located at C:\Windows\ELAMBKUP which might be how my boot is screwed?? I can get Windows 10 Updates to install either. The install when doing command prompt says I have Windows PE installed.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2017
Ran by clintcrisher (administrator) on PC-CR75H3R (17-01-2017 12:18:21)
Running from C:\Users\clintcrisher\Downloads
Loaded Profiles: clintcrisher (Available Profiles: defaultuser0 & clintcrisher)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Comodo\Dragon\dragon.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G DATA Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(G DATA Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVKBackup\AVKBackupService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(G DATA Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe
(G DATA Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
(G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltSur64.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8852512 2016-09-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1471512 2016-09-07] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => c:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [724400 2016-07-24] (Waves Audio Ltd.)
HKU\S-1-5-21-1395095057-1926556277-271400916-1001\...\Run: [OneDrive] => "C:\Users\clintcrisher\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
HKU\S-1-5-21-1395095057-1926556277-271400916-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2017-01-05] (SUPERAntiSpyware)
HKU\S-1-5-21-1395095057-1926556277-271400916-1001\...\MountPoints2: {2b254d5a-dc67-11e6-96b0-806e6f6e6963} - "D:\setup.exe" 
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\clintcrisher\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileSyncShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\clintcrisher\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileSyncShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\clintcrisher\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileSyncShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\clintcrisher\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileSyncShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\clintcrisher\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileSyncShell.dll -> No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{364d1edd-674c-421b-be7f-8c262780056c}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{364d1edd-674c-421b-be7f-8c262780056c}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1395095057-1926556277-271400916-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-17] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-17] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-17] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-17] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-17] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-17] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-17] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [4950632 2016-10-05] (G DATA Software AG)
R2 AVKService; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe [984904 2016-09-14] (G DATA Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe [3044496 2016-09-26] (G Data Software AG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2272904 2016-09-29] (Comodo)
R2 GDBackupSvc; C:\Program Files (x86)\G DATA\InternetSecurity\AVKBackup\AVKBackupService.exe [4072264 2016-09-30] (G DATA Software AG)
R3 GDFwSvc; C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe [3286120 2016-09-14] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [822600 2016-09-26] (G DATA Software AG)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373760 2016-06-07] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [323344 2016-09-07] (Realtek Semiconductor)
R2 WavesSysSvc; c:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [613296 2016-06-14] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [180808 2017-01-16] (G Data Software AG)
S0 GDElam; C:\Windows\System32\DRIVERS\GDElam.sys [117904 2016-04-21] (G Data Software AG)
R3 GDKBB; C:\Windows\system32\drivers\GDKBB64.sys [37400 2017-01-16] (G Data Software AG)
R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [30280 2017-01-16] (G DATA Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [274400 2017-01-16] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [105544 2017-01-16] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [77384 2017-01-16] (G DATA Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [116296 2017-01-16] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [153160 2017-01-16] (G Data Software AG)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [412400 2015-08-05] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [57032 2015-06-11] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\drivers\1394ohci.sys A7901875F89D011C38CF52C98ACF5B29
C:\Windows\System32\drivers\3ware.sys EE1CCC54F75C24727A218F98FC5349DA
C:\Windows\System32\drivers\ACPI.sys 73C73E1AA0D4D727A04AAAB120B7F56A
C:\Windows\System32\drivers\AcpiDev.sys 0935496EF9624B46B935CB35ECE1F205
C:\Windows\System32\Drivers\acpiex.sys D6794C31F4077B71433988787BAA926E
C:\Windows\System32\drivers\acpipagr.sys FE5F656D6B35089DA39112E74EC6A85A
C:\Windows\System32\drivers\acpipmi.sys 2F242941E4DFF69B883D77A16F039557
C:\Windows\System32\drivers\acpitime.sys C247E35A21682DA8D0DC3AF9F025FCC5
C:\Windows\System32\drivers\ADP80XX.SYS 49B9DB97AFC85DCCBDACDAB2E90085B7
C:\Windows\system32\drivers\afd.sys 983266DA83FFF73DBDDD3730A4712228
C:\Windows\System32\DRIVERS\ahcache.sys E44DB3F7225EC3E119560738B3619972
C:\Windows\System32\drivers\amdk8.sys DF21E05E41E5AC3F13F304D91457649A
C:\Windows\System32\drivers\amdppm.sys 45D0AA4BB90B821DF92E8F19ABED0C5E
C:\Windows\System32\drivers\amdsata.sys 74FFBC43B4B899C9A8CA06A892F2CE73
C:\Windows\System32\drivers\amdsbs.sys AAB0F1D8D7E54761ABAB13AF161F1680
C:\Windows\System32\drivers\amdxata.sys F91BAAC4237C40352A807000F3B716F9
C:\Windows\System32\drivers\appid.sys BC121C099C6C659126AD2102AFDFF8CF
C:\Windows\System32\drivers\applockerfltr.sys 68190E2BADF23BD782344970E5B5DE9E
C:\Windows\System32\drivers\arcsas.sys E6AB1F0B4C3D4E0D2A88332D76FECD03
C:\Windows\System32\drivers\asyncmac.sys 61C5A480C43E7E8E49C42869F49D0D3E
C:\Windows\System32\drivers\atapi.sys A10F989A812B57B9695F6C305907C9C6
C:\Windows\System32\drivers\bxvbda.sys 61BAC67048CA5C1D08C48FCC8012B613
C:\Windows\System32\drivers\BasicDisplay.sys 68F72B05EBC6D1779C0D60A147C7CA0B
C:\Windows\System32\drivers\BasicRender.sys 23156E7EDAF613D839E2839746B168D3
C:\Windows\System32\drivers\bcmfn.sys 3F5523DCEFE42B385659C5CB46A6B810
C:\Windows\System32\drivers\bcmfn2.sys 0B750A6A6D847E73CA48ADD7A0F5A393
C:\Windows\System32\Drivers\Beep.sys 0A508274355745EEF01C6BE3198D02C4
C:\Windows\System32\DRIVERS\bowser.sys EEBFAEB4702E1049ECD44B10485E6C0C
C:\Windows\System32\drivers\BthAvrcpTg.sys 722036C26D2C4E50EC2A2EC5FD678846
C:\Windows\System32\drivers\bthhfenum.sys C2E31BE025D46D189E38DD1EDF07837A
C:\Windows\System32\drivers\BthHFHid.sys F7CD605FC0B0B22F3F6F247595E3A655
C:\Windows\System32\drivers\bthmodem.sys 535DC41A33630AE4C262406F9E981C03
C:\Windows\System32\drivers\buttonconverter.sys 23F9EF739F685E07482116425E7879AA
C:\Windows\System32\drivers\capimg.sys 4C61113687EB66035A70A55EE9B7DB4A
C:\Windows\System32\DRIVERS\cdfs.sys F8FB51B9EF6372610E9B31A1D86B62FC
C:\Windows\System32\drivers\cdrom.sys 613D0137C269187FA298A157E3D14A18
C:\Windows\System32\drivers\cht4sx64.sys 0AED948DA8D5F08B3D6F12E4E2089736
C:\Windows\System32\drivers\cht4vx64.sys 0002A0FDE087C1657AB31CE73077539C
C:\Windows\System32\drivers\circlass.sys 6B4F90A287D75CCD78694F6790C911B2
C:\Windows\System32\drivers\CLFS.sys 09D0B94D3A06EFD1EB70189EC4B26DF7
C:\Windows\System32\drivers\registry.sys EEC3A4A98AE1A337E3CD1483AD6F2E15
C:\Windows\System32\drivers\CmBatt.sys 429623E266EF067A44E8CF148E9DFB9B
C:\Windows\System32\Drivers\cng.sys D0438FBD80ECEF7591575AA9E7186E93
C:\Windows\System32\DRIVERS\cnghwassist.sys 3DB10C59405931E2C72EFB82C1AF97D1
C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys 34C935AF2A414572B412B3556586D783
C:\Windows\System32\drivers\condrv.sys 44EEEB2382F566999287E13F2067693C
C:\Windows\System32\drivers\dam.sys 42F254BA851371E2F5351E59E391751B
C:\Windows\System32\drivers\DellRbtn.sys 2F5EB7375FC3D9DBB81BDFFE2BCCB9D0
C:\Windows\System32\Drivers\dfsc.sys 7EAFDEF51136E8F2452CEBD8D084F108
C:\Windows\System32\drivers\disk.sys 35B9D46560339A5A7F0CAC6ED702C817
C:\Windows\System32\drivers\dmvsc.sys 815F45161A4571C2C44491564F3D5968
C:\Windows\system32\DRIVERS\drmkaud.sys AE6BD4C879A8C849E53947C92DF3B3A0
C:\Windows\System32\drivers\dxgkrnl.sys E28103485F82F30AFC5DE1CEDF4AF295
C:\Windows\System32\drivers\evbda.sys 7EC6FC0266D74BD47ABB130A328B70EC
C:\Windows\System32\drivers\EhStorClass.sys 8D74B8B5D6F7C5BC4C525BAF2B083FF1
C:\Windows\System32\drivers\EhStorTcgDrv.sys 4D49B99DCACA1FC782A94DB596246504
C:\Windows\System32\drivers\errdev.sys 77B60DEC7DCB4233E4A69D3F52E5DB24
C:\Windows\System32\Drivers\exfat.sys FCD2C63754C2E739A8EEAD9BC63F9DDC
C:\Windows\System32\Drivers\fastfat.sys C077AA74EDDAF69985EB27597BCB342A
C:\Windows\System32\drivers\fdc.sys 99598ECA5E41996E005D5B9D9FF1EFA2
C:\Windows\System32\drivers\filecrypt.sys F44F666B0EACC3181544FFCF8CA0FFC7
C:\Windows\System32\drivers\fileinfo.sys 78A210DDFDF2C9EC884631D2DAA573F0
C:\Windows\System32\drivers\filetrace.sys 1A97DB5E701A186989F3795223C3BE39
C:\Windows\System32\drivers\flpydisk.sys 46626665F0E5906E45619B4EFD6186B8
C:\Windows\System32\drivers\fltmgr.sys FDA72ACA14D516D18C33AFCD0FD9260F
C:\Windows\System32\drivers\FsDepends.sys D152CCBFC8251670BF0AAFE00D6BC782
C:\Windows\System32\Drivers\Fs_Rec.sys 6D6BB5C7363CD35FA715E826F3D029EE
C:\Windows\System32\DRIVERS\fvevol.sys B719EAA1EC93586955B013BD7DD61356
C:\Windows\System32\drivers\GDBehave.sys 3F24DCB0037A0121C220CB8EAF9A340D
C:\Windows\System32\DRIVERS\GDElam.sys 1314062567B9ED86BFFDE5D8C48C52AE
C:\Windows\system32\drivers\GDKBB64.sys DD7D5196EB9C4321EA57B668AF873840
C:\Windows\system32\drivers\GDKBFlt64.sys 4A9000A1B02C394CD2C5E6450A04002D
C:\Windows\system32\drivers\MiniIcpt.sys EE1927F18C9298D96A47017272D591E8
C:\Windows\system32\drivers\PktIcpt.sys DC5200C3055D6EB5355F8975FB38E9EE
C:\Windows\System32\drivers\gdwfpcd64.sys 4E294DB229885177DA056A3471476A19
C:\Windows\System32\drivers\vmgencounter.sys EF78034773CE506323655A868C949144
C:\Windows\System32\drivers\genericusbfn.sys B55FEBC6A00DAA1FE074F020B6907516
C:\Windows\System32\Drivers\msgpioclx.sys DDD8A8CDDC7F13EF57D1DAAE71865936
C:\Windows\System32\drivers\gpuenergydrv.sys 7ACD8F69B5D6EC97E6D2C006E19BED88
C:\Windows\system32\drivers\GRD.sys 6809BA27F97EAFC5C30F743E30DE1DB6
C:\Windows\system32\DRIVERS\HdAudio.sys 217230B984AB2954E2FA5E36578D7B08
C:\Windows\System32\drivers\HDAudBus.sys 10E3515FE5DBA6656FA62C29342EC4A1
C:\Windows\System32\drivers\HidBatt.sys B90D284B97CD4CA9DE7430AAAD887A56
C:\Windows\System32\drivers\hidbth.sys B2FE11643CC6ACDEE6C247DD36018FDB
C:\Windows\System32\drivers\hidi2c.sys D24355488A2D4D2323518EC1AC7A6D9E
C:\Windows\System32\drivers\hidinterrupt.sys 0AF9ABBA4F3F55C6C803890D64BC3C29
C:\Windows\System32\drivers\hidir.sys CDBCF8E9AB06D88A1E1191D32F320C5D
C:\Windows\System32\drivers\hidusb.sys 2B7002EEACFC2687788A34ADB204293D
C:\Windows\system32\drivers\HookCentre.sys FEDBFAFC5BAD0AE52ADE4DF75DBFF69F
C:\Windows\System32\drivers\HpSAMD.sys F5CA18197B4646E04DB9EB2D6642CC4D
C:\Windows\System32\drivers\HTTP.sys 65E358D604267CBAACB74A2598BBE22B
C:\Windows\System32\drivers\hvservice.sys 3756E15BB86689412775DF22A442FC46
C:\Windows\System32\drivers\hwpolicy.sys 771EDDA9830A3079F996F34D681FB6E5
C:\Windows\System32\drivers\hyperkbd.sys 3B9F315E7FA72CC25228EB097DD9C694
C:\Windows\System32\drivers\i8042prt.sys B54B30992620C97230013A74461C8517
C:\Windows\System32\drivers\iagpio.sys C6B8743B213F06AA60943D8366FE968F
C:\Windows\System32\drivers\iai2c.sys 9A2A2F3C69B9A30B6E78536F6D258BAD
C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys 5A0E850F8CD17791A3E6A3CF81D0CA28
C:\Windows\System32\drivers\iaLPSS2i_I2C.sys 7508F1096803385D6376BFD0BD473AC4
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\Windows\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\Windows\System32\drivers\iaStorAV.sys 97E553D03219D3D51705C7235D9EAEBD
C:\Windows\System32\drivers\iaStorV.sys 8350FE3BCDE3428BC040877BB7E9EAEB
C:\Windows\System32\drivers\ibbus.sys 3BA03F7C7700DDF4C383DDE9252F5817
C:\Windows\system32\DRIVERS\igdkmd64.sys BBF77C6837F5FF37796D5841A03173CB
C:\Windows\System32\drivers\IndirectKmd.sys 2A01C96DF5802D3434634E55C91232D8
C:\Windows\system32\drivers\RTKVHD64.sys D02C1FD2E9469B5FCE544729CC753401
C:\Windows\system32\DRIVERS\IntcDAud.sys E300D1E37B737ED14F7A08CD5604E5D9
C:\Windows\System32\drivers\intelide.sys 9F7E87F6595D065A8A200A291043045E
C:\Windows\System32\drivers\intelpep.sys A6BD2E20AE1BC5CB2776C87C28E4F4CA
C:\Windows\System32\drivers\intelppm.sys 2A48DA39542636DB0FA3BA915385D1B3
C:\Windows\System32\drivers\iorate.sys 4A922CAB4AB5F29F1BECC9D95B4B7F05
C:\Windows\System32\DRIVERS\ipfltdrv.sys FE85D0A86CA7A5A99CF8CD04DE7F80AE
C:\Windows\System32\drivers\IPMIDrv.sys 450DBDD716C7911F83E05F78EE18BFA2
C:\Windows\System32\drivers\ipnat.sys F1DAECC3B3D6399875D4F10529D6A77C
C:\Windows\system32\drivers\irda.sys 7475A2903BB704B446AA6309E34D3362
C:\Windows\System32\drivers\irenum.sys 9725E7F0C64CE9916A5CDABE8D6E13C3
C:\Windows\System32\drivers\isapnp.sys 58040898883A96160D41739C80328BBF
C:\Windows\System32\drivers\msiscsi.sys C9FD02D62E09337B67B0C61EC8CA38CC
C:\Windows\System32\drivers\kbdclass.sys 210808437570BDDEE71A43535E3A2D30
C:\Windows\System32\drivers\kbdhid.sys 2D05785B0C58D90A34EA15032EADBBA9
C:\Windows\System32\drivers\kdnic.sys 813BA3EB2CE038F2A5382DDD75CAD60B
C:\Windows\System32\Drivers\ksecdd.sys 9FA1B5D84F596F0664F0465F302044DC
C:\Windows\System32\Drivers\ksecpkg.sys ECC7F3CDF34AAA49C00504466FC2B698
C:\Windows\system32\drivers\ksthunk.sys 4ED115CD1A1099705F56B5E0FFF97CC6
C:\Windows\System32\drivers\lltdio.sys 5933A6673F00D8255C52957E40C2D601
C:\Windows\System32\drivers\lsi_sas.sys 8E1B0946948CCC0BC1FA3CB70374A795
C:\Windows\System32\drivers\lsi_sas2i.sys 4F68163FC04C973500DC4DA0946917B0
C:\Windows\System32\drivers\lsi_sas3i.sys E5AC5F2815938651CDCC27F425474673
C:\Windows\System32\drivers\lsi_sss.sys CCF6EC9FB9B8F18E05B4253E81013E48
C:\Windows\system32\drivers\luafv.sys C9579D32219E5B936AC3A48D470117EC
C:\Windows\System32\drivers\megasas.sys C3CDCCF07486BD2616A7B82946E07AC0
C:\Windows\System32\drivers\megasr.sys FADB2FE017E69EECE0E1BA78661C2E8C
C:\Windows\System32\drivers\TeeDriverW8x64.sys 6D1671CB2E5402F01D2F13ECF764CAA1
C:\Windows\System32\drivers\mlx4_bus.sys FD60818B66B2E8A5415EA840E99A9D8F
C:\Windows\system32\drivers\mmcss.sys 68F6977F1CFBAAC770D940A8C0326FA1
C:\Windows\System32\drivers\modem.sys D842ADDB5911945D51F61A0B1C8F36E3
C:\Windows\System32\drivers\monitor.sys 9CCCB7FC3EDADEBA461D78615A6011A6
C:\Windows\System32\drivers\mouclass.sys 27A07B2FB2E3057DA8DAEA4F25D843C7
C:\Windows\System32\drivers\mouhid.sys 7BD6E7F7C9001AB21B8362CFFEE80B25
C:\Windows\System32\drivers\mountmgr.sys F5BDAEE4B7D369D4C74668DCFBA3FF10
C:\Windows\System32\drivers\mpsdrv.sys 30844BD376F9D01E62C820BEF446F1F8
C:\Windows\system32\drivers\mrxdav.sys 50C2389CD04C5B8632E3DC2D733EF15D
C:\Windows\System32\DRIVERS\mrxsmb.sys C9BB4E2FCAB693FEB00CF940060D94F4
C:\Windows\System32\DRIVERS\mrxsmb20.sys 6C83C4A8278E48455DA13E554CEB45F1
C:\Windows\System32\drivers\bridge.sys 74C9D21523DAE0C18F413C196DF0058A
C:\Windows\System32\Drivers\Msfs.sys F01B849D9D4A8CEAF32D4FDBD0B83C92
C:\Windows\System32\drivers\msgpiowin32.sys 22ECD8F5D1DFADF2011BBB1700CB871D
C:\Windows\System32\drivers\mshidkmdf.sys FD870F6968A145E4D2BA8A8842686B03
C:\Windows\System32\drivers\mshidumdf.sys 30364757963A028CE5DF0FBAAC270173
C:\Windows\System32\drivers\msisadrv.sys 6BB0FEDDAE7135FA37FFAFF4D9E0E876
C:\Windows\system32\DRIVERS\MSKSSRV.sys 13D614E6B51ECF36746C48CE829FA7F6
C:\Windows\System32\drivers\mslldp.sys 642CDE46351D5D2D90311E77072AB46D
C:\Windows\system32\DRIVERS\MSPCLOCK.sys F2302A5CE63CA7673200FAFCEEEDB6AF
C:\Windows\system32\DRIVERS\MSPQM.sys 6114512EA26E835BA522C63635429DB5
C:\Windows\System32\Drivers\MsRPC.sys AA538E16E644D00E3BA5349BBA9598EC
C:\Windows\System32\drivers\mssmbios.sys 0543BEFD41EC4D25C7F7CF36409CEC7D
C:\Windows\system32\DRIVERS\MSTEE.sys C1569E4DB8EFE3617847BF041A3C842F
C:\Windows\System32\drivers\MTConfig.sys 130B16970154BA9876B09E5C4BAC63BE
C:\Windows\System32\Drivers\mup.sys 15D987C8F6CCD4AC94E070C5986762CB
C:\Windows\System32\drivers\mvumis.sys 3D2C5B4995CA0751D32DEA0DE9FDFE44
C:\Windows\System32\DRIVERS\nwifi.sys DB31EBB04C871F422C36A0962DA7D38B
C:\Windows\System32\drivers\ndfltr.sys 629CB21AC49C8867E0F29DF1C16DB7B4
C:\Windows\System32\drivers\ndis.sys 36DD2C614720EC2970CB5E870BA69D8D
C:\Windows\System32\drivers\ndiscap.sys 6DD605338FAAF6BA17662AA874E0D162
C:\Windows\System32\drivers\NdisImPlatform.sys E34196F285F8B8879E1FF36C31F7179E
C:\Windows\System32\DRIVERS\ndistapi.sys 1FAD2398673F30CEC616B89C46B7DCBA
C:\Windows\System32\drivers\ndisuio.sys AEB8ECBE66CC46854066CB1F5623E179
C:\Windows\System32\drivers\NdisVirtualBus.sys 7340104C2BF2F126714F7CDE85E63610
C:\Windows\System32\drivers\ndiswan.sys 07ADC1F8DCBEB8104D75129B11584B8C
C:\Windows\System32\DRIVERS\ndiswan.sys 07ADC1F8DCBEB8104D75129B11584B8C
C:\Windows\System32\DRIVERS\NDProxy.sys 78A12E3DF035B5D054986949B19BE43C
C:\Windows\System32\drivers\Ndu.sys 04C8859355C1DC9C0FA198D1894D71C2
C:\Windows\System32\drivers\NetAdapterCx.sys 6C76780A01FC2B885BD6E957B5C36B02
C:\Windows\System32\drivers\netbios.sys 5D1513BD6430307C9DB86C6E351372ED
C:\Windows\System32\DRIVERS\netbt.sys 6FEBB0A847FFD5F057B9AC8889F1B9A7
C:\Windows\System32\Drivers\Npfs.sys 001CBD7A2CD45C4EB39C01C3C677EF73
C:\Windows\System32\drivers\npsvctrig.sys 90F5DC9802AAA00CD0B6E2AD9E7FFADC
C:\Windows\System32\drivers\nsiproxy.sys 0C6218321A09A7B51BA7FFAFBA4CCB21
C:\Windows\System32\Drivers\NTFS.sys D1AF837A1555990602A51A3ED238EC80
C:\Windows\System32\Drivers\Null.sys 6E6DD6F9DD2A034CF85E94047DBDB992
C:\Windows\System32\drivers\nvraid.sys D261DF41F0840F734856A2B4F5E072C7
C:\Windows\System32\drivers\nvstor.sys 23B702B555EB0436B9DAA0BC63DA65CE
C:\Windows\System32\drivers\parport.sys 6B81BF7853D161DB8AC62CD8B9C2DE6B
C:\Windows\System32\drivers\partmgr.sys F9C32E5ECA5D29852A93C3888A4CC4B2
C:\Windows\System32\drivers\pci.sys 55E45E0A89429AE9C62D728B9C4891C0
C:\Windows\System32\drivers\pciide.sys 214DCC87E3898F738075D1341252A552
C:\Windows\System32\drivers\pcmcia.sys AED76A3333B3A31536E430020E0226FC
C:\Windows\System32\drivers\pcw.sys E63FB38B6E75B39467492FBAD2CD512A
C:\Windows\System32\drivers\pdc.sys 2CCD68D8A6BBFF2DE0EC54F086C5F3BC
C:\Windows\System32\drivers\peauth.sys 1509A77F840AA9E72CF8247D0CF2FBDE
C:\Windows\System32\drivers\percsas2i.sys 540116170E2135FCD5DDE77702166B67
C:\Windows\System32\drivers\percsas3i.sys 8356F87553BF49C703CF382033815898
C:\Windows\System32\drivers\raspptp.sys 5645B9D9788CCA2C88B9534996ED2D6D
C:\Windows\System32\drivers\processr.sys 372913E12677A8CBBBABDD8311894F9D
C:\Windows\System32\drivers\pacer.sys FC98407B85A31161851FDE245517574F
C:\Windows\system32\drivers\qwavedrv.sys 819602BBBFDB0BD46DEA3715BF0DD452
C:\Windows\System32\DRIVERS\rasacd.sys CDF47037A0939F56D11F699629C276AD
C:\Windows\System32\drivers\AgileVpn.sys 28C2EA278070EE12701D0EDF8CB0EC36
C:\Windows\System32\drivers\rasl2tp.sys 17E565710172ED71B8531D8822E1C5D1
C:\Windows\System32\DRIVERS\raspppoe.sys 9387DF155233D45D4E010F4F2FB52A57
C:\Windows\System32\drivers\rassstp.sys F0F4EEDEEBEE7A4244FAFB96A16B5712
C:\Windows\System32\DRIVERS\rdbss.sys BBE0FC9C9E7C556DA6E6E6904739DF7E
C:\Windows\System32\drivers\rdpbus.sys 79A415E6FA915EFC00297DAB16EC2635
C:\Windows\System32\drivers\rdpdr.sys 7135785C21CA79D270D11037C43D3F19
C:\Windows\System32\drivers\rdpvideominiport.sys 97A61A3CB2B5CB4FC32B3224EF333448
C:\Windows\System32\drivers\rdyboost.sys 69BB204AE07EE84ECFAB1BF13C4BD04B
C:\Windows\System32\Drivers\ReFSv1.sys 940D6F5A2B0A61EE4170DF84F6C95C20
C:\Windows\System32\drivers\rspndr.sys 5FF28F097C9699097B473F8FC7C1AA7D
C:\Windows\System32\drivers\rt640x64.sys F9265C902BB9146C6BFF97BDF35C04DE
C:\Windows\system32\Drivers\RtsUer.sys 844CAE66082D38051339CB6C15BCDBB6
C:\Windows\System32\drivers\vms3cap.sys B5DAEE69BACA64D2BB004568E22D8756
C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\Windows\System32\drivers\sbp2port.sys 5E73FB63E2DBC75FE0C17DEB0010CE0E
C:\Windows\System32\DRIVERS\scfilter.sys 3D9A82B03C92D1FEC42CB171D6F57778
C:\Windows\System32\drivers\scmbus.sys 9055ADDFBA4C8B914C914CE693B55C0A
C:\Windows\System32\drivers\scmdisk0101.sys B6F2363584E62960846F7C3F00124A4F
C:\Windows\System32\drivers\sdbus.sys FCBB8A17B4437B2CA8CC8DA8CB1D306E
C:\Windows\System32\drivers\sdstor.sys 120DFCB71D6C502613A9E2D50E16850C
C:\Windows\System32\drivers\SerCx.sys 401D706DDC0A7AF18C3DD228ADF74551
C:\Windows\System32\drivers\SerCx2.sys 7084D11083F0CDCA8B5C76F9846ABF5D
C:\Windows\System32\drivers\serenum.sys 3FF478A8ED32A83C36581425F6282B6C
C:\Windows\System32\drivers\serial.sys 92509187AA171A80521528B36F753E1D
C:\Windows\System32\drivers\sermouse.sys 433D38FF6D08B993847EA2A10EB8CB52
C:\Windows\System32\drivers\sfloppy.sys 697D3EE0740AEAB62B66ABCA1C83D13B
C:\Windows\System32\drivers\SiSRaid2.sys A34CE1830E45DA98932295FDE4B7908A
C:\Windows\System32\drivers\sisraid4.sys A7B5C670770E908DA5FEF5BF1136E933
C:\Windows\System32\drivers\spaceport.sys 3DB9C2950439B61A038BF83E697C7A14
C:\Windows\System32\drivers\SpbCx.sys E03264C4C25B568F92ED1656AD541E64
C:\Windows\System32\DRIVERS\srv2.sys DF7147DE10921DBAAE9F9EEF94590E10
C:\Windows\System32\DRIVERS\srvnet.sys 416D224AF7481A4179F018FB1F9A5B6B
C:\Windows\System32\drivers\stexstor.sys 29D26E1347AE1BBD4201014E19880B2C
C:\Windows\System32\drivers\storahci.sys 0FE3B9A9E40DE1029B0AC2368A3F765D
C:\Windows\System32\drivers\vmstorfl.sys C5E0ACE4771F5575D9D5B457ABF3AD03
C:\Windows\System32\drivers\stornvme.sys C1CFB9C19BF1134D8B9A7CF89BEC0AD1
C:\Windows\System32\drivers\storqosflt.sys BEBF85EB4D90E6996047DA027D0ED26E
C:\Windows\System32\drivers\storufs.sys 8E73037A6F8938475692FFCC26EBF385
C:\Windows\System32\drivers\storvsc.sys 9D9DED47DA10E845EFF2DD57C94C809B
C:\Windows\System32\drivers\swenum.sys 505E0C40B5D0ADDCBB414640F59BD2E0
C:\Windows\system32\DRIVERS\SynRMIHID.sys 28B53A25C19184881D98866F93AF71D6
C:\Windows\System32\drivers\Synth3dVsc.sys 32F46FB0F290D16DAA452B289C985795
C:\Windows\System32\drivers\tcpip.sys 172B5A199F917B4BACB38F13BCAA11CB
C:\Windows\System32\drivers\tcpip.sys 172B5A199F917B4BACB38F13BCAA11CB
C:\Windows\System32\drivers\tcpipreg.sys 8DBB1BE20C36E6D19BCC89EEA00B953C
C:\Windows\system32\DRIVERS\tdx.sys 9D2DD64A0B51C56285512DC9454340F6
C:\Windows\System32\drivers\terminpt.sys 06130AFFECEB94525FC2352936576B70
C:\Windows\System32\drivers\tpm.sys 798C8CB861EB09C5AFB77468E5449BBB
C:\Windows\System32\drivers\TsUsbFlt.sys A6F4025664C9D4BC2A9EDAB4092706D7
C:\Windows\System32\drivers\TsUsbGD.sys 37A96AD493E110C0BF1EE0AC0F9E7DBD
C:\Windows\System32\drivers\tunnel.sys 79E264287F17D56D768440B0270466DE
C:\Windows\System32\drivers\uaspstor.sys AA65954F512BA097DD190790876DD991
C:\Windows\System32\Drivers\UcmCx.sys AB6268022C3A5B529075A39C33904DA6
C:\Windows\System32\Drivers\UcmTcpciCx.sys 7ED2EDA43D21C7A5F589A7960E265C52
C:\Windows\System32\drivers\UcmUcsi.sys 169351463039B45F5CDED9768879F712
C:\Windows\System32\drivers\ucx01000.sys 08A9E3AD29B215484FBB68CDC175DF3A
C:\Windows\System32\drivers\udecx.sys DA70AEE267491AA56BC63AA0C0C96CA2
C:\Windows\System32\DRIVERS\udfs.sys FBC5ECF6D5A868D0B116C2DBB02B8168
C:\Windows\System32\drivers\UEFI.sys B918E40FAA9CD118CCA4AD388B748C98
C:\Windows\System32\drivers\ufx01000.sys 0FD75222C1AD2687AB365BEBEA400DD4
C:\Windows\System32\drivers\UfxChipidea.sys C1A78C53E01C641AE41BFA65797819F5
C:\Windows\System32\drivers\ufxsynopsys.sys 767307212110EBEFB93EC9A5BE9E85B9
C:\Windows\System32\drivers\umbus.sys DC460AAA18CA2342FBBFB2DF9B044472
C:\Windows\System32\drivers\umpass.sys C3CF0377917ECE6D65D7623E1E61568F
C:\Windows\System32\drivers\urschipidea.sys 6B46FC140C9AF68E6E7697D66D59CB4D
C:\Windows\System32\drivers\urscx01000.sys B4402E7F0923F660270442CE76877ABE
C:\Windows\System32\drivers\urssynopsys.sys 9DD431F1B94789CFB527E5D19261F124
C:\Windows\System32\drivers\usbccgp.sys C87E32B90F085970D9637FBAD45EF6FE
C:\Windows\System32\drivers\usbcir.sys 0B663856474AC41924D9E9112203858F
C:\Windows\System32\drivers\usbehci.sys F83D2250256203AC5DA5E8601C1AFDD7
C:\Windows\System32\drivers\usbhub.sys 7FFD26742321919590ED77FCA556D65F
C:\Windows\System32\drivers\UsbHub3.sys 7A749B2863B5561BE34B39E8E249AD8F
C:\Windows\System32\drivers\usbohci.sys D2109F1F4FEBF1DAC415CDC5DE876479
C:\Windows\System32\drivers\usbprint.sys 29C9572F2D061CFC3C0BD48A3163E343
C:\Windows\System32\drivers\usbser.sys 429477D6DEF3321FF7D3EF23CAAADA00
C:\Windows\System32\drivers\USBSTOR.SYS 0CC16F7B91C57AE9A4E44425A295FDAA
C:\Windows\System32\drivers\usbuhci.sys C917D09064CDBD18F75ADC9B2C48F847
C:\Windows\System32\drivers\USBXHCI.SYS 95BCCEFBC40D06484CF16144FE79B8A5
C:\Windows\System32\drivers\vdrvroot.sys 0CBDE344FB48E42D78E29469F202ADBC
C:\Windows\System32\drivers\VerifierExt.sys 723195568C8755CAD57F7933C5F2C5C2
C:\Windows\System32\drivers\vhdmp.sys C12B4859FC255AA6B3021CF8BB14A11F
C:\Windows\System32\drivers\vhf.sys 7929228F0E8B0C2FA0495A17A4FC27F6
C:\Windows\System32\drivers\vmbus.sys AEE432ED868831B1F068E373598F6D93
C:\Windows\System32\drivers\VMBusHID.sys 9444B23FC694B5F90F21B0FC7F10D8DD
C:\Windows\System32\drivers\vmgid.sys 4D0287F566B36536DD812A54C015FC4A
C:\Windows\System32\drivers\volmgr.sys 29075915F9BDC3437F8BED71C067D399
C:\Windows\System32\drivers\volmgrx.sys 6BDB6CE6D2D9E3D3F28F1C97E12B62E2
C:\Windows\System32\drivers\volsnap.sys BF2546583BB75F01DDA60A7921DFB230
C:\Windows\System32\drivers\volume.sys AC2E20A74D09D24485BE8396CE04F07B
C:\Windows\System32\drivers\vpci.sys 04BEC879AD7B3FDDD0339B19FECB0160
C:\Windows\System32\drivers\vsmraid.sys FD9BCB8920973CEAD4D49DC7A6D8A618
C:\Windows\System32\drivers\vstxraid.sys 0C111F220798CCE80484026E06822379
C:\Windows\System32\drivers\vwifibus.sys 607639716E9DB1CEF4E18B5B229293B4
C:\Windows\System32\drivers\vwififlt.sys B1ED64E628763148BF84FBE23F2AD711
C:\Windows\System32\drivers\wacompen.sys 55D00B785A7587F4263D125817871283
C:\Windows\System32\DRIVERS\wanarp.sys CEF3D306C09BEC1A800E9B4A06F859F6
C:\Windows\System32\DRIVERS\wanarp.sys CEF3D306C09BEC1A800E9B4A06F859F6
C:\Windows\system32\drivers\wcifs.sys CD24DEEA22152524CCFE859591D12A57
C:\Windows\system32\drivers\wcnfs.sys AEA1093B751339267D8C8C1EF3D669CF
C:\Windows\system32\drivers\WdBoot.sys D520B1B849B6D4D707AB31722B952C2D
C:\Windows\System32\drivers\Wdf01000.sys 5030C76047D756263093A47B82970868
C:\Windows\system32\drivers\WdFilter.sys 29FF9199EDEB4F5470BB134D1A2563D2
C:\Windows\System32\DRIVERS\wdiwifi.sys 373DF27CD5D5E50FFA2A90FEE0C0D994
C:\Windows\System32\Drivers\WdNisDrv.sys 17CF416CFF408190F5A4CBD79AB12E55
C:\Windows\System32\drivers\wfplwfs.sys E1785942AC51FEE6826CDF02075C5AA9
C:\Windows\System32\drivers\wimmount.sys 0CF79A0EACFFBB75A50A469A27696D02
C:\Windows\System32\drivers\WindowsTrustedRT.sys 0DE131733317EB4BE67028366B0CAAC6
C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys 92EB5D38BDF10C790450F3E46BF93A0E
C:\Windows\System32\drivers\winmad.sys F95DE20312ACCA7761446DE152BD1F7C
C:\Windows\System32\drivers\WinUSB.SYS 4EFB346BFDAEEB29316AA52BBB9852B1
C:\Windows\System32\drivers\winverbs.sys 8B9AFF5F08E66A6F1F1063DEC9457FB6
C:\Windows\System32\drivers\wmiacpi.sys 6F4F4F5A007D1710BD76FB311DA97C07
C:\Windows\System32\Drivers\Wof.sys EDADABA8665AB5C51BF59C4E2566BA7E
C:\Windows\System32\drivers\WpdUpFltr.sys 75A9284F01FE7CB1A7D5EAE5C1EB4F33
C:\Windows\system32\drivers\ws2ifsl.sys 36D7B73ADC3E10607ED6EC874AFB5D1E
C:\Windows\System32\drivers\WudfPf.sys AED7FE551E8672B824A56324076183EB
C:\Windows\System32\drivers\WudfRd.sys CEFAB17FD7DFCFA515626C306262E89D
C:\Windows\System32\drivers\xboxgip.sys 59335CEA021FB89E07AD5DB5D17F09D0
C:\Windows\System32\drivers\xinputhid.sys 864F4209B03BE4267DDE09B067A165CA
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-17 12:18 - 2017-01-17 12:19 - 00035573 _____ C:\Users\clintcrisher\Downloads\FRST.txt
2017-01-17 12:18 - 2017-01-17 12:18 - 00000000 ____D C:\FRST
2017-01-17 12:17 - 2017-01-17 12:17 - 02419200 _____ (Farbar) C:\Users\clintcrisher\Downloads\FRST64.exe
2017-01-17 03:29 - 2017-01-17 03:29 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-17 03:03 - 2017-01-17 03:03 - 00000000 ____D C:\Users\clintcrisher\AppData\Roaming\vlc
2017-01-17 03:02 - 2017-01-17 03:02 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2017-01-17 03:01 - 2017-01-17 03:02 - 30533688 _____ C:\Users\clintcrisher\Downloads\vlc-2.2.4-win32.exe
2017-01-17 02:53 - 2017-01-17 02:53 - 01381582 _____ (Igor Pavlov) C:\Users\clintcrisher\Downloads\7z1604-x64.exe
2017-01-17 02:53 - 2017-01-17 02:53 - 00000000 ____D C:\Program Files\7-Zip
2017-01-17 02:12 - 2017-01-17 11:00 - 00000000 __SHD C:\Users\clintcrisher\IntelGraphicsProfiles
2017-01-17 01:53 - 2017-01-17 01:53 - 00000000 ____D C:\Users\clintcrisher\AppData\Roaming\LockHunter
2017-01-17 01:53 - 2017-01-17 01:53 - 00000000 ____D C:\Program Files\LockHunter
2017-01-17 01:46 - 2017-01-17 11:01 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-01-17 01:46 - 2017-01-17 01:46 - 00001809 _____ C:\Users\clintcrisher\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-01-17 01:46 - 2017-01-17 01:46 - 00000000 ____D C:\Users\clintcrisher\AppData\Roaming\SUPERAntiSpyware.com
2017-01-17 01:46 - 2017-01-17 01:46 - 00000000 ____D C:\Users\clintcrisher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-01-17 01:30 - 2017-01-17 01:30 - 00000000 ____D C:\Users\clintcrisher\AppData\Roaming\Macromedia
2017-01-17 01:29 - 2017-01-17 01:29 - 00000000 ____D C:\Users\clintcrisher\AppData\Roaming\Adobe
2017-01-17 00:52 - 2017-01-17 01:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-17 00:52 - 2017-01-17 00:52 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-01-17 00:38 - 2017-01-17 00:38 - 00000000 ____D C:\Windows\system32\RTCOM
2017-01-17 00:38 - 2017-01-17 00:38 - 00000000 ____D C:\Program Files\Waves
2017-01-17 00:38 - 2017-01-17 00:38 - 00000000 ____D C:\Program Files (x86)\Realtek
2017-01-17 00:37 - 2017-01-17 00:37 - 00003218 _____ C:\Windows\System32\Tasks\RtHDVBg_PushButton
2017-01-17 00:37 - 2017-01-17 00:37 - 00000000 ____D C:\Windows\system32\SRSLabs
2017-01-17 00:36 - 2017-01-17 00:38 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2017-01-17 00:36 - 2017-01-17 00:36 - 00000000 ____D C:\Program Files\Realtek
2017-01-17 00:35 - 2017-01-17 12:14 - 00001606 _____ C:\Users\clintcrisher\Desktop\dragon.exe - Shortcut.lnk
2017-01-16 22:54 - 2017-01-16 22:54 - 00028208 _____ (G DATA Software) C:\Windows\system32\Drivers\GdPhyMem.sys
2017-01-16 21:13 - 2017-01-16 21:13 - 00116296 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2017-01-16 21:03 - 2017-01-16 21:03 - 00037400 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBB64.sys
2017-01-16 21:03 - 2017-01-16 21:03 - 00030280 _____ (G DATA Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys
2017-01-16 21:03 - 2017-01-16 21:03 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_GDKBFlt64_01007.Wdf
2017-01-16 21:03 - 2017-01-16 21:03 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_GDKBB64_01007.Wdf
2017-01-16 21:02 - 2017-01-16 21:02 - 00105544 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2017-01-16 21:02 - 2017-01-16 21:02 - 00077384 _____ (G DATA Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2017-01-16 21:01 - 2017-01-16 21:04 - 00153160 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2017-01-16 21:01 - 2017-01-16 21:01 - 00274400 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2017-01-16 21:01 - 2017-01-16 21:01 - 00180808 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2017-01-16 20:59 - 2017-01-16 20:59 - 00000000 ____D C:\Program Files (x86)\G DATA
2017-01-16 20:37 - 2017-01-16 20:37 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2017-01-16 20:37 - 2017-01-16 20:37 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2017-01-16 20:37 - 2017-01-16 20:37 - 00000000 ____D C:\Program Files (x86)\Comodo
2017-01-16 20:31 - 2017-01-17 03:14 - 00001536 _____ C:\Users\clintcrisher\Desktop\iexplore - Shortcut.lnk
2017-01-16 20:22 - 2017-01-16 20:22 - 00000000 ____D C:\Program Files\Synaptics
2017-01-16 20:21 - 2017-01-17 11:00 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-16 20:21 - 2017-01-16 20:21 - 00000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-01-16 20:21 - 2017-01-16 20:21 - 00000000 ____D C:\Program Files\Intel
2017-01-16 20:21 - 2017-01-16 20:21 - 00000000 ____D C:\Program Files (x86)\Intel
2017-01-16 20:21 - 2017-01-16 20:21 - 00000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
2017-01-16 20:21 - 2016-06-07 10:17 - 00103960 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2017-01-16 20:21 - 2016-06-07 10:17 - 00099864 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2017-01-16 20:17 - 2017-01-16 20:17 - 00003304 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-16 20:14 - 2017-01-16 23:26 - 00000000 ___RD C:\Users\clintcrisher\OneDrive
2017-01-16 20:07 - 2017-01-17 02:12 - 00000000 ____D C:\Users\clintcrisher
2017-01-16 20:07 - 2017-01-16 20:07 - 00000020 ___SH C:\Users\clintcrisher\ntuser.ini
2017-01-16 19:58 - 2017-01-17 11:04 - 00933748 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-16 19:56 - 2016-07-16 03:41 - 02716672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2017-01-16 19:45 - 2017-01-17 10:59 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-16 19:44 - 2017-01-17 10:59 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-01-16 19:44 - 2017-01-17 03:30 - 00332264 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-16 19:44 - 2017-01-16 19:44 - 00000000 ____D C:\Windows\ServiceProfiles
2017-01-16 19:43 - 2017-01-16 19:51 - 00000000 ____D C:\Windows\Panther
 
==================== Three Months Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-17 12:16 - 2016-07-16 03:36 - 00000000 ____D C:\Windows\CbsTemp
2017-01-17 03:29 - 2016-07-15 22:04 - 00262144 _____ C:\Windows\system32\config\BBI
2017-01-17 03:04 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\appcompat
2017-01-17 01:07 - 2016-07-16 03:45 - 00000000 ____D C:\Windows\INF
2017-01-17 00:52 - 2016-07-16 03:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-01-16 23:02 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-16 23:01 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\AppReadiness
2017-01-16 22:51 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\system32\NDF
2017-01-16 21:05 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\system32\spool
2017-01-16 21:05 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\system32\setup
2017-01-16 21:05 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-01-16 21:01 - 2016-07-16 03:47 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-01-16 20:30 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\rescache
2017-01-16 20:07 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\system32\WinBioDatabase
2017-01-16 19:49 - 2016-07-15 22:04 - 00000000 ____D C:\Windows\system32\Sysprep
2017-01-16 19:47 - 2016-07-16 03:47 - 00000000 ___RD C:\Windows\PrintDialog
2017-01-16 19:47 - 2016-07-16 03:47 - 00000000 ___RD C:\Windows\MiracastView
2017-01-16 19:47 - 2016-07-16 03:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-01-16 19:46 - 2016-07-15 22:04 - 00032768 _____ C:\Windows\system32\config\ELAM
2017-01-16 19:43 - 2016-07-16 03:47 - 00028672 _____ C:\Windows\system32\config\BCD-Template
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {173fa4c3-dc67-11e6-8e71-b86b817b81f4}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 60
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 10
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {173fa4c5-dc67-11e6-8e71-b86b817b81f4}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \Windows
resumeobject            {173fa4c3-dc67-11e6-8e71-b86b817b81f4}
nx                      OptOut
bootmenupolicy          Standard
 
Windows Boot Loader
-------------------
identifier              {173fa4c5-dc67-11e6-8e71-b86b817b81f4}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{173fa4c6-dc67-11e6-8e71-b86b817b81f4}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{173fa4c6-dc67-11e6-8e71-b86b817b81f4}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {173fa4c3-dc67-11e6-8e71-b86b817b81f4}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {173fa4c5-dc67-11e6-8e71-b86b817b81f4}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 No
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Local
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {173fa4c6-dc67-11e6-8e71-b86b817b81f4}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
LastRegBack: 2017-01-16 19:44
 
==================== End of FRST.txt ============================

Attached Files


Music Is The Reason,

Clint Crisher
Los Angeles, CA

BC AdBot (Login to Remove)

 


#2 Cli7nt

Cli7nt
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:07:33 AM

Posted 18 January 2017 - 02:29 AM

I ran DDS for more info to help figure out what's going on.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.14393.0
Run by clintcrisher at 22:53:07 on 2017-01-17
Microsoft Windows 10 Home  10.0.14393.0.1252.1.1033.18.4006.2204 [GMT -8:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup
C:\Windows\system32\sihost.exe
C:\Windows\system32\taskhostw.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uLocal Page = %11%\blank.htm
uProxyOverride = <local>
uRun: [OneDrive] "C:\Users\clintcrisher\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - 
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - 
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{364d1edd-674c-421b-be7f-8c262780056c} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{364d1edd-674c-421b-be7f-8c262780056c} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - 
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - 
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - 
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - 
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages =  ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\windows.storage.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - 
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - 
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg_MAXX6] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX6
x64-Run: [WavesSvc] "c:\Program Files\Waves\MaxxAudio\WavesSvc64.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - 
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - 
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - 
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned>
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 GDBehave;GDBehave;C:\Windows\System32\drivers\GDBehave.sys [2017-1-16 180808]
R0 intelpep;Intel® Power Engine Plug-in Driver;C:\Windows\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\Windows\System32\drivers\iorate.sys [2016-7-16 45920]
R0 volume;Volume driver;C:\Windows\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\Windows\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\Windows\System32\drivers\wof.sys [2016-7-16 198496]
R1 ahcache;Application Compatibility Cache;C:\Windows\System32\drivers\ahcache.sys [2016-7-16 227328]
R1 FileCrypt;FileCrypt;C:\Windows\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GDMnIcpt;GDMnIcpt;C:\Windows\System32\drivers\MiniIcpt.sys [2017-1-16 274400]
R1 gdwfpcd;G Data WFP CD;C:\Windows\System32\drivers\gdwfpcd64.sys [2017-1-16 77384]
R1 GpuEnergyDrv;GPU Energy Driver;C:\Windows\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R1 GRD;G Data Rootkit Detector Driver;C:\Windows\System32\drivers\GRD.sys [2017-1-16 116296]
R1 HookCentre;HookCentre;C:\Windows\System32\drivers\HookCentre.sys [2017-1-16 153160]
R2 AVKProxy;G DATA ANTIVIRUS Proxy;C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2016-10-5 4950632]
R2 CDPUserSvc_21f95;CDPUserSvc_21f95;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\Windows\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\Windows\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 OneSyncSvc_21f95;Sync Host_21f95;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 storqosflt;Storage QoS Filter Driver;C:\Windows\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 UserManager;User Manager;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\Windows\System32\drivers\wcifs.sys [2016-7-16 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\Windows\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 DellRbtn;Airplane Mode Switch;C:\Windows\System32\drivers\DellRbtn.sys [2015-5-8 19440]
R3 GDKBB;G Data GDKBB Driver;C:\Windows\System32\drivers\GDKBB64.sys [2017-1-16 37400]
R3 GDKBFlt;G Data GDKBFlt Driver;C:\Windows\System32\drivers\GDKBFlt64.sys [2017-1-16 30280]
R3 GDScan;G DATA Scanner;C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [2016-9-26 822600]
R3 iaLPSSi_I2C;Intel® Serial IO I2C Controller Driver;C:\Windows\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
R3 lfsvc;Geolocation Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\Windows\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 rt640x64;Realtek RT640 NT Driver;C:\Windows\System32\drivers\rt640x64.sys [2016-7-16 589824]
R3 SynRMIHID;Synaptics HID Service;C:\Windows\System32\drivers\SynRMIHID.sys [2015-6-11 57032]
R3 TimeBrokerSvc;Time Broker;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S0 GDElam;GDElam;C:\Windows\System32\drivers\gdelam.sys [2016-4-21 117904]
S2 AVKService;G DATA Scheduler;"C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe" --> C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe [?]
S2 AVKWCtl;G DATA file system monitor;"C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe" --> C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe [?]
S2 CDPSvc;Connected Devices Platform Service;C:\Windows\System32\svchost.exe -k LocalService [2016-7-16 44496]
S2 DoSvc;Delivery Optimization;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S2 GDBackupSvc;G DATA Backup Service;"C:\Program Files (x86)\G DATA\InternetSecurity\AVKBackup\AVKBackupService.exe" --> C:\Program Files (x86)\G DATA\InternetSecurity\AVKBackup\AVKBackupService.exe [?]
S2 MapsBroker;Downloaded Maps Manager;C:\Windows\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S2 RtkAudioService;Realtek Audio Service;"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe" --> C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [?]
S2 tiledatamodelsvc;Tile Data model server;C:\Windows\System32\svchost.exe -k appmodel [2016-7-16 44496]
S2 WavesSysSvc;Waves Audio Services;c:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe --> c:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [?]
S3 AcpiDev;ACPI Devices driver;C:\Windows\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\Windows\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\Windows\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\Windows\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\Windows\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 bcmfn;bcmfn Service;C:\Windows\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\Windows\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 buttonconverter;Service for Portable Device Control devices;C:\Windows\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\Windows\System32\drivers\capimg.sys [2016-7-16 117248]
S3 cht4iscsi;cht4iscsi;C:\Windows\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\Windows\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClipSVC;Client License Service (ClipSVC);C:\Windows\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 DcpSvc;DataCollectionPublishingService;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 diagnosticshub.standardcollector.service;Microsoft ® Diagnostics Hub Standard Collector Service;C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DsSvc;Data Sharing Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\Windows\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\Windows\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 GDFwSvc;G DATA Personal Firewall;"C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe" --> C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe [?]
S3 GDPkIcpt;GDPkIcpt;C:\Windows\System32\drivers\PktIcpt.sys [2017-1-16 105544]
S3 genericusbfn;Generic USB Function Class;C:\Windows\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\Windows\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\Windows\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel® Serial IO I2C Host Controller;C:\Windows\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel® Serial IO GPIO Driver v2;C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel® Serial IO I2C Driver v2;C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel® Serial IO GPIO Controller Driver;C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaStorAV;Intel® SATA RAID Controller Windows;C:\Windows\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\Windows\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\Windows\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2016-5-12 481768]
S3 LicenseManager;Windows License Manager Service;C:\Windows\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 LSI_SAS2i;LSI_SAS2i;C:\Windows\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\Windows\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2017-1-17 250816]
S3 MessagingService_21f95;MessagingService_21f95;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\Windows\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 ndfltr;NetworkDirect Service;C:\Windows\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\Windows\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\Windows\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\Windows\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\Windows\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 PimIndexMaintenanceSvc_21f95;Contact Data_21f95;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\Windows\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 RTSUER;Realtek USB Card Reader - UER;C:\Windows\System32\drivers\RtsUer.sys [2015-8-5 412400]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\Windows\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\Windows\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 SensorDataService;Sensor Data Service;C:\Windows\System32\SensorDataService.exe [2016-7-16 1312768]
S3 SensorService;Sensor Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\Windows\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\Windows\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 StateRepository;State Repository Service;C:\Windows\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\Windows\System32\drivers\stornvme.sys [2016-7-16 82784]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\Windows\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\Windows\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\Windows\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\Windows\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\Windows\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\Windows\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\Windows\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\Windows\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\Windows\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\Windows\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UnistoreSvc_21f95;User Data Storage_21f95;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\Windows\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\Windows\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\Windows\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 UserDataSvc_21f95;User Data Access_21f95;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 USR_Find_Handle;USR_Find_Handle;C:\Program Files\LockHunter\USRFindHandle64.sys [2017-1-17 14936]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\Windows\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\Windows\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 WalletService;WalletService;C:\Windows\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\Windows\System32\drivers\WdiWiFi.sys [2016-7-16 719360]
S3 WdNisDrv;WdNisDrv;C:\Windows\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;WdNisSvc;"C:\Program Files\Windows Defender\NisSrv.exe" --> C:\Program Files\Windows Defender\NisSrv.exe [?]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\Windows\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\Windows\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\Windows\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 WpnUserService_21f95;Windows Push Notifications User Service_21f95;C:\Windows\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 XblAuthManager;Xbox Live Auth Manager;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\Windows\System32\drivers\xboxgip.sys [2016-7-16 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\Windows\System32\drivers\xinputhid.sys [2016-7-16 43520]
S4 BthHFSrv;Bluetooth Handsfree Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S4 ClickToRunSvc;Microsoft Office Click-to-Run Service;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [2017-1-17 3699904]
S4 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2016-9-29 2272904]
S4 HvHost;HV Host Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S4 icssvc;Windows Mobile Hotspot Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S4 NcbService;Network Connection Broker;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S4 shpamsvc;Shared PC Account Manager;C:\Windows\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\Windows\System32\svchost.exe -k LocalService [2016-7-16 44496]
S4 vmicguestinterface;Hyper-V Guest Service Interface;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S4 vmicvmsession;Hyper-V PowerShell Direct Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
.
=============== Created Last 30 ================
.
2017-01-18 06:19:41 -------- d-----w- C:\Users\clintcrisher\AppData\Local\Comodo
2017-01-18 06:19:40 -------- d-----w- C:\Users\clintcrisher\AppData\Local\Chromium
2017-01-18 06:18:54 -------- d-sh--w- C:\$RECYCLE.BIN
2017-01-18 06:14:40 407552 -c----w- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_0x50000011_8e63392c416a62183fa77daecd05df8af608f8a_00000000_cab_03a85a45\msadox.dll
2017-01-18 06:14:38 1225728 -c----w- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_0x50000011_a6cc5958cade59fb3c1972f379f694905c5c707c_00000000_cab_03a852f2\msado15.dll
2017-01-18 06:13:54 -------- d-sh--w- C:\found.000
2017-01-18 06:00:51 24800 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2017-01-18 04:39:52 -------- d-----w- C:\ProgramData\USOShared
2017-01-18 04:39:52 -------- d-----w- C:\ProgramData\USOPrivate
2017-01-18 04:35:54 -------- d-----w- C:\Users\clintcrisher\AppData\Local\MicrosoftEdge
2017-01-18 04:35:26 -------- d-----w- C:\Users\clintcrisher\AppData\Local\ElevatedDiagnostics
2017-01-18 04:33:50 -------- d-----w- C:\Users\clintcrisher\AppData\Local\VirtualStore
2017-01-18 04:33:49 -------- d-----w- C:\Users\clintcrisher\AppData\Local\Packages
2017-01-18 04:32:17 -------- d-----w- C:\Users\clintcrisher\AppData\Local\Microsoft
2017-01-18 04:32:17 -------- d-----w- C:\Users\clintcrisher\AppData\Local\ConnectedDevicesPlatform
2017-01-18 04:32:17 -------- d-----w- C:\Users\clintcrisher\AppData
2017-01-18 04:31:54 -------- d-----w- C:\ProgramData\G Data
2017-01-18 04:31:52 -------- d-----w- C:\ProgramData
2017-01-18 01:05:22 -------- d---a-w- C:\Program Files (x86)\Common Files\PKWARE
2017-01-18 00:24:58 250816 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2017-01-17 20:18:13 -------- d-----w- C:\FRST
2017-01-17 09:53:10 -------- d---a-w- C:\Program Files\LockHunter
2017-01-17 08:38:45 -------- d-----w- C:\Windows\System32\RTCOM
2017-01-17 08:37:01 -------- d-----w- C:\Windows\System32\SRSLabs
2017-01-17 08:36:56 -------- d-----w- C:\Windows\SysWow64\RTCOM
2017-01-17 06:54:40 28208 ----a-w- C:\Windows\System32\drivers\GdPhyMem.sys
2017-01-17 05:13:08 116296 ----a-w- C:\Windows\System32\drivers\GRD.sys
2017-01-17 05:03:22 37400 ----a-w- C:\Windows\System32\drivers\GDKBB64.sys
2017-01-17 05:03:19 30280 ----a-w- C:\Windows\System32\drivers\GDKBFlt64.sys
2017-01-17 05:02:54 77384 ----a-w- C:\Windows\System32\drivers\gdwfpcd64.sys
2017-01-17 05:02:01 105544 ----a-w- C:\Windows\System32\drivers\PktIcpt.sys
2017-01-17 05:01:54 274400 ----a-w- C:\Windows\System32\drivers\MiniIcpt.sys
2017-01-17 05:01:54 180808 ----a-w- C:\Windows\System32\drivers\GDBehave.sys
2017-01-17 05:01:54 153160 ----a-w- C:\Windows\System32\drivers\HookCentre.sys
2017-01-17 04:58:50 -------- d-----w- C:\Program Files (x86)\Common Files\G Data
2017-01-17 04:37:31 -------- d-----w- C:\Program Files (x86)\Comodo
2017-01-17 04:37:09 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2017-01-17 04:37:09 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2017-01-17 04:21:49 99864 ----a-w- C:\Windows\System32\OpenCL.DLL
2017-01-17 04:21:49 103960 ----a-w- C:\Windows\SysWow64\OpenCL.DLL
2017-01-17 04:21:33 200 ----a-w- C:\Windows\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-01-17 04:21:33 180 ----a-w- C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-17 04:21:32 0 ----a-w- C:\Windows\System32\GfxValDisplayLog.bin
2017-01-17 04:21:15 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2017-01-17 04:14:14 -------- d-----r- C:\Users\clintcrisher\OneDrive
2017-01-17 04:08:28 -------- d-----r- C:\Users\clintcrisher\Contacts
2017-01-17 04:07:42 -------- d-----r- C:\Users\clintcrisher\Videos
2017-01-17 04:07:42 -------- d-----r- C:\Users\clintcrisher\Pictures
2017-01-17 04:07:42 -------- d-----r- C:\Users\clintcrisher\Music
2017-01-17 04:07:42 -------- d-----r- C:\Users\clintcrisher\Downloads
2017-01-17 04:07:42 -------- d-----r- C:\Users\clintcrisher\Documents
2017-01-17 03:58:52 -------- d-----w- C:\Windows\System32\wbem\Performance
2017-01-17 03:56:59 2716672 ----a-w- C:\Windows\SysWow64\PrintConfig.dll
2017-01-17 03:54:52 -------- d-----w- C:\Windows\System32\wbem\MOF\good
2017-01-17 03:54:52 -------- d-----w- C:\Windows\System32\wbem\MOF\bad
2017-01-17 03:54:35 -------- d-sh--w- C:\Recovery
2017-01-17 03:45:57 -------- d-----w- C:\Windows\System32\wbem\MOF
2017-01-17 03:44:23 -------- d-----w- C:\Windows\ServiceProfiles
2017-01-17 03:44:22 -------- d-----w- C:\Windows\System32\SleepStudy
2017-01-17 03:44:20 -------- d-s---w- C:\Windows\System32\Microsoft
2017-01-17 03:43:34 -------- d-----w- C:\Windows\Panther
2016-12-28 11:39:40 395464 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2016-12-28 11:37:04 209096 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2016-12-28 11:32:26 29376 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2016-12-28 04:07:38 1274456 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pidgenx.dll

Music Is The Reason,

Clint Crisher
Los Angeles, CA

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,731 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:33 AM

Posted 22 January 2017 - 06:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/637664 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Cli7nt

Cli7nt
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:07:33 AM

Posted 24 January 2017 - 05:55 AM

The threat is running on my 64-bit version of Windows 10, and it relies on HTTPS and RSA encryption to communicate with its command and control (C&C) server. Known as COMpfun it injects itself into processes running by hijacking legitimate COM objects.
Each object has a unique CLSID and these IDs are already assigned to two Microsoft libraries that are used by several applications, including my browser and by defining objects with the same CLSIDs, the originals are replaced with the new ones. 

Attached Files


Music Is The Reason,

Clint Crisher
Los Angeles, CA

#5 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,766 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:33 PM

Posted 26 January 2017 - 10:48 AM

Hi , :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process and so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest you any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
  •  

    Please download Malwarebytes Anti-Malware and save it to your desktop.
    • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
    • Double-click on the renamed file to install, then follow these instructions
    • for doing a Quick Scan in normal mode.
    • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
    • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues
    Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • After completing the scan, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab .
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.
    Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    -- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#6 Cli7nt

Cli7nt
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:07:33 AM

Posted 29 January 2017 - 12:34 PM

Sorry but i have tried several times to run mb and can't get the scan to happen. any other options?


Music Is The Reason,

Clint Crisher
Los Angeles, CA

#7 Cli7nt

Cli7nt
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:07:33 AM

Posted 29 January 2017 - 12:36 PM

This was in a text doc called exclusions.txt
 
00A7CF3BAAE095DBFBE458264E5AA649
02B0C359F6F66575B8EC10A7002A7EF1
034CCADC1C073E4216E9466B720F9849
03E0A0812CDD2AD7261EAF533F7761F6
03FCFBE2C8E71C60F1BC34EB91D07F99
046A78D20889A0B96B84646B2E59729F
04E69D16137C2EB4AC353BE3F9EAA1A6
0A903F975BF30F70C36315A3D92A051B
0BF90B3A9F703F23A6AD342B5BC01B26
0CD4882A36D15DAD767E9D77297289CC
0D97759E5A6ABBA62E536D9D3585F04B
0FCF9F3D9518B90FB58CC950FA33998C
12F83B690D2D67F948186A655DC22528
158DD7391F408FA1F38685F4EA237455
1628E2212724449B8ED5E4773919B139
1CDF331C2ED30014F81A6B29ECE49A7D
1D3774C99A21F023E50F78A11AEC855D
20B61524A5A8837DEEC364D03654EA75
2162D735507A707E512F5725FFB67C3B
2252290BC44BEAD16AA1BF89948472E8
23683D629CEA2FC630C790BB18FB99C0
26A414A2B7FC8AA5475CADB1189F1D02
289A45C59B6481D0ADAEBEE52C7C08E8
29D9E417ABC7FF2ACADF7111928F02E4
2EBF305C037A028D23B54E901A77FC76
2FAFB224F30F7F9C718767EDD6018240
319B1108E328EDFD5002AB4544E59F43
324255A4DEAD441DA3876C055FED22B1
3613076AC79608EF1EA26C9193597DAC
37651F52CCD3E7DFCAC9747F1F5506BA
37666EB6150CF070FA5211D523EDB2DF
37945433C7B7D743B863C54A8CB18DEE
3BC2A3CCDE0CD62B8C8E05683283A25C
3EB1530ECB70951FBF12DBFCF5B6CE3B
3F39234D73C420642275B7DC0B1E981C
4246B1662DDEE1DF479B99161C46F4FC
43DFEB90B3537EA613A1EA823091AA24
4896A40C1EB3BF77D726854E4851A086
4AA31094E87BDF320E9DDFE0AA6ECC76
4E4682F1E7A6B6846E0F99612FC41D06
4EE24C7FD67B098431C951DB7686BD19
4F9C97AD03B3CF13EB4C519CED9A12BB
50754352847B5E71E11ABF4D30407148
53560C9205CD9A362F10CDDAD91BF7BD
535C0EA5CF6FF5105F6D297FADF160E1
5396A1EF484F7102A1B708B4AC529913
55293D6D1DB05E4800F2B62407D61DD7
55ED4864C1D3F6357D9FAFCB4CA09FA8
5782294B0D5B4436EB1E2435C587FC1C
57BF209A6EE8A9512D4E1A36DFA367EB
5E1085CBCF2C80C31CC4EC059C1AC8B3
5F17AFF764132A9B74C07704E4C177A7
6013B3F1FEA8ED5FEF3194B63A486FB4
61DD816FA1B04FA5AAA5A78A287DFA8E
62700FECE4F259431CBA8250B6500C24
65133DA829359A4E4079D965D05BA5BF
65ADDEAC93565EE7C20309E591463006
681343E00D266C5F811320FCA9054370
68FCEB727572063A0336ACFB449AFBD4
6B912966E17C324FF6B37F647FFF4CF5
6FF1259AB056E29564406A4C07A47403
7316EAA172DE588080F19387813829E7
75A3E359FBBCC3F88A8775D95ACB9E26
76AA78F96108AAA7BFDA1542C5550984
76CDC6433506FAA8D0D7A95A3798C6BD
77D4C7979D0D5D82FA58E669808476C4
7B298EFA16AC68E6E9BB02C8D34B9114
826E5391047A722101D48870DE03374B
839C447BAC2FD43C2DCC2E32B7904D13
8643B277423F05B8A34775E93B8B7ABC
866141918B06220D456284430B9A6B5C
87388AD2BDA1A2B37CC7396125E4965B
8839166DCDD9F264639A0946B3D4378B
884C8A04A6B075B5E794710644A703C6
8A14C7DDFC299934ACAB1F4F8BFB8E9E
938AD48B215D52565829B7A163045D5E
9496AC83CA3496984B562932A814A237
95C8BFE19202785B2AA1A73BA014911B
97776CFD9C89D06B57BD624FFF690002
97F9399DD616DF9A2B54A05B2859DBE6
9B9A3CC9D0DBC66C129960A55256DD27
9D8274B19C6F4B3E21E12DE6E378F462
9EA1947855C8A6F1AE1CF3D2E07AF238
9F4BC88598BC55A5603137E2A9602B11
9F7A1813A801D286EC3191FD53B428B8
9FEF04A50F79295C036CF000B0366EF8
A062AB670FFBE6E69C9F6F0E574CA4A5
A53761C54221EECEA9421AECD225F9D5
A7C34601340F9ED6CB2CECA7A34B4BF2
AAA404400F755D066E74A792D221500C
ADB48BF471D66FC349D2893813FD998A
AE0C754DDE736308D29E791760B0CB6E
AFFD149999E57E41A876C47F1AC9AC87
B44C0B2AEEB3334C780A9725DC945EA6
B4688EDAB86010BD1996F0B25DFD97A9
B8C997E772BE343E1664FEE14C1FB9B7
BA87291DEA637E2F1830AFD92530DE32
BE8981EEB84FD419661C6A441568750C
BE9F5E3DC4539B71B1858AC66C81F789
BF3F290275C21BDD3951955C9C3CF32C
BFDE31D521AC2796BA2D75D1F7086F08
C0CFA6F0289AF556EF6C34E37FE61569
C2D2C87649E0315B4356B51498882B37
C6D7D3A24AFF72FE4621BA026B098FAB
C6EB5353BCA864D949FEEB50810860DF
CB3638541DCAC86EE17FA8258202E20E
D0610098E4BD2BB8BB75BCC02B9FDC6F
D3AD181D94CDEBF7FD85BF8399B22E21
D4E1305A4BD1FAD809C450DEBBD4F515
D736D938B0059F61CDABE02E7676CAA2
D79108C6128A2C93E42A77F88C2F6D16
D9BF61FE2AADDE81475F13E9819124C1
DB6754154DF5E60E19BEA04DBB6774BC
DBF5468C0630C890D344BBBC89DAC9D4
DC4417AF85AAA8008E2A07741F4CAA61
DCBB15DFBC08046AF8D10A1135FFA423
DD7B83919ED3F5C6CF4C343A79D6E7BC
E511F8508F13FA0C9F99B0C527DDF89B
E643900BB6FC3D452CAB0B9ADB28418C
E9A9367D47B9065701E7C99E4CFCB36A
EB9D5656688B51ABC5CBA1E6CA8E0CFC
EE60596A12B7FB9E69FD0D55C28BC875
F07B83D22A9F2784272C27AE4F1F50BA
F195807A46C284971D8395C61328AB7D
F4A75777861DF84C3068513358D464A1
F65BC9B3BE62DACD657C8BDB1CA14224
F675F4ED4364D11C4CB967F1B4C238EB
F7515F67CB096DC981AE91221A7C67E6
F78940628EB76AB6E654C19EE33F2F89
F7CB4D481C03004496EFEA76120EC85E
F9388BFB46D2A30A965EED6B5A62A7A6
FAEB00C5A6CCF790652CB591303DABDE
FFE48CD06F760596EC6C98460819EE34
C5C785497A57FC48AB3D11245B90ED09
0575f6feee5e04017d6d38440e144cbf
BCCA302522B7E247DD128A78D9B20F94
d022df5629eba1fda393e19dc9125d39
E2DAF5C1532187F67F067F0342B74B9B
f5dc2ae9b6eff70c6d1a7377ed658049
1C5B6815372D0D0EBA9CE18EC2FA9D73

Edited by Cli7nt, 29 January 2017 - 01:58 PM.

Music Is The Reason,

Clint Crisher
Los Angeles, CA

#8 Cli7nt

Cli7nt
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:07:33 AM

Posted 29 January 2017 - 12:38 PM

log file attached as well

Attached Files


Edited by Cli7nt, 29 January 2017 - 12:38 PM.

Music Is The Reason,

Clint Crisher
Los Angeles, CA

#9 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,766 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:33 PM

Posted 29 January 2017 - 11:26 PM

What happens when you try to run MBAM?

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#10 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,766 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:33 PM

Posted 02 February 2017 - 11:38 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users