Security Check
Results of screen317's Security Check version 1.014 --- 12/23/15
x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Google Chrome (61.0.3163.79)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
Windows Defender MSASCuiL.exe
Intel Intel® Online Connect Access LegacyCsLoaderService.exe
Intel Intel® Online Connect Access IntelTechnologyAccessService.exe
Intel Intel® Online Connect ioc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FSS
Farbar Service Scanner Version: 27-01-2016
Ran by James (administrator) on 16-01-2018 at 09:41:41
Running from "D:\Users\James\Downloads"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Policy:
========================
Security Center:
============
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
MiniToolBox
MiniToolBox by Farbar Version: 17-06-2016
Ran by James (administrator) on 16-01-2018 at 09:43:05
Running from "D:\Users\James\Downloads"
Microsoft Windows 10 Home (X64)
Model: N85_N87,HJ,HJ1,HK1 Manufacturer: Notebook
Boot Mode: Normal
***************************************************************************
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
========================= IP Configuration: ================================
Intel® Dual Band Wireless-AC 3168 = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Anchorfree HSS VPN Adapter = Ethernet 2 (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : ADMINRG-V5M64LG
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 80-FA-5B-48-38-30
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 10-F0-05-BF-26-34
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 3168
Physical Address. . . . . . . . . : 5A-AE-4C-61-2E-26
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dc38:8ca3:5d4d:341b%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, January 16, 2018 9:33:06 AM
Lease Expires . . . . . . . . . . : Tuesday, January 16, 2018 11:33:06 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 224046668
DHCPv6 Client DUID. . . . . . . . : 00-03-00-01-5A-AE-4C-61-2E-26
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Ethernet 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Anchorfree HSS VPN Adapter
Physical Address. . . . . . . . . : 00-FF-7D-10-53-58
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 10-F0-05-BF-26-37
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 12:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:10db:3f4f:89bc:c19e(Preferred)
Link-local IPv6 Address . . . . . : fe80::10db:3f4f:89bc:c19e%8(Preferred)
Default Gateway . . . . . . . . . : ::
DHCPv6 IAID . . . . . . . . . . . : 134217728
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-27-F6-92-80-FA-5B-48-38-30
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{B32B367D-1158-4539-9593-12A4DE031B4B}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.0.1
Name: google.com
Addresses: 2404:6800:4006:807::200e
172.217.25.174
Pinging google.com [172.217.25.174] with 32 bytes of data:
Reply from 172.217.25.174: bytes=32 time=615ms TTL=56
Reply from 172.217.25.174: bytes=32 time=575ms TTL=56
Ping statistics for 172.217.25.174:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 575ms, Maximum = 615ms, Average = 595ms
Server: UnKnown
Address: 192.168.0.1
Name: yahoo.com
Addresses: 2001:4998:58:2201::73
2001:4998:c:e33::53
2001:4998:44:204::100d
206.190.39.42
98.138.252.38
98.139.180.180
Pinging yahoo.com [206.190.39.42] with 32 bytes of data:
Reply from 206.190.39.42: bytes=32 time=822ms TTL=49
Reply from 206.190.39.42: bytes=32 time=767ms TTL=49
Ping statistics for 206.190.39.42:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 767ms, Maximum = 822ms, Average = 794ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
18...80 fa 5b 48 38 30 ......Realtek PCIe GBE Family Controller
19...10 f0 05 bf 26 34 ......Microsoft Wi-Fi Direct Virtual Adapter
13...5a ae 4c 61 2e 26 ......Intel® Dual Band Wireless-AC 3168
7...00 ff 7d 10 53 58 ......Anchorfree HSS VPN Adapter
11...10 f0 05 bf 26 37 ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
8...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
10...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.100 50
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.0.0 255.255.255.0 On-link 192.168.0.100 306
192.168.0.100 255.255.255.255 On-link 192.168.0.100 306
192.168.0.255 255.255.255.255 On-link 192.168.0.100 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.0.100 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.0.100 306
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
8 331 ::/0 On-link
1 331 ::1/128 On-link
8 331 2001::/32 On-link
8 331 2001:0:9d38:6abd:10db:3f4f:89bc:c19e/128
On-link
13 306 fe80::/64 On-link
8 331 fe80::/64 On-link
8 331 fe80::10db:3f4f:89bc:c19e/128
On-link
13 306 fe80::dc38:8ca3:5d4d:341b/128
On-link
1 331 ff00::/8 On-link
13 306 ff00::/8 On-link
8 331 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\SysWoW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWoW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWoW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWoW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [62976] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (01/16/2018 09:33:45 AM) (Source: Perflib) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4
Error: (01/16/2018 09:33:45 AM) (Source: Perflib) (User: )
Description: rdyboost4
Error: (01/16/2018 09:33:45 AM) (Source: PerfNet) (User: )
Description:
Error: (01/16/2018 09:33:45 AM) (Source: Perflib) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4
Error: (01/16/2018 09:33:45 AM) (Source: Perflib) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4
Error: (01/16/2018 09:33:45 AM) (Source: Perflib) (User: )
Description: ESENTC:\Windows\system32\esentprf.dll4
Error: (01/16/2018 09:33:45 AM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
Error: (01/16/2018 09:33:02 AM) (Source: SetupARService) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (01/16/2018 07:58:25 AM) (Source: Perflib) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4
Error: (01/16/2018 07:58:23 AM) (Source: Perflib) (User: )
Description: rdyboost4
System errors:
=============
Error: (01/16/2018 09:35:02 AM) (Source: Service Control Manager) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
%%2147500037 = Unspecified error
Error: (01/16/2018 09:33:03 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
Error: (01/16/2018 09:33:03 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
Error: (01/16/2018 09:33:03 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (01/16/2018 09:33:01 AM) (Source: Service Control Manager) (User: )
Description: The HKClipSvc service failed to start due to the following error:
%%2 = The system cannot find the file specified.
Error: (01/16/2018 09:25:30 AM) (Source: DCOM) (User: ADMINRG-V5M64LG)
Description: {37998346-3765-45B1-8C66-AA88CA6B20B8}
Error: (01/16/2018 09:23:30 AM) (Source: Service Control Manager) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
%%2147500037 = Unspecified error
Error: (01/16/2018 07:59:51 AM) (Source: Service Control Manager) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
%%2147500037 = Unspecified error
Error: (01/16/2018 06:49:07 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (01/16/2018 06:48:41 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
Microsoft Office Sessions:
=========================
Error: (01/16/2018 09:33:45 AM) (Source: Perflib)(User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4
Error: (01/16/2018 09:33:45 AM) (Source: Perflib)(User: )
Description: rdyboost4
Error: (01/16/2018 09:33:45 AM) (Source: PerfNet)(User: )
Description:
Error: (01/16/2018 09:33:45 AM) (Source: Perflib)(User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4
Error: (01/16/2018 09:33:45 AM) (Source: Perflib)(User: )
Description: LsaC:\Windows\System32\Secur32.dll4
Error: (01/16/2018 09:33:45 AM) (Source: Perflib)(User: )
Description: ESENTC:\Windows\system32\esentprf.dll4
Error: (01/16/2018 09:33:45 AM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
Error: (01/16/2018 09:33:02 AM) (Source: SetupARService)(User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (01/16/2018 07:58:25 AM) (Source: Perflib)(User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4
Error: (01/16/2018 07:58:23 AM) (Source: Perflib)(User: )
Description: rdyboost4
CodeIntegrity Errors:
===================================
Date: 2018-01-16 09:20:13.474
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-01-15 10:11:51.769
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvcv.inf_amd64_9f104199581b6aa2\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-01-14 18:43:17.159
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvcv.inf_amd64_9f104199581b6aa2\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-01-13 15:46:58.570
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvcv.inf_amd64_9f104199581b6aa2\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-01-10 10:43:23.284
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvcv.inf_amd64_9f104199581b6aa2\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-01-09 15:02:46.148
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvcv.inf_amd64_9f104199581b6aa2\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-01-08 19:13:54.503
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Opera\49.0.2725.64\opera.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.109.1.40\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.
Date: 2018-01-08 19:13:54.388
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Opera\49.0.2725.64\opera.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.109.1.40\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.
Date: 2018-01-08 19:13:12.638
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Opera\49.0.2725.64\opera.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.109.1.40\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.
Date: 2018-01-08 19:13:12.515
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Opera\49.0.2725.64\opera.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Overwolf\0.109.1.40\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.
=========================== Installed Programs ============================
µTorrent (HKCU\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
4K Video Downloader 4.3 (HKLM-x32\...\{D0CA3944-0FD5-40FF-97A1-FEDFFB5EE31F}) (Version: 4.3.2.2215 - Open Media LLC)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 376.74 - NVIDIA Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
Discord (HKCU\...\Discord) (Version: 0.0.300 - Discord Inc.)
Divinity Original Sin 2 (HKLM-x32\...\Divinity Original Sin 2_is1) (Version: - )
Dota 2 (HKLM\...\Steam App 570) (Version: - Valve)
Europa Universalis IV Cradle of Civilization (HKLM-x32\...\Europa Universalis IV Cradle of Civilization_is1) (Version: - )
Farming Simulator 17: Platinum Edition (HKLM-x32\...\Farming Simulator 17: Platinum Edition_is1) (Version: 1.5.3.1 - )
FTL - Advanced Edition (HKLM-x32\...\GOGPACKFTL_is1) (Version: 2.3.0.13 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Insyde Airplane Mode HID Mini-Driver (HKLM\...\AirplaneModeHid) (Version: 1.4.0.3 - Insyde Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel® Online Connect Software Asset Manager (HKLM-x32\...\{4FA94F64-1A00-4426-BF58-D08EB592CE1B}) (Version: 3.4.2095 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4749 - Intel Corporation)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.74 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.109.1.40 - Overwolf Ltd.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Spotify (HKCU\...\Spotify) (Version: 1.0.70.388.g8e1ed5af - Spotify AB)
Stardew Valley (HKLM-x32\...\1453375253_is1) (Version: 1.2.31 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stellaris v.1.9 (HKLM-x32\...\Stellaris_is1) (Version: - )
SunsetScreen (HKLM\...\{155DF28A-39B0-4447-BA5F-4347AC6A3197}) (Version: - Skytopia)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.4.66 - Synaptics Incorporated)
Train Valley v1.1.7.2 (HKLM-x32\...\vsetop.com Train Valley v1.1.7.2_is1) (Version: 1.1.7.2 - VseTop.Com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version: - )
Windows Driver Package - Insyde (AirplaneModeHid) HIDClass (07/14/2015 1.4.0.3) (HKLM\...\F6EE2AD6575789BFA9536FE4637A2E06B7F2DD0F) (Version: 07/14/2015 1.4.0.3 - Insyde)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
WinZip 21.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410F}) (Version: 21.5.12480 - WinZip Computing, S.L. )
========================= Devices: ================================
Name: Insyde Airplane Mode HID Mini-Driver
Description: Insyde Airplane Mode HID Mini-Driver
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Insyde
Service: AirplaneModeHid
Device ID: ACPI\PNPC000\1
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
========================= Memory info: ===================================
Percentage of memory in use: 37%
Total physical RAM: 8080.62 MB
Available physical RAM: 5062.93 MB
Total Virtual: 9360.62 MB
Available Virtual: 6239.13 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:28.74 GB) (Free:2.94 GB) NTFS
2 Drive d: (Local Disk) (Fixed) (Total:226.87 GB) (Free:58.7 GB) NTFS
========================= Users: ========================================
User accounts for \\ADMINRG-V5M64LG
Administrator DefaultAccount defaultuser0
Guest James
========================= Restore Points ==================================
**** End of log ****
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 1/16/18
Scan Time: 9:29 AM
Log File: 8c8d01ea-fa43-11e7-bf7f-80fa5b483830.json
Administrator: Yes
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3702
License: Trial
-System Information-
OS: Windows 10 (Build 14393.351)
CPU: x64
File System: NTFS
User: ADMINRG-V5M64LG\James
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 275993
Threats Detected: 123
Threats Quarantined: 123
Time Elapsed: 1 min, 13 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 7
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DZOPERCOMJHAR, Quarantined, [39], [475864],1.0.3702
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{91F5EFCB-F485-4C6D-9281-0533B0EEBA80}, Quarantined, [39], [475864],1.0.3702
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{91F5EFCB-F485-4C6D-9281-0533B0EEBA80}, Quarantined, [39], [475864],1.0.3702
PUP.Optional.MailRu, HKU\S-1-5-21-1800461472-3305090830-341263356-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}, Quarantined, [612], [382913],1.0.3702
PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bhjhnafpiilpffhglajcaepjbnbjemci, Quarantined, [612], [448286],1.0.3702
PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\hcadgijmedbfgciegjomfpjcdchlhnif, Quarantined, [612], [403165],1.0.3702
PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ligncphnohhjkgekjkghahajihclailj, Quarantined, [10], [475758],1.0.3702
Registry Value: 4
PUP.Optional.MailRu, HKU\S-1-5-21-1800461472-3305090830-341263356-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|URL, Quarantined, [612], [382913],1.0.3702
PUP.Optional.MailRu, HKU\S-1-5-21-1800461472-3305090830-341263356-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|FAVICONURLFALLBACK, Quarantined, [612], [382913],1.0.3702
PUP.Optional.MailRu, HKU\S-1-5-21-1800461472-3305090830-341263356-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|SUGGESTIONSURL, Quarantined, [612], [382913],1.0.3702
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{91F5EFCB-F485-4C6D-9281-0533B0EEBA80}|PATH, Quarantined, [39], [475863],1.0.3702
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 10
PUP.Optional.WinZipDriverUpdater, D:\PROGRAM FILES\WinZip Driver Updater, Quarantined, [233], [364824],1.0.3702
PUP.Optional.WinzipSystemUtilitiesSuite, D:\Program Files\WinZip Smart Monitor\Plugins\7BC0E678-C2D8-43A4-B694-A458734AEF6D.2.1.0.10, Quarantined, [14496], [456267],1.0.3702
PUP.Optional.WinzipSystemUtilitiesSuite, D:\Program Files\WinZip Smart Monitor\Plugins, Quarantined, [14496], [456267],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\_metadata, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\images, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\css, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\js, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eeocknbjpmfgaclencnfjfkklmmfmiie, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\USERS\JAMES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\eeocknbjpmfgaclencnfjfkklmmfmiie, Quarantined, [6656], [477969],1.0.3702
File: 102
PUP.Optional.StartPage, C:\WINDOWS\SYSTEM32\TASKS\DZOPERCOMJHAR, Quarantined, [39], [475864],1.0.3702
PUP.Optional.MailRu, C:\USERS\JAMES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [612], [448286],1.0.3702
PUP.Optional.MailRu, C:\USERS\JAMES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [612], [403165],1.0.3702
PUP.Optional.RussAd, C:\USERS\JAMES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [10], [475758],1.0.3702
PUP.Optional.WinzipSystemUtilitiesSuite, D:\Program Files\WinZip Smart Monitor\Plugins\7BC0E678-C2D8-43A4-B694-A458734AEF6D.2.1.0.10\7BC0E678-C2D8-43A4-B694-A458734AEF6D.2.1.0.10.dll, Quarantined, [14496], [456267],1.0.3702
PUP.Optional.WinzipSystemUtilitiesSuite, D:\Program Files\WinZip Smart Monitor\apps, Quarantined, [14496], [456267],1.0.3702
PUP.Optional.WinzipSystemUtilitiesSuite, D:\Program Files\WinZip Smart Monitor\SystemInfo-vc100-mt.dll, Quarantined, [14496], [456267],1.0.3702
PUP.Optional.WinzipSystemUtilitiesSuite, D:\Program Files\WinZip Smart Monitor\SystemInfo-vc100-mt.mab, Quarantined, [14496], [456267],1.0.3702
PUP.Optional.WinzipSystemUtilitiesSuite, D:\Program Files\WinZip Smart Monitor\Uninstall.exe, Quarantined, [14496], [456267],1.0.3702
PUP.Optional.WinzipSystemUtilitiesSuite, D:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe, Quarantined, [14496], [456267],1.0.3702
PUP.Optional.WinzipSystemUtilitiesSuite, D:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.mab, Quarantined, [14496], [456267],1.0.3702
PUP.Optional.WinzipSystemUtilitiesSuite, D:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.exe, Quarantined, [14496], [456267],1.0.3702
PUP.Optional.WinzipSystemUtilitiesSuite, D:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.mab, Quarantined, [14496], [456267],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\css\options.css, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\css\popup.css, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\images\icon.png, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\images\icon128.png, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\images\icon19.png, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\images\icon38.png, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\images\icon48.png, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\images\icon_grey19.png, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\images\icon_grey38.png, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\js\background.js, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\js\content.js, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\js\options.js, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\js\popup.js, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\_metadata\computed_hashes.json, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\_metadata\verified_contents.json, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\background.html, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\manifest.json, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\options.html, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\3.0.3_0\popup.html, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie\params, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\USERS\JAMES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\USERS\JAMES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eeocknbjpmfgaclencnfjfkklmmfmiie\000003.ldb, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eeocknbjpmfgaclencnfjfkklmmfmiie\000005.log, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eeocknbjpmfgaclencnfjfkklmmfmiie\CURRENT, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eeocknbjpmfgaclencnfjfkklmmfmiie\LOCK, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eeocknbjpmfgaclencnfjfkklmmfmiie\LOG, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eeocknbjpmfgaclencnfjfkklmmfmiie\LOG.old, Quarantined, [6656], [477969],1.0.3702
PUP.Optional.ScriptGate, C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eeocknbjpmfgaclencnfjfkklmmfmiie\MANIFEST-000001, Quarantined, [6656], [477969],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-17PDN.TMP\THEY-ARE-BILLIONS-V0_5_0_37_HUPWU7.EXE, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-3R9RD.TMP\6BAD4951, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-5T9ME.TMP\72F96397, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-708OF.TMP\THEY-ARE-BILLIONS-V0_5_0_37_YEBPIJ.EXE, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-BV13C.TMP\2953A504, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-1LPGU.TMP\B31FA261, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-4LK1T.TMP\5ACCD69F, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-HGSRG.TMP\CCBC8CC4, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-5V4C2.TMP\95894B3B, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-L55N3.TMP\FF6F3CD6, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-8D1PJ.TMP\17254F79, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-O7PTF.TMP\620D0D27, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-BV13C.TMP\3FE0CD19, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-0C8QK.TMP\KAV2.DLL, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\BIT9A1E.TMP, Quarantined, [146], [474039],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-F04KJ.TMP\36074068, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-2CMSJ.TMP\69182B3A, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-HL5KU.TMP\2DAE8656, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-5LQC5.TMP\1A2A01BC, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-6VV4O.TMP\96434119, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-8NOHM.TMP\31AF0167, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-D897T.TMP\899D51E2, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-2CMSJ.TMP\70C20B7C, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-FPI6B.TMP\A1BFD52B, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-5LQC5.TMP\219F7CB1, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-L2RAP.TMP\3FBA3222, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-6VV4O.TMP\F7D65833, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-NTG1U.TMP\KAV2.DLL, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-QD4RA.TMP\D30DEB6E, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\309717011.EXE, Quarantined, [146], [474039],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\BITEB6F.TMP, Quarantined, [146], [474039],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-17PDN.TMP\KAV2.DLL, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-8NOHM.TMP\5FD8B77A, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-ECS8V.TMP\12C64C81, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-FPI6B.TMP\A5C6EB6E, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-3R9RD.TMP\3ADFDDDC, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-5T9ME.TMP\64EAFDDD, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-L2RAP.TMP\C6C846A4, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-708OF.TMP\KAV2.DLL, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\BITED15.TMP, Quarantined, [146], [474039],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-ECS8V.TMP\4B904BDB, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-1LPGU.TMP\F268B3EA, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-HGSRG.TMP\6568B296, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-L55N3.TMP\683A0D04, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-4LK1T.TMP\D67382A9, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-O7PTF.TMP\331E203A, Quarantined, [146], [413261],1.0.3702
PUP.Optional.InstallCore, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\13159780937291118941.EXE, Quarantined, [2], [355708],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-5V4C2.TMP\F059682C, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\BITAFAB.TMP, Quarantined, [146], [474039],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\511031667.EXE, Quarantined, [146], [474039],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\BIT3E17.TMP, Quarantined, [146], [474039],1.0.3702
PUP.Optional.MailRu, C:\USERS\JAMES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [612], [454830],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\BITEF84.TMP, Quarantined, [146], [474039],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-8D1PJ.TMP\7462593, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-D897T.TMP\57BFFB30, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-F04KJ.TMP\CE3B3646, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-HL5KU.TMP\777402DD, Quarantined, [146], [413261],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\IS-QD4RA.TMP\2022D52B, Quarantined, [146], [423225],1.0.3702
Adware.FileTour, C:\USERS\JAMES\APPDATA\LOCAL\TEMP\BITE32B.TMP, Quarantined, [146], [474039],1.0.3702
PUP.Optional.MailRu, C:\USERS\JAMES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [612], [477962],1.0.3702
Physical Sector: 0
(No malicious items detected)
(end)
MBAR
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
Database version:
main: v2018.01.15.11
rootkit: v2017.10.14.01
Windows 10 x64 NTFS
Internet Explorer 11.321.14393.0
James :: ADMINRG-V5M64LG [administrator]
1/16/2018 9:57:38 AM
mbar-log-2018-01-16 (09-57-38).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 204551
Time elapsed: 8 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
© Malwarebytes Corporation 2011-2012
OS version: 10.0.9200 Windows 10 x64
Account is Administrative
Internet Explorer version: 11.321.14393.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.808000 GHz
Memory total: 8473145344, free: 5100392448
Downloaded database version: v2018.01.15.11
Downloaded database version: v2017.11.28.01
Initializing...
======================
Driver version: 4.3.0.15
------------ Kernel report ------------
01/16/2018 09:57:27
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\tpm.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorTcgDrv.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\Drivers\mbamswissarmy.sys
\SystemRoot\System32\Drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\ndisrfl.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\??\C:\Windows\system32\drivers\mbae64.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\taphss6.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\DriverStore\FileRepository\nvcv.inf_amd64_9f104199581b6aa2\nvlddmkm.sys
\SystemRoot\System32\DriverStore\FileRepository\igdlh64.inf_amd64_619141c66909ce7e\igdkmd64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\system32\DRIVERS\RtsPer.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\Netwtw04.sys
\SystemRoot\system32\DRIVERS\wdiwifi.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\HKKbdFltr.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\HKMouFltr.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\nvvhci.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\MTConfig.sys
\SystemRoot\system32\DRIVERS\HdAudio.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\ibtusb.sys
\SystemRoot\system32\DRIVERS\BTHUSB.sys
\SystemRoot\system32\DRIVERS\bthport.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\WinUSB.SYS
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\System32\Drivers\MbamChameleon.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\system32\DRIVERS\mwac.sys
\SystemRoot\system32\DRIVERS\farflt.sys
\SystemRoot\system32\DRIVERS\mbam.sys
\??\C:\Windows\system32\drivers\222F6181.sys
----------- End -----------
Done!
Scan started
Database versions:
main: v2018.01.15.11
rootkit: v2017.10.14.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffa80964d42060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffa80964ca2ae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffa80964d42060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffa80964c86e20, DeviceName: Unknown, DriverName: \Driver\EhStorClass\
DevicePointer: 0xffffa809639fee40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffa809639d71d0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffa809639d4400, DeviceName: \Device\0000003c\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 3939882834
GPT Header CurrentLba = 1 BackupLba 537234767
GPT Header FirstUsableLba 34 LastUsableLba 537234734
GPT Header Guid e21f5cad-4619-4c7b-ba17-1629abc5d6f2
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 3939882834
Backup GPT header CurrentLba = 537234767 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 537234734
Backup GPT header Guid e21f5cad-4619-4c7b-ba17-1629abc5d6f2
Backup GPT header Contains 128 partition entries starting at LBA 537234735
Backup GPT header Partition entry size = 128
Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID ee43769c-a5bd-4a0e-b236-d58a71332d4
FirstLBA 2048 Last LBA 923647
Attributes 1
Partition Name Basic data partition
Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 5e8d3e6c-7773-44a1-a97-655b49b5c98
FirstLBA 923648 Last LBA 1128447
Attributes 0
Partition Name EFI system partition
GPT Partition 1 is bootable
Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 6bc5263a-264d-4e8c-befb-52adb9f495b6
FirstLBA 1128448 Last LBA 1161215
Attributes 0
Partition Name Microsoft reserved partition
Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID b8e7ed03-68e9-4915-b14c-70a02f8ac94c
FirstLBA 1161216 Last LBA 61442047
Attributes 0
Partition Name Basic data partition
Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID b2a60a5e-6ae0-432e-9f86-1f16f299b1d
FirstLBA 61442048 Last LBA 537233407
Attributes 0
Partition Name Basic data partition
Disk Size: 275064201216 bytes
Sector size: 512 bytes
Done!
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c2abcda8f96d67fa6ff5665fd21dddff\System.Drawing.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c02fbf560e52a1aab432a90d4c613af4\System.Windows.Forms.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\010ca03bc4ce0e90aba17cf53dfaa3b0\System.ServiceProcess.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\2b901873687e343684064998783c1f8d\System.Data.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75ed56cf95fe6228472b5e57ac7a76b7\UIAutomationTypes.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\a280fac0c231c9d6d5f1274c2180d594\System.Management.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\5237480aedaa4904c6fd85dae99af471\System.Numerics.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\07b1b6bd89998a4a0d7675de87bcf070\UIAutomationProvider.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\b5bd1926660d2d17f74fd4ee135f4c4b\System.Web.ni.dll" is sparse (flags = 32768)
<<<2>>>
<<<3>>>
Volume: D:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-592FB4964FF700E6FF0DCE53209B6543ACEA07F8.bin.83" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-592FB4964FF700E6FF0DCE53209B6543ACEA07F8.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-592FB4964FF700E6FF0DCE53209B6543ACEA07F8.bin.7C" is compressed (flags = 1)
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
© Malwarebytes Corporation 2011-2012
OS version: 10.0.9200 Windows 10 x64
Account is Administrative
Internet Explorer version: 11.321.14393.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.808000 GHz
Memory total: 8473145344, free: 5898498048
Downloaded database version: v2018.01.15.12
Initializing...
======================
Driver version: 4.3.0.15
------------ Kernel report ------------
01/16/2018 10:37:21
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\tpm.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorTcgDrv.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\Drivers\mbamswissarmy.sys
\SystemRoot\System32\Drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\ndisrfl.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\??\C:\Windows\system32\drivers\mbae64.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\taphss6.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\DriverStore\FileRepository\nvcv.inf_amd64_9f104199581b6aa2\nvlddmkm.sys
\SystemRoot\System32\DriverStore\FileRepository\igdlh64.inf_amd64_619141c66909ce7e\igdkmd64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\system32\DRIVERS\RtsPer.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\Netwtw04.sys
\SystemRoot\system32\DRIVERS\wdiwifi.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\HKKbdFltr.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\HKMouFltr.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\nvvhci.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\MTConfig.sys
\SystemRoot\system32\DRIVERS\HdAudio.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\ibtusb.sys
\SystemRoot\system32\DRIVERS\BTHUSB.sys
\SystemRoot\system32\DRIVERS\bthport.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\WinUSB.SYS
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\System32\Drivers\MbamChameleon.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\SystemRoot\system32\DRIVERS\mwac.sys
\SystemRoot\system32\DRIVERS\farflt.sys
\SystemRoot\system32\DRIVERS\mbam.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\tunnel.sys
\??\C:\Windows\system32\drivers\3C4CD21D.sys
----------- End -----------
Done!
Scan started
Database versions:
main: v2018.01.15.12
rootkit: v2017.10.14.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffa80964d42060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffa80964ca2ae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffa80964d42060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffa80964c86e20, DeviceName: Unknown, DriverName: \Driver\EhStorClass\
DevicePointer: 0xffffa809639fee40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffa809639d71d0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffa809639d4400, DeviceName: \Device\0000003c\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 3939882834
GPT Header CurrentLba = 1 BackupLba 537234767
GPT Header FirstUsableLba 34 LastUsableLba 537234734
GPT Header Guid e21f5cad-4619-4c7b-ba17-1629abc5d6f2
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 3939882834
Backup GPT header CurrentLba = 537234767 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 537234734
Backup GPT header Guid e21f5cad-4619-4c7b-ba17-1629abc5d6f2
Backup GPT header Contains 128 partition entries starting at LBA 537234735
Backup GPT header Partition entry size = 128
Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID ee43769c-a5bd-4a0e-b236-d58a71332d4
FirstLBA 2048 Last LBA 923647
Attributes 1
Partition Name Basic data partition
Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 5e8d3e6c-7773-44a1-a97-655b49b5c98
FirstLBA 923648 Last LBA 1128447
Attributes 0
Partition Name EFI system partition
GPT Partition 1 is bootable
Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 6bc5263a-264d-4e8c-befb-52adb9f495b6
FirstLBA 1128448 Last LBA 1161215
Attributes 0
Partition Name Microsoft reserved partition
Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID b8e7ed03-68e9-4915-b14c-70a02f8ac94c
FirstLBA 1161216 Last LBA 61442047
Attributes 0
Partition Name Basic data partition
Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID b2a60a5e-6ae0-432e-9f86-1f16f299b1d
FirstLBA 61442048 Last LBA 537233407
Attributes 0
Partition Name Basic data partition
Disk Size: 275064201216 bytes
Sector size: 512 bytes
Done!
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c2abcda8f96d67fa6ff5665fd21dddff\System.Drawing.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c02fbf560e52a1aab432a90d4c613af4\System.Windows.Forms.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\010ca03bc4ce0e90aba17cf53dfaa3b0\System.ServiceProcess.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\2b901873687e343684064998783c1f8d\System.Data.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75ed56cf95fe6228472b5e57ac7a76b7\UIAutomationTypes.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\a280fac0c231c9d6d5f1274c2180d594\System.Management.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\5237480aedaa4904c6fd85dae99af471\System.Numerics.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\07b1b6bd89998a4a0d7675de87bcf070\UIAutomationProvider.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\b5bd1926660d2d17f74fd4ee135f4c4b\System.Web.ni.dll" is sparse (flags = 32768)
<<<2>>>
<<<3>>>
Volume: D:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-592FB4964FF700E6FF0DCE53209B6543ACEA07F8.bin.83" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-592FB4964FF700E6FF0DCE53209B6543ACEA07F8.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-592FB4964FF700E6FF0DCE53209B6543ACEA07F8.bin.7C" is compressed (flags = 1)
Scan finished
RKill
Rkill 2.9.1 by Lawrence Abrams (Grinler)
Copyright 2008-2018 BleepingComputer.com
More Information about Rkill can be found at this link:
Program started at: 01/16/2018 10:55:07 AM in x64 mode.
Windows Version: Windows 10 Home
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* No issues found.
Program finished at: 01/16/2018 10:55:33 AM
Execution time: 0 hours(s), 0 minute(s), and 25 seconds(s)