Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

***Urgent I am being remotely controlled via amazon cloud for months need help!!


  • This topic is locked This topic is locked
40 replies to this topic

#1 frazz

frazz

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 07 February 2018 - 12:30 AM

Hi my name is Dan, and I am reaching out because I need help from someone so I can get my computer out from underneath the cloud based amazon service that someone hacked my pc and is now controlling it and has been for months, I have all of the proof in the world just ask I can give it to you, and the one thing that makes me guess about what the correct answer is though is the fact that akamai services is just as active in my network and hosts. but akamai is more of a CDN.  If I go to a website that will hinder the hackers a little bit they just cut my internet and it drives me insane, nothing comes from the actual signer, my certificates are all very old, and my registry is empty, because its a virtual machine they set up on me, also my ISP does not offer ipv6, yet I am connected to an ipv6 teredo tunnel, and a 6to4 ipsec tunnel that leads to a windows server in virginia which i have a screen shot of logging into my router, its something about office too all these hidden files onenoteim.exe onenoteshare.exe without even installing office which are hidden and i cant access, like many things in my devices and onecore all sync up and i cant get rid of it no matter what. 

 

I do not have admin or owner right son my mac or pc's, I have a system administrator as if im part of an active directory because technically I am but I never signed up myself.  And get told I lack permissions for the smallest tasks, my mac if I give myself ownership in the permissions the computer breaks and i am forced to format, if i turn on bit locker, I have to race and I mean literally race the cloud people to login to my pc because they just sit there and remotely shut it down over and over and over again every time i turn on bitlocker I get about 5-6 seconds at the most to try and fly through a password and sometimes they will shut me down 25-40 times.  and my windows login doesn't work, it shows and states it does but my password to my pc doesn't work its not actually on, its an open computer for them. but if i forget the password i have to format it.

 

 

i purchased amazon services a month ago but never set it up just browsed so I could see for myself what it is, and compare..  I purchased amazons service services a month ago but never set it up just browsed so I could see for myself what it is, because I found all their domains and ip's so often just to compare certificates and it was an exact match, from cloudfront and what not.

 

I have formatted over 200 times, tried installing with an openvpn router, it doesnt matter one single bit, I can not get the people remotely controlling my pc anmd turning it into a virtual machine off of my back.  Put it this way, my other laptop is a brand new asus I purdchased in september and best buy's geek squad has put 3 hard drives into it because it shows it isnt booting from the hard drive, well obviously because the ppl running the cloud service turned my pc into a VM and the hard drive isn't needed, but in 3 months 3 hard drivces on a brand new asus laptop.  This is an MSI z97 g45 gaming mobo desktop with 3.5gig socket 1150 i5-4690 cpu and geforce gtx 760, its a home build i build from a couple years ago.  

 

I have purchased numerous cd keys, formatted hundreds of times, it just doenst matter even my phones, every device is remotely controlled thru this cloud service that i own.  I have gone through so many apple id's and emails because they get hacked and I can't get into them, or just if I am using a web site that might hinder their hacking abilities they just cut my internet, its seriously driving me out of my mind, I need help, and I have all theproof in the world, ip's and everything because this has been going on for months and gone no where, someone please help me and tell me what I should do.

 

 

Dan


Edited by Platypus, 07 February 2018 - 02:51 AM.
Restored to Logs forum as logs now posted. Deleted duplicate.


BC AdBot (Login to Remove)

 


#2 frazz

frazz
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 07 February 2018 - 02:16 AM

 
Reason Core Security Diagnostic Scan (version 1.1.0.0)
Created on 2/7/2018 2:15:44 AM by Danny (Administrator rights, UAC enabled)
Windows 10 Pro (x64) 
Installed in C:\Program Files\Reason\Security
Internet Explorer 9.11.14393.0 (default browser)
Google Chrome 64.0.3282.140
 
==================== Processes (Filtered) ========================================
 
Process: (Google Inc) C:\Program Files (x86)\google\chrome\application\chrome.exe
Process: (Zemana Bilisim Teknolojileri Sanayi Ticaret Limited Sirketi) C:\Users\danny\desktop\zemana.antimalware.setup.exe
Process: (MICRO-STAR INTERNATIONAL CO., LTD.) C:\msi\msiregister\msiregisterservice.exe
Process: (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\resources\binaries\64bit\openvpn-nordvpn.exe
Process: (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\conathst.exe
Process: (Malwarebytes Corporation) C:\Program Files (x86)\malwarebytes anti-exploit\mbae64.exe
Process: (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield agent\cshield.exe
Process: (gemalto) C:\Program Files\safenet\authentication\sac\x64\sacmonitor.exe
Process: (Malwarebytes Corporation) C:\Program Files\malwarebytes\anti-malware\mbamtray.exe
Process: (gemalto) C:\Program Files\safenet\authentication\sac\x64\sacsrv.exe
Process: C:\Program Files (x86)\comodo\shield agent\dnscrypt-proxy.exe
Process: (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield agent\cshield_tray_helper.exe
Process: (NVIDIA Corporation) C:\Program Files (x86)\nvidia corporation\nvtelemetry\nvtelemetrycontainer.exe
Process: (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\ns.exe
Process: (Google Inc) C:\Program Files (x86)\google\update\1.3.33.7\googlecrashhandler64.exe
Process: (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn.exe
Process: C:\Users\danny\appdata\local\temp\is-40o9j.tmp\zemana.antimalware.setup.tmp
Process: (Intel Corporation) C:\Windows\System32\igfxhk.exe
Process: (NVIDIA Corporation) C:\Program Files\nvidia corporation\display.nvcontainer\nvdisplay.container.exe
Process: (Malwarebytes Corporation) C:\Program Files\malwarebytes\anti-malware\mbamservice.exe
Process: (Intel Corporation) C:\Windows\System32\igfxcuiservice.exe
Process: (Malwarebytes Corporation) C:\Program Files\malwarebytes\anti-malware\mbam.exe
Process: (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn-service.exe
Process: (Adlice) C:\Program Files\ucheck\ucheck64.exe
Process: (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\a2service.exe
Process: (gemalto) C:\Program Files\safenet\authentication\sac\x64\sactools.exe
Process: (Zemana Ltd.) C:\Program Files (x86)\zemana antilogger free\antilogger free.exe
Process: (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\a2wizard.exe
Process: (Intel Corporation) C:\Windows\System32\igfxtray.exe
Process: (Intel Corporation) C:\Windows\System32\igfxem.exe
Process: (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\live update\msi_liveupdate_service.exe
Process: (Google Inc) C:\Program Files (x86)\google\update\1.3.33.7\googlecrashhandler.exe
 
==================== Browsers (Filtered) ========================================
 
 
========== Internet Explorer (C:\Program Files\Internet Explorer\IExplore.exe) ==========
 
IEBHO: [{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} / Norton Identity Safety] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\coieplg.dll
IEBHO: [{AA58ED58-01DD-4d91-8333-CF10577473F7} / Google Toolbar Helper] (Google Inc) C:\Program Files (x86)\google\google toolbar\googletoolbar_32.dll
IEToolbar: [{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Inc) C:\Program Files (x86)\google\google toolbar\googletoolbar_32.dll
IEToolbar: [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\coieplg.dll
IEWebBrowser: [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\coieplg.dll
IEWebBrowser: [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] (Google Inc) C:\Program Files (x86)\google\google toolbar\googletoolbar_32.dll
SearchScope: [@ieframe.dll,-12512 / {0633EE93-D776-472f-A0FF-E1416B8B2E3A}] http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScope: [@ieframe.dll,-12512 / {0633EE93-D776-472f-A0FF-E1416B8B2E3A}] http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScope: [Bing / {0633EE93-D776-472f-A0FF-E1416B8B2E3A}] http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScope: [Norton Safe Search / {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}] https://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=oem&geo=US&ver=22.10.0.85&locale=en_US&guid=CD2A8243-B5BE-4488-8524-EA0BB83A9DE0&doi=2018-02-06&gct=kwd&qsrc=2869 (default) ***Attention***
 
========== Google Chrome (C:\Program Files (x86)\Google\Chrome\Application\chrome.exe) ==========
 
ChromeExtension: C:\Program Files\norton security\engine\22.10.0.85\exts\chrome.crx
ChromeExtension: [Slides] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\manifest.json
ChromeExtension: [Docs] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\manifest.json
ChromeExtension: [Google Drive] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json
ChromeExtension: [TunnelBear Blocker] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\bebdhgdigjiiamnkcenegafmfjoghafk\0.9.8_0\manifest.json
ChromeExtension: [WOT: Web of Trust, Website Reputation Ratings] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\bhmmomiinigofkjcapegjjndpbikblnp\4.0.6.5_0\manifest.json
ChromeExtension: [YouTube] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\manifest.json
ChromeExtension: [Norton Security Toolbar] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe\2017.12.0.5_0\manifest.json
ChromeExtension: [uBlock Origin] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.15.2_0\manifest.json
ChromeExtension: [Sheets] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\manifest.json
ChromeExtension: [HTTPS Everywhere] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\gcbommkclmclpchllfjekcdonpmejbdp\2018.1.29_0\manifest.json
ChromeExtension: [Norton Home Page for Chrome] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\gfoabcdjalmeenbjjngidappmppchblc\1.0.0.20_0\manifest.json ***PUP.Norton.Ask.Search***
ChromeExtension: [Norton Safe] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\hbmobhkkblcgdifigjglcjneplefbkmh\2.0.26_0\manifest.json ***PUP.Norton.Ask.Search***
ChromeExtension: [Norton Identity Safe] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\manifest.json
ChromeExtension: [Chrome Web Store Payments] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.3_0\manifest.json
ChromeExtension: [TunnelBear Inc.] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\omdakjcmkglenbhjadbccaookpfjihpa\2.0.1_0\manifest.json
ChromeExtension: [Gmail] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\manifest.json
ChromeExtension: [Chrome Media Router] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\6417.1211.0.0_0\manifest.json
 
==================== Services (Filtered) ========================================
 
Service: [Intel® Content Protection HECI Service] (Intel Corporation) C:\Windows\syswow64\intelcphecisvc.exe
Service: [Google Update Service (gupdate)] (Google Inc) C:\Program Files (x86)\google\update\googleupdate.exe
Service: [Google Software Updater] (Google Inc) C:\Program Files (x86)\google\common\google updater\googleupdaterservice.exe
Service: [Intel® HD Graphics Control Panel Service] (Intel Corporation) C:\Windows\System32\igfxcuiservice.exe
Service: [Malwarebytes Anti-Exploit Service] (Malwarebytes Corporation) C:\Program Files (x86)\malwarebytes anti-exploit\mbae-svc.exe
Service: [Malwarebytes Service] (Malwarebytes Corporation) C:\Program Files\malwarebytes\anti-malware\mbamservice.exe
Service: [MSIREGISTER_MR] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\msi\msiregister\msiregisterservice.exe
Service: [MSI Live Update Service] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\live update\msi_liveupdate_service.exe
Service: [nordvpn-service] (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn-service.exe
Service: [Norton Security] (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\ns.exe
Service: [NVIDIA Display Container LS] (NVIDIA Corporation) C:\Program Files\nvidia corporation\display.nvcontainer\nvdisplay.container.exe
Service: [NVIDIA Telemetry Container] (NVIDIA Corporation) C:\Program Files (x86)\nvidia corporation\nvtelemetry\nvtelemetrycontainer.exe
Service: [SACSrv] (gemalto) C:\Program Files\safenet\authentication\sac\x64\sacsrv.exe
Service: [cShield] (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield agent\cshield.exe
Service: [dnscrypt-proxy] C:\Program Files (x86)\comodo\shield agent\dnscrypt-proxy.exe
Service: [Emsisoft Protection Service] (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\a2service.exe
 
==================== Drivers (Filtered) ========================================
 
Driver: [bcmfn Service] C:\Windows\System32\drivers\bcmfn.sys
Driver: [bcmfn2 Service] C:\Windows\System32\drivers\bcmfn2.sys
Driver: [Killer Bandwidth Control] (Rivet Networks LLC) C:\Windows\System32\drivers\bwcw10x64.sys
Driver: [BHDrvx64] (Symantec Corporation) C:\Program Files\norton security\nortondata\22.9.0.71\definitions\bashdefs\20180201.001\bhdrvx64.sys
Driver: [HID driver for CapImg touch screen] C:\Windows\System32\drivers\capimg.sys
Driver: [NS Settings Manager] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\ccsetx64.sys
Driver: [Composite Bus Enumerator Driver] C:\Windows\System32\driverstore\filerepository\compositebus.inf_amd64_a140581a8f8b58b7\compositebus.sys
Driver: [Symantec Eraser Control driver] (Symantec Corporation) C:\Program Files (x86)\Common Files\symantec shared\eengine\eectrl64.sys
Driver: [EraserUtilRebootDrv] (Symantec Corporation) C:\Program Files (x86)\Common Files\symantec shared\eengine\eraserutilrebootdrv.sys
Driver: [Generic USB Function Class] C:\Windows\System32\drivers\genericusbfn.sys
Driver: [Intel Serial IO GPIO Controller Driver] C:\Windows\System32\drivers\iagpio.sys
Driver: [Intel® Serial IO I2C Host Controller] C:\Windows\System32\drivers\iai2c.sys
Driver: [Intel® Serial IO GPIO Driver v2] C:\Windows\System32\drivers\ialpss2i_gpio2.sys
Driver: [Intel® Serial IO I2C Driver v2] (Intel Corporation) C:\Windows\System32\drivers\ialpss2i_i2c.sys
Driver: [Intel® Serial IO GPIO Controller Driver] (Intel Corporation) C:\Windows\System32\drivers\ialpssi_gpio.sys
Driver: [Intel® Serial IO I2C Controller Driver] C:\Windows\System32\drivers\ialpssi_i2c.sys
Driver: [IDSVia64] (Symantec Corporation) C:\Program Files\norton security\nortondata\22.9.0.71\definitions\ipsdefs\20180206.001\idsvia64.sys
Driver: [igfx] (Intel Corporation) C:\Windows\System32\drivers\igdkmd64.sys
Driver: [Intel® Display Audio] (Intel Corporation) C:\Windows\System32\drivers\intcdaud.sys
Driver: [Microsoft Kernel Debug Network Miniport (NDIS 6.20)] C:\Windows\System32\drivers\kdnic.sys
Driver: [keycrypt] (Zemana Ltd.) C:\Windows\System32\drivers\keycrypt64.sys
Driver: [NDIS Miniport Driver for Killer PCI-E Gigabit Ethernet Controller] (Rivet Networks LLC) C:\Windows\System32\drivers\e2xw10x64.sys
Driver: [MBAMChameleon] (Malwarebytes Corporation) C:\Windows\System32\drivers\mbamchameleon.sys
Driver: [Intel® Management Engine Interface ] (Intel Corporation) C:\Windows\System32\drivers\teedriverw8x64.sys
Driver: [Service for NVIDIA High Definition Audio Driver] (NVIDIA Corporation) C:\Windows\System32\drivers\nvhda64v.sys
Driver: [nvlddmkm] (NVIDIA Corporation) C:\Windows\System32\driverstore\filerepository\nv_dispi.inf_amd64_7a39871618b19f06\nvlddmkm.sys
Driver: [NVIDIA Stereoscopic 3D USB driver] (NVIDIA Corporation) C:\Windows\System32\drivers\nvstusb.sys
Driver: [Microsoft NVDIMM-N disk driver] C:\Windows\System32\drivers\scmdisk0101.sys
Driver: [Symantec Real Time Storage Protection x64] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\srtsp64.sys
Driver: [Symantec Real Time Storage Protection (PEL) x64] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\srtspx64.sys
Driver: [Symantec Extended File Attributes (SI)] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\symefasi64.sys
Driver: [SymEvent] (Symantec Corporation) C:\Windows\System32\drivers\symevent64x86.sys
Driver: [Symantec Iron Driver] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\ironx64.sys
Driver: [Symantec Network Security WFP Driver] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\symnets.sys
Driver: [Synth3dVsc] C:\Windows\System32\drivers\synth3dvsc.sys
Driver: [TAP-NordVPN Windows Adapter V9] (TEFINCOM S.A.) C:\Windows\System32\drivers\tapnordvpn.sys
Driver: [USB Connector Manager UCSI Client] C:\Windows\System32\drivers\ucmucsi.sys
Driver: [Xbox Game Input Protocol Driver] C:\Windows\System32\drivers\xboxgip.sys
Driver: [XINPUT HID Filter Driver] C:\Windows\System32\drivers\xinputhid.sys
Driver: [MBAMSwissArmy] (Malwarebytes Corporation) C:\Windows\System32\drivers\mbamswissarmy.sys
Driver: [MBAMProtection] (Malwarebytes Corporation) C:\Windows\System32\drivers\mbam.sys
Driver: [MBAMFarflt] (Malwarebytes Corporation) C:\Windows\System32\drivers\farflt.sys
Driver: [Malwarebytes Anti-Exploit] (Malwarebytes Corporation) C:\Windows\System32\drivers\mbae64.sys
Driver: [Aladdin IFD Handler] (Aladdin Knowledge Systems Inc.) C:\Windows\System32\drivers\aksifdh.sys
Driver: [Rainbow iKey Enumerator] (SafeNet, Inc.) C:\Windows\System32\drivers\ikeyenum.sys
Driver: [Rainbow iKey Virtual Reader] (SafeNet, Inc.) C:\Windows\System32\drivers\ikeyifd.sys
Driver: [MBAMWebProtection] (Malwarebytes Corporation) C:\Windows\System32\drivers\mwac.sys
Driver: [epp] (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\epp.sys
 
==================== Startups (Filtered) ========================================
 
RegistryHCURun: [NordVPN] (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn.exe
RegistryHLMRun: [SACMonitor] (gemalto) C:\Program Files\safenet\authentication\sac\x64\sacmonitor.exe
RegistryHLMRun: [emsisoft anti-malware] (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\a2guard.exe
RegistryHLMRun: [ZALFree] (Zemana Ltd.) C:\Program Files (x86)\zemana antilogger free\antilogger free.exe
RegistryHLMRun: [Live Update] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\live update\live update.exe
RegistryHLMRun: [MSIRegister] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\msi\msiregister\msiregister.exe
RegistryHLMRun: [Malwarebytes Anti-Exploit] (Malwarebytes Corporation) C:\Program Files (x86)\malwarebytes anti-exploit\mbae.exe
RegistryHLMRun: [Comodo Dome Shield Tray Helper] (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield agent\cshield_tray_helper.exe
RegistryHLMRun: [Comodo Dome Shield IP Updater] (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield ip updater\cshieldipupdater.exe
RegistryHCURun: [NordVPN] (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn.exe
ScheduledTasksStartup: [GoogleUpdateTaskMachineCore] (Google Inc) C:\Program Files (x86)\google\update\googleupdate.exe
ScheduledTasksStartup: [MSI_Toast_Server] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\msi toast server\msitoastserver.exe
ScheduledTasksStartup: [Tweaking.com - Windows Repair Tray Icon] (Tweaking LLC) C:\Program Files (x86)\tweaking.com\Windows repair (all in one)\wr_tray_icon.exe
ScheduledTasksStartup: [AntimalwareMigrationTask] (Symantec Corporation) C:\Program Files\Common Files\av\norton security\upgrade.exe
 
==================== Tasks (Filtered) ========================================
 
ScheduledTask: [GoogleUpdateTaskMachineCore] (Google Inc) C:\Program Files (x86)\google\update\googleupdate.exe
ScheduledTask: [MSI_Toast_Server] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\msi toast server\msitoastserver.exe
ScheduledTask: [Norton Security Scan for Danny] (Symantec Corporation) C:\Program Files (x86)\norton security scan\engine\4.6.1.145\nss.exe
ScheduledTask: [Norton WSC Integration] (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\wscstub.exe
ScheduledTask: [Tweaking.com - Windows Repair Tray Icon] (Tweaking LLC) C:\Program Files (x86)\tweaking.com\Windows repair (all in one)\wr_tray_icon.exe
ScheduledTask: [Norton Security Autofix] (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\symerr.exe
ScheduledTask: [AntimalwareMigrationTask] (Symantec Corporation) C:\Program Files\Common Files\av\norton security\upgrade.exe
 
==================== ASEPs (Filtered) ========================================
 
ContextMenuHandler: [BUContextMenu] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\bushell.dll
ContextMenuHandler: [Symantec.Norton.Antivirus.IEContextMenu] (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\navshext.dll
ContextMenuHandler: [NvCplDesktopContext] (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
PropertySheetHandler: [BuPropertySheet] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\bushell.dll
ShellOpenCommand: [WinRAR] (win.rar GmbH) C:\Program Files\winrar\winrar.exe
 
==================== Internet (Filtered) ========================================
 
[Nothing interesting]
 
==================== Policies (Filtered) ========================================
 
[Nothing interesting]
 
==================== Customs ========================================
 
[Nothing interesting]
 
==================== Paths ========================================
 
[Nothing interesting]
 
==================== Anti-virus/Anti-malware Programs ========================================
 
AV: Norton Antivirus by Symantec Corporation version 15.0.0.80[C:\Program Files\Norton Security\Engine\22.10.0.85\NS.exe]
AV: Malwarebytes Anti-Malware by Malwarebytes Corporation version 3.1.0.595[C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe]
AV: Windows Defender by Microsoft Corporation version 4.10.14393.0 (rs1_release.160715-1616)[C:\Program Files\windows defender\msascui.exe]
AV: Norton Security Scan version 4.6.1.145[c:\program files\norton security\engine\22.10.0.85\wscstub.exe]
 
==================== Programs ========================================
 
Program: UCheck version 2.3.2.0 by Adlice Software 2.3.2.0 ("C:\Program Files\UCheck\unins000.exe")
Program: Malwarebytes Anti-Exploit version 1.11.1.48 by Malwarebytes 1.11.1.48 ("C:\Program Files (x86)\Malwarebytes Anti-Exploit\unins000.exe")
Program: TAP-NordVPN 9.21.2 by NordVPN.com 9.21.2 (C:\Program Files\TAP-NordVPN\Uninstall.exe)
Program: WinRAR 5.50 (64-bit) by win.rar GmbH 5.50.0 (C:\Program Files\WinRAR\uninstall.exe)
Program: SafeNet Authentication Client 10.3 by Gemalto 10.3.25.0 (MsiExec.exe /X{2F50DC95-4FAE-4025-84F3-844C2100ABE5})
Program: Malwarebytes version 3.3.1.2183 by Malwarebytes 3.3.1.2183 ("C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe" /LOG)
Program: Windows 10 Update and Privacy Settings by Microsoft Corporation 1.0.14.0 (MsiExec.exe /X{4DFCD818-036A-4229-A67D-CF17DC461D92})
Program: Emsisoft Anti-Malware by Emsisoft Ltd. 2017.4 ("C:\Program Files\Emsisoft Anti-Malware\unins000.exe")
Program: Killer Bandwidth Control Filter Driver by Rivet Networks 1.1.57.1125 (MsiExec.exe /X{5B7A2B7B-CEA9-4E50-B0E4-E82F204CBE78})
Program: Killer E220x Drivers by Rivet Networks 1.1.57.1125 (MsiExec.exe /X{77C95134-CA2D-4614-9C86-55B7A6A281AA})
Program: Update for Windows 10 for x64-based Systems (KB4023057) by Microsoft Corporation 2.11.0.0 (MsiExec.exe /X{AC0D130B-8809-4125-811F-667893B90644})
Program: NVIDIA Graphics Driver 390.77 by NVIDIA Corporation 390.77 ("C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver)
Program: NVIDIA PhysX System Software 9.17.0524 by NVIDIA Corporation 9.17.0524 ("C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX)
Program: NVIDIA HD Audio Driver 1.3.36.6 by NVIDIA Corporation 1.3.36.6 ("C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage HDAudio.Driver)
Program: Google Chrome by Google Inc. 64.0.3282.140 ("C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.140\Installer\setup.exe" --uninstall --system-level --verbose-logging)
Program: NordVPN by NordVPN 6.11.11 (C:\ProgramData\Caphyon\Advanced Installer\{268B3D75-199F-4844-9AFF-36A629814C8B}\NordVPNSetup.exe /i {268B3D75-199F-4844-9AFF-36A629814C8B} AI_UNINSTALLER_CTP=1)
Program: Norton Security by Symantec Corporation 22.10.0.85 ("C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS\A5E82D02\22.10.0.85\InstStub.exe" /X /ARP)
Program: Norton Security Scan by Symantec Corporation 4.6.1.145 (C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.145\InstWrap.exe)
Program: Reason Core Security by Reason Software Company Inc. 1.1.0.0 ("C:\Program Files\Reason\Security\uninstall.exe")
Program: Tweaking.com - Windows Repair by Tweaking.com 4.0.13 ("C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\uninstall.exe" "/U:C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Uninstall\uninstall.xml")
Program: Google Toolbar for Internet Explorer by Google Inc. 1.0.0 (MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C})
Program: Comodo Dome Shield IP Updater Agent by COMODO 1.0.0.2 (MsiExec.exe /I{302BFEBD-A200-4588-A734-22D77AE90DD4})
Program: MSI Live Update 6 by MSI 6.2.0.27 ("C:\Program Files (x86)\MSI\Live Update\unins000.exe")
Program: Google Update Helper by Google Inc. 1.3.33.7 (MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA})
Program: Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 by Microsoft Corporation 12.0.21005.1 ("C:\ProgramData\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe"  /uninstall)
Program: MSIRegister by MSI 2.0.0.10 ("C:\MSI\MSIRegister\unins000.exe")
Program: Comodo Shield Agent by COMODO 1.2.0.6 (MsiExec.exe /I{89047C23-659B-4718-BD55-8950BC33353E})
Program: AntiLogger Free version 1.8.2.320 by Zemana Ltd. 1.8.2.320 ("C:\Program Files (x86)\Zemana AntiLogger Free\unins000.exe")
Program: Intel® Chipset Device Software by Intel® Corporation 10.1.1.9 ("C:\ProgramData\Package Cache\{c7f54569-0018-439c-809a-48046a4d4ebc}\SetupChipset.exe"  /uninstall)
Program: Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 by Microsoft Corporation 12.0.21005.1 ("C:\ProgramData\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe"  /uninstall)
Program: Windows 10 Update Assistant by Microsoft Corporation 1.4.9200.22350 ("C:\Windows10Upgrade\Windows10UpgraderApp.exe" /Uninstall)
Program: Killer Performance Suite by Rivet Networks 1.1.57.1125 ("C:\Program Files (x86)\InstallShield Installation Information\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}\PerformanceSuite.exe" -remove -runfromtemp)
Program: Microsoft OneDrive by Microsoft Corporation 17.3.7294.0108 (C:\Users\Danny\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\OneDriveSetup.exe  /uninstall )


#3 frazz

frazz
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 07 February 2018 - 02:17 AM

Look as I was doing this they closed down thge program on me and all of my browsers so i couldnt do this, I cant get a log from malwarebytes it just says www.malwarebytes.com im serious they are controlling my pc.  this was the original log i saved lets see if its changed

 

 

 
Reason Core Security Diagnostic Scan (version 1.1.0.0)
Created on 2/7/2018 2:13:59 AM by Danny (Administrator rights, UAC enabled)
Windows 10 Pro (x64) 
Installed in C:\Program Files\Reason\Security
Internet Explorer 9.11.14393.0 (default browser)
Google Chrome 64.0.3282.140
 
==================== Processes (Filtered) ========================================
 
Process: (Google Inc) C:\Program Files (x86)\google\chrome\application\chrome.exe
Process: (Malwarebytes Corporation) C:\Program Files\malwarebytes\anti-malware\mbamtray.exe
Process: (gemalto) C:\Program Files\safenet\authentication\sac\x64\sactools.exe
Process: (Adlice) C:\Program Files\ucheck\ucheck64.exe
Process: (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\ns.exe
Process: C:\Program Files (x86)\comodo\shield agent\dnscrypt-proxy.exe
Process: (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\conathst.exe
Process: (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield agent\cshield_tray_helper.exe
Process: (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn.exe
Process: (Google Inc) C:\Program Files (x86)\google\google toolbar\googletoolbaruser_32.exe
Process: (Intel Corporation) C:\Windows\System32\igfxhk.exe
Process: (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield agent\cshield.exe
Process: (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\resources\binaries\64bit\openvpn-nordvpn.exe
Process: (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn-service.exe
Process: (Intel Corporation) C:\Windows\System32\igfxem.exe
Process: (Malwarebytes Corporation) C:\Program Files\malwarebytes\anti-malware\mbam.exe
Process: (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\a2service.exe
Process: (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\live update\msi_liveupdate_service.exe
Process: (MICRO-STAR INTERNATIONAL CO., LTD.) C:\msi\msiregister\msiregisterservice.exe
Process: (Google Inc) C:\Program Files (x86)\google\update\1.3.33.7\googlecrashhandler64.exe
Process: (NVIDIA Corporation) C:\Program Files\nvidia corporation\display.nvcontainer\nvdisplay.container.exe
Process: (Malwarebytes Corporation) C:\Program Files\malwarebytes\anti-malware\mbamservice.exe
Process: (Intel Corporation) C:\Windows\System32\igfxcuiservice.exe
Process: (gemalto) C:\Program Files\safenet\authentication\sac\x64\sacsrv.exe
Process: (Zemana Bilisim Teknolojileri Sanayi Ticaret Limited Sirketi) C:\Users\danny\desktop\zemana.antimalware.setup.exe
Process: (NVIDIA Corporation) C:\Program Files (x86)\nvidia corporation\nvtelemetry\nvtelemetrycontainer.exe
Process: (Google Inc) C:\Program Files (x86)\google\update\1.3.33.7\googlecrashhandler.exe
Process: (Zemana Ltd.) C:\Program Files (x86)\zemana antilogger free\antilogger free.exe
Process: (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\a2wizard.exe
Process: (gemalto) C:\Program Files\safenet\authentication\sac\x64\sacmonitor.exe
Process: (Intel Corporation) C:\Windows\System32\igfxtray.exe
Process: (Malwarebytes Corporation) C:\Program Files (x86)\malwarebytes anti-exploit\mbae64.exe
Process: C:\Users\danny\appdata\local\temp\is-40o9j.tmp\zemana.antimalware.setup.tmp
 
==================== Browsers (Filtered) ========================================
 
 
========== Internet Explorer (C:\Program Files\Internet Explorer\IExplore.exe) ==========
 
IEBHO: [{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} / Norton Identity Safety] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\coieplg.dll
IEBHO: [{AA58ED58-01DD-4d91-8333-CF10577473F7} / Google Toolbar Helper] (Google Inc) C:\Program Files (x86)\google\google toolbar\googletoolbar_32.dll
IEToolbar: [{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Inc) C:\Program Files (x86)\google\google toolbar\googletoolbar_32.dll
IEToolbar: [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\coieplg.dll
IEWebBrowser: [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\coieplg.dll
IEWebBrowser: [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] (Google Inc) C:\Program Files (x86)\google\google toolbar\googletoolbar_32.dll
SearchScope: [@ieframe.dll,-12512 / {0633EE93-D776-472f-A0FF-E1416B8B2E3A}] http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScope: [Google / {6A1806CD-94D4-4689-BA73-E35EA1EA9990}] http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 (default)
SearchScope: [@ieframe.dll,-12512 / {0633EE93-D776-472f-A0FF-E1416B8B2E3A}] http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScope: [Google / {6A1806CD-94D4-4689-BA73-E35EA1EA9990}] http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 (default)
SearchScope: [Bing / {0633EE93-D776-472f-A0FF-E1416B8B2E3A}] http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScope: [Norton Safe Search / {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}] https://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=oem&geo=US&ver=22.9.0.71&locale=en_US&guid=CD2A8243-B5BE-4488-8524-EA0BB83A9DE0&doi=2018-02-06&gct=kwd&qsrc=2869 (default) ***Attention***
Page: (HKLM\Wow6432Node\Start Page) http://go.microsoft.com/fwlink/p/?LinkId=255141
 
========== Google Chrome (C:\Program Files (x86)\Google\Chrome\Application\chrome.exe) ==========
 
ChromeExtension: C:\Program Files\norton security\engine\22.10.0.85\exts\chrome.crx
ChromeExtension: [Slides] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\manifest.json
ChromeExtension: [Docs] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\manifest.json
ChromeExtension: [Google Drive] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json
ChromeExtension: [TunnelBear Blocker] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\bebdhgdigjiiamnkcenegafmfjoghafk\0.9.8_0\manifest.json
ChromeExtension: [WOT: Web of Trust, Website Reputation Ratings] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\bhmmomiinigofkjcapegjjndpbikblnp\4.0.6.5_0\manifest.json
ChromeExtension: [YouTube] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\manifest.json
ChromeExtension: [Norton Security Toolbar] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe\2017.12.0.5_0\manifest.json
ChromeExtension: [uBlock Origin] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.15.2_0\manifest.json
ChromeExtension: [Sheets] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\manifest.json
ChromeExtension: [HTTPS Everywhere] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\gcbommkclmclpchllfjekcdonpmejbdp\2018.1.29_0\manifest.json
ChromeExtension: [Norton Home Page for Chrome] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\gfoabcdjalmeenbjjngidappmppchblc\1.0.0.20_0\manifest.json ***PUP.Norton.Ask.Search***
ChromeExtension: [Norton Safe] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\hbmobhkkblcgdifigjglcjneplefbkmh\2.0.26_0\manifest.json ***PUP.Norton.Ask.Search***
ChromeExtension: [Norton Identity Safe] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\manifest.json
ChromeExtension: [Chrome Web Store Payments] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.3_0\manifest.json
ChromeExtension: [TunnelBear Inc.] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\omdakjcmkglenbhjadbccaookpfjihpa\2.0.1_0\manifest.json
ChromeExtension: [Gmail] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\manifest.json
ChromeExtension: [Chrome Media Router] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\6417.1211.0.0_0\manifest.json
 
==================== Services (Filtered) ========================================
 
Service: [Intel® Content Protection HECI Service] (Intel Corporation) C:\Windows\syswow64\intelcphecisvc.exe
Service: [Google Update Service (gupdate)] (Google Inc) C:\Program Files (x86)\google\update\googleupdate.exe
Service: [Google Software Updater] (Google Inc) C:\Program Files (x86)\google\common\google updater\googleupdaterservice.exe
Service: [Intel® HD Graphics Control Panel Service] (Intel Corporation) C:\Windows\System32\igfxcuiservice.exe
Service: [Malwarebytes Anti-Exploit Service] (Malwarebytes Corporation) C:\Program Files (x86)\malwarebytes anti-exploit\mbae-svc.exe
Service: [Malwarebytes Service] (Malwarebytes Corporation) C:\Program Files\malwarebytes\anti-malware\mbamservice.exe
Service: [MSIREGISTER_MR] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\msi\msiregister\msiregisterservice.exe
Service: [MSI Live Update Service] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\live update\msi_liveupdate_service.exe
Service: [nordvpn-service] (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn-service.exe
Service: [Norton Security] (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\ns.exe
Service: [NVIDIA Display Container LS] (NVIDIA Corporation) C:\Program Files\nvidia corporation\display.nvcontainer\nvdisplay.container.exe
Service: [NVIDIA Telemetry Container] (NVIDIA Corporation) C:\Program Files (x86)\nvidia corporation\nvtelemetry\nvtelemetrycontainer.exe
Service: [SACSrv] (gemalto) C:\Program Files\safenet\authentication\sac\x64\sacsrv.exe
Service: [cShield] (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield agent\cshield.exe
Service: [dnscrypt-proxy] C:\Program Files (x86)\comodo\shield agent\dnscrypt-proxy.exe
Service: [Emsisoft Protection Service] (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\a2service.exe
 
==================== Drivers (Filtered) ========================================
 
Driver: [bcmfn Service] C:\Windows\System32\drivers\bcmfn.sys
Driver: [bcmfn2 Service] C:\Windows\System32\drivers\bcmfn2.sys
Driver: [Killer Bandwidth Control] (Rivet Networks LLC) C:\Windows\System32\drivers\bwcw10x64.sys
Driver: [BHDrvx64] (Symantec Corporation) C:\Program Files\norton security\nortondata\22.9.0.71\definitions\bashdefs\20180201.001\bhdrvx64.sys
Driver: [HID driver for CapImg touch screen] C:\Windows\System32\drivers\capimg.sys
Driver: [NS Settings Manager] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\ccsetx64.sys
Driver: [Composite Bus Enumerator Driver] C:\Windows\System32\driverstore\filerepository\compositebus.inf_amd64_a140581a8f8b58b7\compositebus.sys
Driver: [Symantec Eraser Control driver] (Symantec Corporation) C:\Program Files (x86)\Common Files\symantec shared\eengine\eectrl64.sys
Driver: [EraserUtilRebootDrv] (Symantec Corporation) C:\Program Files (x86)\Common Files\symantec shared\eengine\eraserutilrebootdrv.sys
Driver: [Generic USB Function Class] C:\Windows\System32\drivers\genericusbfn.sys
Driver: [Intel Serial IO GPIO Controller Driver] C:\Windows\System32\drivers\iagpio.sys
Driver: [Intel® Serial IO I2C Host Controller] C:\Windows\System32\drivers\iai2c.sys
Driver: [Intel® Serial IO GPIO Driver v2] C:\Windows\System32\drivers\ialpss2i_gpio2.sys
Driver: [Intel® Serial IO I2C Driver v2] (Intel Corporation) C:\Windows\System32\drivers\ialpss2i_i2c.sys
Driver: [Intel® Serial IO GPIO Controller Driver] (Intel Corporation) C:\Windows\System32\drivers\ialpssi_gpio.sys
Driver: [Intel® Serial IO I2C Controller Driver] C:\Windows\System32\drivers\ialpssi_i2c.sys
Driver: [IDSVia64] (Symantec Corporation) C:\Program Files\norton security\nortondata\22.9.0.71\definitions\ipsdefs\20180206.001\idsvia64.sys
Driver: [igfx] (Intel Corporation) C:\Windows\System32\drivers\igdkmd64.sys
Driver: [Intel® Display Audio] (Intel Corporation) C:\Windows\System32\drivers\intcdaud.sys
Driver: [Microsoft Kernel Debug Network Miniport (NDIS 6.20)] C:\Windows\System32\drivers\kdnic.sys
Driver: [keycrypt] (Zemana Ltd.) C:\Windows\System32\drivers\keycrypt64.sys
Driver: [NDIS Miniport Driver for Killer PCI-E Gigabit Ethernet Controller] (Rivet Networks LLC) C:\Windows\System32\drivers\e2xw10x64.sys
Driver: [MBAMChameleon] (Malwarebytes Corporation) C:\Windows\System32\drivers\mbamchameleon.sys
Driver: [Intel® Management Engine Interface ] (Intel Corporation) C:\Windows\System32\drivers\teedriverw8x64.sys
Driver: [Service for NVIDIA High Definition Audio Driver] (NVIDIA Corporation) C:\Windows\System32\drivers\nvhda64v.sys
Driver: [nvlddmkm] (NVIDIA Corporation) C:\Windows\System32\driverstore\filerepository\nv_dispi.inf_amd64_7a39871618b19f06\nvlddmkm.sys
Driver: [NVIDIA Stereoscopic 3D USB driver] (NVIDIA Corporation) C:\Windows\System32\drivers\nvstusb.sys
Driver: [Microsoft NVDIMM-N disk driver] C:\Windows\System32\drivers\scmdisk0101.sys
Driver: [Symantec Real Time Storage Protection x64] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\srtsp64.sys
Driver: [Symantec Real Time Storage Protection (PEL) x64] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\srtspx64.sys
Driver: [Symantec Extended File Attributes (SI)] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\symefasi64.sys
Driver: [SymEvent] (Symantec Corporation) C:\Windows\System32\drivers\symevent64x86.sys
Driver: [Symantec Iron Driver] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\ironx64.sys
Driver: [Symantec Network Security WFP Driver] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\symnets.sys
Driver: [Synth3dVsc] C:\Windows\System32\drivers\synth3dvsc.sys
Driver: [TAP-NordVPN Windows Adapter V9] (TEFINCOM S.A.) C:\Windows\System32\drivers\tapnordvpn.sys
Driver: [USB Connector Manager UCSI Client] C:\Windows\System32\drivers\ucmucsi.sys
Driver: [Xbox Game Input Protocol Driver] C:\Windows\System32\drivers\xboxgip.sys
Driver: [XINPUT HID Filter Driver] C:\Windows\System32\drivers\xinputhid.sys
Driver: [MBAMSwissArmy] (Malwarebytes Corporation) C:\Windows\System32\drivers\mbamswissarmy.sys
Driver: [MBAMProtection] (Malwarebytes Corporation) C:\Windows\System32\drivers\mbam.sys
Driver: [MBAMFarflt] (Malwarebytes Corporation) C:\Windows\System32\drivers\farflt.sys
Driver: [Malwarebytes Anti-Exploit] (Malwarebytes Corporation) C:\Windows\System32\drivers\mbae64.sys
Driver: [Aladdin IFD Handler] (Aladdin Knowledge Systems Inc.) C:\Windows\System32\drivers\aksifdh.sys
Driver: [Rainbow iKey Enumerator] (SafeNet, Inc.) C:\Windows\System32\drivers\ikeyenum.sys
Driver: [Rainbow iKey Virtual Reader] (SafeNet, Inc.) C:\Windows\System32\drivers\ikeyifd.sys
Driver: [MBAMWebProtection] (Malwarebytes Corporation) C:\Windows\System32\drivers\mwac.sys
Driver: [epp] (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\epp.sys
 
==================== Startups (Filtered) ========================================
 
RegistryHCURun: [NordVPN] (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn.exe
RegistryHLMRun: [SACMonitor] (gemalto) C:\Program Files\safenet\authentication\sac\x64\sacmonitor.exe
RegistryHLMRun: [emsisoft anti-malware] (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\a2guard.exe
RegistryHLMRun: [ZALFree] (Zemana Ltd.) C:\Program Files (x86)\zemana antilogger free\antilogger free.exe
RegistryHLMRun: [Live Update] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\live update\live update.exe
RegistryHLMRun: [MSIRegister] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\msi\msiregister\msiregister.exe
RegistryHLMRun: [Malwarebytes Anti-Exploit] (Malwarebytes Corporation) C:\Program Files (x86)\malwarebytes anti-exploit\mbae.exe
RegistryHLMRun: [Comodo Dome Shield Tray Helper] (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield agent\cshield_tray_helper.exe
RegistryHLMRun: [Comodo Dome Shield IP Updater] (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield ip updater\cshieldipupdater.exe
RegistryHCURun: [NordVPN] (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn.exe
ScheduledTasksStartup: [GoogleUpdateTaskMachineCore] (Google Inc) C:\Program Files (x86)\google\update\googleupdate.exe
ScheduledTasksStartup: [MSI_Toast_Server] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\msi toast server\msitoastserver.exe
ScheduledTasksStartup: [Tweaking.com - Windows Repair Tray Icon] (Tweaking LLC) C:\Program Files (x86)\tweaking.com\Windows repair (all in one)\wr_tray_icon.exe
ScheduledTasksStartup: [AntimalwareMigrationTask] (Symantec Corporation) C:\Program Files\Common Files\av\norton security\upgrade.exe
 
==================== Tasks (Filtered) ========================================
 
ScheduledTask: [GoogleUpdateTaskMachineCore] (Google Inc) C:\Program Files (x86)\google\update\googleupdate.exe
ScheduledTask: [MSI_Toast_Server] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\msi toast server\msitoastserver.exe
ScheduledTask: [Norton Security Scan for Danny] (Symantec Corporation) C:\Program Files (x86)\norton security scan\engine\4.6.1.145\nss.exe
ScheduledTask: [Norton WSC Integration] (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\wscstub.exe
ScheduledTask: [Tweaking.com - Windows Repair Tray Icon] (Tweaking LLC) C:\Program Files (x86)\tweaking.com\Windows repair (all in one)\wr_tray_icon.exe
ScheduledTask: [Norton Security Autofix] (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\symerr.exe
ScheduledTask: [AntimalwareMigrationTask] (Symantec Corporation) C:\Program Files\Common Files\av\norton security\upgrade.exe
 
==================== ASEPs (Filtered) ========================================
 
AppInitDLL: [keycrypt32(1).dll] (Zemana Ltd.) C:\Program Files (x86)\keycryptsdk\keycrypt32(1).dll
ContextMenuHandler: [BUContextMenu] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\bushell.dll
ContextMenuHandler: [Symantec.Norton.Antivirus.IEContextMenu] (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\navshext.dll
ContextMenuHandler: [NvCplDesktopContext] (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
PropertySheetHandler: [BuPropertySheet] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\bushell.dll
ShellOpenCommand: [WinRAR] (win.rar GmbH) C:\Program Files\winrar\winrar.exe
 
==================== Internet (Filtered) ========================================
 
[Nothing interesting]
 
==================== Policies (Filtered) ========================================
 
[Nothing interesting]
 
==================== Customs ========================================
 
[Nothing interesting]
 
==================== Paths ========================================
 
[Nothing interesting]
 
==================== Anti-virus/Anti-malware Programs ========================================
 
AV: Norton Antivirus by Symantec Corporation version 15.0.0.80[C:\Program Files\Norton Security\Engine\22.10.0.85\NS.exe]
AV: Malwarebytes Anti-Malware by Malwarebytes Corporation version 3.0.0.1284[C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe]
AV: Windows Defender by Microsoft Corporation version 4.10.14393.0 (rs1_release.160715-1616)[C:\Program Files\windows defender\msascui.exe]
AV: Norton Security Scan version 4.6.1.145[c:\program files\norton security\engine\22.10.0.85\wscstub.exe]
 
==================== Programs ========================================
 
Program: UCheck version 2.3.2.0 by Adlice Software 2.3.2.0 ("C:\Program Files\UCheck\unins000.exe")
Program: Malwarebytes Anti-Exploit version 1.11.1.48 by Malwarebytes 1.11.1.48 ("C:\Program Files (x86)\Malwarebytes Anti-Exploit\unins000.exe")
Program: TAP-NordVPN 9.21.2 by NordVPN.com 9.21.2 (C:\Program Files\TAP-NordVPN\Uninstall.exe)
Program: WinRAR 5.50 (64-bit) by win.rar GmbH 5.50.0 (C:\Program Files\WinRAR\uninstall.exe)
Program: SafeNet Authentication Client 10.3 by Gemalto 10.3.25.0 (MsiExec.exe /X{2F50DC95-4FAE-4025-84F3-844C2100ABE5})
Program: Malwarebytes version 3.3.1.2183 by Malwarebytes 3.3.1.2183 ("C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe" /LOG)
Program: Windows 10 Update and Privacy Settings by Microsoft Corporation 1.0.14.0 (MsiExec.exe /X{4DFCD818-036A-4229-A67D-CF17DC461D92})
Program: Emsisoft Anti-Malware by Emsisoft Ltd. 2017.4 ("C:\Program Files\Emsisoft Anti-Malware\unins000.exe")
Program: Killer Bandwidth Control Filter Driver by Rivet Networks 1.1.57.1125 (MsiExec.exe /X{5B7A2B7B-CEA9-4E50-B0E4-E82F204CBE78})
Program: Killer E220x Drivers by Rivet Networks 1.1.57.1125 (MsiExec.exe /X{77C95134-CA2D-4614-9C86-55B7A6A281AA})
Program: Update for Windows 10 for x64-based Systems (KB4023057) by Microsoft Corporation 2.11.0.0 (MsiExec.exe /X{AC0D130B-8809-4125-811F-667893B90644})
Program: NVIDIA Graphics Driver 390.77 by NVIDIA Corporation 390.77 ("C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver)
Program: NVIDIA PhysX System Software 9.17.0524 by NVIDIA Corporation 9.17.0524 ("C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX)
Program: NVIDIA HD Audio Driver 1.3.36.6 by NVIDIA Corporation 1.3.36.6 ("C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage HDAudio.Driver)
Program: Google Chrome by Google Inc. 64.0.3282.140 ("C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.140\Installer\setup.exe" --uninstall --system-level --verbose-logging)
Program: NordVPN by NordVPN 6.11.11 (C:\ProgramData\Caphyon\Advanced Installer\{268B3D75-199F-4844-9AFF-36A629814C8B}\NordVPNSetup.exe /i {268B3D75-199F-4844-9AFF-36A629814C8B} AI_UNINSTALLER_CTP=1)
Program: Norton Security by Symantec Corporation 22.10.0.85 ("C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS\A5E82D02\22.10.0.85\InstStub.exe" /X /ARP)
Program: Norton Security Scan by Symantec Corporation 4.6.1.145 (C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.145\InstWrap.exe)
Program: Reason Core Security by Reason Software Company Inc. 1.1.0.0 ("C:\Program Files\Reason\Security\uninstall.exe")
Program: Tweaking.com - Windows Repair by Tweaking.com 4.0.13 ("C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\uninstall.exe" "/U:C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Uninstall\uninstall.xml")
Program: Google Toolbar for Internet Explorer by Google Inc. 1.0.0 (MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C})
Program: Comodo Dome Shield IP Updater Agent by COMODO 1.0.0.2 (MsiExec.exe /I{302BFEBD-A200-4588-A734-22D77AE90DD4})
Program: MSI Live Update 6 by MSI 6.2.0.27 ("C:\Program Files (x86)\MSI\Live Update\unins000.exe")
Program: Google Update Helper by Google Inc. 1.3.33.7 (MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA})
Program: Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 by Microsoft Corporation 12.0.21005.1 ("C:\ProgramData\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe"  /uninstall)
Program: MSIRegister by MSI 2.0.0.10 ("C:\MSI\MSIRegister\unins000.exe")
Program: Comodo Shield Agent by COMODO 1.2.0.6 (MsiExec.exe /I{89047C23-659B-4718-BD55-8950BC33353E})
Program: AntiLogger Free version 1.8.2.320 by Zemana Ltd. 1.8.2.320 ("C:\Program Files (x86)\Zemana AntiLogger Free\unins000.exe")
Program: Intel® Chipset Device Software by Intel® Corporation 10.1.1.9 ("C:\ProgramData\Package Cache\{c7f54569-0018-439c-809a-48046a4d4ebc}\SetupChipset.exe"  /uninstall)
Program: Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 by Microsoft Corporation 12.0.21005.1 ("C:\ProgramData\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe"  /uninstall)
Program: Windows 10 Update Assistant by Microsoft Corporation 1.4.9200.22350 ("C:\Windows10Upgrade\Windows10UpgraderApp.exe" /Uninstall)
Program: Killer Performance Suite by Rivet Networks 1.1.57.1125 ("C:\Program Files (x86)\InstallShield Installation Information\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}\PerformanceSuite.exe" -remove -runfromtemp)
Program: Microsoft OneDrive by Microsoft Corporation 17.3.7294.0108 (C:\Users\Danny\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\OneDriveSetup.exe  /uninstall )


#4 frazz

frazz
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 07 February 2018 - 02:26 AM

 
Reason Core Security Diagnostic Scan (version 1.1.0.0)
Created on 2/7/2018 2:25:59 AM by Danny (Administrator rights, UAC enabled)
Windows 10 Pro (x64) 
Installed in C:\Program Files\Reason\Security
Internet Explorer 9.11.14393.0 (default browser)
Google Chrome 64.0.3282.140
 
==================== Processes (Filtered) ========================================
 
Process: (Google Inc) C:\Program Files (x86)\google\chrome\application\chrome.exe
Process: (MICRO-STAR INTERNATIONAL CO., LTD.) C:\msi\msiregister\msiregisterservice.exe
Process: (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\resources\binaries\64bit\openvpn-nordvpn.exe
Process: (Malwarebytes Corporation) C:\Program Files (x86)\malwarebytes anti-exploit\mbae64.exe
Process: (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield agent\cshield.exe
Process: (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\a2service.exe
Process: (Malwarebytes Corporation) C:\Program Files\malwarebytes\anti-malware\mbamtray.exe
Process: (Google Inc) C:\Program Files (x86)\google\google toolbar\googletoolbaruser_32.exe
Process: (gemalto) C:\Program Files\safenet\authentication\sac\x64\sacsrv.exe
Process: (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\conathst.exe
Process: C:\Program Files (x86)\comodo\shield agent\dnscrypt-proxy.exe
Process: (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield agent\cshield_tray_helper.exe
Process: (Zemana Bilisim Teknolojileri Sanayi Ticaret Limited Sirketi) C:\Program Files (x86)\zemana antimalware\zam.exe
Process: (NVIDIA Corporation) C:\Program Files (x86)\nvidia corporation\nvtelemetry\nvtelemetrycontainer.exe
Process: (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\ns.exe
Process: (Google Inc) C:\Program Files (x86)\google\update\1.3.33.7\googlecrashhandler64.exe
Process: (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn.exe
Process: (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\a2start.exe
Process: (Intel Corporation) C:\Windows\System32\igfxhk.exe
Process: (NVIDIA Corporation) C:\Program Files\nvidia corporation\display.nvcontainer\nvdisplay.container.exe
Process: (Malwarebytes Corporation) C:\Program Files\malwarebytes\anti-malware\mbamservice.exe
Process: (Intel Corporation) C:\Windows\System32\igfxcuiservice.exe
Process: (Malwarebytes Corporation) C:\Program Files\malwarebytes\anti-malware\mbam.exe
Process: (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn-service.exe
Process: (Adlice) C:\Program Files\ucheck\ucheck64.exe
Process: (gemalto) C:\Program Files\safenet\authentication\sac\x64\sactools.exe
Process: (Zemana Ltd.) C:\Program Files (x86)\zemana antilogger free\antilogger free.exe
Process: (Intel Corporation) C:\Windows\System32\igfxtray.exe
Process: (Intel Corporation) C:\Windows\System32\igfxem.exe
Process: (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\live update\msi_liveupdate_service.exe
Process: (Google Inc) C:\Program Files (x86)\google\update\1.3.33.7\googlecrashhandler.exe
 
==================== Browsers (Filtered) ========================================
 
 
========== Internet Explorer (C:\Program Files\Internet Explorer\IExplore.exe) ==========
 
IEBHO: [{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} / Norton Identity Safety] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\coieplg.dll
IEBHO: [{AA58ED58-01DD-4d91-8333-CF10577473F7} / Google Toolbar Helper] (Google Inc) C:\Program Files (x86)\google\google toolbar\googletoolbar_32.dll
IEToolbar: [{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Inc) C:\Program Files (x86)\google\google toolbar\googletoolbar_32.dll
IEToolbar: [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\coieplg.dll
IEWebBrowser: [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\coieplg.dll
IEWebBrowser: [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] (Google Inc) C:\Program Files (x86)\google\google toolbar\googletoolbar_32.dll
SearchScope: [@ieframe.dll,-12512 / {0633EE93-D776-472f-A0FF-E1416B8B2E3A}] http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScope: [@ieframe.dll,-12512 / {0633EE93-D776-472f-A0FF-E1416B8B2E3A}] http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScope: [Bing / {0633EE93-D776-472f-A0FF-E1416B8B2E3A}] http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScope: [Norton Safe Search / {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}] https://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=oem&geo=US&ver=22.10.0.85&locale=en_US&guid=CD2A8243-B5BE-4488-8524-EA0BB83A9DE0&doi=2018-02-06&gct=kwd&qsrc=2869 (default) ***Attention***
 
========== Google Chrome (C:\Program Files (x86)\Google\Chrome\Application\chrome.exe) ==========
 
ChromeExtension: C:\Program Files\norton security\engine\22.10.0.85\exts\chrome.crx
ChromeExtension: [Slides] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\manifest.json
ChromeExtension: [Docs] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\manifest.json
ChromeExtension: [Google Drive] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json
ChromeExtension: [TunnelBear Blocker] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\bebdhgdigjiiamnkcenegafmfjoghafk\0.9.8_0\manifest.json
ChromeExtension: [WOT: Web of Trust, Website Reputation Ratings] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\bhmmomiinigofkjcapegjjndpbikblnp\4.0.6.5_0\manifest.json
ChromeExtension: [YouTube] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\manifest.json
ChromeExtension: [Norton Security Toolbar] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe\2017.12.0.5_0\manifest.json
ChromeExtension: [uBlock Origin] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.15.2_0\manifest.json
ChromeExtension: [Sheets] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\manifest.json
ChromeExtension: [HTTPS Everywhere] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\gcbommkclmclpchllfjekcdonpmejbdp\2018.1.29_0\manifest.json
ChromeExtension: [Norton Home Page for Chrome] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\gfoabcdjalmeenbjjngidappmppchblc\1.0.0.20_0\manifest.json ***PUP.Norton.Ask.Search***
ChromeExtension: [Norton Safe] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\hbmobhkkblcgdifigjglcjneplefbkmh\2.0.26_0\manifest.json ***PUP.Norton.Ask.Search***
ChromeExtension: [Norton Identity Safe] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\manifest.json
ChromeExtension: [Chrome Web Store Payments] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.3_0\manifest.json
ChromeExtension: [TunnelBear Inc.] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\omdakjcmkglenbhjadbccaookpfjihpa\2.0.1_0\manifest.json
ChromeExtension: [Gmail] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\manifest.json
ChromeExtension: [Chrome Media Router] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\6417.1211.0.0_0\manifest.json
 
==================== Services (Filtered) ========================================
 
Service: [Intel® Content Protection HECI Service] (Intel Corporation) C:\Windows\syswow64\intelcphecisvc.exe
Service: [Google Update Service (gupdate)] (Google Inc) C:\Program Files (x86)\google\update\googleupdate.exe
Service: [Google Software Updater] (Google Inc) C:\Program Files (x86)\google\common\google updater\googleupdaterservice.exe
Service: [Intel® HD Graphics Control Panel Service] (Intel Corporation) C:\Windows\System32\igfxcuiservice.exe
Service: [Malwarebytes Anti-Exploit Service] (Malwarebytes Corporation) C:\Program Files (x86)\malwarebytes anti-exploit\mbae-svc.exe
Service: [Malwarebytes Service] (Malwarebytes Corporation) C:\Program Files\malwarebytes\anti-malware\mbamservice.exe
Service: [MSIREGISTER_MR] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\msi\msiregister\msiregisterservice.exe
Service: [MSI Live Update Service] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\live update\msi_liveupdate_service.exe
Service: [nordvpn-service] (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn-service.exe
Service: [Norton Security] (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\ns.exe
Service: [NVIDIA Display Container LS] (NVIDIA Corporation) C:\Program Files\nvidia corporation\display.nvcontainer\nvdisplay.container.exe
Service: [NVIDIA Telemetry Container] (NVIDIA Corporation) C:\Program Files (x86)\nvidia corporation\nvtelemetry\nvtelemetrycontainer.exe
Service: [SACSrv] (gemalto) C:\Program Files\safenet\authentication\sac\x64\sacsrv.exe
Service: [cShield] (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield agent\cshield.exe
Service: [dnscrypt-proxy] C:\Program Files (x86)\comodo\shield agent\dnscrypt-proxy.exe
Service: [Emsisoft Protection Service] (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\a2service.exe
Service: [ZAM Controller Service] (Zemana Bilisim Teknolojileri Sanayi Ticaret Limited Sirketi) C:\Program Files (x86)\zemana antimalware\zam.exe
 
==================== Drivers (Filtered) ========================================
 
Driver: [bcmfn Service] C:\Windows\System32\drivers\bcmfn.sys
Driver: [bcmfn2 Service] C:\Windows\System32\drivers\bcmfn2.sys
Driver: [Killer Bandwidth Control] (Rivet Networks LLC) C:\Windows\System32\drivers\bwcw10x64.sys
Driver: [BHDrvx64] (Symantec Corporation) C:\Program Files\norton security\nortondata\22.9.0.71\definitions\bashdefs\20180201.001\bhdrvx64.sys
Driver: [HID driver for CapImg touch screen] C:\Windows\System32\drivers\capimg.sys
Driver: [NS Settings Manager] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\ccsetx64.sys
Driver: [Composite Bus Enumerator Driver] C:\Windows\System32\driverstore\filerepository\compositebus.inf_amd64_a140581a8f8b58b7\compositebus.sys
Driver: [Symantec Eraser Control driver] (Symantec Corporation) C:\Program Files (x86)\Common Files\symantec shared\eengine\eectrl64.sys
Driver: [EraserUtilRebootDrv] (Symantec Corporation) C:\Program Files (x86)\Common Files\symantec shared\eengine\eraserutilrebootdrv.sys
Driver: [Generic USB Function Class] C:\Windows\System32\drivers\genericusbfn.sys
Driver: [Intel Serial IO GPIO Controller Driver] C:\Windows\System32\drivers\iagpio.sys
Driver: [Intel® Serial IO I2C Host Controller] C:\Windows\System32\drivers\iai2c.sys
Driver: [Intel® Serial IO GPIO Driver v2] C:\Windows\System32\drivers\ialpss2i_gpio2.sys
Driver: [Intel® Serial IO I2C Driver v2] (Intel Corporation) C:\Windows\System32\drivers\ialpss2i_i2c.sys
Driver: [Intel® Serial IO GPIO Controller Driver] (Intel Corporation) C:\Windows\System32\drivers\ialpssi_gpio.sys
Driver: [Intel® Serial IO I2C Controller Driver] C:\Windows\System32\drivers\ialpssi_i2c.sys
Driver: [IDSVia64] (Symantec Corporation) C:\Program Files\norton security\nortondata\22.9.0.71\definitions\ipsdefs\20180206.001\idsvia64.sys
Driver: [igfx] (Intel Corporation) C:\Windows\System32\drivers\igdkmd64.sys
Driver: [Intel® Display Audio] (Intel Corporation) C:\Windows\System32\drivers\intcdaud.sys
Driver: [Microsoft Kernel Debug Network Miniport (NDIS 6.20)] C:\Windows\System32\drivers\kdnic.sys
Driver: [keycrypt] (Zemana Ltd.) C:\Windows\System32\drivers\keycrypt64.sys
Driver: [NDIS Miniport Driver for Killer PCI-E Gigabit Ethernet Controller] (Rivet Networks LLC) C:\Windows\System32\drivers\e2xw10x64.sys
Driver: [MBAMChameleon] (Malwarebytes Corporation) C:\Windows\System32\drivers\mbamchameleon.sys
Driver: [Intel® Management Engine Interface ] (Intel Corporation) C:\Windows\System32\drivers\teedriverw8x64.sys
Driver: [Service for NVIDIA High Definition Audio Driver] (NVIDIA Corporation) C:\Windows\System32\drivers\nvhda64v.sys
Driver: [nvlddmkm] (NVIDIA Corporation) C:\Windows\System32\driverstore\filerepository\nv_dispi.inf_amd64_7a39871618b19f06\nvlddmkm.sys
Driver: [NVIDIA Stereoscopic 3D USB driver] (NVIDIA Corporation) C:\Windows\System32\drivers\nvstusb.sys
Driver: [Microsoft NVDIMM-N disk driver] C:\Windows\System32\drivers\scmdisk0101.sys
Driver: [Symantec Real Time Storage Protection x64] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\srtsp64.sys
Driver: [Symantec Real Time Storage Protection (PEL) x64] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\srtspx64.sys
Driver: [Symantec Extended File Attributes (SI)] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\symefasi64.sys
Driver: [SymEvent] (Symantec Corporation) C:\Windows\System32\drivers\symevent64x86.sys
Driver: [Symantec Iron Driver] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\ironx64.sys
Driver: [Symantec Network Security WFP Driver] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\symnets.sys
Driver: [Synth3dVsc] C:\Windows\System32\drivers\synth3dvsc.sys
Driver: [TAP-NordVPN Windows Adapter V9] (TEFINCOM S.A.) C:\Windows\System32\drivers\tapnordvpn.sys
Driver: [USB Connector Manager UCSI Client] C:\Windows\System32\drivers\ucmucsi.sys
Driver: [Xbox Game Input Protocol Driver] C:\Windows\System32\drivers\xboxgip.sys
Driver: [XINPUT HID Filter Driver] C:\Windows\System32\drivers\xinputhid.sys
Driver: [MBAMSwissArmy] (Malwarebytes Corporation) C:\Windows\System32\drivers\mbamswissarmy.sys
Driver: [MBAMProtection] (Malwarebytes Corporation) C:\Windows\System32\drivers\mbam.sys
Driver: [MBAMFarflt] (Malwarebytes Corporation) C:\Windows\System32\drivers\farflt.sys
Driver: [Malwarebytes Anti-Exploit] (Malwarebytes Corporation) C:\Windows\System32\drivers\mbae64.sys
Driver: [Aladdin IFD Handler] (Aladdin Knowledge Systems Inc.) C:\Windows\System32\drivers\aksifdh.sys
Driver: [Rainbow iKey Enumerator] (SafeNet, Inc.) C:\Windows\System32\drivers\ikeyenum.sys
Driver: [Rainbow iKey Virtual Reader] (SafeNet, Inc.) C:\Windows\System32\drivers\ikeyifd.sys
Driver: [MBAMWebProtection] (Malwarebytes Corporation) C:\Windows\System32\drivers\mwac.sys
Driver: [epp] (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\epp.sys
Driver: [ZAM Guard Driver] (Zemana Ltd.) C:\Windows\System32\drivers\zamguard64.sys
Driver: [ZAM Helper Driver] (Zemana Ltd.) C:\Windows\System32\drivers\zam64.sys
 
==================== Startups (Filtered) ========================================
 
RegistryHCURun: [NordVPN] (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn.exe
RegistryHLMRun: [SACMonitor] (gemalto) C:\Program Files\safenet\authentication\sac\x64\sacmonitor.exe
RegistryHLMRun: [ZAM] (Zemana Bilisim Teknolojileri Sanayi Ticaret Limited Sirketi) C:\Program Files (x86)\zemana antimalware\zam.exe
RegistryHLMRun: [ZALFree] (Zemana Ltd.) C:\Program Files (x86)\zemana antilogger free\antilogger free.exe
RegistryHLMRun: [Live Update] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\live update\live update.exe
RegistryHLMRun: [MSIRegister] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\msi\msiregister\msiregister.exe
RegistryHLMRun: [Malwarebytes Anti-Exploit] (Malwarebytes Corporation) C:\Program Files (x86)\malwarebytes anti-exploit\mbae.exe
RegistryHLMRun: [Comodo Dome Shield Tray Helper] (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield agent\cshield_tray_helper.exe
RegistryHLMRun: [Comodo Dome Shield IP Updater] (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield ip updater\cshieldipupdater.exe
RegistryHCURun: [NordVPN] (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn.exe
ScheduledTasksStartup: [GoogleUpdateTaskMachineCore] (Google Inc) C:\Program Files (x86)\google\update\googleupdate.exe
ScheduledTasksStartup: [MSI_Toast_Server] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\msi toast server\msitoastserver.exe
ScheduledTasksStartup: [Tweaking.com - Windows Repair Tray Icon] (Tweaking LLC) C:\Program Files (x86)\tweaking.com\Windows repair (all in one)\wr_tray_icon.exe
ScheduledTasksStartup: [AntimalwareMigrationTask] (Symantec Corporation) C:\Program Files\Common Files\av\norton security\upgrade.exe
 
==================== Tasks (Filtered) ========================================
 
ScheduledTask: [GoogleUpdateTaskMachineCore] (Google Inc) C:\Program Files (x86)\google\update\googleupdate.exe
ScheduledTask: [MSI_Toast_Server] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\msi toast server\msitoastserver.exe
ScheduledTask: [Norton Security Scan for Danny] (Symantec Corporation) C:\Program Files (x86)\norton security scan\engine\4.6.1.145\nss.exe
ScheduledTask: [Norton WSC Integration] (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\wscstub.exe
ScheduledTask: [Tweaking.com - Windows Repair Tray Icon] (Tweaking LLC) C:\Program Files (x86)\tweaking.com\Windows repair (all in one)\wr_tray_icon.exe
ScheduledTask: [Norton Security Autofix] (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\symerr.exe
ScheduledTask: [AntimalwareMigrationTask] (Symantec Corporation) C:\Program Files\Common Files\av\norton security\upgrade.exe
 
==================== ASEPs (Filtered) ========================================
 
ContextMenuHandler: [2.0 Zemana AntiMalware] (Zemana Ltd.) C:\Program Files (x86)\zemana antimalware\zamshellext32.dll
ContextMenuHandler: [BUContextMenu] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\bushell.dll
ContextMenuHandler: [Symantec.Norton.Antivirus.IEContextMenu] (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\navshext.dll
ContextMenuHandler: [NvCplDesktopContext] (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
PropertySheetHandler: [BuPropertySheet] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\bushell.dll
ShellOpenCommand: [WinRAR] (win.rar GmbH) C:\Program Files\winrar\winrar.exe
 
==================== Internet (Filtered) ========================================
 
[Nothing interesting]
 
==================== Policies (Filtered) ========================================
 
[Nothing interesting]
 
==================== Customs ========================================
 
[Nothing interesting]
 
==================== Paths ========================================
 
[Nothing interesting]
 
==================== Anti-virus/Anti-malware Programs ========================================
 
AV: Norton Antivirus by Symantec Corporation version 15.0.0.80[C:\Program Files\Norton Security\Engine\22.10.0.85\NS.exe]
AV: Malwarebytes Anti-Malware by Malwarebytes Corporation version 3.1.0.595[C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe]
AV: Windows Defender by Microsoft Corporation version 4.10.14393.0 (rs1_release.160715-1616)[C:\Program Files\windows defender\msascui.exe]
AV: Norton Security Scan version 4.6.1.145[c:\program files\norton security\engine\22.10.0.85\wscstub.exe]
 
==================== Programs ========================================
 
Program: UCheck version 2.3.2.0 by Adlice Software 2.3.2.0 ("C:\Program Files\UCheck\unins000.exe")
Program: Malwarebytes Anti-Exploit version 1.11.1.48 by Malwarebytes 1.11.1.48 ("C:\Program Files (x86)\Malwarebytes Anti-Exploit\unins000.exe")
Program: TAP-NordVPN 9.21.2 by NordVPN.com 9.21.2 (C:\Program Files\TAP-NordVPN\Uninstall.exe)
Program: WinRAR 5.50 (64-bit) by win.rar GmbH 5.50.0 (C:\Program Files\WinRAR\uninstall.exe)
Program: SafeNet Authentication Client 10.3 by Gemalto 10.3.25.0 (MsiExec.exe /X{2F50DC95-4FAE-4025-84F3-844C2100ABE5})
Program: Malwarebytes version 3.3.1.2183 by Malwarebytes 3.3.1.2183 ("C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe" /LOG)
Program: Windows 10 Update and Privacy Settings by Microsoft Corporation 1.0.14.0 (MsiExec.exe /X{4DFCD818-036A-4229-A67D-CF17DC461D92})
Program: Emsisoft Anti-Malware by Emsisoft Ltd. 2017.4 ("C:\Program Files\Emsisoft Anti-Malware\unins000.exe")
Program: Killer Bandwidth Control Filter Driver by Rivet Networks 1.1.57.1125 (MsiExec.exe /X{5B7A2B7B-CEA9-4E50-B0E4-E82F204CBE78})
Program: Killer E220x Drivers by Rivet Networks 1.1.57.1125 (MsiExec.exe /X{77C95134-CA2D-4614-9C86-55B7A6A281AA})
Program: Update for Windows 10 for x64-based Systems (KB4023057) by Microsoft Corporation 2.11.0.0 (MsiExec.exe /X{AC0D130B-8809-4125-811F-667893B90644})
Program: NVIDIA Graphics Driver 390.77 by NVIDIA Corporation 390.77 ("C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver)
Program: NVIDIA PhysX System Software 9.17.0524 by NVIDIA Corporation 9.17.0524 ("C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX)
Program: NVIDIA HD Audio Driver 1.3.36.6 by NVIDIA Corporation 1.3.36.6 ("C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage HDAudio.Driver)
Program: Google Chrome by Google Inc. 64.0.3282.140 ("C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.140\Installer\setup.exe" --uninstall --system-level --verbose-logging)
Program: NordVPN by NordVPN 6.11.11 (C:\ProgramData\Caphyon\Advanced Installer\{268B3D75-199F-4844-9AFF-36A629814C8B}\NordVPNSetup.exe /i {268B3D75-199F-4844-9AFF-36A629814C8B} AI_UNINSTALLER_CTP=1)
Program: Norton Security by Symantec Corporation 22.10.0.85 ("C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS\A5E82D02\22.10.0.85\InstStub.exe" /X /ARP)
Program: Norton Security Scan by Symantec Corporation 4.6.1.145 (C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.145\InstWrap.exe)
Program: Reason Core Security by Reason Software Company Inc. 1.1.0.0 ("C:\Program Files\Reason\Security\uninstall.exe")
Program: Tweaking.com - Windows Repair by Tweaking.com 4.0.13 ("C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\uninstall.exe" "/U:C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Uninstall\uninstall.xml")
Program: Google Toolbar for Internet Explorer by Google Inc. 1.0.0 (MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C})
Program: Comodo Dome Shield IP Updater Agent by COMODO 1.0.0.2 (MsiExec.exe /I{302BFEBD-A200-4588-A734-22D77AE90DD4})
Program: MSI Live Update 6 by MSI 6.2.0.27 ("C:\Program Files (x86)\MSI\Live Update\unins000.exe")
Program: Google Update Helper by Google Inc. 1.3.33.7 (MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA})
Program: Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 by Microsoft Corporation 12.0.21005.1 ("C:\ProgramData\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe"  /uninstall)
Program: MSIRegister by MSI 2.0.0.10 ("C:\MSI\MSIRegister\unins000.exe")
Program: Comodo Shield Agent by COMODO 1.2.0.6 (MsiExec.exe /I{89047C23-659B-4718-BD55-8950BC33353E})
Program: Zemana AntiMalware by Zemana Ltd. 2.74.0.150 ("C:\Program Files (x86)\Zemana AntiMalware\unins000.exe")
Program: AntiLogger Free version 1.8.2.320 by Zemana Ltd. 1.8.2.320 ("C:\Program Files (x86)\Zemana AntiLogger Free\unins000.exe")
Program: Intel® Chipset Device Software by Intel® Corporation 10.1.1.9 ("C:\ProgramData\Package Cache\{c7f54569-0018-439c-809a-48046a4d4ebc}\SetupChipset.exe"  /uninstall)
Program: Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 by Microsoft Corporation 12.0.21005.1 ("C:\ProgramData\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe"  /uninstall)
Program: Windows 10 Update Assistant by Microsoft Corporation 1.4.9200.22350 ("C:\Windows10Upgrade\Windows10UpgraderApp.exe" /Uninstall)
Program: Killer Performance Suite by Rivet Networks 1.1.57.1125 ("C:\Program Files (x86)\InstallShield Installation Information\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}\PerformanceSuite.exe" -remove -runfromtemp)
Program: Microsoft OneDrive by Microsoft Corporation 17.3.7294.0108 (C:\Users\Danny\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\OneDriveSetup.exe  /uninstall )
 


#5 frazz

frazz
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 07 February 2018 - 02:29 AM

 
Reason Core Security Diagnostic Scan (version 1.1.0.0)
Created on 2/7/2018 2:25:59 AM by Danny (Administrator rights, UAC enabled)
Windows 10 Pro (x64) 
Installed in C:\Program Files\Reason\Security
Internet Explorer 9.11.14393.0 (default browser)
Google Chrome 64.0.3282.140
 
==================== Processes (Filtered) ========================================
 
Process: (Google Inc) C:\Program Files (x86)\google\chrome\application\chrome.exe
Process: (MICRO-STAR INTERNATIONAL CO., LTD.) C:\msi\msiregister\msiregisterservice.exe
Process: (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\resources\binaries\64bit\openvpn-nordvpn.exe
Process: (Malwarebytes Corporation) C:\Program Files (x86)\malwarebytes anti-exploit\mbae64.exe
Process: (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield agent\cshield.exe
Process: (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\a2service.exe
Process: (Malwarebytes Corporation) C:\Program Files\malwarebytes\anti-malware\mbamtray.exe
Process: (Google Inc) C:\Program Files (x86)\google\google toolbar\googletoolbaruser_32.exe
Process: (gemalto) C:\Program Files\safenet\authentication\sac\x64\sacsrv.exe
Process: (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\conathst.exe
Process: C:\Program Files (x86)\comodo\shield agent\dnscrypt-proxy.exe
Process: (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield agent\cshield_tray_helper.exe
Process: (Zemana Bilisim Teknolojileri Sanayi Ticaret Limited Sirketi) C:\Program Files (x86)\zemana antimalware\zam.exe
Process: (NVIDIA Corporation) C:\Program Files (x86)\nvidia corporation\nvtelemetry\nvtelemetrycontainer.exe
Process: (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\ns.exe
Process: (Google Inc) C:\Program Files (x86)\google\update\1.3.33.7\googlecrashhandler64.exe
Process: (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn.exe
Process: (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\a2start.exe
Process: (Intel Corporation) C:\Windows\System32\igfxhk.exe
Process: (NVIDIA Corporation) C:\Program Files\nvidia corporation\display.nvcontainer\nvdisplay.container.exe
Process: (Malwarebytes Corporation) C:\Program Files\malwarebytes\anti-malware\mbamservice.exe
Process: (Intel Corporation) C:\Windows\System32\igfxcuiservice.exe
Process: (Malwarebytes Corporation) C:\Program Files\malwarebytes\anti-malware\mbam.exe
Process: (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn-service.exe
Process: (Adlice) C:\Program Files\ucheck\ucheck64.exe
Process: (gemalto) C:\Program Files\safenet\authentication\sac\x64\sactools.exe
Process: (Zemana Ltd.) C:\Program Files (x86)\zemana antilogger free\antilogger free.exe
Process: (Intel Corporation) C:\Windows\System32\igfxtray.exe
Process: (Intel Corporation) C:\Windows\System32\igfxem.exe
Process: (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\live update\msi_liveupdate_service.exe
Process: (Google Inc) C:\Program Files (x86)\google\update\1.3.33.7\googlecrashhandler.exe
 
==================== Browsers (Filtered) ========================================
 
 
========== Internet Explorer (C:\Program Files\Internet Explorer\IExplore.exe) ==========
 
IEBHO: [{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} / Norton Identity Safety] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\coieplg.dll
IEBHO: [{AA58ED58-01DD-4d91-8333-CF10577473F7} / Google Toolbar Helper] (Google Inc) C:\Program Files (x86)\google\google toolbar\googletoolbar_32.dll
IEToolbar: [{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Inc) C:\Program Files (x86)\google\google toolbar\googletoolbar_32.dll
IEToolbar: [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\coieplg.dll
IEWebBrowser: [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\coieplg.dll
IEWebBrowser: [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] (Google Inc) C:\Program Files (x86)\google\google toolbar\googletoolbar_32.dll
SearchScope: [@ieframe.dll,-12512 / {0633EE93-D776-472f-A0FF-E1416B8B2E3A}] http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScope: [@ieframe.dll,-12512 / {0633EE93-D776-472f-A0FF-E1416B8B2E3A}] http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScope: [Bing / {0633EE93-D776-472f-A0FF-E1416B8B2E3A}] http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScope: [Norton Safe Search / {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}] https://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=oem&geo=US&ver=22.10.0.85&locale=en_US&guid=CD2A8243-B5BE-4488-8524-EA0BB83A9DE0&doi=2018-02-06&gct=kwd&qsrc=2869 (default) ***Attention***
 
========== Google Chrome (C:\Program Files (x86)\Google\Chrome\Application\chrome.exe) ==========
 
ChromeExtension: C:\Program Files\norton security\engine\22.10.0.85\exts\chrome.crx
ChromeExtension: [Slides] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\manifest.json
ChromeExtension: [Docs] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\manifest.json
ChromeExtension: [Google Drive] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json
ChromeExtension: [TunnelBear Blocker] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\bebdhgdigjiiamnkcenegafmfjoghafk\0.9.8_0\manifest.json
ChromeExtension: [WOT: Web of Trust, Website Reputation Ratings] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\bhmmomiinigofkjcapegjjndpbikblnp\4.0.6.5_0\manifest.json
ChromeExtension: [YouTube] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\manifest.json
ChromeExtension: [Norton Security Toolbar] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe\2017.12.0.5_0\manifest.json
ChromeExtension: [uBlock Origin] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.15.2_0\manifest.json
ChromeExtension: [Sheets] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\manifest.json
ChromeExtension: [HTTPS Everywhere] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\gcbommkclmclpchllfjekcdonpmejbdp\2018.1.29_0\manifest.json
ChromeExtension: [Norton Home Page for Chrome] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\gfoabcdjalmeenbjjngidappmppchblc\1.0.0.20_0\manifest.json ***PUP.Norton.Ask.Search***
ChromeExtension: [Norton Safe] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\hbmobhkkblcgdifigjglcjneplefbkmh\2.0.26_0\manifest.json ***PUP.Norton.Ask.Search***
ChromeExtension: [Norton Identity Safe] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\manifest.json
ChromeExtension: [Chrome Web Store Payments] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.3_0\manifest.json
ChromeExtension: [TunnelBear Inc.] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\omdakjcmkglenbhjadbccaookpfjihpa\2.0.1_0\manifest.json
ChromeExtension: [Gmail] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\manifest.json
ChromeExtension: [Chrome Media Router] C:\Users\danny\appdata\local\google\chrome\user data\default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\6417.1211.0.0_0\manifest.json
 
==================== Services (Filtered) ========================================
 
Service: [Intel® Content Protection HECI Service] (Intel Corporation) C:\Windows\syswow64\intelcphecisvc.exe
Service: [Google Update Service (gupdate)] (Google Inc) C:\Program Files (x86)\google\update\googleupdate.exe
Service: [Google Software Updater] (Google Inc) C:\Program Files (x86)\google\common\google updater\googleupdaterservice.exe
Service: [Intel® HD Graphics Control Panel Service] (Intel Corporation) C:\Windows\System32\igfxcuiservice.exe
Service: [Malwarebytes Anti-Exploit Service] (Malwarebytes Corporation) C:\Program Files (x86)\malwarebytes anti-exploit\mbae-svc.exe
Service: [Malwarebytes Service] (Malwarebytes Corporation) C:\Program Files\malwarebytes\anti-malware\mbamservice.exe
Service: [MSIREGISTER_MR] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\msi\msiregister\msiregisterservice.exe
Service: [MSI Live Update Service] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\live update\msi_liveupdate_service.exe
Service: [nordvpn-service] (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn-service.exe
Service: [Norton Security] (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\ns.exe
Service: [NVIDIA Display Container LS] (NVIDIA Corporation) C:\Program Files\nvidia corporation\display.nvcontainer\nvdisplay.container.exe
Service: [NVIDIA Telemetry Container] (NVIDIA Corporation) C:\Program Files (x86)\nvidia corporation\nvtelemetry\nvtelemetrycontainer.exe
Service: [SACSrv] (gemalto) C:\Program Files\safenet\authentication\sac\x64\sacsrv.exe
Service: [cShield] (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield agent\cshield.exe
Service: [dnscrypt-proxy] C:\Program Files (x86)\comodo\shield agent\dnscrypt-proxy.exe
Service: [Emsisoft Protection Service] (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\a2service.exe
Service: [ZAM Controller Service] (Zemana Bilisim Teknolojileri Sanayi Ticaret Limited Sirketi) C:\Program Files (x86)\zemana antimalware\zam.exe
 
==================== Drivers (Filtered) ========================================
 
Driver: [bcmfn Service] C:\Windows\System32\drivers\bcmfn.sys
Driver: [bcmfn2 Service] C:\Windows\System32\drivers\bcmfn2.sys
Driver: [Killer Bandwidth Control] (Rivet Networks LLC) C:\Windows\System32\drivers\bwcw10x64.sys
Driver: [BHDrvx64] (Symantec Corporation) C:\Program Files\norton security\nortondata\22.9.0.71\definitions\bashdefs\20180201.001\bhdrvx64.sys
Driver: [HID driver for CapImg touch screen] C:\Windows\System32\drivers\capimg.sys
Driver: [NS Settings Manager] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\ccsetx64.sys
Driver: [Composite Bus Enumerator Driver] C:\Windows\System32\driverstore\filerepository\compositebus.inf_amd64_a140581a8f8b58b7\compositebus.sys
Driver: [Symantec Eraser Control driver] (Symantec Corporation) C:\Program Files (x86)\Common Files\symantec shared\eengine\eectrl64.sys
Driver: [EraserUtilRebootDrv] (Symantec Corporation) C:\Program Files (x86)\Common Files\symantec shared\eengine\eraserutilrebootdrv.sys
Driver: [Generic USB Function Class] C:\Windows\System32\drivers\genericusbfn.sys
Driver: [Intel Serial IO GPIO Controller Driver] C:\Windows\System32\drivers\iagpio.sys
Driver: [Intel® Serial IO I2C Host Controller] C:\Windows\System32\drivers\iai2c.sys
Driver: [Intel® Serial IO GPIO Driver v2] C:\Windows\System32\drivers\ialpss2i_gpio2.sys
Driver: [Intel® Serial IO I2C Driver v2] (Intel Corporation) C:\Windows\System32\drivers\ialpss2i_i2c.sys
Driver: [Intel® Serial IO GPIO Controller Driver] (Intel Corporation) C:\Windows\System32\drivers\ialpssi_gpio.sys
Driver: [Intel® Serial IO I2C Controller Driver] C:\Windows\System32\drivers\ialpssi_i2c.sys
Driver: [IDSVia64] (Symantec Corporation) C:\Program Files\norton security\nortondata\22.9.0.71\definitions\ipsdefs\20180206.001\idsvia64.sys
Driver: [igfx] (Intel Corporation) C:\Windows\System32\drivers\igdkmd64.sys
Driver: [Intel® Display Audio] (Intel Corporation) C:\Windows\System32\drivers\intcdaud.sys
Driver: [Microsoft Kernel Debug Network Miniport (NDIS 6.20)] C:\Windows\System32\drivers\kdnic.sys
Driver: [keycrypt] (Zemana Ltd.) C:\Windows\System32\drivers\keycrypt64.sys
Driver: [NDIS Miniport Driver for Killer PCI-E Gigabit Ethernet Controller] (Rivet Networks LLC) C:\Windows\System32\drivers\e2xw10x64.sys
Driver: [MBAMChameleon] (Malwarebytes Corporation) C:\Windows\System32\drivers\mbamchameleon.sys
Driver: [Intel® Management Engine Interface ] (Intel Corporation) C:\Windows\System32\drivers\teedriverw8x64.sys
Driver: [Service for NVIDIA High Definition Audio Driver] (NVIDIA Corporation) C:\Windows\System32\drivers\nvhda64v.sys
Driver: [nvlddmkm] (NVIDIA Corporation) C:\Windows\System32\driverstore\filerepository\nv_dispi.inf_amd64_7a39871618b19f06\nvlddmkm.sys
Driver: [NVIDIA Stereoscopic 3D USB driver] (NVIDIA Corporation) C:\Windows\System32\drivers\nvstusb.sys
Driver: [Microsoft NVDIMM-N disk driver] C:\Windows\System32\drivers\scmdisk0101.sys
Driver: [Symantec Real Time Storage Protection x64] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\srtsp64.sys
Driver: [Symantec Real Time Storage Protection (PEL) x64] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\srtspx64.sys
Driver: [Symantec Extended File Attributes (SI)] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\symefasi64.sys
Driver: [SymEvent] (Symantec Corporation) C:\Windows\System32\drivers\symevent64x86.sys
Driver: [Symantec Iron Driver] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\ironx64.sys
Driver: [Symantec Network Security WFP Driver] (Symantec Corporation) C:\Windows\System32\drivers\nsx64\160a000.055\symnets.sys
Driver: [Synth3dVsc] C:\Windows\System32\drivers\synth3dvsc.sys
Driver: [TAP-NordVPN Windows Adapter V9] (TEFINCOM S.A.) C:\Windows\System32\drivers\tapnordvpn.sys
Driver: [USB Connector Manager UCSI Client] C:\Windows\System32\drivers\ucmucsi.sys
Driver: [Xbox Game Input Protocol Driver] C:\Windows\System32\drivers\xboxgip.sys
Driver: [XINPUT HID Filter Driver] C:\Windows\System32\drivers\xinputhid.sys
Driver: [MBAMSwissArmy] (Malwarebytes Corporation) C:\Windows\System32\drivers\mbamswissarmy.sys
Driver: [MBAMProtection] (Malwarebytes Corporation) C:\Windows\System32\drivers\mbam.sys
Driver: [MBAMFarflt] (Malwarebytes Corporation) C:\Windows\System32\drivers\farflt.sys
Driver: [Malwarebytes Anti-Exploit] (Malwarebytes Corporation) C:\Windows\System32\drivers\mbae64.sys
Driver: [Aladdin IFD Handler] (Aladdin Knowledge Systems Inc.) C:\Windows\System32\drivers\aksifdh.sys
Driver: [Rainbow iKey Enumerator] (SafeNet, Inc.) C:\Windows\System32\drivers\ikeyenum.sys
Driver: [Rainbow iKey Virtual Reader] (SafeNet, Inc.) C:\Windows\System32\drivers\ikeyifd.sys
Driver: [MBAMWebProtection] (Malwarebytes Corporation) C:\Windows\System32\drivers\mwac.sys
Driver: [epp] (Emsisoft Ltd) C:\Program Files\emsisoft anti-malware\epp.sys
Driver: [ZAM Guard Driver] (Zemana Ltd.) C:\Windows\System32\drivers\zamguard64.sys
Driver: [ZAM Helper Driver] (Zemana Ltd.) C:\Windows\System32\drivers\zam64.sys
 
==================== Startups (Filtered) ========================================
 
RegistryHCURun: [NordVPN] (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn.exe
RegistryHLMRun: [SACMonitor] (gemalto) C:\Program Files\safenet\authentication\sac\x64\sacmonitor.exe
RegistryHLMRun: [ZAM] (Zemana Bilisim Teknolojileri Sanayi Ticaret Limited Sirketi) C:\Program Files (x86)\zemana antimalware\zam.exe
RegistryHLMRun: [ZALFree] (Zemana Ltd.) C:\Program Files (x86)\zemana antilogger free\antilogger free.exe
RegistryHLMRun: [Live Update] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\live update\live update.exe
RegistryHLMRun: [MSIRegister] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\msi\msiregister\msiregister.exe
RegistryHLMRun: [Malwarebytes Anti-Exploit] (Malwarebytes Corporation) C:\Program Files (x86)\malwarebytes anti-exploit\mbae.exe
RegistryHLMRun: [Comodo Dome Shield Tray Helper] (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield agent\cshield_tray_helper.exe
RegistryHLMRun: [Comodo Dome Shield IP Updater] (Comodo Security Solutions, Inc.) C:\Program Files (x86)\comodo\shield ip updater\cshieldipupdater.exe
RegistryHCURun: [NordVPN] (Datasec Holding Ltd.) C:\Program Files (x86)\nordvpn\nordvpn.exe
ScheduledTasksStartup: [GoogleUpdateTaskMachineCore] (Google Inc) C:\Program Files (x86)\google\update\googleupdate.exe
ScheduledTasksStartup: [MSI_Toast_Server] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\msi toast server\msitoastserver.exe
ScheduledTasksStartup: [Tweaking.com - Windows Repair Tray Icon] (Tweaking LLC) C:\Program Files (x86)\tweaking.com\Windows repair (all in one)\wr_tray_icon.exe
ScheduledTasksStartup: [AntimalwareMigrationTask] (Symantec Corporation) C:\Program Files\Common Files\av\norton security\upgrade.exe
 
==================== Tasks (Filtered) ========================================
 
ScheduledTask: [GoogleUpdateTaskMachineCore] (Google Inc) C:\Program Files (x86)\google\update\googleupdate.exe
ScheduledTask: [MSI_Toast_Server] (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\msi\msi toast server\msitoastserver.exe
ScheduledTask: [Norton Security Scan for Danny] (Symantec Corporation) C:\Program Files (x86)\norton security scan\engine\4.6.1.145\nss.exe
ScheduledTask: [Norton WSC Integration] (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\wscstub.exe
ScheduledTask: [Tweaking.com - Windows Repair Tray Icon] (Tweaking LLC) C:\Program Files (x86)\tweaking.com\Windows repair (all in one)\wr_tray_icon.exe
ScheduledTask: [Norton Security Autofix] (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\symerr.exe
ScheduledTask: [AntimalwareMigrationTask] (Symantec Corporation) C:\Program Files\Common Files\av\norton security\upgrade.exe
 
==================== ASEPs (Filtered) ========================================
 
ContextMenuHandler: [2.0 Zemana AntiMalware] (Zemana Ltd.) C:\Program Files (x86)\zemana antimalware\zamshellext32.dll
ContextMenuHandler: [BUContextMenu] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\bushell.dll
ContextMenuHandler: [Symantec.Norton.Antivirus.IEContextMenu] (Symantec Corporation) C:\Program Files\norton security\engine\22.10.0.85\navshext.dll
ContextMenuHandler: [NvCplDesktopContext] (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
PropertySheetHandler: [BuPropertySheet] (Symantec Corporation) C:\Program Files\norton security\engine32\22.10.0.85\bushell.dll
ShellOpenCommand: [WinRAR] (win.rar GmbH) C:\Program Files\winrar\winrar.exe
 
==================== Internet (Filtered) ========================================
 
[Nothing interesting]
 
==================== Policies (Filtered) ========================================
 
[Nothing interesting]
 
==================== Customs ========================================
 
[Nothing interesting]
 
==================== Paths ========================================
 
[Nothing interesting]
 
==================== Anti-virus/Anti-malware Programs ========================================
 
AV: Norton Antivirus by Symantec Corporation version 15.0.0.80[C:\Program Files\Norton Security\Engine\22.10.0.85\NS.exe]
AV: Malwarebytes Anti-Malware by Malwarebytes Corporation version 3.1.0.595[C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe]
AV: Windows Defender by Microsoft Corporation version 4.10.14393.0 (rs1_release.160715-1616)[C:\Program Files\windows defender\msascui.exe]
AV: Norton Security Scan version 4.6.1.145[c:\program files\norton security\engine\22.10.0.85\wscstub.exe]
 
==================== Programs ========================================
 
Program: UCheck version 2.3.2.0 by Adlice Software 2.3.2.0 ("C:\Program Files\UCheck\unins000.exe")
Program: Malwarebytes Anti-Exploit version 1.11.1.48 by Malwarebytes 1.11.1.48 ("C:\Program Files (x86)\Malwarebytes Anti-Exploit\unins000.exe")
Program: TAP-NordVPN 9.21.2 by NordVPN.com 9.21.2 (C:\Program Files\TAP-NordVPN\Uninstall.exe)
Program: WinRAR 5.50 (64-bit) by win.rar GmbH 5.50.0 (C:\Program Files\WinRAR\uninstall.exe)
Program: SafeNet Authentication Client 10.3 by Gemalto 10.3.25.0 (MsiExec.exe /X{2F50DC95-4FAE-4025-84F3-844C2100ABE5})
Program: Malwarebytes version 3.3.1.2183 by Malwarebytes 3.3.1.2183 ("C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe" /LOG)
Program: Windows 10 Update and Privacy Settings by Microsoft Corporation 1.0.14.0 (MsiExec.exe /X{4DFCD818-036A-4229-A67D-CF17DC461D92})
Program: Emsisoft Anti-Malware by Emsisoft Ltd. 2017.4 ("C:\Program Files\Emsisoft Anti-Malware\unins000.exe")
Program: Killer Bandwidth Control Filter Driver by Rivet Networks 1.1.57.1125 (MsiExec.exe /X{5B7A2B7B-CEA9-4E50-B0E4-E82F204CBE78})
Program: Killer E220x Drivers by Rivet Networks 1.1.57.1125 (MsiExec.exe /X{77C95134-CA2D-4614-9C86-55B7A6A281AA})
Program: Update for Windows 10 for x64-based Systems (KB4023057) by Microsoft Corporation 2.11.0.0 (MsiExec.exe /X{AC0D130B-8809-4125-811F-667893B90644})
Program: NVIDIA Graphics Driver 390.77 by NVIDIA Corporation 390.77 ("C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver)
Program: NVIDIA PhysX System Software 9.17.0524 by NVIDIA Corporation 9.17.0524 ("C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX)
Program: NVIDIA HD Audio Driver 1.3.36.6 by NVIDIA Corporation 1.3.36.6 ("C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage HDAudio.Driver)
Program: Google Chrome by Google Inc. 64.0.3282.140 ("C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.140\Installer\setup.exe" --uninstall --system-level --verbose-logging)
Program: NordVPN by NordVPN 6.11.11 (C:\ProgramData\Caphyon\Advanced Installer\{268B3D75-199F-4844-9AFF-36A629814C8B}\NordVPNSetup.exe /i {268B3D75-199F-4844-9AFF-36A629814C8B} AI_UNINSTALLER_CTP=1)
Program: Norton Security by Symantec Corporation 22.10.0.85 ("C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS\A5E82D02\22.10.0.85\InstStub.exe" /X /ARP)
Program: Norton Security Scan by Symantec Corporation 4.6.1.145 (C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.145\InstWrap.exe)
Program: Reason Core Security by Reason Software Company Inc. 1.1.0.0 ("C:\Program Files\Reason\Security\uninstall.exe")
Program: Tweaking.com - Windows Repair by Tweaking.com 4.0.13 ("C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\uninstall.exe" "/U:C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Uninstall\uninstall.xml")
Program: Google Toolbar for Internet Explorer by Google Inc. 1.0.0 (MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C})
Program: Comodo Dome Shield IP Updater Agent by COMODO 1.0.0.2 (MsiExec.exe /I{302BFEBD-A200-4588-A734-22D77AE90DD4})
Program: MSI Live Update 6 by MSI 6.2.0.27 ("C:\Program Files (x86)\MSI\Live Update\unins000.exe")
Program: Google Update Helper by Google Inc. 1.3.33.7 (MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA})
Program: Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 by Microsoft Corporation 12.0.21005.1 ("C:\ProgramData\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe"  /uninstall)
Program: MSIRegister by MSI 2.0.0.10 ("C:\MSI\MSIRegister\unins000.exe")
Program: Comodo Shield Agent by COMODO 1.2.0.6 (MsiExec.exe /I{89047C23-659B-4718-BD55-8950BC33353E})
Program: Zemana AntiMalware by Zemana Ltd. 2.74.0.150 ("C:\Program Files (x86)\Zemana AntiMalware\unins000.exe")
Program: AntiLogger Free version 1.8.2.320 by Zemana Ltd. 1.8.2.320 ("C:\Program Files (x86)\Zemana AntiLogger Free\unins000.exe")
Program: Intel® Chipset Device Software by Intel® Corporation 10.1.1.9 ("C:\ProgramData\Package Cache\{c7f54569-0018-439c-809a-48046a4d4ebc}\SetupChipset.exe"  /uninstall)
Program: Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 by Microsoft Corporation 12.0.21005.1 ("C:\ProgramData\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe"  /uninstall)
Program: Windows 10 Update Assistant by Microsoft Corporation 1.4.9200.22350 ("C:\Windows10Upgrade\Windows10UpgraderApp.exe" /Uninstall)
Program: Killer Performance Suite by Rivet Networks 1.1.57.1125 ("C:\Program Files (x86)\InstallShield Installation Information\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}\PerformanceSuite.exe" -remove -runfromtemp)
Program: Microsoft OneDrive by Microsoft Corporation 17.3.7294.0108 (C:\Users\Danny\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\OneDriveSetup.exe  /uninstall )
 
 
 
 
 
 
 
Emisoft Scan
 
 
Emsisoft Anti-Malware - Version 2018.1.0.8407
Last update: 2/7/2018 2:15:36 AM
Initiated by: DANNY-PC\Danny
Computer name: DANNY-PC
OS version: Windows 10x64 
 
Scan settings:
 
Scan type: 
Objects: Rootkits, Memory, Traces, C:\, D:\, C:\Users\Danny\, C:\Users\Danny\Desktop\, C:\Users\Danny\Documents\, C:\Users\Danny\Downloads\, C:\Users\Danny\Music\, C:\Users\Danny\Pictures\, C:\Users\Danny\Videos\, E:\
 
Detect PUPs: On
Scan archives: On
Scan mail archives: On
ADS Scan: On
File extension filter: On
Inclusion filter: |.asp|.bat|.cab|.cgi|.chm|.cla|.class|.cmd|.com|.cpl|.ini|.css|.dll|.elf|.exe|.hlp|.hta|.htm|.html|.zip|.wh|.jar|.jpe|.jpeg|.jpg|.js|.jse|.lnk|.ocx|.php|.pif|.rar|.xpi|.reg|.scr|.sh|.shs|.src|.sys|.txt|.vbs|.vxd|.wmf|.doc|.docx|.xls|.xlsx|.ppt|.pptx|.pdf|
Direct disk access: On
 
Scan start: 2/7/2018 2:21:15 AM
 
Scanned 275654
Found 0
 
Scan end: 2/7/2018 2:27:34 AM
Scan time: 0:06:19
 


#6 frazz

frazz
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 07 February 2018 - 02:30 AM

Zemana AntiMalware 2.74.179.150 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2018/2/7
Operating System       : Windows 10 64-bit
Processor              : 4X Intel® Core™ i5-4690K CPU @ 3.50GHz
BIOS Mode              : UEFI
CUID                   : 00A1B54E0CD60D4BB4EA6B
Scan Type              : System Scan
Duration               : 1m 22s
Scanned Objects        : 52368
Detected Objects       : 1
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
Proxy Server (User)
Status             : Scanned
Object             : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Potentially Unwanted Modification
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = 216.173.157.159:1000
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 1
Reported as safe      : 0
Failed                : 0
 
 
 
Zemana


#7 frazz

frazz
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 07 February 2018 - 02:32 AM

Here is a recent FRST scan 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by Danny (administrator) on DANNY-PC (07-02-2018 01:33:58)
Running from C:\Users\Danny\Desktop
Loaded Profiles: Danny (Available Profiles: Danny)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(Micro-Star INT'L CO., LTD.) C:\MSI\MSIRegister\MSIRegisterService.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.9.0.71\NS.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.0_none_36d3ccc3ddfd1ecb\TiWorker.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.9.0.71\NS.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Windows\syswow64\wbem\WmiPrvSE.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\Live Update.exe
(Symantec Corporation) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\NPE.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8980016 2015-11-05] (Zemana Ltd.)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [26119352 2018-01-30] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [MSIRegister] => C:\MSI\MSIRegister\MSIRegister.exe [1262544 2017-07-11] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2479392 2017-12-18] (Malwarebytes Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(1).dll [86936 2015-11-05] (Zemana Ltd.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 162.242.211.137
Tcpip\..\Interfaces\{47fc06bb-498b-40fa-aae7-c55c5a19934f}: [DhcpNameServer] 192.168.1.1 162.242.211.137
 
Internet Explorer:
==================
HKU\S-1-5-21-282559497-451337721-2173362044-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.9.0.71\coIEPlg.dll [2017-02-20] (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-02-07] (Google Inc.)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.9.0.71\coIEPlg.dll [2017-02-20] (Symantec Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-02-07] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-02-07] (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.9.0.71\coIEPlg.dll [2017-02-20] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-02-07] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.9.0.71\coIEPlg.dll [2017-02-20] (Symantec Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\coFFAddon [2018-02-07] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\coFFAddon
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-06] (Google Inc.)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://www.tunnelbear.com
CHR Profile: C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default [2018-02-07]
CHR Extension: (Slides) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-06]
CHR Extension: (Docs) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-06]
CHR Extension: (Google Drive) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-06]
CHR Extension: (TunnelBear Blocker) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\bebdhgdigjiiamnkcenegafmfjoghafk [2018-02-07]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-02-06]
CHR Extension: (YouTube) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-06]
CHR Extension: (uBlock Origin) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-02-06]
CHR Extension: (Sheets) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-06]
CHR Extension: (HTTPS Everywhere) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2018-02-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-06]
CHR Extension: (TunnelBear Inc.) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2018-02-07]
CHR Extension: (Gmail) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-06]
CHR Extension: (Chrome Media Router) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-06]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.9.0.71\Exts\Chrome.crx [2018-02-07]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.9.0.71\Exts\Chrome.crx [2018-02-07]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [153888 2017-12-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MSIREGISTER_MR; C:\MSI\MSIRegister\MSIRegisterService.exe [128976 2017-07-11] (Micro-Star INT'L CO., LTD.)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2306232 2018-01-25] (Micro-Star INT'L CO., LTD.)
R2 NS; C:\Program Files\Norton Security\Engine\22.9.0.71\NS.exe [326160 2017-02-20] (Symantec Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 disconnect-openvpn; C:\Users\Danny\AppData\Roaming\Disconnect\Disconnect Desktop\nssm.exe [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [144456 2016-01-22] (Rivet Networks, LLC.)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\BASHDefs\20180201.001\BHDrvx64.sys [1872024 2018-02-01] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1609000.047\ccSetx64.sys [174240 2017-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-02-06] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [152656 2018-02-06] (Symantec Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [76192 2017-12-18] ()
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\IPSDefs\20180206.001\IDSvia64.sys [1056920 2018-02-06] (Symantec Corporation)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [162120 2016-09-28] (Qualcomm Atheros, Inc.)
R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193464 2018-02-07] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2018-02-07] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [46008 2018-02-07] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-07] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2018-02-07] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
R1 SMR520; C:\Windows\System32\drivers\SMR520.SYS [119960 2018-02-07] (Symantec Corporation)
R1 SRTSP; C:\Windows\system32\drivers\NSx64\1609000.047\SRTSP64.SYS [760992 2017-02-20] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1609000.047\SRTSPX64.SYS [49312 2017-02-20] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1609000.047\SYMEFASI64.SYS [1716896 2017-02-20] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\1609000.047\SymELAM.sys [24616 2017-02-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2018-02-07] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1609000.047\Ironx64.SYS [291480 2017-02-20] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NSx64\1609000.047\SYMNETS.SYS [567512 2017-02-20] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\SDSDefs\20180206.006\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\SDSDefs\20180206.006\NAVEX15.SYS [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\drivers\1394ohci.sys A7901875F89D011C38CF52C98ACF5B29
C:\Windows\System32\drivers\3ware.sys EE1CCC54F75C24727A218F98FC5349DA
C:\Windows\System32\drivers\ACPI.sys 73C73E1AA0D4D727A04AAAB120B7F56A
C:\Windows\System32\drivers\AcpiDev.sys 0935496EF9624B46B935CB35ECE1F205
C:\Windows\System32\Drivers\acpiex.sys D6794C31F4077B71433988787BAA926E
C:\Windows\System32\drivers\acpipagr.sys FE5F656D6B35089DA39112E74EC6A85A
C:\Windows\System32\drivers\acpipmi.sys 2F242941E4DFF69B883D77A16F039557
C:\Windows\System32\drivers\acpitime.sys C247E35A21682DA8D0DC3AF9F025FCC5
C:\Windows\System32\drivers\ADP80XX.SYS 49B9DB97AFC85DCCBDACDAB2E90085B7
C:\Windows\system32\drivers\afd.sys 983266DA83FFF73DBDDD3730A4712228
C:\Windows\System32\DRIVERS\ahcache.sys E44DB3F7225EC3E119560738B3619972
C:\Windows\System32\drivers\amdk8.sys DF21E05E41E5AC3F13F304D91457649A
C:\Windows\System32\drivers\amdppm.sys 45D0AA4BB90B821DF92E8F19ABED0C5E
C:\Windows\System32\drivers\amdsata.sys 74FFBC43B4B899C9A8CA06A892F2CE73
C:\Windows\System32\drivers\amdsbs.sys AAB0F1D8D7E54761ABAB13AF161F1680
C:\Windows\System32\drivers\amdxata.sys F91BAAC4237C40352A807000F3B716F9
C:\Windows\System32\drivers\appid.sys BC121C099C6C659126AD2102AFDFF8CF
C:\Windows\System32\drivers\applockerfltr.sys 68190E2BADF23BD782344970E5B5DE9E
C:\Windows\system32\drivers\AppvStrm.sys FC51FBAF73621601693DA24262353DE3
C:\Windows\system32\drivers\AppvVemgr.sys 8DC924848E20F890BEFC6B31136D46BE
C:\Windows\system32\drivers\AppvVfs.sys 9ADC5A8BEE10E174F95349E9232D8E76
C:\Windows\System32\drivers\arcsas.sys E6AB1F0B4C3D4E0D2A88332D76FECD03
C:\Windows\System32\drivers\asyncmac.sys 61C5A480C43E7E8E49C42869F49D0D3E
C:\Windows\System32\drivers\atapi.sys A10F989A812B57B9695F6C305907C9C6
C:\Windows\System32\drivers\bxvbda.sys 61BAC67048CA5C1D08C48FCC8012B613
C:\Windows\System32\drivers\BasicDisplay.sys 68F72B05EBC6D1779C0D60A147C7CA0B
C:\Windows\System32\drivers\BasicRender.sys 23156E7EDAF613D839E2839746B168D3
C:\Windows\System32\drivers\bcmfn.sys 3F5523DCEFE42B385659C5CB46A6B810
C:\Windows\System32\drivers\bcmfn2.sys 0B750A6A6D847E73CA48ADD7A0F5A393
C:\Windows\System32\Drivers\Beep.sys 0A508274355745EEF01C6BE3198D02C4
C:\Windows\system32\DRIVERS\bwcW10x64.sys A9C299A036F7BAB662868D7250BAC799
C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\BASHDefs\20180201.001\BHDrvx64.sys 97CC114712E5CCFA89082392EB89D21E
C:\Windows\System32\DRIVERS\bowser.sys EEBFAEB4702E1049ECD44B10485E6C0C
C:\Windows\System32\drivers\BthAvrcpTg.sys 722036C26D2C4E50EC2A2EC5FD678846
C:\Windows\System32\drivers\bthhfenum.sys C2E31BE025D46D189E38DD1EDF07837A
C:\Windows\System32\drivers\BthHFHid.sys F7CD605FC0B0B22F3F6F247595E3A655
C:\Windows\System32\drivers\bthmodem.sys 535DC41A33630AE4C262406F9E981C03
C:\Windows\System32\drivers\buttonconverter.sys 23F9EF739F685E07482116425E7879AA
C:\Windows\System32\drivers\capimg.sys 4C61113687EB66035A70A55EE9B7DB4A
C:\Windows\system32\drivers\NSx64\1609000.047\ccSetx64.sys FC246917662E3DC1F5BA768FF22FFD3B
C:\Windows\System32\DRIVERS\cdfs.sys F8FB51B9EF6372610E9B31A1D86B62FC
C:\Windows\System32\drivers\cdrom.sys 613D0137C269187FA298A157E3D14A18
C:\Windows\System32\drivers\cht4sx64.sys 0AED948DA8D5F08B3D6F12E4E2089736
C:\Windows\System32\drivers\cht4vx64.sys 0002A0FDE087C1657AB31CE73077539C
C:\Windows\System32\drivers\circlass.sys 6B4F90A287D75CCD78694F6790C911B2
C:\Windows\System32\drivers\CLFS.sys 09D0B94D3A06EFD1EB70189EC4B26DF7
C:\Windows\System32\drivers\registry.sys EEC3A4A98AE1A337E3CD1483AD6F2E15
C:\Windows\System32\drivers\CmBatt.sys 429623E266EF067A44E8CF148E9DFB9B
C:\Windows\System32\Drivers\cng.sys D0438FBD80ECEF7591575AA9E7186E93
C:\Windows\System32\DRIVERS\cnghwassist.sys 3DB10C59405931E2C72EFB82C1AF97D1
C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys 34C935AF2A414572B412B3556586D783
C:\Windows\System32\drivers\condrv.sys 44EEEB2382F566999287E13F2067693C
C:\Windows\System32\drivers\csc.sys 03214883D52FAD46573233852344C72C
C:\Windows\System32\drivers\dam.sys 42F254BA851371E2F5351E59E391751B
C:\Windows\System32\Drivers\dfsc.sys 7EAFDEF51136E8F2452CEBD8D084F108
C:\Windows\System32\drivers\disk.sys 35B9D46560339A5A7F0CAC6ED702C817
C:\Windows\System32\drivers\dmvsc.sys 815F45161A4571C2C44491564F3D5968
C:\Windows\system32\DRIVERS\drmkaud.sys AE6BD4C879A8C849E53947C92DF3B3A0
C:\Windows\System32\drivers\dxgkrnl.sys E28103485F82F30AFC5DE1CEDF4AF295
C:\Windows\System32\drivers\evbda.sys 7EC6FC0266D74BD47ABB130A328B70EC
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 572D6654361A653042693C488197D014
C:\Windows\System32\drivers\EhStorClass.sys 8D74B8B5D6F7C5BC4C525BAF2B083FF1
C:\Windows\System32\drivers\EhStorTcgDrv.sys 4D49B99DCACA1FC782A94DB596246504
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 6E7F4FD29451F0D4D965D0996856F525
C:\Windows\System32\drivers\errdev.sys 77B60DEC7DCB4233E4A69D3F52E5DB24
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys 21306FDB1F4FB74DA1C63C78C633DF1C
C:\Windows\System32\Drivers\exfat.sys FCD2C63754C2E739A8EEAD9BC63F9DDC
C:\Windows\System32\Drivers\fastfat.sys C077AA74EDDAF69985EB27597BCB342A
C:\Windows\System32\drivers\fdc.sys 99598ECA5E41996E005D5B9D9FF1EFA2
C:\Windows\System32\drivers\filecrypt.sys F44F666B0EACC3181544FFCF8CA0FFC7
C:\Windows\System32\drivers\fileinfo.sys 78A210DDFDF2C9EC884631D2DAA573F0
C:\Windows\System32\drivers\filetrace.sys 1A97DB5E701A186989F3795223C3BE39
C:\Windows\System32\drivers\flpydisk.sys 46626665F0E5906E45619B4EFD6186B8
C:\Windows\System32\drivers\fltmgr.sys FDA72ACA14D516D18C33AFCD0FD9260F
C:\Windows\System32\drivers\FsDepends.sys D152CCBFC8251670BF0AAFE00D6BC782
C:\Windows\System32\Drivers\Fs_Rec.sys 6D6BB5C7363CD35FA715E826F3D029EE
C:\Windows\System32\DRIVERS\fvevol.sys B719EAA1EC93586955B013BD7DD61356
C:\Windows\System32\drivers\vmgencounter.sys EF78034773CE506323655A868C949144
C:\Windows\System32\drivers\genericusbfn.sys B55FEBC6A00DAA1FE074F020B6907516
C:\Windows\System32\Drivers\msgpioclx.sys DDD8A8CDDC7F13EF57D1DAAE71865936
C:\Windows\System32\drivers\gpuenergydrv.sys 7ACD8F69B5D6EC97E6D2C006E19BED88
C:\Windows\system32\DRIVERS\HdAudio.sys 217230B984AB2954E2FA5E36578D7B08
C:\Windows\System32\drivers\HDAudBus.sys 10E3515FE5DBA6656FA62C29342EC4A1
C:\Windows\System32\drivers\HidBatt.sys B90D284B97CD4CA9DE7430AAAD887A56
C:\Windows\System32\drivers\hidbth.sys B2FE11643CC6ACDEE6C247DD36018FDB
C:\Windows\System32\drivers\hidi2c.sys D24355488A2D4D2323518EC1AC7A6D9E
C:\Windows\System32\drivers\hidinterrupt.sys 0AF9ABBA4F3F55C6C803890D64BC3C29
C:\Windows\System32\drivers\hidir.sys CDBCF8E9AB06D88A1E1191D32F320C5D
C:\Windows\System32\drivers\hidusb.sys 2B7002EEACFC2687788A34ADB204293D
C:\Windows\System32\drivers\HpSAMD.sys F5CA18197B4646E04DB9EB2D6642CC4D
C:\Windows\System32\drivers\HTTP.sys 65E358D604267CBAACB74A2598BBE22B
C:\Windows\System32\drivers\hvservice.sys 3756E15BB86689412775DF22A442FC46
C:\Windows\System32\drivers\hwpolicy.sys 771EDDA9830A3079F996F34D681FB6E5
C:\Windows\System32\drivers\hyperkbd.sys 3B9F315E7FA72CC25228EB097DD9C694
C:\Windows\System32\drivers\i8042prt.sys B54B30992620C97230013A74461C8517
C:\Windows\System32\drivers\iagpio.sys C6B8743B213F06AA60943D8366FE968F
C:\Windows\System32\drivers\iai2c.sys 9A2A2F3C69B9A30B6E78536F6D258BAD
C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys 5A0E850F8CD17791A3E6A3CF81D0CA28
C:\Windows\System32\drivers\iaLPSS2i_I2C.sys 7508F1096803385D6376BFD0BD473AC4
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\Windows\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\Windows\System32\drivers\iaStorAV.sys 97E553D03219D3D51705C7235D9EAEBD
C:\Windows\System32\drivers\iaStorV.sys 8350FE3BCDE3428BC040877BB7E9EAEB
C:\Windows\System32\drivers\ibbus.sys 3BA03F7C7700DDF4C383DDE9252F5817
C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\IPSDefs\20180206.001\IDSvia64.sys 53C62B1F7DC9134130C688A2FCDEDADE
C:\Windows\system32\DRIVERS\igdkmd64.sys 32F5DCDDC3D4DF6DDA96CD29C8FC51A4
C:\Windows\System32\drivers\IndirectKmd.sys 2A01C96DF5802D3434634E55C91232D8
C:\Windows\system32\DRIVERS\IntcDAud.sys E300D1E37B737ED14F7A08CD5604E5D9
C:\Windows\System32\drivers\intelide.sys 9F7E87F6595D065A8A200A291043045E
C:\Windows\System32\drivers\intelpep.sys A6BD2E20AE1BC5CB2776C87C28E4F4CA
C:\Windows\System32\drivers\intelppm.sys 2A48DA39542636DB0FA3BA915385D1B3
C:\Windows\System32\drivers\iorate.sys 4A922CAB4AB5F29F1BECC9D95B4B7F05
C:\Windows\System32\DRIVERS\ipfltdrv.sys FE85D0A86CA7A5A99CF8CD04DE7F80AE
C:\Windows\System32\drivers\IPMIDrv.sys 450DBDD716C7911F83E05F78EE18BFA2
C:\Windows\System32\drivers\ipnat.sys F1DAECC3B3D6399875D4F10529D6A77C
C:\Windows\system32\drivers\irda.sys 7475A2903BB704B446AA6309E34D3362
C:\Windows\System32\drivers\irenum.sys 9725E7F0C64CE9916A5CDABE8D6E13C3
C:\Windows\System32\drivers\isapnp.sys 58040898883A96160D41739C80328BBF
C:\Windows\System32\drivers\msiscsi.sys C9FD02D62E09337B67B0C61EC8CA38CC
C:\Windows\System32\drivers\kbdclass.sys 210808437570BDDEE71A43535E3A2D30
C:\Windows\System32\drivers\kbdhid.sys 2D05785B0C58D90A34EA15032EADBBA9
C:\Windows\System32\drivers\kdnic.sys 813BA3EB2CE038F2A5382DDD75CAD60B
C:\Windows\System32\DRIVERS\KeyCrypt64.sys 547E9B25B4407A125D5F187E918BC217
C:\Windows\System32\drivers\e2xw10x64.sys 79FB15772614197065C6F8DF085125CA
C:\Windows\System32\Drivers\ksecdd.sys 9FA1B5D84F596F0664F0465F302044DC
C:\Windows\System32\Drivers\ksecpkg.sys ECC7F3CDF34AAA49C00504466FC2B698
C:\Windows\system32\drivers\ksthunk.sys 4ED115CD1A1099705F56B5E0FFF97CC6
C:\Windows\System32\drivers\lltdio.sys 5933A6673F00D8255C52957E40C2D601
C:\Windows\System32\drivers\lsi_sas.sys 8E1B0946948CCC0BC1FA3CB70374A795
C:\Windows\System32\drivers\lsi_sas2i.sys 4F68163FC04C973500DC4DA0946917B0
C:\Windows\System32\drivers\lsi_sas3i.sys E5AC5F2815938651CDCC27F425474673
C:\Windows\System32\drivers\lsi_sss.sys CCF6EC9FB9B8F18E05B4253E81013E48
C:\Windows\system32\drivers\luafv.sys C9579D32219E5B936AC3A48D470117EC
C:\Windows\System32\Drivers\MbamChameleon.sys C3C2C7E2EEFECD88A76FF626E72BF123
C:\Windows\system32\DRIVERS\farflt.sys 20046A5DB1466EBD0DCAEB84D00C5432
C:\Windows\system32\DRIVERS\mbam.sys 29BD0BB2CD7E37B8C248CFA933FBD1F4
C:\Windows\System32\Drivers\mbamswissarmy.sys B047B9CE5A0D800E6D713B43D0405221
C:\Windows\system32\DRIVERS\mwac.sys 482F6D603BDCC825768D86D8228BD65F
C:\Windows\System32\drivers\megasas.sys C3CDCCF07486BD2616A7B82946E07AC0
C:\Windows\System32\drivers\megasr.sys FADB2FE017E69EECE0E1BA78661C2E8C
C:\Windows\System32\drivers\TeeDriverW8x64.sys F1E754DEEB3369BCCE2228D5C10DE101
C:\Windows\System32\drivers\mlx4_bus.sys FD60818B66B2E8A5415EA840E99A9D8F
C:\Windows\system32\drivers\mmcss.sys 68F6977F1CFBAAC770D940A8C0326FA1
C:\Windows\System32\drivers\modem.sys D842ADDB5911945D51F61A0B1C8F36E3
C:\Windows\System32\drivers\monitor.sys 9CCCB7FC3EDADEBA461D78615A6011A6
C:\Windows\System32\drivers\mouclass.sys 27A07B2FB2E3057DA8DAEA4F25D843C7
C:\Windows\System32\drivers\mouhid.sys 7BD6E7F7C9001AB21B8362CFFEE80B25
C:\Windows\System32\drivers\mountmgr.sys F5BDAEE4B7D369D4C74668DCFBA3FF10
C:\Windows\System32\drivers\mpsdrv.sys 30844BD376F9D01E62C820BEF446F1F8
C:\Windows\system32\drivers\mrxdav.sys 50C2389CD04C5B8632E3DC2D733EF15D
C:\Windows\System32\DRIVERS\mrxsmb.sys C9BB4E2FCAB693FEB00CF940060D94F4
C:\Windows\System32\DRIVERS\mrxsmb10.sys 8F58AEAE00B39AC9AD93755E777B19D8
C:\Windows\System32\DRIVERS\mrxsmb20.sys 6C83C4A8278E48455DA13E554CEB45F1
C:\Windows\System32\drivers\bridge.sys 74C9D21523DAE0C18F413C196DF0058A
C:\Windows\System32\Drivers\Msfs.sys F01B849D9D4A8CEAF32D4FDBD0B83C92
C:\Windows\System32\drivers\msgpiowin32.sys 22ECD8F5D1DFADF2011BBB1700CB871D
C:\Windows\System32\drivers\mshidkmdf.sys FD870F6968A145E4D2BA8A8842686B03
C:\Windows\System32\drivers\mshidumdf.sys 30364757963A028CE5DF0FBAAC270173
C:\Windows\System32\drivers\msisadrv.sys 6BB0FEDDAE7135FA37FFAFF4D9E0E876
C:\Windows\system32\DRIVERS\MSKSSRV.sys 13D614E6B51ECF36746C48CE829FA7F6
C:\Windows\System32\drivers\mslldp.sys 642CDE46351D5D2D90311E77072AB46D
C:\Windows\system32\DRIVERS\MSPCLOCK.sys F2302A5CE63CA7673200FAFCEEEDB6AF
C:\Windows\system32\DRIVERS\MSPQM.sys 6114512EA26E835BA522C63635429DB5
C:\Windows\System32\Drivers\MsRPC.sys AA538E16E644D00E3BA5349BBA9598EC
C:\Windows\System32\drivers\mssecflt.sys 7ACFE7435317E791FF9EED2F49B402F2
C:\Windows\System32\drivers\mssmbios.sys 0543BEFD41EC4D25C7F7CF36409CEC7D
C:\Windows\system32\DRIVERS\MSTEE.sys C1569E4DB8EFE3617847BF041A3C842F
C:\Windows\System32\drivers\MTConfig.sys 130B16970154BA9876B09E5C4BAC63BE
C:\Windows\System32\Drivers\mup.sys 15D987C8F6CCD4AC94E070C5986762CB
C:\Windows\System32\drivers\mvumis.sys 3D2C5B4995CA0751D32DEA0DE9FDFE44
C:\Windows\System32\DRIVERS\nwifi.sys DB31EBB04C871F422C36A0962DA7D38B
C:\Windows\System32\drivers\ndfltr.sys 629CB21AC49C8867E0F29DF1C16DB7B4
C:\Windows\System32\drivers\ndis.sys 36DD2C614720EC2970CB5E870BA69D8D
C:\Windows\System32\drivers\ndiscap.sys 6DD605338FAAF6BA17662AA874E0D162
C:\Windows\System32\drivers\NdisImPlatform.sys E34196F285F8B8879E1FF36C31F7179E
C:\Windows\System32\DRIVERS\ndistapi.sys 1FAD2398673F30CEC616B89C46B7DCBA
C:\Windows\System32\drivers\ndisuio.sys AEB8ECBE66CC46854066CB1F5623E179
C:\Windows\System32\drivers\NdisVirtualBus.sys 7340104C2BF2F126714F7CDE85E63610
C:\Windows\System32\drivers\ndiswan.sys 07ADC1F8DCBEB8104D75129B11584B8C
C:\Windows\System32\DRIVERS\ndiswan.sys 07ADC1F8DCBEB8104D75129B11584B8C
C:\Windows\System32\DRIVERS\NDProxy.sys 78A12E3DF035B5D054986949B19BE43C
C:\Windows\System32\drivers\Ndu.sys 04C8859355C1DC9C0FA198D1894D71C2
C:\Windows\System32\drivers\NetAdapterCx.sys 6C76780A01FC2B885BD6E957B5C36B02
C:\Windows\System32\drivers\netbios.sys 5D1513BD6430307C9DB86C6E351372ED
C:\Windows\System32\DRIVERS\netbt.sys 6FEBB0A847FFD5F057B9AC8889F1B9A7
C:\Windows\System32\Drivers\Npfs.sys 001CBD7A2CD45C4EB39C01C3C677EF73
C:\Windows\System32\drivers\npsvctrig.sys 90F5DC9802AAA00CD0B6E2AD9E7FFADC
C:\Windows\System32\drivers\nsiproxy.sys 0C6218321A09A7B51BA7FFAFBA4CCB21
C:\Windows\System32\Drivers\NTFS.sys D1AF837A1555990602A51A3ED238EC80
C:\Windows\System32\Drivers\Null.sys 6E6DD6F9DD2A034CF85E94047DBDB992
C:\Windows\system32\drivers\nvhda64v.sys 8DE05D2A2C15D1A42F7BA85A819DEE0C
C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys 66ED27A828302B0E1FFF74DBB912A9DF
C:\Windows\System32\drivers\nvraid.sys D261DF41F0840F734856A2B4F5E072C7
C:\Windows\System32\drivers\nvstor.sys 23B702B555EB0436B9DAA0BC63DA65CE
C:\Windows\System32\drivers\nvstusb.sys 28ED9DA419D92A2C3C805DC3C0E2718F
C:\Windows\System32\drivers\parport.sys 6B81BF7853D161DB8AC62CD8B9C2DE6B
C:\Windows\System32\drivers\partmgr.sys F9C32E5ECA5D29852A93C3888A4CC4B2
C:\Windows\System32\drivers\pci.sys 55E45E0A89429AE9C62D728B9C4891C0
C:\Windows\System32\drivers\pciide.sys 214DCC87E3898F738075D1341252A552
C:\Windows\System32\drivers\pcmcia.sys AED76A3333B3A31536E430020E0226FC
C:\Windows\System32\drivers\pcw.sys E63FB38B6E75B39467492FBAD2CD512A
C:\Windows\System32\drivers\pdc.sys 2CCD68D8A6BBFF2DE0EC54F086C5F3BC
C:\Windows\System32\drivers\peauth.sys 1509A77F840AA9E72CF8247D0CF2FBDE
C:\Windows\System32\drivers\percsas2i.sys 540116170E2135FCD5DDE77702166B67
C:\Windows\System32\drivers\percsas3i.sys 8356F87553BF49C703CF382033815898
C:\Windows\System32\drivers\raspptp.sys 5645B9D9788CCA2C88B9534996ED2D6D
C:\Windows\System32\drivers\processr.sys 372913E12677A8CBBBABDD8311894F9D
C:\Windows\System32\drivers\pacer.sys FC98407B85A31161851FDE245517574F
C:\Windows\system32\drivers\qwavedrv.sys 819602BBBFDB0BD46DEA3715BF0DD452
C:\Windows\System32\DRIVERS\rasacd.sys CDF47037A0939F56D11F699629C276AD
C:\Windows\System32\drivers\AgileVpn.sys 28C2EA278070EE12701D0EDF8CB0EC36
C:\Windows\System32\drivers\rasl2tp.sys 17E565710172ED71B8531D8822E1C5D1
C:\Windows\System32\DRIVERS\raspppoe.sys 9387DF155233D45D4E010F4F2FB52A57
C:\Windows\System32\drivers\rassstp.sys F0F4EEDEEBEE7A4244FAFB96A16B5712
C:\Windows\System32\DRIVERS\rdbss.sys BBE0FC9C9E7C556DA6E6E6904739DF7E
C:\Windows\System32\drivers\rdpbus.sys 79A415E6FA915EFC00297DAB16EC2635
C:\Windows\System32\drivers\rdpdr.sys 7135785C21CA79D270D11037C43D3F19
C:\Windows\System32\drivers\rdpvideominiport.sys 97A61A3CB2B5CB4FC32B3224EF333448
C:\Windows\System32\drivers\rdyboost.sys 69BB204AE07EE84ECFAB1BF13C4BD04B
C:\Windows\System32\Drivers\ReFSv1.sys 940D6F5A2B0A61EE4170DF84F6C95C20
C:\Windows\System32\drivers\rspndr.sys 5FF28F097C9699097B473F8FC7C1AA7D
C:\Windows\System32\drivers\vms3cap.sys B5DAEE69BACA64D2BB004568E22D8756
C:\Windows\System32\drivers\sbp2port.sys 5E73FB63E2DBC75FE0C17DEB0010CE0E
C:\Windows\System32\DRIVERS\scfilter.sys 3D9A82B03C92D1FEC42CB171D6F57778
C:\Windows\System32\drivers\scmbus.sys 9055ADDFBA4C8B914C914CE693B55C0A
C:\Windows\System32\drivers\scmdisk0101.sys B6F2363584E62960846F7C3F00124A4F
C:\Windows\System32\drivers\sdbus.sys FCBB8A17B4437B2CA8CC8DA8CB1D306E
C:\Windows\System32\drivers\sdstor.sys 120DFCB71D6C502613A9E2D50E16850C
C:\Windows\System32\drivers\SerCx.sys 401D706DDC0A7AF18C3DD228ADF74551
C:\Windows\System32\drivers\SerCx2.sys 7084D11083F0CDCA8B5C76F9846ABF5D
C:\Windows\System32\drivers\serenum.sys 3FF478A8ED32A83C36581425F6282B6C
C:\Windows\System32\drivers\serial.sys 92509187AA171A80521528B36F753E1D
C:\Windows\System32\drivers\sermouse.sys 433D38FF6D08B993847EA2A10EB8CB52
C:\Windows\System32\drivers\sfloppy.sys 697D3EE0740AEAB62B66ABCA1C83D13B
C:\Windows\System32\drivers\SiSRaid2.sys A34CE1830E45DA98932295FDE4B7908A
C:\Windows\System32\drivers\sisraid4.sys A7B5C670770E908DA5FEF5BF1136E933
C:\Windows\System32\drivers\SMR520.SYS B249D9E3295F0E5A2B7EA1C4EC71FCB3
C:\Windows\System32\drivers\spaceport.sys 3DB9C2950439B61A038BF83E697C7A14
C:\Windows\System32\drivers\SpbCx.sys E03264C4C25B568F92ED1656AD541E64
C:\Windows\system32\drivers\NSx64\1609000.047\SRTSP64.SYS D584182DA13EA48D9025C1D61FB72FFB
C:\Windows\system32\drivers\NSx64\1609000.047\SRTSPX64.SYS 36794962FAB0081D73D61E364EFD05DD
C:\Windows\System32\DRIVERS\srv.sys EDCDCD95B916DB156A903AC6256F0CCF
C:\Windows\System32\DRIVERS\srv2.sys DF7147DE10921DBAAE9F9EEF94590E10
C:\Windows\System32\DRIVERS\srvnet.sys 416D224AF7481A4179F018FB1F9A5B6B
C:\Windows\System32\drivers\stexstor.sys 29D26E1347AE1BBD4201014E19880B2C
C:\Windows\System32\drivers\storahci.sys 0FE3B9A9E40DE1029B0AC2368A3F765D
C:\Windows\System32\drivers\vmstorfl.sys C5E0ACE4771F5575D9D5B457ABF3AD03
C:\Windows\System32\drivers\stornvme.sys C1CFB9C19BF1134D8B9A7CF89BEC0AD1
C:\Windows\System32\drivers\storqosflt.sys BEBF85EB4D90E6996047DA027D0ED26E
C:\Windows\System32\drivers\storufs.sys 8E73037A6F8938475692FFCC26EBF385
C:\Windows\System32\drivers\storvsc.sys 9D9DED47DA10E845EFF2DD57C94C809B
C:\Windows\System32\drivers\swenum.sys 505E0C40B5D0ADDCBB414640F59BD2E0
C:\Windows\System32\drivers\NSx64\1609000.047\SYMEFASI64.SYS 524DA42A8CE7D57319569042DEDE790F
C:\Windows\System32\drivers\NSx64\1609000.047\SymELAM.sys 8EB1D78B7FB4F8632E4777636FECE3D9
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 795F3D7EADA700EA18DF8DE490925C7E
C:\Windows\system32\drivers\NSx64\1609000.047\Ironx64.SYS D1FDDADC2656601FF4E65D1B2653ED50
C:\Windows\system32\drivers\NSx64\1609000.047\SYMNETS.SYS A0F063F986EA89A0E5B2C95795E8D91A
C:\Windows\System32\drivers\Synth3dVsc.sys 32F46FB0F290D16DAA452B289C985795
C:\Windows\System32\drivers\tcpip.sys 172B5A199F917B4BACB38F13BCAA11CB
C:\Windows\System32\drivers\tcpip.sys 172B5A199F917B4BACB38F13BCAA11CB
C:\Windows\System32\drivers\tcpipreg.sys 8DBB1BE20C36E6D19BCC89EEA00B953C
C:\Windows\system32\DRIVERS\tdx.sys 9D2DD64A0B51C56285512DC9454340F6
C:\Windows\System32\drivers\terminpt.sys 06130AFFECEB94525FC2352936576B70
C:\Windows\System32\drivers\tpm.sys 798C8CB861EB09C5AFB77468E5449BBB
C:\Windows\System32\drivers\TsUsbFlt.sys A6F4025664C9D4BC2A9EDAB4092706D7
C:\Windows\System32\drivers\TsUsbGD.sys 37A96AD493E110C0BF1EE0AC0F9E7DBD
C:\Windows\System32\drivers\tsusbhub.sys 5A91FDBA4D3FCB56DAEB8C091B3EB8E1
C:\Windows\System32\drivers\tunnel.sys 79E264287F17D56D768440B0270466DE
C:\Windows\System32\drivers\uaspstor.sys AA65954F512BA097DD190790876DD991
C:\Windows\System32\Drivers\UcmCx.sys AB6268022C3A5B529075A39C33904DA6
C:\Windows\System32\Drivers\UcmTcpciCx.sys 7ED2EDA43D21C7A5F589A7960E265C52
C:\Windows\System32\drivers\UcmUcsi.sys 169351463039B45F5CDED9768879F712
C:\Windows\System32\drivers\ucx01000.sys 08A9E3AD29B215484FBB68CDC175DF3A
C:\Windows\System32\drivers\udecx.sys DA70AEE267491AA56BC63AA0C0C96CA2
C:\Windows\System32\DRIVERS\udfs.sys FBC5ECF6D5A868D0B116C2DBB02B8168
C:\Windows\System32\drivers\UEFI.sys B918E40FAA9CD118CCA4AD388B748C98
C:\Windows\system32\drivers\UevAgentDriver.sys 166B17AE1DD24D8BA8CA474C7C31148F
C:\Windows\System32\drivers\ufx01000.sys 0FD75222C1AD2687AB365BEBEA400DD4
C:\Windows\System32\drivers\UfxChipidea.sys C1A78C53E01C641AE41BFA65797819F5
C:\Windows\System32\drivers\ufxsynopsys.sys 767307212110EBEFB93EC9A5BE9E85B9
C:\Windows\System32\drivers\umbus.sys DC460AAA18CA2342FBBFB2DF9B044472
C:\Windows\System32\drivers\umpass.sys C3CF0377917ECE6D65D7623E1E61568F
C:\Windows\System32\drivers\urschipidea.sys 6B46FC140C9AF68E6E7697D66D59CB4D
C:\Windows\System32\drivers\urscx01000.sys B4402E7F0923F660270442CE76877ABE
C:\Windows\System32\drivers\urssynopsys.sys 9DD431F1B94789CFB527E5D19261F124
C:\Windows\System32\drivers\usbccgp.sys C87E32B90F085970D9637FBAD45EF6FE
C:\Windows\System32\drivers\usbcir.sys 0B663856474AC41924D9E9112203858F
C:\Windows\System32\drivers\usbehci.sys F83D2250256203AC5DA5E8601C1AFDD7
C:\Windows\System32\drivers\usbhub.sys 7FFD26742321919590ED77FCA556D65F
C:\Windows\System32\drivers\UsbHub3.sys 7A749B2863B5561BE34B39E8E249AD8F
C:\Windows\System32\drivers\usbohci.sys D2109F1F4FEBF1DAC415CDC5DE876479
C:\Windows\System32\drivers\usbprint.sys 29C9572F2D061CFC3C0BD48A3163E343
C:\Windows\System32\drivers\usbser.sys 429477D6DEF3321FF7D3EF23CAAADA00
C:\Windows\System32\drivers\USBSTOR.SYS 0CC16F7B91C57AE9A4E44425A295FDAA
C:\Windows\System32\drivers\usbuhci.sys C917D09064CDBD18F75ADC9B2C48F847
C:\Windows\System32\drivers\USBXHCI.SYS 95BCCEFBC40D06484CF16144FE79B8A5
C:\Windows\System32\drivers\vdrvroot.sys 0CBDE344FB48E42D78E29469F202ADBC
C:\Windows\System32\drivers\VerifierExt.sys 723195568C8755CAD57F7933C5F2C5C2
C:\Windows\System32\drivers\vhdmp.sys C12B4859FC255AA6B3021CF8BB14A11F
C:\Windows\System32\drivers\vhf.sys 7929228F0E8B0C2FA0495A17A4FC27F6
C:\Windows\System32\drivers\vmbus.sys AEE432ED868831B1F068E373598F6D93
C:\Windows\System32\drivers\VMBusHID.sys 9444B23FC694B5F90F21B0FC7F10D8DD
C:\Windows\System32\drivers\vmgid.sys 4D0287F566B36536DD812A54C015FC4A
C:\Windows\System32\drivers\volmgr.sys 29075915F9BDC3437F8BED71C067D399
C:\Windows\System32\drivers\volmgrx.sys 6BDB6CE6D2D9E3D3F28F1C97E12B62E2
C:\Windows\System32\drivers\volsnap.sys BF2546583BB75F01DDA60A7921DFB230
C:\Windows\System32\drivers\volume.sys AC2E20A74D09D24485BE8396CE04F07B
C:\Windows\System32\drivers\vpci.sys 04BEC879AD7B3FDDD0339B19FECB0160
C:\Windows\System32\drivers\vsmraid.sys FD9BCB8920973CEAD4D49DC7A6D8A618
C:\Windows\System32\drivers\vstxraid.sys 0C111F220798CCE80484026E06822379
C:\Windows\System32\drivers\vwifibus.sys 607639716E9DB1CEF4E18B5B229293B4
C:\Windows\System32\drivers\vwififlt.sys B1ED64E628763148BF84FBE23F2AD711
C:\Windows\System32\drivers\wacompen.sys 55D00B785A7587F4263D125817871283
C:\Windows\System32\DRIVERS\wanarp.sys CEF3D306C09BEC1A800E9B4A06F859F6
C:\Windows\System32\DRIVERS\wanarp.sys CEF3D306C09BEC1A800E9B4A06F859F6
C:\Windows\system32\drivers\wcifs.sys CD24DEEA22152524CCFE859591D12A57
C:\Windows\system32\drivers\wcnfs.sys AEA1093B751339267D8C8C1EF3D669CF
C:\Windows\system32\drivers\WdBoot.sys D520B1B849B6D4D707AB31722B952C2D
C:\Windows\System32\drivers\Wdf01000.sys 5030C76047D756263093A47B82970868
C:\Windows\system32\drivers\WdFilter.sys 29FF9199EDEB4F5470BB134D1A2563D2
C:\Windows\System32\DRIVERS\wdiwifi.sys 373DF27CD5D5E50FFA2A90FEE0C0D994
C:\Windows\System32\Drivers\WdNisDrv.sys 17CF416CFF408190F5A4CBD79AB12E55
C:\Windows\System32\drivers\wfplwfs.sys E1785942AC51FEE6826CDF02075C5AA9
C:\Windows\System32\drivers\wimmount.sys 0CF79A0EACFFBB75A50A469A27696D02
C:\Windows\System32\drivers\WindowsTrustedRT.sys 0DE131733317EB4BE67028366B0CAAC6
C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys 92EB5D38BDF10C790450F3E46BF93A0E
C:\Windows\System32\drivers\winmad.sys F95DE20312ACCA7761446DE152BD1F7C
C:\Windows\System32\drivers\WinUSB.SYS 4EFB346BFDAEEB29316AA52BBB9852B1
C:\Windows\System32\drivers\winverbs.sys 8B9AFF5F08E66A6F1F1063DEC9457FB6
C:\Windows\System32\drivers\wmiacpi.sys 6F4F4F5A007D1710BD76FB311DA97C07
C:\Windows\System32\Drivers\Wof.sys EDADABA8665AB5C51BF59C4E2566BA7E
C:\Windows\System32\drivers\WpdUpFltr.sys 75A9284F01FE7CB1A7D5EAE5C1EB4F33
C:\Windows\system32\drivers\ws2ifsl.sys 36D7B73ADC3E10607ED6EC874AFB5D1E
C:\Windows\System32\drivers\WudfPf.sys AED7FE551E8672B824A56324076183EB
C:\Windows\System32\drivers\WudfRd.sys CEFAB17FD7DFCFA515626C306262E89D
C:\Windows\system32\DRIVERS\WUDFRd.sys CEFAB17FD7DFCFA515626C306262E89D
C:\Windows\System32\drivers\xboxgip.sys 59335CEA021FB89E07AD5DB5D17F09D0
C:\Windows\System32\drivers\xinputhid.sys 864F4209B03BE4267DDE09B067A165CA
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-07 01:33 - 2018-02-07 01:34 - 000039828 _____ C:\Users\Danny\Desktop\FRST.txt
2018-02-07 01:33 - 2018-02-07 01:33 - 000119960 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR520.SYS
2018-02-07 01:33 - 2018-02-07 01:33 - 000000020 _____ C:\Windows\system32\Drivers\SMR520.dat
2018-02-07 01:33 - 2018-02-07 01:33 - 000000000 ____D C:\FRST
2018-02-07 01:31 - 2018-02-07 01:33 - 000000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2018-02-07 01:31 - 2018-02-07 01:33 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2018-02-07 01:30 - 2018-02-07 01:30 - 001875480 _____ (Malwarebytes ) C:\Users\Danny\Desktop\mbae-setup-1.10.1.41.exe
2018-02-07 01:27 - 2018-02-07 01:32 - 000000000 ____D C:\AdwCleaner
2018-02-07 01:26 - 2018-02-07 01:26 - 000000000 ____D C:\Windows\system32\appmgmt
2018-02-07 01:10 - 2018-02-07 01:10 - 000000000 ____D C:\ProgramData\Emsisoft
2018-02-07 01:07 - 2018-02-07 01:23 - 000000000 ____D C:\EEK
2018-02-07 01:03 - 2018-02-07 01:33 - 000000000 ____D C:\Users\Danny\AppData\Local\NPE
2018-02-07 00:48 - 2018-02-07 00:48 - 000000000 ____D C:\ProgramData\Sophos
2018-02-07 00:42 - 2018-02-07 00:46 - 000000000 ____D C:\Windows\System32\Tasks\Norton Security
2018-02-07 00:40 - 2018-02-07 00:40 - 000102608 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2018-02-07 00:40 - 2018-02-07 00:40 - 000008298 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2018-02-07 00:40 - 2018-02-07 00:40 - 000003374 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2018-02-07 00:40 - 2018-02-07 00:40 - 000002206 _____ C:\Users\Public\Desktop\Norton Security.lnk
2018-02-07 00:40 - 2018-02-07 00:40 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2018-02-07 00:40 - 2018-02-07 00:40 - 000000000 ____D C:\Windows\system32\Drivers\NSx64
2018-02-07 00:40 - 2018-02-07 00:40 - 000000000 ____D C:\Program Files\Norton Security
2018-02-07 00:40 - 2018-02-07 00:40 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared
2018-02-07 00:38 - 2018-02-07 01:33 - 000094144 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-02-07 00:37 - 2018-02-07 01:33 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-02-07 00:37 - 2018-02-07 00:37 - 000193464 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-02-07 00:37 - 2018-02-07 00:37 - 000000000 ____D C:\Users\Danny\AppData\Local\CrashDumps
2018-02-07 00:34 - 2018-02-07 00:34 - 000000000 ____D C:\Users\Public\Downloads\Norton
2018-02-07 00:33 - 2018-02-07 00:37 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2018-02-07 00:33 - 2018-02-07 00:33 - 000004344 _____ C:\Windows\System32\Tasks\Norton Security Scan for Danny
2018-02-07 00:33 - 2018-02-07 00:33 - 000001537 _____ C:\Users\Public\Desktop\Norton Security Scan.LNK
2018-02-07 00:33 - 2018-02-07 00:33 - 000000000 ____D C:\Windows\system32\Drivers\NSSx64
2018-02-07 00:33 - 2018-02-07 00:33 - 000000000 ____D C:\ProgramData\NortonInstaller
2018-02-07 00:33 - 2018-02-07 00:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2018-02-07 00:33 - 2018-02-07 00:33 - 000000000 ____D C:\Program Files (x86)\Norton Security Scan
2018-02-07 00:32 - 2018-02-07 01:03 - 000000000 ____D C:\ProgramData\Norton
2018-02-07 00:32 - 2018-02-07 00:32 - 000000000 ____D C:\ProgramData\Downloaded Installations
2018-02-07 00:32 - 2018-02-07 00:32 - 000000000 ____D C:\Program Files\Killer Networking
2018-02-07 00:32 - 2018-02-07 00:32 - 000000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2018-02-07 00:31 - 2018-02-07 00:31 - 000000000 ____D C:\ProgramData\Google
2018-02-07 00:31 - 2018-02-07 00:31 - 000000000 ____D C:\Program Files\Google
2018-02-07 00:30 - 2018-02-07 00:30 - 000000000 ___HD C:\Program Files (x86)\Temp
2018-02-07 00:30 - 2018-02-07 00:30 - 000000000 ____D C:\ProgramData\Package Cache
2018-02-07 00:30 - 2018-02-07 00:30 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-02-07 00:26 - 2018-02-07 00:40 - 316743568 _____ C:\Users\Danny\Desktop\EmsisoftEmergencyKit.exe
2018-02-07 00:25 - 2018-02-07 00:34 - 190709032 _____ (Sophos Limited) C:\Users\Danny\Desktop\Sophos Virus Removal Tool.exe
2018-02-07 00:25 - 2018-02-07 00:25 - 021003576 _____ (Adlice Software ) C:\Users\Danny\Desktop\UCheck_setup.exe
2018-02-07 00:13 - 2018-02-07 01:33 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-02-07 00:13 - 2018-02-07 00:24 - 253383016 _____ (Emsisoft Ltd. ) C:\Users\Danny\Desktop\EmsisoftAntiMalwareSetup_bc.exe
2018-02-07 00:12 - 2018-02-07 01:33 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-02-07 00:12 - 2018-02-07 00:19 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-02-07 00:12 - 2018-02-07 00:12 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-07 00:12 - 2018-02-07 00:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-07 00:12 - 2018-02-07 00:12 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-07 00:12 - 2018-02-07 00:12 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-07 00:11 - 2018-02-07 00:11 - 000003340 _____ C:\Windows\System32\Tasks\MSI_Toast_Server
2018-02-07 00:11 - 2018-02-07 00:11 - 000002104 _____ C:\Users\Public\Desktop\MSI Live Update 6.lnk
2018-02-07 00:11 - 2018-02-07 00:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2018-02-07 00:11 - 2018-02-07 00:11 - 000000000 ____D C:\Program Files (x86)\MSI
2018-02-07 00:11 - 2018-02-07 00:11 - 000000000 ____D C:\MSI
2018-02-07 00:11 - 2014-04-30 16:23 - 000011248 _____ (Windows ® Win 7 DDK provider) C:\Windows\acpimof.dll
2018-02-07 00:10 - 2018-02-07 00:35 - 000003642 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2018-02-07 00:10 - 2018-02-07 00:10 - 000000000 ____D C:\Users\Danny\Desktop\LiveUpdate
2018-02-07 00:10 - 2018-02-07 00:10 - 000000000 ____D C:\Users\Danny\AppData\Roaming\WinRAR
2018-02-07 00:09 - 2018-02-07 00:09 - 002220872 _____ C:\Users\Danny\Desktop\winrar-x64-550.exe
2018-02-07 00:09 - 2018-02-07 00:09 - 000000000 ____D C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-02-07 00:09 - 2018-02-07 00:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-02-07 00:09 - 2018-02-07 00:09 - 000000000 ____D C:\Program Files\WinRAR
2018-02-07 00:08 - 2018-02-07 00:30 - 000840384 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-02-07 00:08 - 2018-02-07 00:08 - 013317720 _____ C:\Users\Danny\Desktop\LiveUpdate.zip
2018-02-07 00:08 - 2018-02-07 00:08 - 002393088 _____ (Farbar) C:\Users\Danny\Desktop\FRST64.exe
2018-02-07 00:07 - 2018-02-07 00:07 - 000001209 _____ C:\Users\Public\Desktop\AntiLogger Free.lnk
2018-02-07 00:07 - 2018-02-07 00:07 - 000000000 ____D C:\Users\Danny\AppData\Local\Zemana
2018-02-07 00:07 - 2018-02-07 00:07 - 000000000 ____D C:\Users\Danny\AppData\Local\AntiLogger Free
2018-02-07 00:07 - 2018-02-07 00:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2018-02-07 00:07 - 2018-02-07 00:07 - 000000000 ____D C:\Program Files (x86)\Zemana AntiLogger Free
2018-02-07 00:07 - 2018-02-07 00:07 - 000000000 ____D C:\Program Files (x86)\KeyCryptSDK
2018-02-07 00:07 - 2015-11-05 15:00 - 000143904 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2018-02-07 00:06 - 2018-02-07 00:11 - 083316440 _____ (Malwarebytes ) C:\Users\Danny\Desktop\mb3-setup-1878.1878-3.3.1.2183.exe
2018-02-07 00:06 - 2018-02-07 00:06 - 003719928 _____ (Zemana Ltd. ) C:\Users\Danny\Desktop\AntiLoggerFree_Setup.exe
2018-02-07 00:05 - 2018-02-07 00:05 - 000000207 _____ C:\Windows\tweaking.com-regbackup-DANNY-PC-Windows-10-Pro-(64-bit).dat
2018-02-07 00:02 - 2018-02-07 00:02 - 000002232 _____ C:\Users\Danny\Desktop\Tweaking.com - Windows Repair.lnk
2018-02-07 00:00 - 2018-02-07 00:00 - 000003768 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2018-02-07 00:00 - 2018-02-07 00:00 - 000000000 ____D C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-02-06 23:59 - 2018-02-07 00:02 - 000194554 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2018-02-06 23:59 - 2018-02-06 23:59 - 038149352 _____ (Tweaking.com) C:\Users\Danny\Desktop\tweaking.com_windows_repair_aio_setup.exe
2018-02-06 23:59 - 2018-02-06 23:59 - 008206624 _____ (Malwarebytes) C:\Users\Danny\Desktop\AdwCleaner.exe
2018-02-06 23:59 - 2018-02-06 23:59 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-02-06 23:58 - 2018-02-07 00:10 - 000000000 ____D C:\Users\Danny\AppData\Local\DisconnectDesktop
2018-02-06 23:58 - 2018-02-06 23:58 - 038149352 _____ (Tweaking.com) C:\Users\Danny\Downloads\tweaking.com_windows_repair_aio_setup.exe
2018-02-06 23:58 - 2018-02-06 23:58 - 000000000 ____D C:\Users\Danny\AppData\Roaming\Disconnect
2018-02-06 23:58 - 2018-02-06 23:58 - 000000000 ____D C:\Users\Danny\AppData\Local\PeerDistRepub
2018-02-06 23:58 - 2018-02-06 23:58 - 000000000 ____D C:\Users\Danny\AppData\Local\Caphyon
2018-02-06 23:57 - 2018-02-06 23:58 - 070839856 _____ (Disconnect) C:\Users\Danny\Downloads\Disconnect+Desktop.exe
2018-02-06 23:53 - 2018-02-06 23:53 - 000000000 ____D C:\IndexDatta
2018-02-06 23:52 - 2018-02-07 00:31 - 000000000 ____D C:\Program Files (x86)\Google
2018-02-06 23:52 - 2018-02-07 00:00 - 000000000 ____D C:\Users\Danny\AppData\Local\Google
2018-02-06 23:52 - 2018-02-06 23:52 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-02-06 23:52 - 2018-02-06 23:52 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-02-06 23:52 - 2018-02-06 23:52 - 000002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-06 23:52 - 2018-02-06 23:52 - 000002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-06 23:51 - 2018-02-06 23:51 - 001129816 _____ (Google Inc.) C:\Users\Danny\Desktop\ChromeSetup.exe
2018-02-06 23:49 - 2018-02-06 23:49 - 000000000 ____D C:\Users\Danny\AppData\Local\MicrosoftEdge
2018-02-06 23:43 - 2018-02-06 23:43 - 000000000 ____D C:\Users\Danny\AppData\Local\ElevatedDiagnostics
2018-02-06 23:34 - 2018-02-06 23:34 - 000000000 ____D C:\Users\Danny\AppData\Local\Comms
2018-02-06 23:21 - 2018-02-06 23:21 - 000003374 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-282559497-451337721-2173362044-1001
2018-02-06 23:20 - 2018-02-07 01:32 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-02-06 23:19 - 2018-02-06 23:21 - 000002363 _____ C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-02-06 23:19 - 2018-02-06 23:21 - 000000000 ___RD C:\Users\Danny\OneDrive
2018-02-06 23:19 - 2018-02-06 23:19 - 000000000 ___HD C:\$GetCurrent
2018-02-06 23:19 - 2018-02-06 23:19 - 000000000 ____D C:\Windows10Upgrade
2018-02-06 23:19 - 2018-02-06 23:19 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-02-06 23:18 - 2018-02-07 01:33 - 000000000 __SHD C:\Users\Danny\IntelGraphicsProfiles
2018-02-06 23:18 - 2018-02-06 23:51 - 000000000 ____D C:\Users\Danny\AppData\Local\ConnectedDevicesPlatform
2018-02-06 23:18 - 2018-02-06 23:36 - 000000000 ____D C:\Users\Danny\AppData\Local\Packages
2018-02-06 23:18 - 2018-02-06 23:18 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-02-06 23:18 - 2018-02-06 23:18 - 000000000 ____D C:\Users\Danny\AppData\Roaming\Adobe
2018-02-06 23:18 - 2018-02-06 23:18 - 000000000 ____D C:\Users\Danny\AppData\Local\VirtualStore
2018-02-06 23:18 - 2018-02-06 23:18 - 000000000 ____D C:\Users\Danny\AppData\Local\TileDataLayer
2018-02-06 23:18 - 2018-02-06 23:18 - 000000000 ____D C:\Users\Danny\AppData\Local\Publishers
2018-02-06 23:17 - 2018-02-06 23:40 - 000000000 ____D C:\Users\Danny
2018-02-06 23:17 - 2018-02-06 23:17 - 000000020 ___SH C:\Users\Danny\ntuser.ini
2018-02-06 23:17 - 2018-02-06 23:17 - 000000000 __SHD C:\Users\defaultuser0\IntelGraphicsProfiles
2018-02-06 23:17 - 2018-02-06 23:17 - 000000000 ___SD C:\Windows\UpdateAssistantV2
2018-02-06 23:17 - 2018-02-06 23:17 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\VirtualStore
2018-02-06 23:17 - 2018-02-06 23:17 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\TileDataLayer
2018-02-06 23:17 - 2018-02-06 23:17 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2018-02-06 23:17 - 2018-02-06 23:17 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\ConnectedDevicesPlatform
2018-02-06 23:16 - 2018-02-07 00:41 - 000840820 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-06 23:16 - 2018-02-06 23:17 - 000000000 ____D C:\Users\defaultuser0
2018-02-06 23:16 - 2018-02-06 23:16 - 000000020 ___SH C:\Users\defaultuser0\ntuser.ini
2018-02-06 23:16 - 2017-11-17 23:23 - 000038744 _____ (Microsoft Corporation) C:\Windows\system32\OOBEUpdater.exe
2018-02-06 23:14 - 2016-07-16 06:41 - 002716672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2018-02-06 23:12 - 2018-02-06 23:12 - 000000000 _SHDL C:\Users\Default User
2018-02-06 23:12 - 2018-02-06 23:12 - 000000000 _SHDL C:\Users\All Users
2018-02-06 23:12 - 2018-02-06 23:12 - 000000000 _SHDL C:\Documents and Settings
2018-02-06 23:11 - 2018-02-07 01:33 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-02-06 23:11 - 2018-02-07 01:33 - 000000000 ____D C:\ProgramData\NVIDIA
2018-02-06 23:11 - 2018-02-07 00:31 - 000000000 ____D C:\Program Files\Intel
2018-02-06 23:11 - 2018-02-06 23:17 - 000000000 ____D C:\Intel
2018-02-06 23:11 - 2018-02-06 23:11 - 000000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2018-02-06 23:11 - 2018-02-06 23:11 - 000000000 ____D C:\ProgramData\USOShared
2018-02-06 23:11 - 2018-02-06 23:11 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
2018-02-06 23:11 - 2017-10-27 11:36 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-02-06 23:11 - 2017-10-27 11:12 - 005960824 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-02-06 23:11 - 2017-10-27 11:12 - 002587768 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-02-06 23:11 - 2017-10-27 11:12 - 001766520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-02-06 23:11 - 2017-10-27 11:12 - 000607168 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-02-06 23:11 - 2017-10-27 11:12 - 000449656 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-02-06 23:11 - 2017-10-27 11:12 - 000123000 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-02-06 23:11 - 2017-10-27 11:12 - 000081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-02-06 23:11 - 2017-10-25 05:33 - 007802921 _____ C:\Windows\system32\nvcoproc.bin
2018-02-06 23:11 - 2017-10-20 16:43 - 000091120 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2018-02-06 23:10 - 2018-02-07 01:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-06 23:10 - 2018-02-07 01:32 - 000194192 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-06 23:10 - 2018-02-06 23:11 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-02-06 23:10 - 2018-02-06 23:11 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-02-06 23:10 - 2018-02-06 23:10 - 000012856 ____N C:\bootsqm.dat
2018-02-06 23:10 - 2018-02-06 23:10 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2018-02-06 23:10 - 2018-02-06 23:10 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-02-06 23:10 - 2018-02-06 23:10 - 000000000 ____D C:\Windows\ServiceProfiles
2018-02-06 23:10 - 2018-02-06 23:10 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-02-06 22:18 - 2018-02-06 23:16 - 000000000 ___DC C:\Windows\Panther
2018-02-06 22:18 - 2018-02-06 22:41 - 000000000 ____D C:\Windows.old
2018-02-06 22:18 - 2018-02-06 22:18 - 000008192 _____ C:\Windows\system32\config\userdiff
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\winrm
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\WCN
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\sysprep
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\slmgr
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\0409
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\winrm
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\WCN
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\slmgr
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\0409
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\Setup
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\OCR
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\InfusedApps
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\DigitalLocker
2018-02-06 22:17 - 2016-07-16 06:44 - 000828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-02-06 22:17 - 2016-07-16 06:44 - 000176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-06 22:16 - 2018-02-07 01:33 - 000000000 ____D C:\Windows\AppReadiness
2018-02-06 22:16 - 2018-02-07 01:10 - 000000000 ____D C:\Windows\system32\NDF
2018-02-06 22:16 - 2018-02-07 00:40 - 000000000 ___HD C:\Windows\ELAMBKUP
2018-02-06 22:16 - 2018-02-07 00:10 - 000000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_571
2018-02-06 22:16 - 2018-02-06 23:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-06 22:16 - 2018-02-06 23:17 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2018-02-06 22:16 - 2018-02-06 23:17 - 000000000 ____D C:\Windows\system32\oobe
2018-02-06 22:16 - 2018-02-06 23:14 - 000000000 ____D C:\Windows\system32\spool
2018-02-06 22:16 - 2018-02-06 23:14 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-02-06 22:16 - 2018-02-06 23:13 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-02-06 22:16 - 2018-02-06 23:11 - 000000000 ___RD C:\Windows\PrintDialog
2018-02-06 22:16 - 2018-02-06 23:11 - 000000000 ___RD C:\Windows\MiracastView
2018-02-06 22:16 - 2018-02-06 23:11 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2018-02-06 22:16 - 2018-02-06 23:11 - 000000000 ____D C:\Windows\system32\Sysprep
2018-02-06 22:16 - 2018-02-06 23:11 - 000000000 ____D C:\Windows\Help
2018-02-06 22:16 - 2018-02-06 23:11 - 000000000 ____D C:\Windows\CSC
2018-02-06 22:16 - 2018-02-06 23:11 - 000000000 ____D C:\ProgramData\USOPrivate
2018-02-06 22:16 - 2018-02-06 23:10 - 000000000 ____D C:\Windows\system32\config\TxR
2018-02-06 22:16 - 2018-02-06 23:10 - 000000000 ____D C:\Windows\system32\config\RegBack
2018-02-06 22:16 - 2018-02-06 22:40 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ___SD C:\Windows\SysWOW64\F12
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ___SD C:\Windows\system32\F12
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ___SD C:\Windows\system32\dsc
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\setup
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\oobe
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\MUI
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\Dism
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\Com
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SystemApps
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\setup
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\MUI
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\migwiz
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\Dism
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\Com
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\IME
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Program Files\Windows Defender
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Program Files\Common Files\System
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 __SHD C:\Program Files\Windows Sidebar
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 __RSD C:\Windows\Media
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 __RHD C:\Users\Public\Libraries
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ___SD C:\Windows\SysWOW64\Nui
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ___SD C:\Windows\SysWOW64\Configuration
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ___SD C:\Windows\system32\Nui
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ___SD C:\Windows\system32\Configuration
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ___SD C:\Windows\Downloaded Program Files
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ___RD C:\Windows\Offline Web Pages
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\Web
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\Vss
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\tracing
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\TAPI
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\SMI
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\ras
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\NDF
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\MsDtc
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\migwiz
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\MailContactsCalendarSync
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\Ipmi
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\InputMethod
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\inetsrv
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\IME
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\icsxml
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicyUsers
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\FxsTmp
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\downlevel
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\Bthprops
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\AppLocker
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SystemResources
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\WinMetadata
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\winevt
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\ras
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\ProximityToast
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\PointOfService
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\MsDtc
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\MailContactsCalendarSync
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\Macromed
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\Ipmi
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\InputMethod
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\inetsrv
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\IME
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\icsxml
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\ias
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\downlevel
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\DDFs
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\config\systemprofile
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\config\Journal
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\Bthprops
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\appraiser
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\AppLocker
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\System
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SKB
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\ShellExperiences
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\security
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\schemas
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SchCache
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\Resources
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\rescache
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\RemotePackages
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\Registration
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\Provisioning
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\PLA
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\Performance
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\ModemLogs
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\LiveKernelReports
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\L2Schemas
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\InputMethod
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\Globalization
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\GameBarPresenceWriter
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\Cursors
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\Branding
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\bcastdvr
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\appcompat
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\addins
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\ProgramData\Comms
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Program Files\Windows Portable Devices
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Program Files\Windows NT
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Program Files\Common Files\Services
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Program Files (x86)\Windows NT
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2018-02-06 22:16 - 2018-02-06 22:15 - 000231424 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2018-02-06 22:16 - 2018-02-06 22:15 - 000215943 _____ C:\Windows\SysWOW64\dssec.dat
2018-02-06 22:16 - 2018-02-06 22:15 - 000215943 _____ C:\Windows\system32\dssec.dat
2018-02-06 22:16 - 2018-02-06 22:15 - 000209408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2018-02-06 22:16 - 2018-02-06 22:15 - 000017463 _____ C:\Windows\system32\Drivers\etc\services
2018-02-06 22:16 - 2018-02-06 22:15 - 000015462 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2018-02-06 22:16 - 2018-02-06 22:15 - 000004096 _____ C:\Windows\system32\config\VSMIDK
2018-02-06 22:16 - 2018-02-06 22:15 - 000003683 _____ C:\Windows\system32\Drivers\etc\lmhosts.sam
2018-02-06 22:16 - 2018-02-06 22:15 - 000001358 _____ C:\Windows\system32\Drivers\etc\protocol
2018-02-06 22:16 - 2018-02-06 22:15 - 000000858 _____ C:\Windows\system32\DefaultQuestions.json
2018-02-06 22:16 - 2018-02-06 22:15 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts_bak_288
2018-02-06 22:16 - 2018-02-06 22:15 - 000000741 _____ C:\Windows\SysWOW64\NOISE.DAT
2018-02-06 22:16 - 2018-02-06 22:15 - 000000741 _____ C:\Windows\system32\NOISE.DAT
2018-02-06 22:16 - 2018-02-06 22:15 - 000000407 _____ C:\Windows\system32\Drivers\etc\networks
2018-02-06 22:16 - 2018-02-06 22:15 - 000000219 _____ C:\Windows\system.ini
2018-02-06 22:16 - 2018-02-06 22:15 - 000000092 _____ C:\Windows\win.ini
2018-02-06 22:16 - 2017-10-20 16:43 - 000095216 _____ (Khronos Group) C:\Windows\SysWOW64\opencl.dll
2018-02-06 22:15 - 2018-02-07 00:32 - 000000000 ____D C:\Windows\INF
2018-02-06 22:13 - 2018-02-07 01:32 - 064749568 _____ C:\Windows\system32\config\SOFTWARE
2018-02-06 22:13 - 2018-02-07 01:32 - 012845056 _____ C:\Windows\system32\config\SYSTEM
2018-02-06 22:13 - 2018-02-07 01:32 - 000262144 _____ C:\Windows\system32\config\DEFAULT
2018-02-06 22:13 - 2018-02-07 01:32 - 000262144 _____ C:\Windows\system32\config\BBI
2018-02-06 22:13 - 2018-02-07 01:32 - 000065536 _____ C:\Windows\system32\config\SECURITY
2018-02-06 22:13 - 2018-02-07 01:31 - 000000000 ___RD C:\Program Files (x86)
2018-02-06 22:13 - 2018-02-07 00:42 - 000000000 ____D C:\Windows\CbsTemp
2018-02-06 22:13 - 2018-02-07 00:41 - 000032768 _____ C:\Windows\system32\config\ELAM
2018-02-06 22:13 - 2018-02-06 23:09 - 000000000 ___HD C:\$SysReset
2018-02-06 22:13 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\servicing
2018-02-06 22:13 - 2018-02-06 22:17 - 000065536 _____ C:\Windows\system32\config\SAM
2018-02-06 22:13 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\SMI
2018-02-06 22:13 - 2018-02-06 22:13 - 000000000 ____D C:\$WINDOWS.~BT
2018-01-09 19:33 - 2016-09-28 20:15 - 000162120 _____ (Qualcomm Atheros, Inc.) C:\Windows\system32\Drivers\e2xw10x64.sys
2017-11-09 04:41 - 2017-11-09 04:41 - 000504360 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstusb.sys
2017-11-09 04:40 - 2017-11-09 04:40 - 036248176 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-11-09 04:40 - 2017-11-09 04:40 - 029279672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-11-09 04:40 - 2017-11-09 04:40 - 001630248 _____ (NVIDIA Corporation) C:\Windows\system32\nvir3dgenco64.dll
2017-11-09 04:40 - 2017-11-09 04:40 - 000624240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-11-09 04:39 - 2017-11-09 04:39 - 000989808 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-11-09 04:39 - 2017-11-09 04:39 - 000940984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-11-09 04:39 - 2017-11-09 04:39 - 000514672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-11-09 04:39 - 2017-11-09 04:39 - 000054192 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 001997752 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438813.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 001682544 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438813.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 001624168 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 001108408 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 001039800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 000748144 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 000607160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 000233904 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-11-09 04:37 - 2017-11-09 04:37 - 040246384 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-11-09 04:37 - 2017-11-09 04:37 - 035165624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-11-09 04:37 - 2017-11-09 04:37 - 004210288 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-11-09 04:37 - 2017-11-09 04:37 - 003623024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-11-09 04:30 - 2017-11-09 04:30 - 023474480 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-11-09 04:30 - 2017-11-09 04:30 - 019212720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-11-09 04:30 - 2017-11-09 04:30 - 013379352 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-11-09 04:30 - 2017-11-09 04:30 - 010986768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-11-09 04:26 - 2017-11-09 04:26 - 001154296 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-11-09 04:26 - 2017-11-09 04:26 - 000902312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-11-09 04:26 - 2017-11-09 04:26 - 000810304 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 013994136 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 011891200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 004533184 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 003859848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 001342008 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 001056720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 000648728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-11-09 03:57 - 2017-11-09 03:57 - 000048442 _____ C:\Windows\system32\nvinfo.pb
2017-11-09 03:57 - 2017-11-09 03:57 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-11-09 03:57 - 2017-11-09 03:57 - 000000669 _____ C:\Windows\system32\nv-vk64.json
 
==================== Three Months Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {35969b89-0b6b-11e8-a194-abe35755e710}
                        {263ba3c2-0b81-11e8-af9d-806e6f6e6963}
                        {263ba3c3-0b81-11e8-af9d-806e6f6e6963}
                        {263ba3c4-0b81-11e8-af9d-806e6f6e6963}
timeout                 1
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {35969b91-0b6b-11e8-a194-abe35755e710}
displayorder            {current}
bootsequence            {35969b90-0b6b-11e8-a194-abe35755e710}
toolsdisplayorder       {memdiag}
timeout                 0
 
Firmware Application (101fffff)
-------------------------------
identifier              {263ba3c2-0b81-11e8-af9d-806e6f6e6963}
description             UEFI:CD/DVD Drive
 
Firmware Application (101fffff)
-------------------------------
identifier              {263ba3c3-0b81-11e8-af9d-806e6f6e6963}
description             UEFI:Removable Device
 
Firmware Application (101fffff)
-------------------------------
identifier              {263ba3c4-0b81-11e8-af9d-806e6f6e6963}
description             UEFI:Network Device
 
Firmware Application (101fffff)
-------------------------------
identifier              {35969b89-0b6b-11e8-a194-abe35755e710}
description             UEFI: Built-in EFI Shell 
 
Windows Boot Loader
-------------------
identifier              {35969b8d-0b6b-11e8-a194-abe35755e710}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{35969b8e-0b6b-11e8-a194-abe35755e710}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{35969b8e-0b6b-11e8-a194-abe35755e710}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.efi
description             Windows 10
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {35969b8d-0b6b-11e8-a194-abe35755e710}
displaymessageoverride  Recovery
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \Windows
resumeobject            {35969b91-0b6b-11e8-a194-abe35755e710}
nx                      OptOut
bootmenupolicy          Standard
 
Resume from Hibernate
---------------------
identifier              {35969b91-0b6b-11e8-a194-abe35755e710}
device                  partition=C:
path                    \Windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {35969b8d-0b6b-11e8-a194-abe35755e710}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 No
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Local
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {35969b8e-0b6b-11e8-a194-abe35755e710}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
LastRegBack: 2018-02-06 23:10
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Danny (07-02-2018 01:34:31)
Running from C:\Users\Danny\Desktop
Windows 10 Pro Version 1607 (X64) (2018-02-07 04:17:14)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-282559497-451337721-2173362044-500 - Administrator - Disabled)
Danny (S-1-5-21-282559497-451337721-2173362044-1001 - Administrator - Enabled) => C:\Users\Danny
DefaultAccount (S-1-5-21-282559497-451337721-2173362044-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-282559497-451337721-2173362044-1000 - Limited - Disabled)
Guest (S-1-5-21-282559497-451337721-2173362044-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AntiLogger Free version 1.8.2.320 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.320 - Zemana Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.140 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Killer Bandwidth Control Filter Driver (HKLM\...\{5B7A2B7B-CEA9-4E50-B0E4-E82F204CBE78}) (Version: 1.1.57.1125 - Rivet Networks) Hidden
Killer E220x Drivers (HKLM\...\{77C95134-CA2D-4614-9C86-55B7A6A281AA}) (Version: 1.1.57.1125 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.57.1125 - Rivet Networks)
Malwarebytes Anti-Exploit version 1.11.1.48 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.11.1.48 - Malwarebytes)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-282559497-451337721-2173362044-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.27 - MSI)
MSIRegister (HKLM-x32\...\{80B995A4-3A86-4690-98A6-563F1A788835}_is1) (Version: 2.0.0.10 - MSI)
Norton Security (HKLM-x32\...\NS) (Version: 22.9.0.71 - Symantec Corporation)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.6.1.145 - Symantec Corporation)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.13 - Tweaking.com)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22329 - Microsoft Corporation)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.9.0.71\NavShExt.dll [2017-02-20] (Symantec Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.9.0.71\NavShExt.dll [2017-02-20] (Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-10-20] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.9.0.71\NavShExt.dll [2017-02-20] (Symantec Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0DE1C53F-E391-4716-B3CF-C43DB0921FAE} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {1E087CEA-BDF2-4455-A683-A8FA6DD163D6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {22C764B0-4DB2-4CCC-87AB-AA778CF31B3B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-06] (Google Inc.)
Task: {22DC766C-9ACA-4FF3-8F57-8F1B27BB5E55} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {34C3B638-9FC5-4374-A5DC-57C412591ED9} - System32\Tasks\Norton Security Scan for Danny => C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.145\Nss.exe [2017-12-15] (Symantec Corporation)
Task: {3704827F-AF35-40D1-ACA9-DE5DA1C6633C} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.9.0.71\SymErr.exe [2017-02-20] (Symantec Corporation)
Task: {3732AD9F-0418-4A63-BF9F-A7AD3A301CD2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-06] (Google Inc.)
Task: {578689B9-C8D7-4E1F-854B-8553AF4A4FFA} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.9.0.71\SymErr.exe [2017-02-20] (Symantec Corporation)
Task: {7494753E-4913-47AE-9451-CD65276B03A9} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.9.0.71\WSCStub.exe [2017-02-20] (Symantec Corporation)
Task: {AF29A97C-32FC-45C5-A8F0-29FF0035D776} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.9.0.71\SymErr.exe [2017-02-20] (Symantec Corporation)
Task: {B497D2A1-24B5-4DDD-8A27-03A6DBB17510} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {C353E55C-EFDF-4BE4-8E65-9144E736B370} - System32\Tasks\MSI_Toast_Server => C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe [2017-07-10] (Micro-Star INT'L CO., LTD.)
Task: {F8E92E22-52ED-4039-A6BC-81BC655B7886} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 000231424 ____N () C:\Windows\SYSTEM32\ism32k.dll
2016-07-16 06:42 - 2016-07-16 06:42 - 002681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2018-02-07 00:12 - 2018-02-07 00:19 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-02-07 00:12 - 2018-02-07 00:19 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-10-20 16:42 - 2017-10-20 16:42 - 000393200 _____ () C:\Windows\system32\igfxTray.exe
2016-07-16 06:42 - 2016-07-16 06:42 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-07-16 06:43 - 2016-07-16 06:43 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-07-16 06:43 - 2016-07-16 09:28 - 009761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-16 06:43 - 2016-07-16 09:28 - 001400320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-16 06:43 - 2016-07-16 09:28 - 000757248 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-07-16 06:43 - 2016-07-16 09:28 - 001033728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-07-16 06:43 - 2016-07-16 09:28 - 002438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-16 06:43 - 2016-07-16 09:28 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-07-16 06:43 - 2016-07-16 09:28 - 000114176 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2016-07-16 06:43 - 2016-07-16 09:28 - 000115712 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\DeviceSideServicesActionUriHandler.dll
2016-07-16 06:43 - 2016-07-16 09:28 - 000522752 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2016-07-16 06:43 - 2016-07-16 09:28 - 000040448 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2016-07-16 06:43 - 2016-07-16 09:27 - 000813056 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2016-07-16 06:43 - 2016-07-16 09:28 - 000963584 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2016-07-16 06:43 - 2016-07-16 09:28 - 000249344 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2016-07-16 06:43 - 2016-07-16 09:28 - 000572416 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2016-07-16 06:43 - 2016-07-16 09:28 - 000403968 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2016-07-16 06:43 - 2016-07-16 09:27 - 000183296 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2016-07-16 06:43 - 2016-07-16 09:27 - 000288256 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
2018-02-07 00:11 - 2005-07-18 13:43 - 000160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2018-02-06 22:16 - 2018-02-07 01:32 - 000000830 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-282559497-451337721-2173362044-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1 - 162.242.211.137
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{5C49212B-057E-4510-8D1B-76E2A28EB1F2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{62BE74E1-827D-4267-A0D6-249F15611F6A}] => (Allow) C:\Users\Danny\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpn.exe
FirewallRules: [{4573D824-F365-4633-9F88-ABCE778E3671}] => (Allow) C:\Users\Danny\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpnserv.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/07/2018 01:23:27 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DANNY-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/07/2018 12:48:27 AM) (Source: MsiInstaller) (EventID: 11606) (User: DANNY-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.
 
Error: (02/07/2018 12:48:21 AM) (Source: MsiInstaller) (EventID: 11606) (User: DANNY-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.
 
Error: (02/07/2018 12:37:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.1284, time stamp: 0x5a15ab42
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00
Exception code: 0xc0000005
Fault offset: 0x001aa3b6
Faulting process id: 0x27f4
Faulting application start time: 0x01d39fd5bc8f3990
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 849c3fc3-e05e-43c7-ac88-0997205390f5
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/07/2018 12:37:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.0.0.1284, time stamp: 0x5a15a98e
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00
Exception code: 0xc0000005
Fault offset: 0x001aa3b6
Faulting process id: 0x2718
Faulting application start time: 0x01d39fd5bdd68853
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 770e9e3b-bb66-4748-8f56-6439b0a135eb
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/07/2018 12:36:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1023.
 
Error: (02/07/2018 12:36:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1023.
 
Error: (02/07/2018 12:36:11 AM) (Source: ESENT) (EventID: 455) (User: )
Description: Catalog Database (1308) Catalog Database: Error -1023 (0xfffffc01) occurred while opening logfile C:\Windows\system32\CatRoot2\edb.log.
 
Error: (02/07/2018 12:36:11 AM) (Source: ESENT) (EventID: 455) (User: )
Description: Catalog Database (1308) Catalog Database: Error -1023 (0xfffffc01) occurred while opening logfile C:\Windows\system32\CatRoot2\edb.log.
 
Error: (02/07/2018 12:34:29 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Killer Network Manager -- Error 2762. Cannot write script record. Transaction not started.
 
 
System errors:
=============
Error: (02/07/2018 01:33:14 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/07/2018 01:33:04 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Media Player Network Sharing Service service terminated with the following error: 
An attempt was made to reference a token that does not exist.
 
Error: (02/07/2018 01:33:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinDefend service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Error: (02/07/2018 01:33:01 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HvHost service terminated with the following error: 
A device attached to the system is not functioning.
 
Error: (02/07/2018 01:32:42 AM) (Source: DCOM) (EventID: 10010) (User: DANNY-PC)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
 
Error: (02/07/2018 01:32:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (02/07/2018 01:32:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MSI Live Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/07/2018 01:32:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MSIREGISTER_MR service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/07/2018 01:32:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® HD Graphics Control Panel Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/07/2018 01:32:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2018-02-07 01:33:02.087
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2018-02-07 01:08:08.070
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-02-07 01:07:59.034
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-02-07 00:53:01.921
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-02-07 00:52:41.253
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-02-07 00:52:29.457
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-02-07 00:52:15.017
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-02-07 00:52:03.644
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-02-07 00:51:50.582
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-02-07 00:47:13.771
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 17%
Total physical RAM: 15818.61 MB
Available physical RAM: 13065.08 MB
Total Virtual: 18762.61 MB
Available Virtual: 15930.68 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:223.02 GB) (Free:195.3 GB) NTFS
Drive d: () (Fixed) (Total:223.55 GB) (Free:223.38 GB) NTFS
Drive e: (RT-AC3100) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 843B38AA)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 223.6 GB) (Disk ID: D067D13D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
Users shortcut scan result (x64) Version: 27.01.2018
Ran by Danny (07-02-2018 01:34:52)
Running from C:\Users\Danny\Desktop
Boot Mode: Normal
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\Danny\Documents ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\Danny\Downloads ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\Danny\Music ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\Danny\Pictures ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\Danny\Videos ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\08 - Homegroup.lnk -> Microsoft.Windows.Homegroup
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\09 - Network.lnk -> Microsoft.Windows.Network
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\Danny ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk -> C:\Windows\MiracastView\MiracastView.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk -> C:\Windows\PrintDialog\PrintDialog.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free\AntiLogger Free.lnk -> C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe (Zemana Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free\Uninstall AntiLogger Free.lnk -> C:\Program Files (x86)\Zemana AntiLogger Free\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan\Norton Security Scan.LNK -> C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.145\Nss.exe (Symantec Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI\MSIRegister\MSIRegister.lnk -> C:\MSI\MSIRegister\MSIRegister.exe (Micro-Star INT'L CO., LTD.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI\MSIRegister\Uninstall MSIRegister.lnk -> C:\MSI\MSIRegister\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI\Live Update\Live Update.lnk -> C:\Program Files (x86)\MSI\Live Update\Live Update.exe (Micro-Star INT'L CO., LTD.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI\Live Update\Uninstall Live Update.lnk -> C:\Program Files (x86)\MSI\Live Update\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\syswow64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft® Windows® Operating System)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\Links\Desktop.lnk -> C:\Users\Danny\Desktop ()
Shortcut: C:\Users\Danny\Links\Downloads.lnk -> C:\Users\Danny\Downloads ()
Shortcut: C:\Users\Danny\Links\OneDrive.lnk -> C:\Users\Danny\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\Desktop\Tweaking.com - Windows Repair.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe (Tweaking.com)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Danny\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Open Windows Repair (WR) Tray Icon.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe (Tweaking.com)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Tweaking.com - Registry Backup.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\registry_backup_tool\TweakingRegistryBackup.exe (Tweaking.com)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Tweaking.com - Windows Repair.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe (Tweaking.com)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Windows Repair Help.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\help\windows_repair.chm ()
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\AntiLogger Free.lnk -> C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe (Zemana Ltd.)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\MSI Live Update 6.lnk -> C:\Program Files (x86)\MSI\Live Update\Live Update.exe (Micro-Star INT'L CO., LTD.)
Shortcut: C:\Users\Public\Desktop\Norton Security Scan.LNK -> C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.145\Nss.exe (Symantec Corporation)
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free\Generate Log File\Generate Log File.lnk -> C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe (Zemana Ltd.) -> /CRASH
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security\Norton Security.lnk -> C:\Program Files\Norton Security\Engine\22.9.0.71\uiStub.exe (Symantec Corporation) -> /win8
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe () ->  /LOG
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Uninstall Tweaking.com - Windows Repair.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\uninstall.exe (Indigo Rose Corporation) -> "/U:C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Uninstall\uninstall.xml"
ShortcutWithArgument: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsDefaults
ShortcutWithArgument: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemDevices
ShortcutWithArgument: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /0
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsDefaults
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemDevices
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsDefaults
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemDevices
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /0
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Public\Desktop\Norton Security.lnk -> C:\Program Files\Norton Security\Engine\22.9.0.71\uiStub.exe (Symantec Corporation) -> /win8
 
 
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free\AntiLogger Free on the Web.url -> URL: hxxp://www.zemana.com/
InternetURL: C:\Users\Danny\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\Danny\Favorites\Links\Microsoft.com site search results (2).url -> BASEURL: hxxps://www.microsoft.com/en-us/search/result.aspx?q=chrome download windows 10 URL: hxxps://www.microsoft.com/en-us/search/result.aspx?q=chrome download windows 10#nav-downloads
InternetURL: C:\Users\Danny\Favorites\Links\Microsoft.com site search results.url -> BASEURL: hxxps://www.microsoft.com/en-us/search/result.aspx?q=chrome download windows 10 URL: hxxps://www.microsoft.com/en-us/search/result.aspx?q=chrome download windows 10#nav-downloads
 
==================== End of Shortcut.txt =============================
 


#8 frazz

frazz
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 07 February 2018 - 02:34 AM

Here is the fixlog because I do know how to use the tool... But dont forget I formatted this pc a couple hours ago it doesnt even have the newest win 10 yet. and i know about the multiple AV's i was trying to get logs for u
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Danny (07-02-2018 01:50:02) Run:1
Running from C:\Users\Danny\Desktop
Loaded Profiles: Danny (Available Profiles: Danny)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start:
 
 
CloseProcesses:
EmptyTemp:
DeleteQuarantine:
Hosts:
RemoveProxy:
 
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(Micro-Star INT'L CO., LTD.) C:\MSI\MSIRegister\MSIRegisterService.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.9.0.71\NS.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.0_none_36d3ccc3ddfd1ecb\TiWorker.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.9.0.71\NS.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Windows\syswow64\wbem\WmiPrvSE.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\Live Update.exe
(Symantec Corporation) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\NPE.exe
 
 
CMD: netsh winsock reset catalog
CMD: netsh winsock reset c:\resetlog.txt
CMD: netsh winsock reset
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ip reset c:\log.txt
CMD: netsh int ip reset
CMD: ipconfig /flushdns
CMD: ipconfig /release
CMD: ipconfig /renew
RemoveProxy:
bitsadmin /reset /allusers
CMD: bitsadmin /reset /allusers
 
 
 
Task: Unhide: Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Task: Unhide: Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Task: Unhide: Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Task: Unhide: Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Task: Unhide: Killer Bandwidth Control Filter Driver (HKLM\...\{5B7A2B7B-CEA9-4E50-B0E4-E82F204CBE78}) (Version: 1.1.57.1125 - Rivet Networks) Hidden
Task: Unhide: Killer E220x Drivers (HKLM\...\{77C95134-CA2D-4614-9C86-55B7A6A281AA}) (Version: 1.1.57.1125 - Rivet Networks) Hidden
 
Task: RemoveKey: ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
Task: RemoveKey: ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
Task: RemoveKey: ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
Task: RemoveKey: ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
Task: RemoveKey: ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
Task: RemoveKey: ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
Task: RemoveKey: ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
Task: RemoveKey: ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.9.0.71\NavShExt.dll [2017-02-20] (Symantec Corporation)
Task: RemoveKey: ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
Task: RemoveKey: ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
Task: RemoveKey: ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.9.0.71\NavShExt.dll [2017-02-20] (Symantec Corporation)
Task: RemoveKey: ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
Task: RemoveKey: ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: RemoveKey: ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-10-20] (Intel Corporation)
Task: RemoveKey: ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
Task: RemoveKey: ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.9.0.71\buShell.dll [2017-02-20] (Symantec Corporation)
Task: RemoveKey: ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
Task: RemoveKey: ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.9.0.71\NavShExt.dll [2017-02-20] (Symantec Corporation)
Task: RemoveKey: ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
Task: RemoveKey: ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
 
 
 
Task: RemoveKey: {0DE1C53F-E391-4716-B3CF-C43DB0921FAE} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: RemoveKey: {1E087CEA-BDF2-4455-A683-A8FA6DD163D6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: RemoveKey: {22C764B0-4DB2-4CCC-87AB-AA778CF31B3B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-06] (Google Inc.)
Task: RemoveKey: {22DC766C-9ACA-4FF3-8F57-8F1B27BB5E55} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: RemoveKey: {34C3B638-9FC5-4374-A5DC-57C412591ED9} - System32\Tasks\Norton Security Scan for Danny => C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.145\Nss.exe [2017-12-15] (Symantec Corporation)
Task: RemoveKey: {3704827F-AF35-40D1-ACA9-DE5DA1C6633C} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.9.0.71\SymErr.exe [2017-02-20] (Symantec Corporation)
Task: RemoveKey: {3732AD9F-0418-4A63-BF9F-A7AD3A301CD2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-06] (Google Inc.)
Task: RemoveKey: {578689B9-C8D7-4E1F-854B-8553AF4A4FFA} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.9.0.71\SymErr.exe [2017-02-20] (Symantec Corporation)
Task: RemoveKey: {7494753E-4913-47AE-9451-CD65276B03A9} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.9.0.71\WSCStub.exe [2017-02-20] (Symantec Corporation)
Task: RemoveKey: {AF29A97C-32FC-45C5-A8F0-29FF0035D776} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.9.0.71\SymErr.exe [2017-02-20] (Symantec Corporation)
Task: RemoveKey: {B497D2A1-24B5-4DDD-8A27-03A6DBB17510} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: RemoveKey: {C353E55C-EFDF-4BE4-8E65-9144E736B370} - System32\Tasks\MSI_Toast_Server => C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe [2017-07-10] (Micro-Star INT'L CO., LTD.)
Task: RemoveKey: {F8E92E22-52ED-4039-A6BC-81BC655B7886} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
 
Task: RemoveKey: R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
Task: RemoveKey: R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [153888 2017-12-18] (Malwarebytes Corporation)
Task: RemoveKey: R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
Task: RemoveKey: R2 MSIREGISTER_MR; C:\MSI\MSIRegister\MSIRegisterService.exe [128976 2017-07-11] (Micro-Star INT'L CO., LTD.)
Task: RemoveKey: R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2306232 2018-01-25] (Micro-Star INT'L CO., LTD.)
Task: RemoveKey: R2 NS; C:\Program Files\Norton Security\Engine\22.9.0.71\NS.exe [326160 2017-02-20] (Symantec Corporation)
Task: RemoveKey: S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation)
Task: RemoveKey: S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
Task: RemoveKey: S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
Task: RemoveKey: S3 disconnect-openvpn; C:\Users\Danny\AppData\Roaming\Disconnect\Disconnect Desktop\nssm.exe [X]
Task: RemoveKey: R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
Task: RemoveDirectory:  "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d 
Task: RemoveDirectory: "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
 
Task: RemoveKey: R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [144456 2016-01-22] (Rivet Networks, LLC.)
Task: RemoveKey: R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\BASHDefs\20180201.001\BHDrvx64.sys [1872024 2018-02-01] (Symantec Corporation)
Task: RemoveKey: R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1609000.047\ccSetx64.sys [174240 2017-02-20] (Symantec Corporation)
Task: RemoveKey: R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-02-06] (Symantec Corporation)
Task: RemoveKey: R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [152656 2018-02-06] (Symantec Corporation)
Task: RemoveKey: R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [76192 2017-12-18] ()
Task: RemoveKey: R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\IPSDefs\20180206.001\IDSvia64.sys [1056920 2018-02-06] (Symantec Corporation)
Task: RemoveKey: R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)
Task: RemoveKey: R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [162120 2016-09-28] (Qualcomm Atheros, Inc.)
Task: RemoveKey: R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193464 2018-02-07] (Malwarebytes)
Task: RemoveKey: R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2018-02-07] (Malwarebytes)
Task: RemoveKey: R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [46008 2018-02-07] (Malwarebytes)
Task: RemoveKey: R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-07] (Malwarebytes)
Task: RemoveKey: R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2018-02-07] (Malwarebytes)
Task: RemoveKey: S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
Task: RemoveKey: R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
Task: RemoveKey: R1 SMR520; C:\Windows\System32\drivers\SMR520.SYS [119960 2018-02-07] (Symantec Corporation)
Task: RemoveKey: R1 SRTSP; C:\Windows\system32\drivers\NSx64\1609000.047\SRTSP64.SYS [760992 2017-02-20] (Symantec Corporation)
Task: RemoveKey: R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1609000.047\SRTSPX64.SYS [49312 2017-02-20] (Symantec Corporation)
Task: RemoveKey: R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1609000.047\SYMEFASI64.SYS [1716896 2017-02-20] (Symantec Corporation)
Task: RemoveKey: S0 SymELAM; C:\Windows\System32\drivers\NSx64\1609000.047\SymELAM.sys [24616 2017-02-20] (Symantec Corporation)
Task: RemoveKey: R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2018-02-07] (Symantec Corporation)
Task: RemoveKey: R1 SymIRON; C:\Windows\system32\drivers\NSx64\1609000.047\Ironx64.SYS [291480 2017-02-20] (Symantec Corporation)
Task: RemoveKey: R1 SymNetS; C:\Windows\system32\drivers\NSx64\1609000.047\SYMNETS.SYS [567512 2017-02-20] (Symantec Corporation)
Task: RemoveKey: S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
Task: RemoveKey: S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
Task: RemoveKey: S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
Task: RemoveKey: S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\SDSDefs\20180206.006\NAVENG.SYS [X]
Task: RemoveKey: S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\SDSDefs\20180206.006\NAVEX15.SYS [X]
 
Task: Restore: HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8980016 2015-11-05] (Zemana Ltd.)
Task: Restore: HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [26119352 2018-01-30] (Micro-Star INT'L CO., LTD.)
Task: Restore: HKLM-x32\...\Run: [MSIRegister] => C:\MSI\MSIRegister\MSIRegister.exe [1262544 2017-07-11] (Micro-Star INT'L CO., LTD.)
Task: Restore: HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2479392 2017-12-18] (Malwarebytes Corporation)
Task: Restore: AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(1).dll [86936 2015-11-05] (Zemana Ltd.)
 
 
RemoveProxy:
 
 
End:
 
 
*****************
 
Start: => Error: No automatic fix found for this entry.
Processes closed successfully.
"C:\FRST\Quarantine" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= RemoveProxy: =========
 
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKU\S-1-5-21-282559497-451337721-2173362044-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-282559497-451337721-2173362044-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-282559497-451337721-2173362044-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe => No running process found
C:\Windows\System32\igfxCUIService.exe => No running process found
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe => No running process found
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe => Could not close process
C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe => No running process found
C:\MSI\MSIRegister\MSIRegisterService.exe => No running process found
C:\Program Files\Norton Security\Engine\22.9.0.71\NS.exe => Could not close process
C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.0_none_36d3ccc3ddfd1ecb\TiWorker.exe => No running process found
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe => Could not close process
C:\Program Files\Norton Security\Engine\22.9.0.71\NS.exe => Could not close process
C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe => No running process found
C:\Windows\System32\igfxEM.exe => No running process found
C:\Windows\System32\igfxHK.exe => No running process found
C:\Windows\System32\igfxTray.exe => No running process found
C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe => No running process found
C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe => No running process found
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe => Could not close process
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe => Could not close process
C:\Windows\syswow64\wbem\WmiPrvSE.exe => No running process found
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe => Could not close process
C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe => No running process found
C:\Program Files (x86)\MSI\Live Update\Live Update.exe => No running process found
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\NPE.exe => No running process found
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh winsock reset c:\resetlog.txt =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh winsock reset =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ipv4 reset =========
 
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= netsh int ipv6 reset =========
 
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset c:\resetlog.txt =========
 
Resetting , failed.
Access is denied.
 
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset c:\log.txt =========
 
Resetting , failed.
Access is denied.
 
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset =========
 
Resetting , failed.
Access is denied.
 
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= ipconfig /release =========
 
 
Windows IP Configuration
 
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::d0cb:21cb:458a:e804%4
   Default Gateway . . . . . . . . . : 
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::2844:4e2:bcea:b88b%3
   Default Gateway . . . . . . . . . : 
 
========= End of CMD: =========
 
 
========= ipconfig /renew =========
 
 
Windows IP Configuration
 
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : home
   Link-local IPv6 Address . . . . . : fe80::d0cb:21cb:458a:e804%4
   IPv4 Address. . . . . . . . . . . : 192.168.1.112
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
 
Tunnel adapter isatap.home:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::2844:4e2:bcea:b88b%3
   Default Gateway . . . . . . . . . : 
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-282559497-451337721-2173362044-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-282559497-451337721-2173362044-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
bitsadmin /reset /allusers => Error: No automatic fix found for this entry.
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}\\SystemComponent" => removed successfully
Task: Unhide: Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.) => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{c7f54569-0018-439c-809a-48046a4d4ebc}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B7A2B7B-CEA9-4E50-B0E4-E82F204CBE78}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77C95134-CA2D-4614-9C86-55B7A6A281AA}\\SystemComponent" => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayExcluded => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C} => key could not remove. Access Denied.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayPending => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => key could not remove. Access Denied.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayProtected => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148} => key could not remove. Access Denied.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayExcluded => key could not remove. Access Denied.
HKLM\Software\Wow6432Node\Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C} => key could not remove. Access Denied.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayPending => key could not remove. Access Denied.
HKLM\Software\Wow6432Node\Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => key could not remove. Access Denied.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayProtected => key could not remove. Access Denied.
HKLM\Software\Wow6432Node\Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148} => key could not remove. Access Denied.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BUContextMenu => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => key could not remove. Access Denied.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => key could not remove. Access Denied.
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR" => removed successfully
"HKLM\Software\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}" => removed successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}" => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => key could not remove. Access Denied.
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MBAMShlExt" => removed successfully
HKLM\Software\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => key could not remove. Access Denied.
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxDTCM" => removed successfully
"HKLM\Software\Classes\CLSID\{9B5F5829-A529-4B12-814A-E81BCB8D93FC}" => removed successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\NvCplDesktopContext" => removed successfully
"HKLM\Software\Classes\CLSID\{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}" => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BUContextMenu => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => key could not remove. Access Denied.
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\MBAMShlExt" => removed successfully
HKLM\Software\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => key could not remove. Access Denied.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => key could not remove. Access Denied.
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR" => removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA} => key not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found
Task: RemoveKey: {0DE1C53F-E391-4716-B3CF-C43DB0921FAE} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com) => Error: No automatic fix found for this entry.
Task: RemoveKey: {1E087CEA-BDF2-4455-A683-A8FA6DD163D6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: {22C764B0-4DB2-4CCC-87AB-AA778CF31B3B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-06] (Google Inc.) => Error: No automatic fix found for this entry.
Task: RemoveKey: {22DC766C-9ACA-4FF3-8F57-8F1B27BB5E55} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: {34C3B638-9FC5-4374-A5DC-57C412591ED9} - System32\Tasks\Norton Security Scan for Danny => C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.145\Nss.exe [2017-12-15] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: {3704827F-AF35-40D1-ACA9-DE5DA1C6633C} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.9.0.71\SymErr.exe [2017-02-20] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: {3732AD9F-0418-4A63-BF9F-A7AD3A301CD2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-06] (Google Inc.) => Error: No automatic fix found for this entry.
Task: RemoveKey: {578689B9-C8D7-4E1F-854B-8553AF4A4FFA} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.9.0.71\SymErr.exe [2017-02-20] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: {7494753E-4913-47AE-9451-CD65276B03A9} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.9.0.71\WSCStub.exe [2017-02-20] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: {AF29A97C-32FC-45C5-A8F0-29FF0035D776} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.9.0.71\SymErr.exe [2017-02-20] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: {B497D2A1-24B5-4DDD-8A27-03A6DBB17510} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: {C353E55C-EFDF-4BE4-8E65-9144E736B370} - System32\Tasks\MSI_Toast_Server => C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe [2017-07-10] (Micro-Star INT'L CO., LTD.) => Error: No automatic fix found for this entry.
Task: RemoveKey: {F8E92E22-52ED-4039-A6BC-81BC655B7886} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK => Error: No automatic fix found for this entry.
Task: RemoveKey: R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [153888 2017-12-18] (Malwarebytes Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) => Error: No automatic fix found for this entry.
Task: RemoveKey: R2 MSIREGISTER_MR; C:\MSI\MSIRegister\MSIRegisterService.exe [128976 2017-07-11] (Micro-Star INT'L CO., LTD.) => Error: No automatic fix found for this entry.
Task: RemoveKey: R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2306232 2018-01-25] (Micro-Star INT'L CO., LTD.) => Error: No automatic fix found for this entry.
Task: RemoveKey: R2 NS; C:\Program Files\Norton Security\Engine\22.9.0.71\NS.exe [326160 2017-02-20] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: S3 disconnect-openvpn; C:\Users\Danny\AppData\Roaming\Disconnect\Disconnect Desktop\nssm.exe [X] => Error: No automatic fix found for this entry.
Task: RemoveKey: R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 => Error: No automatic fix found for this entry.
"Task: "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d" => not found
"Task: "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000" => not found
Task: RemoveKey: R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [144456 2016-01-22] (Rivet Networks, LLC.) => Error: No automatic fix found for this entry.
Task: RemoveKey: R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\BASHDefs\20180201.001\BHDrvx64.sys [1872024 2018-02-01] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1609000.047\ccSetx64.sys [174240 2017-02-20] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-02-06] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [152656 2018-02-06] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [76192 2017-12-18] () => Error: No automatic fix found for this entry.
Task: RemoveKey: R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\IPSDefs\20180206.001\IDSvia64.sys [1056920 2018-02-06] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.) => Error: No automatic fix found for this entry.
Task: RemoveKey: R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [162120 2016-09-28] (Qualcomm Atheros, Inc.) => Error: No automatic fix found for this entry.
Task: RemoveKey: R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193464 2018-02-07] (Malwarebytes) => Error: No automatic fix found for this entry.
Task: RemoveKey: R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2018-02-07] (Malwarebytes) => Error: No automatic fix found for this entry.
Task: RemoveKey: R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [46008 2018-02-07] (Malwarebytes) => Error: No automatic fix found for this entry.
Task: RemoveKey: R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-07] (Malwarebytes) => Error: No automatic fix found for this entry.
Task: RemoveKey: R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2018-02-07] (Malwarebytes) => Error: No automatic fix found for this entry.
Task: RemoveKey: S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () => Error: No automatic fix found for this entry.
Task: RemoveKey: R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: R1 SMR520; C:\Windows\System32\drivers\SMR520.SYS [119960 2018-02-07] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: R1 SRTSP; C:\Windows\system32\drivers\NSx64\1609000.047\SRTSP64.SYS [760992 2017-02-20] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1609000.047\SRTSPX64.SYS [49312 2017-02-20] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1609000.047\SYMEFASI64.SYS [1716896 2017-02-20] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: S0 SymELAM; C:\Windows\System32\drivers\NSx64\1609000.047\SymELAM.sys [24616 2017-02-20] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2018-02-07] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: R1 SymIRON; C:\Windows\system32\drivers\NSx64\1609000.047\Ironx64.SYS [291480 2017-02-20] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: R1 SymNetS; C:\Windows\system32\drivers\NSx64\1609000.047\SYMNETS.SYS [567512 2017-02-20] (Symantec Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) => Error: No automatic fix found for this entry.
Task: RemoveKey: S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\SDSDefs\20180206.006\NAVENG.SYS [X] => Error: No automatic fix found for this entry.
Task: RemoveKey: S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\SDSDefs\20180206.006\NAVEX15.SYS [X] => Error: No automatic fix found for this entry.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Task: Restore: ZALFree" => not found
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Task: Restore: Live Update" => not found
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Task: Restore: MSIRegister" => not found
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Task: Restore: Malwarebytes Anti-Exploit" => not found
"Task: Restore: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL" => Value data not found.
 
========= RemoveProxy: =========
 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-282559497-451337721-2173362044-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-282559497-451337721-2173362044-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
End: => Error: No automatic fix found for this entry.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 567412 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8535690 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1916942 B
Edge => 5081112 B
Chrome => 42167778 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 5656 B
NetworkService => 5950 B
Danny => 8004725 B
 
RecycleBin => 0 B
EmptyTemp: => 63.2 MB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 07-02-2018 01:51:08)
 
 
Result of scheduled keys to remove after reboot:
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayExcluded => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C} => key could not remove. Access Denied.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayPending => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => key could not remove. Access Denied.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayProtected => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148} => key could not remove. Access Denied.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayExcluded => key could not remove. Access Denied.
HKLM\Software\Wow6432Node\Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C} => key could not remove. Access Denied.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayPending => key could not remove. Access Denied.
HKLM\Software\Wow6432Node\Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => key could not remove. Access Denied.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayProtected => key could not remove. Access Denied.
HKLM\Software\Wow6432Node\Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148} => key could not remove. Access Denied.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BUContextMenu => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => key could not remove. Access Denied.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => key could not remove. Access Denied.
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => key could not remove. Access Denied.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BUContextMenu => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => key could not remove. Access Denied.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu => key could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => key could not remove. Access Denied.
 
==== End of Fixlog 01:51:08 ====


#9 frazz

frazz
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 07 February 2018 - 02:42 AM

Here is an FRST log from just now

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by Danny (administrator) on DANNY-PC (07-02-2018 02:36:22)
Running from C:\Users\Danny\Desktop
Loaded Profiles: Danny (Available Profiles: Danny)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Micro-Star INT'L CO., LTD.) C:\MSI\MSIRegister\MSIRegisterService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
() C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.10.0.85\ns.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.10.0.85\ns.exe
(NordVPN) C:\Program Files (x86)\NordVPN\NordVPN.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows10Upgrade\Windows10UpgraderApp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(The OpenVPN Project) C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\openvpn-nordvpn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Adlice Software) C:\Program Files\UCheck\UCheck64.exe
(Gemalto) C:\Program Files\SafeNet\Authentication\SAC\x64\SACSRV.exe
(COMODO Security Solutions) C:\Program Files (x86)\COMODO\Shield Agent\cShield.exe
(COMODO Security Solutions) C:\Program Files (x86)\COMODO\Shield Agent\cshield_tray_helper.exe
() C:\Program Files (x86)\COMODO\Shield Agent\dnscrypt-proxy.exe
(Gemalto) C:\Program Files\SafeNet\Authentication\SAC\x64\SACTools.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsUI.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsEngineSvc.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\397cffd104f9525702c352b7f8a90682\WindowsUpdateBox.exe
(Microsoft Corporation) C:\$WINDOWS.~BT\Sources\SetupHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.10.0.85\conathst.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.10.0.85\conathst.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SACMonitor] => C:\Program Files\SafeNet\Authentication\SAC\x64\SACMonitor.exe [636984 2017-03-29] (Gemalto)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8980016 2015-11-05] (Zemana Ltd.)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [26119352 2018-01-30] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [MSIRegister] => C:\MSI\MSIRegister\MSIRegister.exe [1262544 2017-07-11] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2479392 2017-12-18] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Comodo Dome Shield Tray Helper] => C:\Program Files (x86)\COMODO\Shield Agent\cshield_tray_helper.exe [1765176 2018-01-05] (COMODO Security Solutions)
HKLM-x32\...\Run: [Comodo Dome Shield IP Updater] => C:\Program Files (x86)\COMODO\Shield IP Updater\cShieldIpUpdater.exe [2117432 2017-12-15] (COMODO Security Solutions)
Winlogon\Notify\ScCertProp: 
Winlogon\Notify\ScCertProp: 
HKU\S-1-5-21-282559497-451337721-2173362044-1001\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [5851936 2018-02-05] (NordVPN)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-282559497-451337721-2173362044-1001] => Proxy is enabled.
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{47fc06bb-498b-40fa-aae7-c55c5a19934f}: [NameServer] 8.26.56.10,8.20.247.10
Tcpip\..\Interfaces\{47fc06bb-498b-40fa-aae7-c55c5a19934f}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9b024e62-78d7-459f-bd93-21f3c937c18a}: [DhcpNameServer] 103.86.99.99 103.86.96.96 78.46.223.24 162.242.211.137
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-282559497-451337721-2173362044-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-282559497-451337721-2173362044-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-282559497-451337721-2173362044-1001 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=oem&geo=US&ver=22.10.0.85&locale=en_US&guid=CD2A8243-B5BE-4488-8524-EA0BB83A9DE0&doi=2018-02-06&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-282559497-451337721-2173362044-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=oem&geo=US&ver=22.10.0.85&locale=en_US&guid=CD2A8243-B5BE-4488-8524-EA0BB83A9DE0&doi=2018-02-06&gct=kwd&qsrc=2869
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-02-07] (Google Inc.)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-02-07] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-02-07] (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-02-07] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-282559497-451337721-2173362044-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-282559497-451337721-2173362044-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-02-07] (Google Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\coFFAddon [2018-02-06] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\coFFAddon
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-06] (Google Inc.)
 
Chrome: 
=======
CHR NewTab: Default ->  Active:"chrome-extension://gfoabcdjalmeenbjjngidappmppchblc/homePageRedirect.html"
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Profile: C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default [2018-02-07]
CHR Extension: (Slides) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-06]
CHR Extension: (Docs) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-06]
CHR Extension: (Google Drive) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-06]
CHR Extension: (TunnelBear Blocker) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\bebdhgdigjiiamnkcenegafmfjoghafk [2018-02-07]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-02-06]
CHR Extension: (YouTube) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2018-02-07]
CHR Extension: (uBlock Origin) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-02-06]
CHR Extension: (Sheets) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-06]
CHR Extension: (HTTPS Everywhere) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2018-02-06]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfoabcdjalmeenbjjngidappmppchblc [2018-02-06]
CHR Extension: (Norton Safe) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbmobhkkblcgdifigjglcjneplefbkmh [2018-02-06]
CHR Extension: (Norton Identity Safe) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2018-02-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-06]
CHR Extension: (TunnelBear Inc.) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2018-02-07]
CHR Extension: (Gmail) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-06]
CHR Extension: (Chrome Media Router) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-06]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.10.0.85\Exts\Chrome.crx [2018-02-06]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.10.0.85\Exts\Chrome.crx [2018-02-06]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9303352 2018-01-31] (Emsisoft Ltd)
R2 cShield; C:\Program Files (x86)\COMODO\Shield Agent\cShield.exe [2019648 2018-01-05] (COMODO Security Solutions)
R2 dnscrypt-proxy; C:\Program Files (x86)\COMODO\Shield Agent\dnscrypt-proxy.exe [235520 2017-12-26] () [File not signed]
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [153888 2017-12-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MSIREGISTER_MR; C:\MSI\MSIRegister\MSIRegisterService.exe [128976 2017-07-11] (Micro-Star INT'L CO., LTD.)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2306232 2018-01-25] (Micro-Star INT'L CO., LTD.)
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [420640 2018-02-05] ()
R2 NS; C:\Program Files\Norton Security\Engine\22.10.0.85\NS.exe [326144 2017-07-14] (Symantec Corporation)
R2 osrss; C:\Windows\system32\osrss.dll [108584 2018-01-09] (Microsoft Corporation)
R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [293656 2018-02-07] (Reason Software Company Inc.)
R2 rsEngineSvc; C:\Program Files\Reason\Security\rsEngineSvc.exe [80144 2015-08-12] (Reason Software Company Inc.)
R2 SACSrv; C:\Program Files\SafeNet\Authentication\SAC\x64\SACSRV.exe [48696 2017-03-29] (Gemalto)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
S3 disconnect-openvpn; C:\Users\Danny\AppData\Roaming\Disconnect\Disconnect Desktop\nssm.exe [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AKSIFDH; C:\Windows\system32\DRIVERS\aksifdh.sys [62632 2017-03-29] (Aladdin Knowledge Systems, Ltd.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [144456 2016-01-22] (Rivet Networks, LLC.)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\BASHDefs\20180201.001\BHDrvx64.sys [1872024 2018-02-01] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\160A000.055\ccSetx64.sys [187520 2017-07-14] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-02-06] (Symantec Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [152656 2018-02-06] (Symantec Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2018-02-07] ()
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\IPSDefs\20180206.001\IDSvia64.sys [1056920 2018-02-06] (Symantec Corporation)
R3 iKeyEnum; C:\Windows\system32\DRIVERS\ikeyenum.sys [16160 2017-03-29] (SafeNet, Inc.)
R3 iKeyIFD; C:\Windows\system32\DRIVERS\ikeyifd.sys [22304 2017-03-29] (SafeNet, Inc.)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [162120 2016-09-28] (Qualcomm Atheros, Inc.)
R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193464 2018-02-07] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2018-02-06] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [46008 2018-02-06] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-06] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2018-02-07] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7a39871618b19f06\nvlddmkm.sys [17493824 2018-01-24] (NVIDIA Corporation)
U5 RnbToken; C:\Windows\System32\Drivers\RnbToken.sys [24352 2017-03-29] (SafeNet, Inc.)
R1 SRTSP; C:\Windows\System32\Drivers\NSx64\160A000.055\SRTSP64.SYS [810136 2017-07-14] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\160A000.055\SRTSPX64.SYS [49304 2017-07-14] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\160A000.055\SYMEFASI64.SYS [1868416 2017-07-14] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\160A000.055\SymELAM.sys [24608 2017-07-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102568 2018-02-06] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\160A000.055\Ironx64.SYS [301288 2017-07-14] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\160A000.055\SYMNETS.SYS [566912 2017-07-14] (Symantec Corporation)
R3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [84432 2017-03-27] (The OpenVPN Project)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2018-02-07] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2018-02-07] (Zemana Ltd.)
S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\SDSDefs\20180206.006\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\SDSDefs\20180206.006\NAVEX15.SYS [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\drivers\1394ohci.sys A7901875F89D011C38CF52C98ACF5B29
C:\Windows\System32\drivers\3ware.sys EE1CCC54F75C24727A218F98FC5349DA
C:\Windows\System32\drivers\ACPI.sys 73C73E1AA0D4D727A04AAAB120B7F56A
C:\Windows\System32\drivers\AcpiDev.sys 0935496EF9624B46B935CB35ECE1F205
C:\Windows\System32\Drivers\acpiex.sys D6794C31F4077B71433988787BAA926E
C:\Windows\System32\drivers\acpipagr.sys FE5F656D6B35089DA39112E74EC6A85A
C:\Windows\System32\drivers\acpipmi.sys 2F242941E4DFF69B883D77A16F039557
C:\Windows\System32\drivers\acpitime.sys C247E35A21682DA8D0DC3AF9F025FCC5
C:\Windows\System32\drivers\ADP80XX.SYS 49B9DB97AFC85DCCBDACDAB2E90085B7
C:\Windows\system32\drivers\afd.sys 983266DA83FFF73DBDDD3730A4712228
C:\Windows\System32\DRIVERS\ahcache.sys E44DB3F7225EC3E119560738B3619972
C:\Windows\system32\DRIVERS\aksifdh.sys 3392A62BD8C2232C87B94C330AFA91B1
C:\Windows\System32\drivers\amdk8.sys DF21E05E41E5AC3F13F304D91457649A
C:\Windows\System32\drivers\amdppm.sys 45D0AA4BB90B821DF92E8F19ABED0C5E
C:\Windows\System32\drivers\amdsata.sys 74FFBC43B4B899C9A8CA06A892F2CE73
C:\Windows\System32\drivers\amdsbs.sys AAB0F1D8D7E54761ABAB13AF161F1680
C:\Windows\System32\drivers\amdxata.sys F91BAAC4237C40352A807000F3B716F9
C:\Windows\System32\drivers\appid.sys BC121C099C6C659126AD2102AFDFF8CF
C:\Windows\System32\drivers\applockerfltr.sys 68190E2BADF23BD782344970E5B5DE9E
C:\Windows\system32\drivers\AppvStrm.sys FC51FBAF73621601693DA24262353DE3
C:\Windows\system32\drivers\AppvVemgr.sys 8DC924848E20F890BEFC6B31136D46BE
C:\Windows\system32\drivers\AppvVfs.sys 9ADC5A8BEE10E174F95349E9232D8E76
C:\Windows\System32\drivers\arcsas.sys E6AB1F0B4C3D4E0D2A88332D76FECD03
C:\Windows\System32\drivers\asyncmac.sys 61C5A480C43E7E8E49C42869F49D0D3E
C:\Windows\System32\drivers\atapi.sys A10F989A812B57B9695F6C305907C9C6
C:\Windows\System32\drivers\bxvbda.sys 61BAC67048CA5C1D08C48FCC8012B613
C:\Windows\System32\drivers\BasicDisplay.sys 68F72B05EBC6D1779C0D60A147C7CA0B
C:\Windows\System32\drivers\BasicRender.sys 23156E7EDAF613D839E2839746B168D3
C:\Windows\System32\drivers\bcmfn.sys 3F5523DCEFE42B385659C5CB46A6B810
C:\Windows\System32\drivers\bcmfn2.sys 0B750A6A6D847E73CA48ADD7A0F5A393
C:\Windows\System32\Drivers\Beep.sys 0A508274355745EEF01C6BE3198D02C4
C:\Windows\system32\DRIVERS\bwcW10x64.sys A9C299A036F7BAB662868D7250BAC799
C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\BASHDefs\20180201.001\BHDrvx64.sys 97CC114712E5CCFA89082392EB89D21E
C:\Windows\System32\DRIVERS\bowser.sys EEBFAEB4702E1049ECD44B10485E6C0C
C:\Windows\System32\drivers\BthAvrcpTg.sys 722036C26D2C4E50EC2A2EC5FD678846
C:\Windows\System32\drivers\bthhfenum.sys C2E31BE025D46D189E38DD1EDF07837A
C:\Windows\System32\drivers\BthHFHid.sys F7CD605FC0B0B22F3F6F247595E3A655
C:\Windows\System32\drivers\bthmodem.sys 535DC41A33630AE4C262406F9E981C03
C:\Windows\System32\drivers\buttonconverter.sys 23F9EF739F685E07482116425E7879AA
C:\Windows\System32\drivers\capimg.sys 4C61113687EB66035A70A55EE9B7DB4A
C:\Windows\system32\drivers\NSx64\160A000.055\ccSetx64.sys C407C0279B86DA6C36741B4AF80BF630
C:\Windows\System32\DRIVERS\cdfs.sys F8FB51B9EF6372610E9B31A1D86B62FC
C:\Windows\System32\drivers\cdrom.sys 613D0137C269187FA298A157E3D14A18
C:\Windows\System32\drivers\cht4sx64.sys 0AED948DA8D5F08B3D6F12E4E2089736
C:\Windows\System32\drivers\cht4vx64.sys 0002A0FDE087C1657AB31CE73077539C
C:\Windows\System32\drivers\circlass.sys 6B4F90A287D75CCD78694F6790C911B2
C:\Windows\System32\drivers\CLFS.sys 09D0B94D3A06EFD1EB70189EC4B26DF7
C:\Windows\System32\drivers\registry.sys EEC3A4A98AE1A337E3CD1483AD6F2E15
C:\Windows\System32\drivers\CmBatt.sys 429623E266EF067A44E8CF148E9DFB9B
C:\Windows\System32\Drivers\cng.sys D0438FBD80ECEF7591575AA9E7186E93
C:\Windows\System32\DRIVERS\cnghwassist.sys 3DB10C59405931E2C72EFB82C1AF97D1
C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys 34C935AF2A414572B412B3556586D783
C:\Windows\System32\drivers\condrv.sys 44EEEB2382F566999287E13F2067693C
C:\Windows\System32\drivers\csc.sys 03214883D52FAD46573233852344C72C
C:\Windows\System32\drivers\dam.sys 42F254BA851371E2F5351E59E391751B
C:\Windows\System32\Drivers\dfsc.sys 7EAFDEF51136E8F2452CEBD8D084F108
C:\Windows\System32\drivers\disk.sys 35B9D46560339A5A7F0CAC6ED702C817
C:\Windows\System32\drivers\dmvsc.sys 815F45161A4571C2C44491564F3D5968
C:\Windows\system32\DRIVERS\drmkaud.sys AE6BD4C879A8C849E53947C92DF3B3A0
C:\Windows\System32\drivers\dxgkrnl.sys E28103485F82F30AFC5DE1CEDF4AF295
C:\Windows\System32\drivers\evbda.sys 7EC6FC0266D74BD47ABB130A328B70EC
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 572D6654361A653042693C488197D014
C:\Windows\System32\drivers\EhStorClass.sys 8D74B8B5D6F7C5BC4C525BAF2B083FF1
C:\Windows\System32\drivers\EhStorTcgDrv.sys 4D49B99DCACA1FC782A94DB596246504
C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys 0E840AA66CAB02CBA9730C772BBE305B
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 6E7F4FD29451F0D4D965D0996856F525
C:\Windows\System32\drivers\errdev.sys 77B60DEC7DCB4233E4A69D3F52E5DB24
C:\Windows\system32\drivers\mbae64.sys 7D0520A12B31E6858B3BB7E675AFA34E
C:\Windows\System32\Drivers\exfat.sys FCD2C63754C2E739A8EEAD9BC63F9DDC
C:\Windows\System32\Drivers\fastfat.sys C077AA74EDDAF69985EB27597BCB342A
C:\Windows\System32\drivers\fdc.sys 99598ECA5E41996E005D5B9D9FF1EFA2
C:\Windows\System32\drivers\filecrypt.sys F44F666B0EACC3181544FFCF8CA0FFC7
C:\Windows\System32\drivers\fileinfo.sys 78A210DDFDF2C9EC884631D2DAA573F0
C:\Windows\System32\drivers\filetrace.sys 1A97DB5E701A186989F3795223C3BE39
C:\Windows\System32\drivers\flpydisk.sys 46626665F0E5906E45619B4EFD6186B8
C:\Windows\System32\drivers\fltmgr.sys FDA72ACA14D516D18C33AFCD0FD9260F
C:\Windows\System32\drivers\FsDepends.sys D152CCBFC8251670BF0AAFE00D6BC782
C:\Windows\System32\Drivers\Fs_Rec.sys 6D6BB5C7363CD35FA715E826F3D029EE
C:\Windows\System32\DRIVERS\fvevol.sys B719EAA1EC93586955B013BD7DD61356
C:\Windows\System32\drivers\vmgencounter.sys EF78034773CE506323655A868C949144
C:\Windows\System32\drivers\genericusbfn.sys B55FEBC6A00DAA1FE074F020B6907516
C:\Windows\System32\Drivers\msgpioclx.sys DDD8A8CDDC7F13EF57D1DAAE71865936
C:\Windows\System32\drivers\gpuenergydrv.sys 7ACD8F69B5D6EC97E6D2C006E19BED88
C:\Windows\system32\DRIVERS\HdAudio.sys 217230B984AB2954E2FA5E36578D7B08
C:\Windows\System32\drivers\HDAudBus.sys 10E3515FE5DBA6656FA62C29342EC4A1
C:\Windows\System32\drivers\HidBatt.sys B90D284B97CD4CA9DE7430AAAD887A56
C:\Windows\System32\drivers\hidbth.sys B2FE11643CC6ACDEE6C247DD36018FDB
C:\Windows\System32\drivers\hidi2c.sys D24355488A2D4D2323518EC1AC7A6D9E
C:\Windows\System32\drivers\hidinterrupt.sys 0AF9ABBA4F3F55C6C803890D64BC3C29
C:\Windows\System32\drivers\hidir.sys CDBCF8E9AB06D88A1E1191D32F320C5D
C:\Windows\System32\drivers\hidusb.sys 2B7002EEACFC2687788A34ADB204293D
C:\Windows\System32\drivers\HpSAMD.sys F5CA18197B4646E04DB9EB2D6642CC4D
C:\Windows\System32\drivers\HTTP.sys 65E358D604267CBAACB74A2598BBE22B
C:\Windows\System32\drivers\hvservice.sys 3756E15BB86689412775DF22A442FC46
C:\Windows\System32\drivers\hwpolicy.sys 771EDDA9830A3079F996F34D681FB6E5
C:\Windows\System32\drivers\hyperkbd.sys 3B9F315E7FA72CC25228EB097DD9C694
C:\Windows\System32\drivers\i8042prt.sys B54B30992620C97230013A74461C8517
C:\Windows\System32\drivers\iagpio.sys C6B8743B213F06AA60943D8366FE968F
C:\Windows\System32\drivers\iai2c.sys 9A2A2F3C69B9A30B6E78536F6D258BAD
C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys 5A0E850F8CD17791A3E6A3CF81D0CA28
C:\Windows\System32\drivers\iaLPSS2i_I2C.sys 7508F1096803385D6376BFD0BD473AC4
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\Windows\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\Windows\System32\drivers\iaStorAV.sys 97E553D03219D3D51705C7235D9EAEBD
C:\Windows\System32\drivers\iaStorV.sys 8350FE3BCDE3428BC040877BB7E9EAEB
C:\Windows\System32\drivers\ibbus.sys 3BA03F7C7700DDF4C383DDE9252F5817
C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\IPSDefs\20180206.001\IDSvia64.sys 53C62B1F7DC9134130C688A2FCDEDADE
C:\Windows\system32\DRIVERS\igdkmd64.sys 32F5DCDDC3D4DF6DDA96CD29C8FC51A4
C:\Windows\system32\DRIVERS\ikeyenum.sys 73BA74701D8E14D1B431BAB1C75641AD
C:\Windows\system32\DRIVERS\ikeyifd.sys 4E7681D5A354396F95DF46C942733E4A
C:\Windows\System32\drivers\IndirectKmd.sys 2A01C96DF5802D3434634E55C91232D8
C:\Windows\system32\DRIVERS\IntcDAud.sys E300D1E37B737ED14F7A08CD5604E5D9
C:\Windows\System32\drivers\intelide.sys 9F7E87F6595D065A8A200A291043045E
C:\Windows\System32\drivers\intelpep.sys A6BD2E20AE1BC5CB2776C87C28E4F4CA
C:\Windows\System32\drivers\intelppm.sys 2A48DA39542636DB0FA3BA915385D1B3
C:\Windows\System32\drivers\iorate.sys 4A922CAB4AB5F29F1BECC9D95B4B7F05
C:\Windows\System32\DRIVERS\ipfltdrv.sys FE85D0A86CA7A5A99CF8CD04DE7F80AE
C:\Windows\System32\drivers\IPMIDrv.sys 450DBDD716C7911F83E05F78EE18BFA2
C:\Windows\System32\drivers\ipnat.sys F1DAECC3B3D6399875D4F10529D6A77C
C:\Windows\system32\drivers\irda.sys 7475A2903BB704B446AA6309E34D3362
C:\Windows\System32\drivers\irenum.sys 9725E7F0C64CE9916A5CDABE8D6E13C3
C:\Windows\System32\drivers\isapnp.sys 58040898883A96160D41739C80328BBF
C:\Windows\System32\drivers\msiscsi.sys C9FD02D62E09337B67B0C61EC8CA38CC
C:\Windows\System32\drivers\kbdclass.sys 210808437570BDDEE71A43535E3A2D30
C:\Windows\System32\drivers\kbdhid.sys 2D05785B0C58D90A34EA15032EADBBA9
C:\Windows\System32\drivers\kdnic.sys 813BA3EB2CE038F2A5382DDD75CAD60B
C:\Windows\System32\DRIVERS\KeyCrypt64.sys 547E9B25B4407A125D5F187E918BC217
C:\Windows\System32\drivers\e2xw10x64.sys 79FB15772614197065C6F8DF085125CA
C:\Windows\System32\Drivers\ksecdd.sys 9FA1B5D84F596F0664F0465F302044DC
C:\Windows\System32\Drivers\ksecpkg.sys ECC7F3CDF34AAA49C00504466FC2B698
C:\Windows\system32\drivers\ksthunk.sys 4ED115CD1A1099705F56B5E0FFF97CC6
C:\Windows\System32\drivers\lltdio.sys 5933A6673F00D8255C52957E40C2D601
C:\Windows\System32\drivers\lsi_sas.sys 8E1B0946948CCC0BC1FA3CB70374A795
C:\Windows\System32\drivers\lsi_sas2i.sys 4F68163FC04C973500DC4DA0946917B0
C:\Windows\System32\drivers\lsi_sas3i.sys E5AC5F2815938651CDCC27F425474673
C:\Windows\System32\drivers\lsi_sss.sys CCF6EC9FB9B8F18E05B4253E81013E48
C:\Windows\system32\drivers\luafv.sys C9579D32219E5B936AC3A48D470117EC
C:\Windows\System32\Drivers\MbamChameleon.sys C3C2C7E2EEFECD88A76FF626E72BF123
C:\Windows\system32\DRIVERS\farflt.sys 20046A5DB1466EBD0DCAEB84D00C5432
C:\Windows\system32\DRIVERS\mbam.sys 29BD0BB2CD7E37B8C248CFA933FBD1F4
C:\Windows\System32\Drivers\mbamswissarmy.sys B047B9CE5A0D800E6D713B43D0405221
C:\Windows\system32\DRIVERS\mwac.sys 482F6D603BDCC825768D86D8228BD65F
C:\Windows\System32\drivers\megasas.sys C3CDCCF07486BD2616A7B82946E07AC0
C:\Windows\System32\drivers\megasr.sys FADB2FE017E69EECE0E1BA78661C2E8C
C:\Windows\System32\drivers\TeeDriverW8x64.sys F1E754DEEB3369BCCE2228D5C10DE101
C:\Windows\System32\drivers\mlx4_bus.sys FD60818B66B2E8A5415EA840E99A9D8F
C:\Windows\system32\drivers\mmcss.sys 68F6977F1CFBAAC770D940A8C0326FA1
C:\Windows\System32\drivers\modem.sys D842ADDB5911945D51F61A0B1C8F36E3
C:\Windows\System32\drivers\monitor.sys 9CCCB7FC3EDADEBA461D78615A6011A6
C:\Windows\System32\drivers\mouclass.sys 27A07B2FB2E3057DA8DAEA4F25D843C7
C:\Windows\System32\drivers\mouhid.sys 7BD6E7F7C9001AB21B8362CFFEE80B25
C:\Windows\System32\drivers\mountmgr.sys F5BDAEE4B7D369D4C74668DCFBA3FF10
C:\Windows\System32\drivers\mpsdrv.sys 30844BD376F9D01E62C820BEF446F1F8
C:\Windows\system32\drivers\mrxdav.sys 50C2389CD04C5B8632E3DC2D733EF15D
C:\Windows\System32\DRIVERS\mrxsmb.sys C9BB4E2FCAB693FEB00CF940060D94F4
C:\Windows\System32\DRIVERS\mrxsmb10.sys 8F58AEAE00B39AC9AD93755E777B19D8
C:\Windows\System32\DRIVERS\mrxsmb20.sys 6C83C4A8278E48455DA13E554CEB45F1
C:\Windows\System32\drivers\bridge.sys 74C9D21523DAE0C18F413C196DF0058A
C:\Windows\System32\Drivers\Msfs.sys F01B849D9D4A8CEAF32D4FDBD0B83C92
C:\Windows\System32\drivers\msgpiowin32.sys 22ECD8F5D1DFADF2011BBB1700CB871D
C:\Windows\System32\drivers\mshidkmdf.sys FD870F6968A145E4D2BA8A8842686B03
C:\Windows\System32\drivers\mshidumdf.sys 30364757963A028CE5DF0FBAAC270173
C:\Windows\System32\drivers\msisadrv.sys 6BB0FEDDAE7135FA37FFAFF4D9E0E876
C:\Windows\system32\DRIVERS\MSKSSRV.sys 13D614E6B51ECF36746C48CE829FA7F6
C:\Windows\System32\drivers\mslldp.sys 642CDE46351D5D2D90311E77072AB46D
C:\Windows\system32\DRIVERS\MSPCLOCK.sys F2302A5CE63CA7673200FAFCEEEDB6AF
C:\Windows\system32\DRIVERS\MSPQM.sys 6114512EA26E835BA522C63635429DB5
C:\Windows\System32\Drivers\MsRPC.sys AA538E16E644D00E3BA5349BBA9598EC
C:\Windows\System32\drivers\mssecflt.sys 7ACFE7435317E791FF9EED2F49B402F2
C:\Windows\System32\drivers\mssmbios.sys 0543BEFD41EC4D25C7F7CF36409CEC7D
C:\Windows\system32\DRIVERS\MSTEE.sys C1569E4DB8EFE3617847BF041A3C842F
C:\Windows\System32\drivers\MTConfig.sys 130B16970154BA9876B09E5C4BAC63BE
C:\Windows\System32\Drivers\mup.sys 15D987C8F6CCD4AC94E070C5986762CB
C:\Windows\System32\drivers\mvumis.sys 3D2C5B4995CA0751D32DEA0DE9FDFE44
C:\Windows\System32\DRIVERS\nwifi.sys DB31EBB04C871F422C36A0962DA7D38B
C:\Windows\System32\drivers\ndfltr.sys 629CB21AC49C8867E0F29DF1C16DB7B4
C:\Windows\System32\drivers\ndis.sys 36DD2C614720EC2970CB5E870BA69D8D
C:\Windows\System32\drivers\ndiscap.sys 6DD605338FAAF6BA17662AA874E0D162
C:\Windows\System32\drivers\NdisImPlatform.sys E34196F285F8B8879E1FF36C31F7179E
C:\Windows\System32\DRIVERS\ndistapi.sys 1FAD2398673F30CEC616B89C46B7DCBA
C:\Windows\System32\drivers\ndisuio.sys AEB8ECBE66CC46854066CB1F5623E179
C:\Windows\System32\drivers\NdisVirtualBus.sys 7340104C2BF2F126714F7CDE85E63610
C:\Windows\System32\drivers\ndiswan.sys 07ADC1F8DCBEB8104D75129B11584B8C
C:\Windows\System32\DRIVERS\ndiswan.sys 07ADC1F8DCBEB8104D75129B11584B8C
C:\Windows\System32\DRIVERS\NDProxy.sys 78A12E3DF035B5D054986949B19BE43C
C:\Windows\System32\drivers\Ndu.sys 04C8859355C1DC9C0FA198D1894D71C2
C:\Windows\System32\drivers\NetAdapterCx.sys 6C76780A01FC2B885BD6E957B5C36B02
C:\Windows\System32\drivers\netbios.sys 5D1513BD6430307C9DB86C6E351372ED
C:\Windows\System32\DRIVERS\netbt.sys 6FEBB0A847FFD5F057B9AC8889F1B9A7
C:\Windows\System32\Drivers\Npfs.sys 001CBD7A2CD45C4EB39C01C3C677EF73
C:\Windows\System32\drivers\npsvctrig.sys 90F5DC9802AAA00CD0B6E2AD9E7FFADC
C:\Windows\System32\drivers\nsiproxy.sys 0C6218321A09A7B51BA7FFAFBA4CCB21
C:\Windows\System32\Drivers\NTFS.sys D1AF837A1555990602A51A3ED238EC80
C:\Windows\System32\Drivers\Null.sys 6E6DD6F9DD2A034CF85E94047DBDB992
C:\Windows\system32\drivers\nvhda64v.sys BF58D8D2DA50AF7A8E55567B7C73661A
C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7a39871618b19f06\nvlddmkm.sys C18DE336EFB00CC23FE87ADED9A9AA92
C:\Windows\System32\drivers\nvraid.sys D261DF41F0840F734856A2B4F5E072C7
C:\Windows\System32\drivers\nvstor.sys 23B702B555EB0436B9DAA0BC63DA65CE
C:\Windows\System32\drivers\nvstusb.sys 28ED9DA419D92A2C3C805DC3C0E2718F
C:\Windows\System32\drivers\parport.sys 6B81BF7853D161DB8AC62CD8B9C2DE6B
C:\Windows\System32\drivers\partmgr.sys F9C32E5ECA5D29852A93C3888A4CC4B2
C:\Windows\System32\drivers\pci.sys 55E45E0A89429AE9C62D728B9C4891C0
C:\Windows\System32\drivers\pciide.sys 214DCC87E3898F738075D1341252A552
C:\Windows\System32\drivers\pcmcia.sys AED76A3333B3A31536E430020E0226FC
C:\Windows\System32\drivers\pcw.sys E63FB38B6E75B39467492FBAD2CD512A
C:\Windows\System32\drivers\pdc.sys 2CCD68D8A6BBFF2DE0EC54F086C5F3BC
C:\Windows\System32\drivers\peauth.sys 1509A77F840AA9E72CF8247D0CF2FBDE
C:\Windows\System32\drivers\percsas2i.sys 540116170E2135FCD5DDE77702166B67
C:\Windows\System32\drivers\percsas3i.sys 8356F87553BF49C703CF382033815898
C:\Windows\System32\drivers\raspptp.sys 5645B9D9788CCA2C88B9534996ED2D6D
C:\Windows\System32\drivers\processr.sys 372913E12677A8CBBBABDD8311894F9D
C:\Windows\System32\drivers\pacer.sys FC98407B85A31161851FDE245517574F
C:\Windows\system32\drivers\qwavedrv.sys 819602BBBFDB0BD46DEA3715BF0DD452
C:\Windows\System32\DRIVERS\rasacd.sys CDF47037A0939F56D11F699629C276AD
C:\Windows\System32\drivers\AgileVpn.sys 28C2EA278070EE12701D0EDF8CB0EC36
C:\Windows\System32\drivers\rasl2tp.sys 17E565710172ED71B8531D8822E1C5D1
C:\Windows\System32\DRIVERS\raspppoe.sys 9387DF155233D45D4E010F4F2FB52A57
C:\Windows\System32\drivers\rassstp.sys F0F4EEDEEBEE7A4244FAFB96A16B5712
C:\Windows\System32\DRIVERS\rdbss.sys BBE0FC9C9E7C556DA6E6E6904739DF7E
C:\Windows\System32\drivers\rdpbus.sys 79A415E6FA915EFC00297DAB16EC2635
C:\Windows\System32\drivers\rdpdr.sys 7135785C21CA79D270D11037C43D3F19
C:\Windows\System32\drivers\rdpvideominiport.sys 97A61A3CB2B5CB4FC32B3224EF333448
C:\Windows\System32\drivers\rdyboost.sys 69BB204AE07EE84ECFAB1BF13C4BD04B
C:\Windows\System32\Drivers\ReFSv1.sys 940D6F5A2B0A61EE4170DF84F6C95C20
C:\Windows\System32\drivers\rspndr.sys 5FF28F097C9699097B473F8FC7C1AA7D
C:\Windows\System32\drivers\vms3cap.sys B5DAEE69BACA64D2BB004568E22D8756
C:\Windows\System32\drivers\sbp2port.sys 5E73FB63E2DBC75FE0C17DEB0010CE0E
C:\Windows\System32\DRIVERS\scfilter.sys 3D9A82B03C92D1FEC42CB171D6F57778
C:\Windows\System32\drivers\scmbus.sys 9055ADDFBA4C8B914C914CE693B55C0A
C:\Windows\System32\drivers\scmdisk0101.sys B6F2363584E62960846F7C3F00124A4F
C:\Windows\System32\drivers\sdbus.sys FCBB8A17B4437B2CA8CC8DA8CB1D306E
C:\Windows\System32\drivers\sdstor.sys 120DFCB71D6C502613A9E2D50E16850C
C:\Windows\System32\drivers\SerCx.sys 401D706DDC0A7AF18C3DD228ADF74551
C:\Windows\System32\drivers\SerCx2.sys 7084D11083F0CDCA8B5C76F9846ABF5D
C:\Windows\System32\drivers\serenum.sys 3FF478A8ED32A83C36581425F6282B6C
C:\Windows\System32\drivers\serial.sys 92509187AA171A80521528B36F753E1D
C:\Windows\System32\drivers\sermouse.sys 433D38FF6D08B993847EA2A10EB8CB52
C:\Windows\System32\drivers\sfloppy.sys 697D3EE0740AEAB62B66ABCA1C83D13B
C:\Windows\System32\drivers\SiSRaid2.sys A34CE1830E45DA98932295FDE4B7908A
C:\Windows\System32\drivers\sisraid4.sys A7B5C670770E908DA5FEF5BF1136E933
C:\Windows\System32\drivers\spaceport.sys 3DB9C2950439B61A038BF83E697C7A14
C:\Windows\System32\drivers\SpbCx.sys E03264C4C25B568F92ED1656AD541E64
C:\Windows\System32\Drivers\NSx64\160A000.055\SRTSP64.SYS 9225E5323704993E6C557F8ABCEF2A66
C:\Windows\system32\drivers\NSx64\160A000.055\SRTSPX64.SYS 96E5695385228F99509DD505EA4F1F37
C:\Windows\System32\DRIVERS\srv.sys EDCDCD95B916DB156A903AC6256F0CCF
C:\Windows\System32\DRIVERS\srv2.sys DF7147DE10921DBAAE9F9EEF94590E10
C:\Windows\System32\DRIVERS\srvnet.sys 416D224AF7481A4179F018FB1F9A5B6B
C:\Windows\System32\drivers\stexstor.sys 29D26E1347AE1BBD4201014E19880B2C
C:\Windows\System32\drivers\storahci.sys 0FE3B9A9E40DE1029B0AC2368A3F765D
C:\Windows\System32\drivers\vmstorfl.sys C5E0ACE4771F5575D9D5B457ABF3AD03
C:\Windows\System32\drivers\stornvme.sys C1CFB9C19BF1134D8B9A7CF89BEC0AD1
C:\Windows\System32\drivers\storqosflt.sys BEBF85EB4D90E6996047DA027D0ED26E
C:\Windows\System32\drivers\storufs.sys 8E73037A6F8938475692FFCC26EBF385
C:\Windows\System32\drivers\storvsc.sys 9D9DED47DA10E845EFF2DD57C94C809B
C:\Windows\System32\drivers\swenum.sys 505E0C40B5D0ADDCBB414640F59BD2E0
C:\Windows\System32\drivers\NSx64\160A000.055\SYMEFASI64.SYS 204B80C2C5B2E87E9558CC2D1C2D8BB5
C:\Windows\System32\drivers\NSx64\160A000.055\SymELAM.sys 3123BDBFE5CF061035D79CB3F3075F82
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 674908D3CE54EE5336DC545CB2A39702
C:\Windows\system32\drivers\NSx64\160A000.055\Ironx64.SYS EF84A42B86BCBDCB88F3C8849170492D
C:\Windows\System32\Drivers\NSx64\160A000.055\SYMNETS.SYS 8CF934DF2A8C1BDFA766D3E137A11986
C:\Windows\System32\drivers\Synth3dVsc.sys 32F46FB0F290D16DAA452B289C985795
C:\Windows\System32\drivers\tapnordvpn.sys 33956C0B1B809C416619E0526EA219F3
C:\Windows\System32\drivers\tcpip.sys 172B5A199F917B4BACB38F13BCAA11CB
C:\Windows\System32\drivers\tcpip.sys 172B5A199F917B4BACB38F13BCAA11CB
C:\Windows\System32\drivers\tcpipreg.sys 8DBB1BE20C36E6D19BCC89EEA00B953C
C:\Windows\system32\DRIVERS\tdx.sys 9D2DD64A0B51C56285512DC9454340F6
C:\Windows\System32\drivers\terminpt.sys 06130AFFECEB94525FC2352936576B70
C:\Windows\System32\drivers\tpm.sys 798C8CB861EB09C5AFB77468E5449BBB
C:\Windows\System32\drivers\TsUsbFlt.sys A6F4025664C9D4BC2A9EDAB4092706D7
C:\Windows\System32\drivers\TsUsbGD.sys 37A96AD493E110C0BF1EE0AC0F9E7DBD
C:\Windows\System32\drivers\tsusbhub.sys 5A91FDBA4D3FCB56DAEB8C091B3EB8E1
C:\Windows\System32\drivers\tunnel.sys 79E264287F17D56D768440B0270466DE
C:\Windows\System32\drivers\uaspstor.sys AA65954F512BA097DD190790876DD991
C:\Windows\System32\Drivers\UcmCx.sys AB6268022C3A5B529075A39C33904DA6
C:\Windows\System32\Drivers\UcmTcpciCx.sys 7ED2EDA43D21C7A5F589A7960E265C52
C:\Windows\System32\drivers\UcmUcsi.sys 169351463039B45F5CDED9768879F712
C:\Windows\System32\drivers\ucx01000.sys 08A9E3AD29B215484FBB68CDC175DF3A
C:\Windows\System32\drivers\udecx.sys DA70AEE267491AA56BC63AA0C0C96CA2
C:\Windows\System32\DRIVERS\udfs.sys FBC5ECF6D5A868D0B116C2DBB02B8168
C:\Windows\System32\drivers\UEFI.sys B918E40FAA9CD118CCA4AD388B748C98
C:\Windows\system32\drivers\UevAgentDriver.sys 166B17AE1DD24D8BA8CA474C7C31148F
C:\Windows\System32\drivers\ufx01000.sys 0FD75222C1AD2687AB365BEBEA400DD4
C:\Windows\System32\drivers\UfxChipidea.sys C1A78C53E01C641AE41BFA65797819F5
C:\Windows\System32\drivers\ufxsynopsys.sys 767307212110EBEFB93EC9A5BE9E85B9
C:\Windows\System32\drivers\umbus.sys DC460AAA18CA2342FBBFB2DF9B044472
C:\Windows\System32\drivers\umpass.sys C3CF0377917ECE6D65D7623E1E61568F
C:\Windows\System32\drivers\urschipidea.sys 6B46FC140C9AF68E6E7697D66D59CB4D
C:\Windows\System32\drivers\urscx01000.sys B4402E7F0923F660270442CE76877ABE
C:\Windows\System32\drivers\urssynopsys.sys 9DD431F1B94789CFB527E5D19261F124
C:\Windows\System32\drivers\usbccgp.sys C87E32B90F085970D9637FBAD45EF6FE
C:\Windows\System32\drivers\usbcir.sys 0B663856474AC41924D9E9112203858F
C:\Windows\System32\drivers\usbehci.sys F83D2250256203AC5DA5E8601C1AFDD7
C:\Windows\System32\drivers\usbhub.sys 7FFD26742321919590ED77FCA556D65F
C:\Windows\System32\drivers\UsbHub3.sys 7A749B2863B5561BE34B39E8E249AD8F
C:\Windows\System32\drivers\usbohci.sys D2109F1F4FEBF1DAC415CDC5DE876479
C:\Windows\System32\drivers\usbprint.sys 29C9572F2D061CFC3C0BD48A3163E343
C:\Windows\System32\drivers\usbser.sys 429477D6DEF3321FF7D3EF23CAAADA00
C:\Windows\System32\drivers\USBSTOR.SYS 0CC16F7B91C57AE9A4E44425A295FDAA
C:\Windows\System32\drivers\usbuhci.sys C917D09064CDBD18F75ADC9B2C48F847
C:\Windows\System32\drivers\USBXHCI.SYS 95BCCEFBC40D06484CF16144FE79B8A5
C:\Windows\System32\drivers\vdrvroot.sys 0CBDE344FB48E42D78E29469F202ADBC
C:\Windows\System32\drivers\VerifierExt.sys 723195568C8755CAD57F7933C5F2C5C2
C:\Windows\System32\drivers\vhdmp.sys C12B4859FC255AA6B3021CF8BB14A11F
C:\Windows\System32\drivers\vhf.sys 7929228F0E8B0C2FA0495A17A4FC27F6
C:\Windows\System32\drivers\vmbus.sys AEE432ED868831B1F068E373598F6D93
C:\Windows\System32\drivers\VMBusHID.sys 9444B23FC694B5F90F21B0FC7F10D8DD
C:\Windows\System32\drivers\vmgid.sys 4D0287F566B36536DD812A54C015FC4A
C:\Windows\System32\drivers\volmgr.sys 29075915F9BDC3437F8BED71C067D399
C:\Windows\System32\drivers\volmgrx.sys 6BDB6CE6D2D9E3D3F28F1C97E12B62E2
C:\Windows\System32\drivers\volsnap.sys BF2546583BB75F01DDA60A7921DFB230
C:\Windows\System32\drivers\volume.sys AC2E20A74D09D24485BE8396CE04F07B
C:\Windows\System32\drivers\vpci.sys 04BEC879AD7B3FDDD0339B19FECB0160
C:\Windows\System32\drivers\vsmraid.sys FD9BCB8920973CEAD4D49DC7A6D8A618
C:\Windows\System32\drivers\vstxraid.sys 0C111F220798CCE80484026E06822379
C:\Windows\System32\drivers\vwifibus.sys 607639716E9DB1CEF4E18B5B229293B4
C:\Windows\System32\drivers\vwififlt.sys B1ED64E628763148BF84FBE23F2AD711
C:\Windows\System32\drivers\wacompen.sys 55D00B785A7587F4263D125817871283
C:\Windows\System32\DRIVERS\wanarp.sys CEF3D306C09BEC1A800E9B4A06F859F6
C:\Windows\System32\DRIVERS\wanarp.sys CEF3D306C09BEC1A800E9B4A06F859F6
C:\Windows\system32\drivers\wcifs.sys CD24DEEA22152524CCFE859591D12A57
C:\Windows\system32\drivers\wcnfs.sys AEA1093B751339267D8C8C1EF3D669CF
C:\Windows\system32\drivers\WdBoot.sys D520B1B849B6D4D707AB31722B952C2D
C:\Windows\System32\drivers\Wdf01000.sys 5030C76047D756263093A47B82970868
C:\Windows\system32\drivers\WdFilter.sys 29FF9199EDEB4F5470BB134D1A2563D2
C:\Windows\System32\DRIVERS\wdiwifi.sys 373DF27CD5D5E50FFA2A90FEE0C0D994
C:\Windows\System32\Drivers\WdNisDrv.sys 17CF416CFF408190F5A4CBD79AB12E55
C:\Windows\System32\drivers\wfplwfs.sys E1785942AC51FEE6826CDF02075C5AA9
C:\Windows\System32\drivers\wimmount.sys 0CF79A0EACFFBB75A50A469A27696D02
C:\Windows\System32\drivers\WindowsTrustedRT.sys 0DE131733317EB4BE67028366B0CAAC6
C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys 92EB5D38BDF10C790450F3E46BF93A0E
C:\Windows\System32\drivers\winmad.sys F95DE20312ACCA7761446DE152BD1F7C
C:\Windows\System32\drivers\WinUSB.SYS 4EFB346BFDAEEB29316AA52BBB9852B1
C:\Windows\System32\drivers\winverbs.sys 8B9AFF5F08E66A6F1F1063DEC9457FB6
C:\Windows\System32\drivers\wmiacpi.sys 6F4F4F5A007D1710BD76FB311DA97C07
C:\Windows\System32\Drivers\Wof.sys EDADABA8665AB5C51BF59C4E2566BA7E
C:\Windows\System32\drivers\WpdUpFltr.sys 75A9284F01FE7CB1A7D5EAE5C1EB4F33
C:\Windows\system32\drivers\ws2ifsl.sys 36D7B73ADC3E10607ED6EC874AFB5D1E
C:\Windows\System32\drivers\WudfPf.sys AED7FE551E8672B824A56324076183EB
C:\Windows\System32\drivers\WudfRd.sys CEFAB17FD7DFCFA515626C306262E89D
C:\Windows\system32\DRIVERS\WUDFRd.sys CEFAB17FD7DFCFA515626C306262E89D
C:\Windows\System32\drivers\xboxgip.sys 59335CEA021FB89E07AD5DB5D17F09D0
C:\Windows\System32\drivers\xinputhid.sys 864F4209B03BE4267DDE09B067A165CA
C:\Windows\System32\drivers\zam64.sys 21E13F2CB269DEFEAE5E1D09887D47BB
C:\Windows\System32\drivers\zamguard64.sys 21E13F2CB269DEFEAE5E1D09887D47BB
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-07 02:36 - 2018-02-07 02:36 - 000049497 _____ C:\Users\Danny\Desktop\FRST.txt
2018-02-07 02:35 - 2018-02-07 02:35 - 000145581 _____ C:\Users\Danny\Desktop\first frst.txt
2018-02-07 02:26 - 2018-02-07 02:26 - 000025667 _____ C:\Users\Danny\Desktop\core diagnostic 2.txt
2018-02-07 02:20 - 2018-02-07 02:36 - 000126148 _____ C:\Windows\ZAM.krnl.trace
2018-02-07 02:20 - 2018-02-07 02:36 - 000018472 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-02-07 02:20 - 2018-02-07 02:20 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2018-02-07 02:20 - 2018-02-07 02:20 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2018-02-07 02:20 - 2018-02-07 02:20 - 000001217 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2018-02-07 02:20 - 2018-02-07 02:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-02-07 02:20 - 2018-02-07 02:20 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-02-07 02:16 - 2018-02-07 02:16 - 000025159 _____ C:\Users\Danny\Desktop\core log.txt
2018-02-07 02:15 - 2018-02-07 02:15 - 000025635 _____ C:\Users\Danny\Desktop\wdwd.txt
2018-02-07 02:14 - 2018-02-07 02:14 - 000025637 _____ C:\Users\Danny\Desktop\RCSSD.txt
2018-02-07 02:13 - 2018-02-07 02:13 - 000000000 ____D C:\ProgramData\Reason
2018-02-07 02:12 - 2018-02-07 02:12 - 000291606 _____ C:\Users\Danny\Desktop\TCPView.zip
2018-02-07 02:12 - 2018-02-07 02:12 - 000003624 _____ C:\Windows\System32\Tasks\ReasonSecurityScheduledScan
2018-02-07 02:12 - 2018-02-07 02:12 - 000003474 _____ C:\Windows\System32\Tasks\ReasonSecurityStart
2018-02-07 02:12 - 2018-02-07 02:12 - 000000956 _____ C:\Users\Public\Desktop\Reason Core Security.lnk
2018-02-07 02:12 - 2018-02-07 02:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2018-02-07 02:12 - 2018-02-07 02:12 - 000000000 ____D C:\Program Files\Reason
2018-02-07 02:11 - 2018-02-07 02:11 - 004257344 _____ (Reason Software Company Inc.) C:\Users\Danny\Desktop\reason-core-security-setup.exe
2018-02-07 02:10 - 2018-02-07 02:11 - 006625600 _____ (Zemana Ltd. ) C:\Users\Danny\Desktop\Zemana.AntiMalware.Setup.exe
2018-02-07 02:06 - 2018-02-07 02:27 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2018-02-07 02:06 - 2018-02-07 02:06 - 000000937 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2018-02-07 02:06 - 2018-02-07 02:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2018-02-07 02:01 - 2018-02-07 02:01 - 000000036 _____ C:\Users\Danny\Desktop\e.txt
2018-02-07 01:59 - 2018-02-07 01:59 - 000001982 _____ C:\Users\Public\Desktop\NordVPN.lnk
2018-02-07 01:59 - 2018-02-07 01:59 - 000000000 ____D C:\ProgramData\NordVpn
2018-02-07 01:59 - 2018-02-07 01:59 - 000000000 ____D C:\ProgramData\Caphyon
2018-02-07 01:58 - 2018-02-07 01:59 - 000000000 ____D C:\Users\Danny\AppData\Local\NordVPN
2018-02-07 01:58 - 2018-02-07 01:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
2018-02-07 01:58 - 2018-02-07 01:58 - 000000000 ____D C:\Program Files\TAP-NordVPN
2018-02-07 01:58 - 2018-02-07 01:58 - 000000000 ____D C:\Program Files (x86)\NordVPN
2018-02-07 01:57 - 2018-02-07 01:59 - 000000000 ____D C:\Users\Danny\AppData\Roaming\NordVPN
2018-02-07 01:54 - 2018-02-07 02:04 - 000000036 _____ C:\Users\Danny\Desktop\weweew.txt
2018-02-07 01:54 - 2018-02-07 01:54 - 012822632 _____ (NordVPN) C:\Users\Danny\Desktop\NordVPNSetup.exe
2018-02-07 01:46 - 2018-02-07 02:01 - 000000036 _____ C:\Users\Danny\Desktop\mbytesscan2-7.txt
2018-02-07 01:40 - 2017-12-31 23:51 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usoapi.dll
2018-02-07 01:40 - 2017-12-31 23:49 - 000073728 _____ (Microsoft Corporation) C:\Windows\system32\usoapi.dll
2018-02-07 01:40 - 2017-12-31 23:49 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
2018-02-07 01:40 - 2017-12-31 23:48 - 000310784 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2018-02-07 01:40 - 2017-12-31 23:48 - 000135168 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2018-02-07 01:40 - 2017-12-31 23:41 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2018-02-07 01:40 - 2017-12-31 23:39 - 000557568 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2018-02-07 01:40 - 2017-11-17 22:29 - 002321408 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-02-07 01:40 - 2017-11-01 17:12 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\UsoClient.exe
2018-02-07 01:40 - 2017-11-01 17:05 - 000297984 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2018-02-07 01:40 - 2017-10-08 20:44 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2018-02-07 01:40 - 2017-10-08 20:43 - 001231360 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2018-02-07 01:40 - 2017-09-17 21:27 - 000326656 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2018-02-07 01:40 - 2017-09-07 00:53 - 000180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2018-02-07 01:40 - 2017-09-07 00:52 - 000557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2018-02-07 01:40 - 2017-09-07 00:51 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2018-02-07 01:40 - 2017-09-07 00:18 - 000211968 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2018-02-07 01:40 - 2017-09-07 00:16 - 000748544 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2018-02-07 01:40 - 2017-09-07 00:15 - 000260608 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe
2018-02-07 01:40 - 2017-08-22 00:09 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2018-02-07 01:40 - 2017-08-22 00:08 - 000079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2018-02-07 01:40 - 2017-08-22 00:06 - 000093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2018-02-07 01:40 - 2017-08-22 00:05 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\wuautoappupdate.dll
2018-02-07 01:40 - 2017-08-22 00:04 - 000165376 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2018-02-07 01:40 - 2017-08-21 23:57 - 000711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-02-07 01:40 - 2017-08-21 23:47 - 000869888 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-02-07 01:40 - 2017-07-12 00:23 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2018-02-07 01:40 - 2017-07-12 00:12 - 000091648 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2018-02-07 01:40 - 2017-06-21 01:50 - 001054208 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2018-02-07 01:40 - 2017-03-04 01:36 - 000101888 _____ (Microsoft Corporation) C:\Windows\system32\DuCsps.dll
2018-02-07 01:40 - 2016-11-11 04:23 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\EAMProgressHandler.dll
2018-02-07 01:40 - 2016-08-05 23:16 - 000026408 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-02-07 01:40 - 2016-08-05 22:48 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2018-02-07 01:39 - 2016-12-21 02:08 - 000142848 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2018-02-07 01:39 - 2016-12-20 23:44 - 000120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2018-02-07 01:37 - 2018-02-07 01:38 - 002793472 _____ C:\Users\Danny\Desktop\cShieldAgent (2).msi
2018-02-07 01:34 - 2018-02-07 01:35 - 002793472 _____ C:\Users\Danny\Desktop\cShieldAgent (1).msi
2018-02-07 01:33 - 2018-02-07 02:36 - 000000000 ____D C:\FRST
2018-02-07 01:32 - 2018-02-07 01:32 - 001159168 _____ C:\Users\Danny\Desktop\cShieldIpUpdaterAgent.msi
2018-02-07 01:32 - 2018-02-07 01:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2018-02-07 01:31 - 2018-02-07 01:33 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2018-02-07 01:31 - 2018-02-06 23:29 - 000000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2018-02-07 01:30 - 2018-02-07 01:30 - 001875480 _____ (Malwarebytes ) C:\Users\Danny\Desktop\mbae-setup-1.10.1.41.exe
2018-02-07 01:27 - 2018-02-07 01:32 - 000000000 ____D C:\AdwCleaner
2018-02-07 01:26 - 2018-02-07 01:26 - 000000000 ____D C:\Windows\system32\appmgmt
2018-02-07 01:25 - 2018-02-07 01:50 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts.bak
2018-02-07 01:25 - 2018-02-07 01:32 - 000000000 ____D C:\Program Files (x86)\COMODO
2018-02-07 01:24 - 2018-02-07 01:24 - 002793472 _____ C:\Users\Danny\Desktop\cShieldAgent.msi
2018-02-07 01:10 - 2018-02-07 02:27 - 000000000 ____D C:\ProgramData\Emsisoft
2018-02-07 01:07 - 2018-02-07 01:23 - 000000000 ____D C:\EEK
2018-02-07 01:06 - 2018-01-09 16:44 - 000108584 _____ (Microsoft Corporation) C:\Windows\system32\osrss.dll
2018-02-07 01:05 - 2018-02-07 01:53 - 1574456320 _____ C:\Users\Danny\Desktop\domefirewall.ova
2018-02-07 01:04 - 2018-02-07 01:51 - 1149382656 _____ C:\Users\Danny\Desktop\domefirewall.iso
2018-02-07 01:03 - 2018-02-07 02:07 - 000000000 ____D C:\Users\Danny\AppData\Local\NPE
2018-02-07 01:02 - 2018-02-07 01:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SafeNet
2018-02-07 01:02 - 2018-02-07 01:02 - 000000000 ____D C:\Program Files\SafeNet
2018-02-07 01:02 - 2017-03-29 12:52 - 000062632 _____ (Aladdin Knowledge Systems, Ltd.) C:\Windows\system32\Drivers\aksifdh.sys
2018-02-07 01:02 - 2017-03-29 12:52 - 000044712 _____ (Aladdin Knowledge Systems, Ltd.) C:\Windows\system32\Drivers\aksup.sys
2018-02-07 00:59 - 2018-02-07 01:00 - 014661632 _____ C:\Users\Danny\Desktop\SafeNetAuthenticationClient-x64-10.3.msi
2018-02-07 00:59 - 2018-02-07 00:59 - 011384320 _____ C:\Users\Danny\Desktop\SafeNetAuthenticationClient-x32-10.3.msi
2018-02-07 00:59 - 2018-02-07 00:59 - 000717017 _____ C:\Users\Danny\Desktop\comodocertificateautoinstaller (1).pdf
2018-02-07 00:58 - 2018-02-07 00:58 - 000001911 _____ C:\Users\Danny\Desktop\comodosha256extendedvalidationsecureserverca (1).crt
2018-02-07 00:58 - 2018-02-07 00:58 - 000001684 _____ C:\Users\Danny\Desktop\comodosha256clientauthenticationandsecureemailca (1).crt
2018-02-07 00:57 - 2018-02-07 00:57 - 000001911 _____ C:\Users\Danny\Desktop\comodosha256extendedvalidationsecureserverca.crt
2018-02-07 00:56 - 2018-02-07 00:56 - 000001858 _____ C:\Users\Danny\Desktop\comodosha256domainvalidationsecureserverca.crt
2018-02-07 00:56 - 2018-02-07 00:56 - 000001858 _____ C:\Users\Danny\Desktop\comodosha256domainvalidationsecureserverca (2).crt
2018-02-07 00:55 - 2018-02-07 00:55 - 000001684 _____ C:\Users\Danny\Desktop\comodosha256clientauthenticationandsecureemailca.crt
2018-02-07 00:55 - 2018-02-07 00:55 - 000001635 _____ C:\Users\Danny\Desktop\comodosha256codesigningca.crt
2018-02-07 00:55 - 2018-02-07 00:55 - 000001521 _____ C:\Users\Danny\Desktop\addtrustexternalcaroot (4).crt
2018-02-07 00:55 - 2018-02-07 00:55 - 000001521 _____ C:\Users\Danny\Desktop\addtrustexternalcaroot (3).crt
2018-02-07 00:54 - 2018-02-07 00:54 - 000002114 _____ C:\Users\Danny\Desktop\incommonrsacodesigningca.crt
2018-02-07 00:54 - 2018-02-07 00:54 - 000001956 _____ C:\Users\Danny\Desktop\usertrustrsaaddtrustca (1).crt
2018-02-07 00:54 - 2018-02-07 00:54 - 000001521 _____ C:\Users\Danny\Desktop\addtrustexternalcaroot (2).crt
2018-02-07 00:53 - 2018-02-07 00:53 - 000005608 _____ C:\Users\Danny\Desktop\incommonrsaserverca-bundle.crt
2018-02-07 00:53 - 2018-02-07 00:53 - 000005593 _____ C:\Users\Danny\Desktop\incommonrsacodesigning-bundle.crt
2018-02-07 00:53 - 2018-02-07 00:53 - 000001956 _____ C:\Users\Danny\Desktop\usertrustrsaaddtrustca.crt
2018-02-07 00:52 - 2018-02-07 00:52 - 000002130 _____ C:\Users\Danny\Desktop\incommonrsaserverca_2.crt
2018-02-07 00:52 - 2018-02-07 00:52 - 000002098 _____ C:\Users\Danny\Desktop\comodorsacodesigningca (1).crt
2018-02-07 00:52 - 2018-02-07 00:52 - 000001952 _____ C:\Users\Danny\Desktop\comodorsaaddtrustca.crt
2018-02-07 00:52 - 2018-02-07 00:52 - 000001521 _____ C:\Users\Danny\Desktop\addtrustexternalcaroot.crt
2018-02-07 00:52 - 2018-02-07 00:52 - 000001521 _____ C:\Users\Danny\Desktop\addtrustexternalcaroot (1).crt
2018-02-07 00:51 - 2018-02-07 00:51 - 000002098 _____ C:\Users\Danny\Desktop\comodorsacodesigningca.crt
2018-02-07 00:49 - 2018-02-07 00:49 - 000000837 _____ C:\Users\Public\Desktop\UCheck.lnk
2018-02-07 00:49 - 2018-02-07 00:49 - 000000000 ____D C:\ProgramData\UCheck
2018-02-07 00:49 - 2018-02-07 00:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UCheck
2018-02-07 00:49 - 2018-02-07 00:49 - 000000000 ____D C:\Program Files\UCheck
2018-02-07 00:48 - 2018-02-07 00:48 - 000000000 ____D C:\ProgramData\Sophos
2018-02-07 00:40 - 2018-02-07 00:40 - 000102608 _____ (Symantec Corporation) C:\Windows\SMSS-PFRO342f.tmp
2018-02-07 00:40 - 2018-02-07 00:40 - 000000000 ____D C:\Program Files\Norton Security
2018-02-07 00:40 - 2018-02-07 00:40 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared
2018-02-07 00:40 - 2018-02-06 23:41 - 000002326 _____ C:\Users\Public\Desktop\Norton Security.lnk
2018-02-07 00:40 - 2018-02-06 23:41 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2018-02-07 00:40 - 2018-02-06 23:41 - 000000000 ____D C:\Windows\system32\Drivers\NSx64
2018-02-07 00:40 - 2018-02-06 23:06 - 000102568 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2018-02-07 00:40 - 2018-02-06 23:06 - 000008309 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2018-02-07 00:38 - 2018-02-07 01:44 - 000094144 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-02-07 00:37 - 2018-02-07 01:46 - 000193464 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-02-07 00:37 - 2018-02-07 00:37 - 000000000 ____D C:\Users\Danny\AppData\Local\CrashDumps
2018-02-07 00:37 - 2018-02-06 23:40 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-02-07 00:34 - 2018-02-07 00:34 - 000000000 ____D C:\Users\Public\Downloads\Norton
2018-02-07 00:33 - 2018-02-07 00:37 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2018-02-07 00:33 - 2018-02-07 00:33 - 000004344 _____ C:\Windows\System32\Tasks\Norton Security Scan for Danny
2018-02-07 00:33 - 2018-02-07 00:33 - 000001537 _____ C:\Users\Public\Desktop\Norton Security Scan.LNK
2018-02-07 00:33 - 2018-02-07 00:33 - 000000000 ____D C:\Windows\system32\Drivers\NSSx64
2018-02-07 00:33 - 2018-02-07 00:33 - 000000000 ____D C:\ProgramData\NortonInstaller
2018-02-07 00:33 - 2018-02-07 00:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2018-02-07 00:33 - 2018-02-07 00:33 - 000000000 ____D C:\Program Files (x86)\Norton Security Scan
2018-02-07 00:32 - 2018-02-07 01:03 - 000000000 ____D C:\ProgramData\Norton
2018-02-07 00:32 - 2018-02-07 00:32 - 000000000 ____D C:\ProgramData\Downloaded Installations
2018-02-07 00:32 - 2018-02-07 00:32 - 000000000 ____D C:\Program Files\Killer Networking
2018-02-07 00:32 - 2018-02-07 00:32 - 000000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2018-02-07 00:31 - 2018-02-07 00:31 - 000000000 ____D C:\ProgramData\Google
2018-02-07 00:31 - 2018-02-07 00:31 - 000000000 ____D C:\Program Files\Google
2018-02-07 00:30 - 2018-02-07 00:30 - 000000000 ___HD C:\Program Files (x86)\Temp
2018-02-07 00:30 - 2018-02-07 00:30 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-02-07 00:30 - 2018-02-06 23:49 - 000000000 ____D C:\ProgramData\Package Cache
2018-02-07 00:26 - 2018-02-07 00:40 - 316743568 _____ C:\Users\Danny\Desktop\EmsisoftEmergencyKit.exe
2018-02-07 00:25 - 2018-02-07 00:34 - 190709032 _____ (Sophos Limited) C:\Users\Danny\Desktop\Sophos Virus Removal Tool.exe
2018-02-07 00:25 - 2018-02-07 00:25 - 021003576 _____ (Adlice Software ) C:\Users\Danny\Desktop\UCheck_setup.exe
2018-02-07 00:13 - 2018-02-07 00:24 - 253383016 _____ (Emsisoft Ltd. ) C:\Users\Danny\Desktop\EmsisoftAntiMalwareSetup_bc.exe
2018-02-07 00:13 - 2018-02-06 23:40 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-02-07 00:12 - 2018-02-07 00:19 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-02-07 00:12 - 2018-02-07 00:12 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-07 00:12 - 2018-02-07 00:12 - 000000000 ____D C:\Windows\System32\Tasks\Remediation
2018-02-07 00:12 - 2018-02-07 00:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-07 00:12 - 2018-02-07 00:12 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-07 00:12 - 2018-02-07 00:12 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-07 00:12 - 2018-02-07 00:12 - 000000000 ____D C:\Program Files\Common Files\AV
2018-02-07 00:12 - 2018-02-06 23:40 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-02-07 00:11 - 2018-02-07 00:11 - 000003340 _____ C:\Windows\System32\Tasks\MSI_Toast_Server
2018-02-07 00:11 - 2018-02-07 00:11 - 000002104 _____ C:\Users\Public\Desktop\MSI Live Update 6.lnk
2018-02-07 00:11 - 2018-02-07 00:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2018-02-07 00:11 - 2018-02-07 00:11 - 000000000 ____D C:\Program Files (x86)\MSI
2018-02-07 00:11 - 2018-02-07 00:11 - 000000000 ____D C:\MSI
2018-02-07 00:11 - 2014-04-30 16:23 - 000011248 _____ (Windows ® Win 7 DDK provider) C:\Windows\acpimof.dll
2018-02-07 00:10 - 2018-02-07 00:35 - 000003642 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2018-02-07 00:10 - 2018-02-07 00:10 - 000000000 ____D C:\Users\Danny\Desktop\LiveUpdate
2018-02-07 00:10 - 2018-02-07 00:10 - 000000000 ____D C:\Users\Danny\AppData\Roaming\WinRAR
2018-02-07 00:09 - 2018-02-07 00:09 - 002220872 _____ C:\Users\Danny\Desktop\winrar-x64-550.exe
2018-02-07 00:09 - 2018-02-07 00:09 - 000000000 ____D C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-02-07 00:09 - 2018-02-07 00:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-02-07 00:09 - 2018-02-07 00:09 - 000000000 ____D C:\Program Files\WinRAR
2018-02-07 00:08 - 2018-02-07 00:30 - 000840384 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-02-07 00:08 - 2018-02-07 00:08 - 013317720 _____ C:\Users\Danny\Desktop\LiveUpdate.zip
2018-02-07 00:08 - 2018-02-07 00:08 - 002393088 _____ (Farbar) C:\Users\Danny\Desktop\FRST64.exe
2018-02-07 00:07 - 2018-02-07 02:12 - 000000000 ____D C:\Users\Danny\AppData\Local\Zemana
2018-02-07 00:07 - 2018-02-07 00:07 - 000001209 _____ C:\Users\Public\Desktop\AntiLogger Free.lnk
2018-02-07 00:07 - 2018-02-07 00:07 - 000000000 ____D C:\Users\Danny\AppData\Local\AntiLogger Free
2018-02-07 00:07 - 2018-02-07 00:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2018-02-07 00:07 - 2018-02-07 00:07 - 000000000 ____D C:\Program Files (x86)\Zemana AntiLogger Free
2018-02-07 00:07 - 2018-02-07 00:07 - 000000000 ____D C:\Program Files (x86)\KeyCryptSDK
2018-02-07 00:07 - 2015-11-05 15:00 - 000143904 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2018-02-07 00:06 - 2018-02-07 00:11 - 083316440 _____ (Malwarebytes ) C:\Users\Danny\Desktop\mb3-setup-1878.1878-3.3.1.2183.exe
2018-02-07 00:06 - 2018-02-07 00:06 - 003719928 _____ (Zemana Ltd. ) C:\Users\Danny\Desktop\AntiLoggerFree_Setup.exe
2018-02-07 00:05 - 2018-02-07 00:05 - 000000207 _____ C:\Windows\tweaking.com-regbackup-DANNY-PC-Windows-10-Pro-(64-bit).dat
2018-02-07 00:02 - 2018-02-07 00:02 - 000002232 _____ C:\Users\Danny\Desktop\Tweaking.com - Windows Repair.lnk
2018-02-07 00:00 - 2018-02-07 00:00 - 000003768 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2018-02-07 00:00 - 2018-02-07 00:00 - 000000000 ____D C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-02-06 23:59 - 2018-02-07 00:02 - 000194554 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2018-02-06 23:59 - 2018-02-06 23:59 - 038149352 _____ (Tweaking.com) C:\Users\Danny\Desktop\tweaking.com_windows_repair_aio_setup.exe
2018-02-06 23:59 - 2018-02-06 23:59 - 008206624 _____ (Malwarebytes) C:\Users\Danny\Desktop\AdwCleaner.exe
2018-02-06 23:59 - 2018-02-06 23:59 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-02-06 23:58 - 2018-02-07 00:10 - 000000000 ____D C:\Users\Danny\AppData\Local\DisconnectDesktop
2018-02-06 23:58 - 2018-02-06 23:58 - 038149352 _____ (Tweaking.com) C:\Users\Danny\Downloads\tweaking.com_windows_repair_aio_setup.exe
2018-02-06 23:58 - 2018-02-06 23:58 - 000000000 ____D C:\Users\Danny\AppData\Roaming\Disconnect
2018-02-06 23:58 - 2018-02-06 23:58 - 000000000 ____D C:\Users\Danny\AppData\Local\PeerDistRepub
2018-02-06 23:58 - 2018-02-06 23:58 - 000000000 ____D C:\Users\Danny\AppData\Local\Caphyon
2018-02-06 23:57 - 2018-02-06 23:58 - 070839856 _____ (Disconnect) C:\Users\Danny\Downloads\Disconnect+Desktop.exe
2018-02-06 23:53 - 2018-02-06 23:53 - 000000000 ____D C:\IndexDatta
2018-02-06 23:52 - 2018-02-07 00:31 - 000000000 ____D C:\Program Files (x86)\Google
2018-02-06 23:52 - 2018-02-06 23:52 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-02-06 23:52 - 2018-02-06 23:52 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-02-06 23:52 - 2018-02-06 23:52 - 000002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-06 23:52 - 2018-02-06 23:52 - 000002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-06 23:52 - 2018-02-06 23:14 - 000000000 ____D C:\Users\Danny\AppData\Local\Google
2018-02-06 23:51 - 2018-02-06 23:51 - 001129816 _____ (Google Inc.) C:\Users\Danny\Desktop\ChromeSetup.exe
2018-02-06 23:51 - 2018-02-06 23:51 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-02-06 23:51 - 2018-01-23 19:23 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2018-02-06 23:51 - 2017-11-02 15:15 - 000928568 _____ C:\Windows\system32\vulkan-1.dll
2018-02-06 23:51 - 2017-11-02 15:15 - 000798520 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-02-06 23:51 - 2017-11-02 15:15 - 000490808 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-02-06 23:51 - 2017-11-02 15:14 - 000591672 _____ C:\Windows\system32\vulkaninfo.exe
2018-02-06 23:50 - 2018-02-06 23:50 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2018-02-06 23:49 - 2018-02-06 23:49 - 000000000 ____D C:\Users\Danny\AppData\Local\MicrosoftEdge
2018-02-06 23:49 - 2018-01-23 19:23 - 040269808 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 035180016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 019796336 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 016449872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 013444552 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 012843496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 011026080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 010900248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 004308976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 003894304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 003709424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 001976120 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439077.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 001673616 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439077.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 001325384 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 001134768 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 001126888 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 001054704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 001043128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 000988464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 000939832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 000885680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 000795928 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 000740336 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 000635248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 000616240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 000599352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 000506864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 000045600 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2018-02-06 23:46 - 2018-02-06 23:46 - 000000000 ____D C:\Windows\System32\Tasks\Norton Security
2018-02-06 23:46 - 2018-02-06 23:46 - 000000000 ____D C:\NVIDIA
2018-02-06 23:43 - 2018-02-06 23:43 - 000000000 ____D C:\Users\Danny\AppData\Local\ElevatedDiagnostics
2018-02-06 23:41 - 2018-02-06 23:41 - 000003376 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2018-02-06 23:35 - 2018-02-06 23:44 - 000000799 _____ C:\Users\Danny\Desktop\Windows 10 Update Assistant.lnk
2018-02-06 23:35 - 2018-02-06 23:35 - 000000811 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2018-02-06 23:34 - 2018-02-06 23:34 - 000000000 ____D C:\Users\Danny\AppData\Local\Comms
2018-02-06 23:27 - 2018-02-06 23:34 - 452923096 _____ (NVIDIA Corporation) C:\Users\Danny\Desktop\390.77-desktop-win10-64bit-international-whql.exe
2018-02-06 23:24 - 2018-02-06 23:25 - 000000000 ____D C:\Windows\system32\MRT
2018-02-06 23:23 - 2018-02-06 23:33 - 000000000 ____D C:\Program Files\rempl
2018-02-06 23:23 - 2018-02-06 23:24 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-02-06 23:23 - 2018-02-06 23:24 - 000000000 ____D C:\Program Files\UNP
2018-02-06 23:23 - 2018-02-06 23:23 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-02-06 23:23 - 2018-02-06 23:23 - 000119960 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR520.SYS.bak
2018-02-06 23:23 - 2018-02-06 23:23 - 000000000 ____D C:\Windows\UpdateAssistant
2018-02-06 23:23 - 2018-02-06 23:23 - 000000000 ____D C:\Windows\system32\UNP
2018-02-06 23:22 - 2017-10-12 01:31 - 002032480 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-02-06 23:22 - 2017-10-12 01:31 - 001578848 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-02-06 23:22 - 2017-10-12 01:31 - 000678752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-02-06 23:22 - 2017-10-12 01:31 - 000613728 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-02-06 23:22 - 2017-10-12 01:31 - 000612192 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-02-06 23:22 - 2017-10-12 01:31 - 000484192 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2018-02-06 23:22 - 2017-10-12 01:31 - 000379232 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-02-06 23:22 - 2017-10-12 01:31 - 000259936 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-02-06 23:22 - 2017-10-12 01:31 - 000190304 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-02-06 23:22 - 2017-10-12 01:31 - 000136032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-02-06 23:22 - 2017-10-12 01:31 - 000067928 _____ (Microsoft Corporation) C:\Windows\system32\win32appinventorycsp.dll
2018-02-06 23:22 - 2017-10-12 01:31 - 000034648 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2018-02-06 23:22 - 2017-10-12 01:21 - 000223584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2018-02-06 23:22 - 2017-10-12 01:20 - 000484192 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2018-02-06 23:21 - 2018-02-06 23:21 - 000003374 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-282559497-451337721-2173362044-1001
2018-02-06 23:20 - 2018-02-07 02:14 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-02-06 23:20 - 2018-02-06 23:20 - 006242320 _____ (Microsoft Corporation) C:\Users\Danny\Desktop\Windows10Upgrade9252.exe
2018-02-06 23:19 - 2018-02-07 00:26 - 000000000 ____D C:\Windows10Upgrade
2018-02-06 23:19 - 2018-02-06 23:21 - 000002363 _____ C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-02-06 23:19 - 2018-02-06 23:21 - 000000000 ___RD C:\Users\Danny\OneDrive
2018-02-06 23:19 - 2018-02-06 23:19 - 000000000 ___HD C:\$GetCurrent
2018-02-06 23:19 - 2018-02-06 23:19 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-02-06 23:18 - 2018-02-06 23:51 - 000000000 ____D C:\Users\Danny\AppData\Local\ConnectedDevicesPlatform
2018-02-06 23:18 - 2018-02-06 23:40 - 000000000 __SHD C:\Users\Danny\IntelGraphicsProfiles
2018-02-06 23:18 - 2018-02-06 23:36 - 000000000 ____D C:\Users\Danny\AppData\Local\Packages
2018-02-06 23:18 - 2018-02-06 23:18 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-02-06 23:18 - 2018-02-06 23:18 - 000000000 ____D C:\Users\Danny\AppData\Roaming\Adobe
2018-02-06 23:18 - 2018-02-06 23:18 - 000000000 ____D C:\Users\Danny\AppData\Local\VirtualStore
2018-02-06 23:18 - 2018-02-06 23:18 - 000000000 ____D C:\Users\Danny\AppData\Local\TileDataLayer
2018-02-06 23:18 - 2018-02-06 23:18 - 000000000 ____D C:\Users\Danny\AppData\Local\Publishers
2018-02-06 23:17 - 2018-02-07 02:22 - 000000000 ____D C:\Users\Danny
2018-02-06 23:17 - 2018-02-06 23:17 - 000000020 ___SH C:\Users\Danny\ntuser.ini
2018-02-06 23:17 - 2018-02-06 23:17 - 000000000 __SHD C:\Users\defaultuser0\IntelGraphicsProfiles
2018-02-06 23:17 - 2018-02-06 23:17 - 000000000 ___SD C:\Windows\UpdateAssistantV2
2018-02-06 23:17 - 2018-02-06 23:17 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\VirtualStore
2018-02-06 23:17 - 2018-02-06 23:17 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\TileDataLayer
2018-02-06 23:17 - 2018-02-06 23:17 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2018-02-06 23:17 - 2018-02-06 23:17 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\ConnectedDevicesPlatform
2018-02-06 23:16 - 2018-02-06 23:44 - 000844208 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-06 23:16 - 2018-02-06 23:17 - 000000000 ____D C:\Users\defaultuser0
2018-02-06 23:16 - 2018-02-06 23:16 - 000000020 ___SH C:\Users\defaultuser0\ntuser.ini
2018-02-06 23:16 - 2017-11-17 23:23 - 000038744 _____ (Microsoft Corporation) C:\Windows\system32\OOBEUpdater.exe
2018-02-06 23:14 - 2018-02-06 23:14 - 000000000 ____D C:\Users\Danny\AppData\Roaming\Google
2018-02-06 23:14 - 2016-07-16 06:41 - 002716672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2018-02-06 23:12 - 2018-02-06 23:12 - 000000000 _SHDL C:\Users\Default User
2018-02-06 23:12 - 2018-02-06 23:12 - 000000000 _SHDL C:\Users\All Users
2018-02-06 23:12 - 2018-02-06 23:12 - 000000000 _SHDL C:\Documents and Settings
2018-02-06 23:11 - 2018-02-07 00:39 - 000000000 ____D C:\ProgramData\NVIDIA
2018-02-06 23:11 - 2018-02-07 00:31 - 000000000 ____D C:\Program Files\Intel
2018-02-06 23:11 - 2018-02-06 23:40 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-02-06 23:11 - 2018-02-06 23:17 - 000000000 ____D C:\Intel
2018-02-06 23:11 - 2018-02-06 23:11 - 000000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2018-02-06 23:11 - 2018-02-06 23:11 - 000000000 ____D C:\ProgramData\USOShared
2018-02-06 23:11 - 2018-02-06 23:11 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
2018-02-06 23:11 - 2018-01-23 19:23 - 000532040 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2018-02-06 23:11 - 2018-01-23 18:11 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-02-06 23:11 - 2018-01-23 17:57 - 005950024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-02-06 23:11 - 2018-01-23 17:57 - 002589168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-02-06 23:11 - 2018-01-23 17:57 - 001766288 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-02-06 23:11 - 2018-01-23 17:57 - 000633328 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-02-06 23:11 - 2018-01-23 17:57 - 000450352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-02-06 23:11 - 2018-01-23 17:57 - 000122768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-02-06 23:11 - 2018-01-23 17:57 - 000082744 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-02-06 23:11 - 2018-01-22 00:46 - 007947791 _____ C:\Windows\system32\nvcoproc.bin
2018-02-06 23:10 - 2018-02-07 01:32 - 000194192 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-06 23:10 - 2018-02-07 00:39 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-02-06 23:10 - 2018-02-06 23:51 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-02-06 23:10 - 2018-02-06 23:51 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-02-06 23:10 - 2018-02-06 23:40 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-06 23:10 - 2018-02-06 23:10 - 000012856 ____N C:\bootsqm.dat
2018-02-06 23:10 - 2018-02-06 23:10 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2018-02-06 23:10 - 2018-02-06 23:10 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-02-06 23:10 - 2018-02-06 23:10 - 000000000 ____D C:\Windows\ServiceProfiles
2018-02-06 22:18 - 2018-02-07 02:16 - 000000000 ___DC C:\Windows\Panther
2018-02-06 22:18 - 2018-02-06 22:41 - 000000000 ____D C:\Windows.old
2018-02-06 22:18 - 2018-02-06 22:18 - 000008192 _____ C:\Windows\system32\config\userdiff
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\winrm
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\WCN
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\sysprep
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\slmgr
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\0409
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\winrm
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\WCN
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\slmgr
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\0409
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\Setup
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\OCR
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\InfusedApps
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\DigitalLocker
2018-02-06 22:17 - 2018-02-02 15:18 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-02-06 22:17 - 2018-02-02 15:18 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-06 22:16 - 2018-02-07 02:21 - 000000000 ____D C:\Windows\system32\config\systemprofile
2018-02-06 22:16 - 2018-02-07 01:43 - 000000000 ____D C:\Windows\AppReadiness
2018-02-06 22:16 - 2018-02-07 01:24 - 000000000 ____D C:\Windows\system32\NDF
2018-02-06 22:16 - 2018-02-07 01:02 - 000000000 ____D C:\Windows\system32\setup
2018-02-06 22:16 - 2018-02-07 00:10 - 000000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_571
2018-02-06 22:16 - 2018-02-06 23:41 - 000000000 ___HD C:\Windows\ELAMBKUP
2018-02-06 22:16 - 2018-02-06 23:40 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2018-02-06 22:16 - 2018-02-06 23:40 - 000000000 ____D C:\Windows\system32\appraiser
2018-02-06 22:16 - 2018-02-06 23:40 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-02-06 22:16 - 2018-02-06 23:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-06 22:16 - 2018-02-06 23:33 - 000000000 ____D C:\Windows\appcompat
2018-02-06 22:16 - 2018-02-06 23:17 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2018-02-06 22:16 - 2018-02-06 23:17 - 000000000 ____D C:\Windows\system32\oobe
2018-02-06 22:16 - 2018-02-06 23:14 - 000000000 ____D C:\Windows\system32\spool
2018-02-06 22:16 - 2018-02-06 23:14 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-02-06 22:16 - 2018-02-06 23:13 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-02-06 22:16 - 2018-02-06 23:11 - 000000000 ___RD C:\Windows\PrintDialog
2018-02-06 22:16 - 2018-02-06 23:11 - 000000000 ___RD C:\Windows\MiracastView
2018-02-06 22:16 - 2018-02-06 23:11 - 000000000 ____D C:\Windows\system32\Sysprep
2018-02-06 22:16 - 2018-02-06 23:11 - 000000000 ____D C:\Windows\Help
2018-02-06 22:16 - 2018-02-06 23:11 - 000000000 ____D C:\Windows\CSC
2018-02-06 22:16 - 2018-02-06 23:11 - 000000000 ____D C:\ProgramData\USOPrivate
2018-02-06 22:16 - 2018-02-06 23:10 - 000000000 ____D C:\Windows\system32\config\TxR
2018-02-06 22:16 - 2018-02-06 23:10 - 000000000 ____D C:\Windows\system32\config\RegBack
2018-02-06 22:16 - 2018-02-06 22:40 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ___SD C:\Windows\SysWOW64\F12
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ___SD C:\Windows\system32\F12
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ___SD C:\Windows\system32\dsc
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\setup
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\oobe
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\MUI
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\Dism
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\Com
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SystemApps
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\MUI
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\migwiz
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\Dism
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\Com
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\IME
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Program Files\Windows Defender
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Program Files\Common Files\System
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 __SHD C:\Program Files\Windows Sidebar
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 __RSD C:\Windows\Media
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 __RHD C:\Users\Public\Libraries
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ___SD C:\Windows\SysWOW64\Nui
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ___SD C:\Windows\SysWOW64\Configuration
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ___SD C:\Windows\system32\Nui
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ___SD C:\Windows\system32\Configuration
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ___SD C:\Windows\Downloaded Program Files
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ___RD C:\Windows\Offline Web Pages
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\Web
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\Vss
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\tracing
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\TAPI
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\SMI
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\ras
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\NDF
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\MsDtc
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\migwiz
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\MailContactsCalendarSync
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\Ipmi
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\InputMethod
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\inetsrv
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\IME
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\icsxml
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicyUsers
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\FxsTmp
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\downlevel
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\Bthprops
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\AppLocker
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SystemResources
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\WinMetadata
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\winevt
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\ras
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\ProximityToast
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\PointOfService
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\MsDtc
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\MailContactsCalendarSync
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\Macromed
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\Ipmi
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\InputMethod
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\inetsrv
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\IME
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\icsxml
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\ias
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\downlevel
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\DDFs
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\config\Journal
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\Bthprops
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\AppLocker
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\System
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SKB
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\ShellExperiences
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\security
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\schemas
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SchCache
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\Resources
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\rescache
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\RemotePackages
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\Registration
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\Provisioning
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\PLA
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\Performance
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\ModemLogs
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\LiveKernelReports
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\L2Schemas
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\InputMethod
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\Globalization
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\GameBarPresenceWriter
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\Cursors
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\Branding
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\bcastdvr
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\addins
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\ProgramData\Comms
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Program Files\Windows Portable Devices
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Program Files\Windows NT
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Program Files\Common Files\Services
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Program Files (x86)\Windows NT
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2018-02-06 22:16 - 2018-02-06 22:15 - 000231424 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2018-02-06 22:16 - 2018-02-06 22:15 - 000215943 _____ C:\Windows\SysWOW64\dssec.dat
2018-02-06 22:16 - 2018-02-06 22:15 - 000215943 _____ C:\Windows\system32\dssec.dat
2018-02-06 22:16 - 2018-02-06 22:15 - 000209408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2018-02-06 22:16 - 2018-02-06 22:15 - 000017463 _____ C:\Windows\system32\Drivers\etc\services
2018-02-06 22:16 - 2018-02-06 22:15 - 000015462 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2018-02-06 22:16 - 2018-02-06 22:15 - 000004096 _____ C:\Windows\system32\config\VSMIDK
2018-02-06 22:16 - 2018-02-06 22:15 - 000003683 _____ C:\Windows\system32\Drivers\etc\lmhosts.sam
2018-02-06 22:16 - 2018-02-06 22:15 - 000001358 _____ C:\Windows\system32\Drivers\etc\protocol
2018-02-06 22:16 - 2018-02-06 22:15 - 000000858 _____ C:\Windows\system32\DefaultQuestions.json
2018-02-06 22:16 - 2018-02-06 22:15 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts_bak_288
2018-02-06 22:16 - 2018-02-06 22:15 - 000000741 _____ C:\Windows\SysWOW64\NOISE.DAT
2018-02-06 22:16 - 2018-02-06 22:15 - 000000741 _____ C:\Windows\system32\NOISE.DAT
2018-02-06 22:16 - 2018-02-06 22:15 - 000000407 _____ C:\Windows\system32\Drivers\etc\networks
2018-02-06 22:16 - 2018-02-06 22:15 - 000000219 _____ C:\Windows\system.ini
2018-02-06 22:16 - 2018-02-06 22:15 - 000000092 _____ C:\Windows\win.ini
2018-02-06 22:16 - 2018-01-23 19:23 - 000438768 _____ (Khronos Group) C:\Windows\SysWOW64\opencl.dll
2018-02-06 22:15 - 2018-02-07 01:02 - 000000000 ____D C:\Windows\INF
2018-02-06 22:13 - 2018-02-07 02:20 - 000000000 ___RD C:\Program Files (x86)
2018-02-06 22:13 - 2018-02-07 01:06 - 000000000 ____D C:\Windows\CbsTemp
2018-02-06 22:13 - 2018-02-06 23:41 - 000032768 _____ C:\Windows\system32\config\ELAM
2018-02-06 22:13 - 2018-02-06 23:40 - 071041024 _____ C:\Windows\system32\config\SOFTWARE
2018-02-06 22:13 - 2018-02-06 23:40 - 013107200 _____ C:\Windows\system32\config\SYSTEM
2018-02-06 22:13 - 2018-02-06 23:40 - 000524288 _____ C:\Windows\system32\config\DEFAULT
2018-02-06 22:13 - 2018-02-06 23:40 - 000262144 _____ C:\Windows\system32\config\BBI
2018-02-06 22:13 - 2018-02-06 23:40 - 000065536 _____ C:\Windows\system32\config\SECURITY
2018-02-06 22:13 - 2018-02-06 23:09 - 000000000 ___HD C:\$SysReset
2018-02-06 22:13 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\servicing
2018-02-06 22:13 - 2018-02-06 22:17 - 000065536 _____ C:\Windows\system32\config\SAM
2018-02-06 22:13 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\SMI
2018-01-09 19:33 - 2016-09-28 20:15 - 000162120 _____ (Qualcomm Atheros, Inc.) C:\Windows\system32\Drivers\e2xw10x64.sys
2017-12-14 01:05 - 2018-02-07 02:27 - 000000000 ___HD C:\$WINDOWS.~BT
2017-11-09 04:41 - 2017-11-09 04:41 - 000504360 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstusb.sys
2017-11-09 04:40 - 2017-11-09 04:40 - 001630248 _____ (NVIDIA Corporation) C:\Windows\system32\nvir3dgenco64.dll
2017-11-09 04:38 - 2018-01-23 19:23 - 001682288 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-11-09 04:38 - 2018-01-23 19:23 - 000226760 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-11-09 04:38 - 2017-11-09 04:38 - 001997752 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438813.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 001682544 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438813.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 001624168 _____ (NVIDIA Corporation) C:\Windows\system32\SET293.tmp
2017-11-09 04:38 - 2017-11-09 04:38 - 000233904 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\SET1C5.tmp
2017-11-09 04:25 - 2018-01-23 19:23 - 004580832 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 004533184 _____ (NVIDIA Corporation) C:\Windows\system32\SET65F8.tmp
2017-11-09 03:57 - 2018-01-23 19:23 - 000048407 _____ C:\Windows\system32\nvinfo.pb
 
==================== Three Months Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
 
Some files in TEMP:
====================
2018-02-07 02:12 - 2018-02-07 02:13 - 001069856 _____ () C:\Users\Danny\AppData\Local\Temp\rscp_setup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {35969b89-0b6b-11e8-a194-abe35755e710}
                        {263ba3c2-0b81-11e8-af9d-806e6f6e6963}
                        {263ba3c3-0b81-11e8-af9d-806e6f6e6963}
                        {263ba3c4-0b81-11e8-af9d-806e6f6e6963}
timeout                 1
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {35969b91-0b6b-11e8-a194-abe35755e710}
displayorder            {current}
bootsequence            {35969b90-0b6b-11e8-a194-abe35755e710}
toolsdisplayorder       {memdiag}
timeout                 0
 
Firmware Application (101fffff)
-------------------------------
identifier              {263ba3c2-0b81-11e8-af9d-806e6f6e6963}
description             UEFI:CD/DVD Drive
 
Firmware Application (101fffff)
-------------------------------
identifier              {263ba3c3-0b81-11e8-af9d-806e6f6e6963}
description             UEFI:Removable Device
 
Firmware Application (101fffff)
-------------------------------
identifier              {263ba3c4-0b81-11e8-af9d-806e6f6e6963}
description             UEFI:Network Device
 
Firmware Application (101fffff)
-------------------------------
identifier              {35969b89-0b6b-11e8-a194-abe35755e710}
description             UEFI: Built-in EFI Shell 
 
Windows Boot Loader
-------------------
identifier              {35969b8d-0b6b-11e8-a194-abe35755e710}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{35969b8e-0b6b-11e8-a194-abe35755e710}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{35969b8e-0b6b-11e8-a194-abe35755e710}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.efi
description             Windows 10
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {35969b8d-0b6b-11e8-a194-abe35755e710}
displaymessageoverride  Recovery
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \Windows
resumeobject            {35969b91-0b6b-11e8-a194-abe35755e710}
nx                      OptOut
bootmenupolicy          Standard
 
Resume from Hibernate
---------------------
identifier              {35969b91-0b6b-11e8-a194-abe35755e710}
device                  partition=C:
path                    \Windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {35969b8d-0b6b-11e8-a194-abe35755e710}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 No
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Local
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {35969b8e-0b6b-11e8-a194-abe35755e710}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
LastRegBack: 2018-02-06 23:10
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Danny (07-02-2018 02:36:52)
Running from C:\Users\Danny\Desktop
Windows 10 Pro Version 1607 (X64) (2018-02-07 04:17:14)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-282559497-451337721-2173362044-500 - Administrator - Disabled)
Danny (S-1-5-21-282559497-451337721-2173362044-1001 - Administrator - Enabled) => C:\Users\Danny
DefaultAccount (S-1-5-21-282559497-451337721-2173362044-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-282559497-451337721-2173362044-1000 - Limited - Disabled)
Guest (S-1-5-21-282559497-451337721-2173362044-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AntiLogger Free version 1.8.2.320 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.320 - Zemana Ltd.)
Comodo Dome Shield IP Updater Agent (HKLM-x32\...\{302BFEBD-A200-4588-A734-22D77AE90DD4}) (Version: 1.0.0.2 - COMODO)
Comodo Shield Agent (HKLM-x32\...\{89047C23-659B-4718-BD55-8950BC33353E}) (Version: 1.2.0.6 - COMODO)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 390.77 - NVIDIA Corporation) Hidden
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.4 - Emsisoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.140 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation)
Killer Bandwidth Control Filter Driver (HKLM\...\{5B7A2B7B-CEA9-4E50-B0E4-E82F204CBE78}) (Version: 1.1.57.1125 - Rivet Networks)
Killer E220x Drivers (HKLM\...\{77C95134-CA2D-4614-9C86-55B7A6A281AA}) (Version: 1.1.57.1125 - Rivet Networks)
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.57.1125 - Rivet Networks)
Malwarebytes Anti-Exploit version 1.11.1.48 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.11.1.48 - Malwarebytes)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-282559497-451337721-2173362044-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.27 - MSI)
MSIRegister (HKLM-x32\...\{80B995A4-3A86-4690-98A6-563F1A788835}_is1) (Version: 2.0.0.10 - MSI)
NordVPN (HKLM-x32\...\{268B3D75-199F-4844-9AFF-36A629814C8B}) (Version: 6.11.11 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.11.11) (Version: 6.11.11 - NordVPN)
Norton Security (HKLM-x32\...\NS) (Version: 22.10.0.85 - Symantec Corporation)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.6.1.145 - Symantec Corporation)
NVIDIA Graphics Driver 390.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 390.77 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Reason Core Security (HKLM-x32\...\Reason Core Security) (Version: 1.1.0.0 - Reason Software Company Inc.)
SafeNet Authentication Client 10.3 (HKLM\...\{2F50DC95-4FAE-4025-84F3-844C2100ABE5}) (Version: 10.3.25.0 - Gemalto)
TAP-NordVPN 9.21.2 (HKLM\...\TAP-NordVPN) (Version: 9.21.2 - NordVPN.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.13 - Tweaking.com)
UCheck version 2.3.2.0 (HKLM\...\C4E7EE54-826F-41C4-BE3C-375CC70DC1D8_is1) (Version: 2.3.2.0 - Adlice Software)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{7C070E60-8769-4763-BBD8-7537A28A60D4}) (Version: 1.10.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22350 - Microsoft Corporation)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-02-07] ()
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-01-23] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-02-07] ()
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0DE1C53F-E391-4716-B3CF-C43DB0921FAE} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {22C764B0-4DB2-4CCC-87AB-AA778CF31B3B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-06] (Google Inc.)
Task: {28C3C354-96C8-4844-ADE9-1DEAF435B8B8} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.10.0.85\SymErr.exe [2017-07-14] (Symantec Corporation)
Task: {34C3B638-9FC5-4374-A5DC-57C412591ED9} - System32\Tasks\Norton Security Scan for Danny => C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.145\Nss.exe [2017-12-15] (Symantec Corporation)
Task: {35A760EC-288D-4081-8CA2-32571CDFE70C} - System32\Tasks\ReasonSecurityScheduledScan => C:\Program Files\Reason\Security\rsUI.exe [2015-08-12] (Reason Software Company Inc.)
Task: {3732AD9F-0418-4A63-BF9F-A7AD3A301CD2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-06] (Google Inc.)
Task: {768EBD4A-2761-462A-B08D-591C319E75AC} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2017-07-14] (Symantec Corporation)
Task: {9599B2F8-3435-400F-8357-B7213FBAB6F6} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.10.0.85\SymErr.exe [2017-07-14] (Symantec Corporation)
Task: {C353E55C-EFDF-4BE4-8E65-9144E736B370} - System32\Tasks\MSI_Toast_Server => C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe [2017-07-10] (Micro-Star INT'L CO., LTD.)
Task: {C78FC94F-304B-4EFE-A806-99422B7786D6} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.10.0.85\WSCStub.exe [2017-07-14] (Symantec Corporation)
Task: {C7D003D8-1C1B-48A4-90DC-DCABFB782CA2} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.10.0.85\SymErr.exe [2017-07-14] (Symantec Corporation)
Task: {F63FC785-BFFA-4118-B902-F03525F9EAFD} - System32\Tasks\ReasonSecurityStart => C:\Program Files\Reason\Security\rsUI.exe [2015-08-12] (Reason Software Company Inc.)
Task: {F8E92E22-52ED-4039-A6BC-81BC655B7886} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 000231424 ____N () C:\Windows\SYSTEM32\ism32k.dll
2016-07-16 06:42 - 2016-07-16 06:42 - 002681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2018-02-07 00:12 - 2018-02-07 00:19 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-02-07 00:12 - 2018-02-07 00:19 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-02-05 07:29 - 2018-02-05 07:29 - 000420640 _____ () C:\Program Files (x86)\NordVPN\nordvpn-service.exe
2017-10-20 16:42 - 2017-10-20 16:42 - 000393200 _____ () C:\Windows\system32\igfxTray.exe
2018-01-22 05:26 - 2018-01-22 05:26 - 000217375 _____ () C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\liblzo2-2.dll
2018-01-22 05:26 - 2018-01-22 05:26 - 000118668 _____ () C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\libpkcs11-helper-1.dll
2018-01-18 14:25 - 2018-01-18 14:25 - 000158720 _____ () C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\Liberation.Native.OpenvpnFwHelperPlugin.dll
2018-01-18 14:25 - 2018-01-18 14:25 - 000305152 _____ () C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\Liberation.Native.Firewall.dll
2018-02-06 23:51 - 2018-01-23 19:23 - 000544240 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll
2018-02-06 23:11 - 2018-01-23 17:57 - 000133704 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-12-26 11:07 - 2017-12-26 11:07 - 000235520 _____ () C:\Program Files (x86)\COMODO\Shield Agent\dnscrypt-proxy.exe
2018-02-06 23:52 - 2018-02-01 01:13 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.140\libglesv2.dll
2018-02-06 23:52 - 2018-02-01 01:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.140\libegl.dll
2018-02-07 02:20 - 2018-02-07 02:20 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2016-07-16 06:42 - 2016-07-16 06:42 - 000130048 _____ () C:\Windows\SYSTEM32\CHARTV.dll
2016-07-16 06:42 - 2016-07-16 06:42 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-07-16 06:43 - 2016-07-16 06:43 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-07-16 06:43 - 2016-07-16 09:28 - 009761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-16 06:43 - 2016-07-16 09:28 - 001400320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-16 06:43 - 2016-07-16 09:28 - 000757248 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-07-16 06:43 - 2016-07-16 09:28 - 001033728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-07-16 06:43 - 2016-07-16 09:28 - 002438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-16 06:43 - 2016-07-16 09:28 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2018-02-07 00:11 - 2005-07-18 13:43 - 000160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2018-01-18 14:25 - 2018-01-18 14:25 - 000233472 _____ () C:\Program Files (x86)\NordVPN\Liberation.Native.Firewall.dll
2017-12-26 11:07 - 2017-12-26 11:07 - 000831511 _____ () C:\Program Files (x86)\COMODO\Shield Agent\libsodium-18.dll
2017-12-26 11:07 - 2017-12-26 11:07 - 000095232 _____ () C:\Program Files (x86)\COMODO\Shield Agent\libgcc_s_sjlj-1.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2018-02-06 22:16 - 2018-02-07 02:24 - 000000825 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-282559497-451337721-2173362044-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 103.86.99.99 - 103.86.96.96
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "MSIRegister"
HKU\S-1-5-21-282559497-451337721-2173362044-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{5C49212B-057E-4510-8D1B-76E2A28EB1F2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{62BE74E1-827D-4267-A0D6-249F15611F6A}] => (Allow) C:\Users\Danny\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpn.exe
FirewallRules: [{4573D824-F365-4633-9F88-ABCE778E3671}] => (Allow) C:\Users\Danny\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpnserv.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: Root Print Queue
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/07/2018 02:20:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: a2service.exe, version: 2018.1.0.8407, time stamp: 0x58fe0540
Faulting module name: ntdll.dll, version: 10.0.14393.0, time stamp: 0x578997b2
Exception code: 0xc0000374
Fault offset: 0x00000000000f73e3
Faulting process id: 0x2e60
Faulting application start time: 0x01d39fe24502ae7f
Faulting application path: C:\Program Files\Emsisoft Anti-Malware\a2service.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 3afeed84-ed2a-4374-b079-c3f5a5cb6949
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/06/2018 11:25:03 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (02/07/2018 01:23:27 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DANNY-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/07/2018 12:48:27 AM) (Source: MsiInstaller) (EventID: 11606) (User: DANNY-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.
 
Error: (02/07/2018 12:48:21 AM) (Source: MsiInstaller) (EventID: 11606) (User: DANNY-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.
 
Error: (02/07/2018 12:37:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.1284, time stamp: 0x5a15ab42
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00
Exception code: 0xc0000005
Fault offset: 0x001aa3b6
Faulting process id: 0x27f4
Faulting application start time: 0x01d39fd5bc8f3990
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 849c3fc3-e05e-43c7-ac88-0997205390f5
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/07/2018 12:37:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.0.0.1284, time stamp: 0x5a15a98e
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00
Exception code: 0xc0000005
Fault offset: 0x001aa3b6
Faulting process id: 0x2718
Faulting application start time: 0x01d39fd5bdd68853
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 770e9e3b-bb66-4748-8f56-6439b0a135eb
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/07/2018 12:36:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1023.
 
Error: (02/07/2018 12:36:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1023.
 
Error: (02/07/2018 12:36:11 AM) (Source: ESENT) (EventID: 455) (User: )
Description: Catalog Database (1308) Catalog Database: Error -1023 (0xfffffc01) occurred while opening logfile C:\Windows\system32\CatRoot2\edb.log.
 
 
System errors:
=============
Error: (02/07/2018 02:20:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Emsisoft Protection Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (02/07/2018 01:06:26 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Feature update to Windows 10, version 1709.
 
Error: (02/07/2018 01:02:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/07/2018 01:02:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/07/2018 01:02:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/07/2018 01:02:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/06/2018 11:45:42 PM) (Source: DCOM) (EventID: 10010) (User: DANNY-PC)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.
 
Error: (02/06/2018 11:44:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/06/2018 11:40:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WMPNetworkSvc service terminated with the following error: 
An attempt was made to reference a token that does not exist.
 
Error: (02/06/2018 11:40:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HvHost service terminated with the following error: 
A device attached to the system is not functioning.
 
 
CodeIntegrity:
===================================
  Date: 2018-02-07 02:20:36.781
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
 
  Date: 2018-02-07 02:18:04.527
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-02-07 02:16:54.749
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-02-07 02:13:11.054
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
 
  Date: 2018-02-07 02:07:45.873
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
 
  Date: 2018-02-07 02:07:30.530
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-02-06 23:44:14.886
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-02-07 01:34:54.294
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-02-07 01:33:02.087
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2018-02-07 01:08:08.070
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 36%
Total physical RAM: 15818.61 MB
Available physical RAM: 10090.99 MB
Total Virtual: 18762.61 MB
Available Virtual: 11920.08 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:223.02 GB) (Free:179.35 GB) NTFS
Drive d: () (Fixed) (Total:223.55 GB) (Free:223.38 GB) NTFS
Drive e: (RT-AC3100) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 843B38AA)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 223.6 GB) (Disk ID: D067D13D)
 
Partition: GPT.

==================== End of Addition.txt ============================
Users shortcut scan result (x64) Version: 27.01.2018
Ran by Danny (07-02-2018 02:37:05)
Running from C:\Users\Danny\Desktop
Boot Mode: Normal
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\Danny\Documents ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\Danny\Downloads ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\Danny\Music ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\Danny\Pictures ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\Danny\Videos ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\08 - Homegroup.lnk -> Microsoft.Windows.Homegroup
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\09 - Network.lnk -> Microsoft.Windows.Network
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\Danny ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk -> C:\Windows\MiracastView\MiracastView.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk -> C:\Windows\PrintDialog\PrintDialog.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware\Zemana AntiMalware.lnk -> C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free\AntiLogger Free.lnk -> C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe (Zemana Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free\Uninstall AntiLogger Free.lnk -> C:\Program Files (x86)\Zemana AntiLogger Free\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UCheck\UCheck.lnk -> C:\Program Files\UCheck\UCheck64.exe (Adlice Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SafeNet\SafeNet Authentication Client\SafeNet Authentication Client Tools.lnk -> C:\Program Files\SafeNet\Authentication\SAC\x64\SACTools.exe (Gemalto)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SafeNet\SafeNet Authentication Client\SafeNet Authentication Client.lnk -> C:\Program Files\SafeNet\Authentication\SAC\x64\SACMonitor.exe (Gemalto)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security\Reason Core Security.lnk -> C:\Program Files\Reason\Security\rsUI.exe (Reason Software Company Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan\Norton Security Scan.LNK -> C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.145\Nss.exe (Symantec Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN\NordVPN.lnk -> C:\Program Files (x86)\NordVPN\NordVPN.exe (NordVPN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI\MSIRegister\MSIRegister.lnk -> C:\MSI\MSIRegister\MSIRegister.exe (Micro-Star INT'L CO., LTD.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI\MSIRegister\Uninstall MSIRegister.lnk -> C:\MSI\MSIRegister\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI\Live Update\Live Update.lnk -> C:\Program Files (x86)\MSI\Live Update\Live Update.exe (Micro-Star INT'L CO., LTD.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI\Live Update\Uninstall Live Update.lnk -> C:\Program Files (x86)\MSI\Live Update\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware\Emsisoft Anti-Malware.lnk -> C:\Program Files\Emsisoft Anti-Malware\a2start.exe (Emsisoft Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware\Emsisoft Homepage.lnk -> C:\Program Files\Emsisoft Anti-Malware\Emsisoft.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware\Help.lnk -> C:\Program Files\Emsisoft Anti-Malware\en-us.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware\Uninstall.lnk -> C:\Program Files\Emsisoft Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo\Dome Shield Dynamic IP Updater\Shield IP Updater.lnk -> C:\Program Files (x86)\COMODO\Shield IP Updater\cShieldIpUpdater.exe (COMODO Security Solutions)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\syswow64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft® Windows® Operating System)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\Links\Desktop.lnk -> C:\Users\Danny\Desktop ()
Shortcut: C:\Users\Danny\Links\Downloads.lnk -> C:\Users\Danny\Downloads ()
Shortcut: C:\Users\Danny\Links\OneDrive.lnk -> C:\Users\Danny\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\Desktop\Tweaking.com - Windows Repair.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe (Tweaking.com)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Danny\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Open Windows Repair (WR) Tray Icon.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe (Tweaking.com)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Tweaking.com - Registry Backup.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\registry_backup_tool\TweakingRegistryBackup.exe (Tweaking.com)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Tweaking.com - Windows Repair.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe (Tweaking.com)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Windows Repair Help.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\help\windows_repair.chm ()
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\AntiLogger Free.lnk -> C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe (Zemana Ltd.)
Shortcut: C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk -> C:\Program Files\Emsisoft Anti-Malware\a2start.exe (Emsisoft Ltd)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\MSI Live Update 6.lnk -> C:\Program Files (x86)\MSI\Live Update\Live Update.exe (Micro-Star INT'L CO., LTD.)
Shortcut: C:\Users\Public\Desktop\NordVPN.lnk -> C:\Program Files (x86)\NordVPN\NordVPN.exe (NordVPN)
Shortcut: C:\Users\Public\Desktop\Norton Security Scan.LNK -> C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.145\Nss.exe (Symantec Corporation)
Shortcut: C:\Users\Public\Desktop\Reason Core Security.lnk -> C:\Program Files\Reason\Security\rsUI.exe (Reason Software Company Inc.)
Shortcut: C:\Users\Public\Desktop\UCheck.lnk -> C:\Program Files\UCheck\UCheck64.exe (Adlice Software)
Shortcut: C:\Users\Public\Desktop\Zemana AntiMalware.lnk -> C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk -> C:\Windows10Upgrade\Windows10UpgraderApp.exe (Microsoft Corporation) -> /ClientID "Win10Upgrade:VNL:EosWuV2:{}"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free\Generate Log File\Generate Log File.lnk -> C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe (Zemana Ltd.) -> /CRASH
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security\Norton Security.lnk -> C:\Program Files\Norton Security\Engine\22.10.0.85\uistub.exe (Symantec Corporation) -> /win8
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe () ->  /LOG
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Danny\Desktop\Windows 10 Update Assistant.lnk -> C:\Windows10Upgrade\Windows10UpgraderApp.exe (Microsoft Corporation) -> /ClientID "Win10Upgrade:VNL:EosWuV2:{}"
ShortcutWithArgument: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Uninstall Tweaking.com - Windows Repair.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\uninstall.exe (Indigo Rose Corporation) -> "/U:C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Uninstall\uninstall.xml"
ShortcutWithArgument: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsDefaults
ShortcutWithArgument: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemDevices
ShortcutWithArgument: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /0
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsDefaults
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemDevices
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsDefaults
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemDevices
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /0
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Public\Desktop\Norton Security.lnk -> C:\Program Files\Norton Security\Engine\22.10.0.85\uistub.exe (Symantec Corporation) -> /win8
 
 
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free\AntiLogger Free on the Web.url -> URL: hxxp://www.zemana.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security\Reason Core Security on the Web.url -> URL: hxxp://www.reasoncoresecurity.com
InternetURL: C:\Users\Danny\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\Danny\Favorites\Links\Microsoft.com site search results (2).url -> BASEURL: hxxps://www.microsoft.com/en-us/search/result.aspx?q=chrome download windows 10 URL: hxxps://www.microsoft.com/en-us/search/result.aspx?q=chrome download windows 10#nav-downloads
InternetURL: C:\Users\Danny\Favorites\Links\Microsoft.com site search results.url -> BASEURL: hxxps://www.microsoft.com/en-us/search/result.aspx?q=chrome download windows 10 URL: hxxps://www.microsoft.com/en-us/search/result.aspx?q=chrome download windows 10#nav-downloads
 
==================== End of Shortcut.txt =============================


#10 frazz

frazz
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 07 February 2018 - 02:56 AM

Here is an FRST log from just now

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by Danny (administrator) on DANNY-PC (07-02-2018 02:36:22)
Running from C:\Users\Danny\Desktop
Loaded Profiles: Danny (Available Profiles: Danny)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Micro-Star INT'L CO., LTD.) C:\MSI\MSIRegister\MSIRegisterService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
() C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.10.0.85\ns.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.10.0.85\ns.exe
(NordVPN) C:\Program Files (x86)\NordVPN\NordVPN.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows10Upgrade\Windows10UpgraderApp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(The OpenVPN Project) C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\openvpn-nordvpn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Adlice Software) C:\Program Files\UCheck\UCheck64.exe
(Gemalto) C:\Program Files\SafeNet\Authentication\SAC\x64\SACSRV.exe
(COMODO Security Solutions) C:\Program Files (x86)\COMODO\Shield Agent\cShield.exe
(COMODO Security Solutions) C:\Program Files (x86)\COMODO\Shield Agent\cshield_tray_helper.exe
() C:\Program Files (x86)\COMODO\Shield Agent\dnscrypt-proxy.exe
(Gemalto) C:\Program Files\SafeNet\Authentication\SAC\x64\SACTools.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsUI.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsEngineSvc.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\397cffd104f9525702c352b7f8a90682\WindowsUpdateBox.exe
(Microsoft Corporation) C:\$WINDOWS.~BT\Sources\SetupHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.10.0.85\conathst.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.10.0.85\conathst.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SACMonitor] => C:\Program Files\SafeNet\Authentication\SAC\x64\SACMonitor.exe [636984 2017-03-29] (Gemalto)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8980016 2015-11-05] (Zemana Ltd.)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [26119352 2018-01-30] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [MSIRegister] => C:\MSI\MSIRegister\MSIRegister.exe [1262544 2017-07-11] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2479392 2017-12-18] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Comodo Dome Shield Tray Helper] => C:\Program Files (x86)\COMODO\Shield Agent\cshield_tray_helper.exe [1765176 2018-01-05] (COMODO Security Solutions)
HKLM-x32\...\Run: [Comodo Dome Shield IP Updater] => C:\Program Files (x86)\COMODO\Shield IP Updater\cShieldIpUpdater.exe [2117432 2017-12-15] (COMODO Security Solutions)
Winlogon\Notify\ScCertProp: 
Winlogon\Notify\ScCertProp: 
HKU\S-1-5-21-282559497-451337721-2173362044-1001\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [5851936 2018-02-05] (NordVPN)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-282559497-451337721-2173362044-1001] => Proxy is enabled.
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{47fc06bb-498b-40fa-aae7-c55c5a19934f}: [NameServer] 8.26.56.10,8.20.247.10
Tcpip\..\Interfaces\{47fc06bb-498b-40fa-aae7-c55c5a19934f}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9b024e62-78d7-459f-bd93-21f3c937c18a}: [DhcpNameServer] 103.86.99.99 103.86.96.96 78.46.223.24 162.242.211.137
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-282559497-451337721-2173362044-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-282559497-451337721-2173362044-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-282559497-451337721-2173362044-1001 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=oem&geo=US&ver=22.10.0.85&locale=en_US&guid=CD2A8243-B5BE-4488-8524-EA0BB83A9DE0&doi=2018-02-06&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-282559497-451337721-2173362044-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=oem&geo=US&ver=22.10.0.85&locale=en_US&guid=CD2A8243-B5BE-4488-8524-EA0BB83A9DE0&doi=2018-02-06&gct=kwd&qsrc=2869
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-02-07] (Google Inc.)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-02-07] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-02-07] (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-02-07] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-282559497-451337721-2173362044-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.10.0.85\coIEPlg.dll [2017-07-14] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-282559497-451337721-2173362044-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-02-07] (Google Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\coFFAddon [2018-02-06] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.0.71\coFFAddon
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-06] (Google Inc.)
 
Chrome: 
=======
CHR NewTab: Default ->  Active:"chrome-extension://gfoabcdjalmeenbjjngidappmppchblc/homePageRedirect.html"
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Profile: C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default [2018-02-07]
CHR Extension: (Slides) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-06]
CHR Extension: (Docs) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-06]
CHR Extension: (Google Drive) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-06]
CHR Extension: (TunnelBear Blocker) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\bebdhgdigjiiamnkcenegafmfjoghafk [2018-02-07]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2018-02-06]
CHR Extension: (YouTube) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2018-02-07]
CHR Extension: (uBlock Origin) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-02-06]
CHR Extension: (Sheets) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-06]
CHR Extension: (HTTPS Everywhere) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2018-02-06]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfoabcdjalmeenbjjngidappmppchblc [2018-02-06]
CHR Extension: (Norton Safe) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbmobhkkblcgdifigjglcjneplefbkmh [2018-02-06]
CHR Extension: (Norton Identity Safe) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2018-02-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-06]
CHR Extension: (TunnelBear Inc.) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2018-02-07]
CHR Extension: (Gmail) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-06]
CHR Extension: (Chrome Media Router) - C:\Users\Danny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-06]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.10.0.85\Exts\Chrome.crx [2018-02-06]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.10.0.85\Exts\Chrome.crx [2018-02-06]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9303352 2018-01-31] (Emsisoft Ltd)
R2 cShield; C:\Program Files (x86)\COMODO\Shield Agent\cShield.exe [2019648 2018-01-05] (COMODO Security Solutions)
R2 dnscrypt-proxy; C:\Program Files (x86)\COMODO\Shield Agent\dnscrypt-proxy.exe [235520 2017-12-26] () [File not signed]
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [153888 2017-12-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MSIREGISTER_MR; C:\MSI\MSIRegister\MSIRegisterService.exe [128976 2017-07-11] (Micro-Star INT'L CO., LTD.)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2306232 2018-01-25] (Micro-Star INT'L CO., LTD.)
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [420640 2018-02-05] ()
R2 NS; C:\Program Files\Norton Security\Engine\22.10.0.85\NS.exe [326144 2017-07-14] (Symantec Corporation)
R2 osrss; C:\Windows\system32\osrss.dll [108584 2018-01-09] (Microsoft Corporation)
R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [293656 2018-02-07] (Reason Software Company Inc.)
R2 rsEngineSvc; C:\Program Files\Reason\Security\rsEngineSvc.exe [80144 2015-08-12] (Reason Software Company Inc.)
R2 SACSrv; C:\Program Files\SafeNet\Authentication\SAC\x64\SACSRV.exe [48696 2017-03-29] (Gemalto)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
S3 disconnect-openvpn; C:\Users\Danny\AppData\Roaming\Disconnect\Disconnect Desktop\nssm.exe [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AKSIFDH; C:\Windows\system32\DRIVERS\aksifdh.sys [62632 2017-03-29] (Aladdin Knowledge Systems, Ltd.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [144456 2016-01-22] (Rivet Networks, LLC.)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\BASHDefs\20180201.001\BHDrvx64.sys [1872024 2018-02-01] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\160A000.055\ccSetx64.sys [187520 2017-07-14] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-02-06] (Symantec Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [152656 2018-02-06] (Symantec Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2018-02-07] ()
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\IPSDefs\20180206.001\IDSvia64.sys [1056920 2018-02-06] (Symantec Corporation)
R3 iKeyEnum; C:\Windows\system32\DRIVERS\ikeyenum.sys [16160 2017-03-29] (SafeNet, Inc.)
R3 iKeyIFD; C:\Windows\system32\DRIVERS\ikeyifd.sys [22304 2017-03-29] (SafeNet, Inc.)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [162120 2016-09-28] (Qualcomm Atheros, Inc.)
R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193464 2018-02-07] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2018-02-06] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [46008 2018-02-06] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-06] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2018-02-07] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7a39871618b19f06\nvlddmkm.sys [17493824 2018-01-24] (NVIDIA Corporation)
U5 RnbToken; C:\Windows\System32\Drivers\RnbToken.sys [24352 2017-03-29] (SafeNet, Inc.)
R1 SRTSP; C:\Windows\System32\Drivers\NSx64\160A000.055\SRTSP64.SYS [810136 2017-07-14] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\160A000.055\SRTSPX64.SYS [49304 2017-07-14] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\160A000.055\SYMEFASI64.SYS [1868416 2017-07-14] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\160A000.055\SymELAM.sys [24608 2017-07-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102568 2018-02-06] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\160A000.055\Ironx64.SYS [301288 2017-07-14] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\160A000.055\SYMNETS.SYS [566912 2017-07-14] (Symantec Corporation)
R3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [84432 2017-03-27] (The OpenVPN Project)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2018-02-07] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2018-02-07] (Zemana Ltd.)
S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\SDSDefs\20180206.006\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\SDSDefs\20180206.006\NAVEX15.SYS [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\drivers\1394ohci.sys A7901875F89D011C38CF52C98ACF5B29
C:\Windows\System32\drivers\3ware.sys EE1CCC54F75C24727A218F98FC5349DA
C:\Windows\System32\drivers\ACPI.sys 73C73E1AA0D4D727A04AAAB120B7F56A
C:\Windows\System32\drivers\AcpiDev.sys 0935496EF9624B46B935CB35ECE1F205
C:\Windows\System32\Drivers\acpiex.sys D6794C31F4077B71433988787BAA926E
C:\Windows\System32\drivers\acpipagr.sys FE5F656D6B35089DA39112E74EC6A85A
C:\Windows\System32\drivers\acpipmi.sys 2F242941E4DFF69B883D77A16F039557
C:\Windows\System32\drivers\acpitime.sys C247E35A21682DA8D0DC3AF9F025FCC5
C:\Windows\System32\drivers\ADP80XX.SYS 49B9DB97AFC85DCCBDACDAB2E90085B7
C:\Windows\system32\drivers\afd.sys 983266DA83FFF73DBDDD3730A4712228
C:\Windows\System32\DRIVERS\ahcache.sys E44DB3F7225EC3E119560738B3619972
C:\Windows\system32\DRIVERS\aksifdh.sys 3392A62BD8C2232C87B94C330AFA91B1
C:\Windows\System32\drivers\amdk8.sys DF21E05E41E5AC3F13F304D91457649A
C:\Windows\System32\drivers\amdppm.sys 45D0AA4BB90B821DF92E8F19ABED0C5E
C:\Windows\System32\drivers\amdsata.sys 74FFBC43B4B899C9A8CA06A892F2CE73
C:\Windows\System32\drivers\amdsbs.sys AAB0F1D8D7E54761ABAB13AF161F1680
C:\Windows\System32\drivers\amdxata.sys F91BAAC4237C40352A807000F3B716F9
C:\Windows\System32\drivers\appid.sys BC121C099C6C659126AD2102AFDFF8CF
C:\Windows\System32\drivers\applockerfltr.sys 68190E2BADF23BD782344970E5B5DE9E
C:\Windows\system32\drivers\AppvStrm.sys FC51FBAF73621601693DA24262353DE3
C:\Windows\system32\drivers\AppvVemgr.sys 8DC924848E20F890BEFC6B31136D46BE
C:\Windows\system32\drivers\AppvVfs.sys 9ADC5A8BEE10E174F95349E9232D8E76
C:\Windows\System32\drivers\arcsas.sys E6AB1F0B4C3D4E0D2A88332D76FECD03
C:\Windows\System32\drivers\asyncmac.sys 61C5A480C43E7E8E49C42869F49D0D3E
C:\Windows\System32\drivers\atapi.sys A10F989A812B57B9695F6C305907C9C6
C:\Windows\System32\drivers\bxvbda.sys 61BAC67048CA5C1D08C48FCC8012B613
C:\Windows\System32\drivers\BasicDisplay.sys 68F72B05EBC6D1779C0D60A147C7CA0B
C:\Windows\System32\drivers\BasicRender.sys 23156E7EDAF613D839E2839746B168D3
C:\Windows\System32\drivers\bcmfn.sys 3F5523DCEFE42B385659C5CB46A6B810
C:\Windows\System32\drivers\bcmfn2.sys 0B750A6A6D847E73CA48ADD7A0F5A393
C:\Windows\System32\Drivers\Beep.sys 0A508274355745EEF01C6BE3198D02C4
C:\Windows\system32\DRIVERS\bwcW10x64.sys A9C299A036F7BAB662868D7250BAC799
C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\BASHDefs\20180201.001\BHDrvx64.sys 97CC114712E5CCFA89082392EB89D21E
C:\Windows\System32\DRIVERS\bowser.sys EEBFAEB4702E1049ECD44B10485E6C0C
C:\Windows\System32\drivers\BthAvrcpTg.sys 722036C26D2C4E50EC2A2EC5FD678846
C:\Windows\System32\drivers\bthhfenum.sys C2E31BE025D46D189E38DD1EDF07837A
C:\Windows\System32\drivers\BthHFHid.sys F7CD605FC0B0B22F3F6F247595E3A655
C:\Windows\System32\drivers\bthmodem.sys 535DC41A33630AE4C262406F9E981C03
C:\Windows\System32\drivers\buttonconverter.sys 23F9EF739F685E07482116425E7879AA
C:\Windows\System32\drivers\capimg.sys 4C61113687EB66035A70A55EE9B7DB4A
C:\Windows\system32\drivers\NSx64\160A000.055\ccSetx64.sys C407C0279B86DA6C36741B4AF80BF630
C:\Windows\System32\DRIVERS\cdfs.sys F8FB51B9EF6372610E9B31A1D86B62FC
C:\Windows\System32\drivers\cdrom.sys 613D0137C269187FA298A157E3D14A18
C:\Windows\System32\drivers\cht4sx64.sys 0AED948DA8D5F08B3D6F12E4E2089736
C:\Windows\System32\drivers\cht4vx64.sys 0002A0FDE087C1657AB31CE73077539C
C:\Windows\System32\drivers\circlass.sys 6B4F90A287D75CCD78694F6790C911B2
C:\Windows\System32\drivers\CLFS.sys 09D0B94D3A06EFD1EB70189EC4B26DF7
C:\Windows\System32\drivers\registry.sys EEC3A4A98AE1A337E3CD1483AD6F2E15
C:\Windows\System32\drivers\CmBatt.sys 429623E266EF067A44E8CF148E9DFB9B
C:\Windows\System32\Drivers\cng.sys D0438FBD80ECEF7591575AA9E7186E93
C:\Windows\System32\DRIVERS\cnghwassist.sys 3DB10C59405931E2C72EFB82C1AF97D1
C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys 34C935AF2A414572B412B3556586D783
C:\Windows\System32\drivers\condrv.sys 44EEEB2382F566999287E13F2067693C
C:\Windows\System32\drivers\csc.sys 03214883D52FAD46573233852344C72C
C:\Windows\System32\drivers\dam.sys 42F254BA851371E2F5351E59E391751B
C:\Windows\System32\Drivers\dfsc.sys 7EAFDEF51136E8F2452CEBD8D084F108
C:\Windows\System32\drivers\disk.sys 35B9D46560339A5A7F0CAC6ED702C817
C:\Windows\System32\drivers\dmvsc.sys 815F45161A4571C2C44491564F3D5968
C:\Windows\system32\DRIVERS\drmkaud.sys AE6BD4C879A8C849E53947C92DF3B3A0
C:\Windows\System32\drivers\dxgkrnl.sys E28103485F82F30AFC5DE1CEDF4AF295
C:\Windows\System32\drivers\evbda.sys 7EC6FC0266D74BD47ABB130A328B70EC
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 572D6654361A653042693C488197D014
C:\Windows\System32\drivers\EhStorClass.sys 8D74B8B5D6F7C5BC4C525BAF2B083FF1
C:\Windows\System32\drivers\EhStorTcgDrv.sys 4D49B99DCACA1FC782A94DB596246504
C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys 0E840AA66CAB02CBA9730C772BBE305B
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 6E7F4FD29451F0D4D965D0996856F525
C:\Windows\System32\drivers\errdev.sys 77B60DEC7DCB4233E4A69D3F52E5DB24
C:\Windows\system32\drivers\mbae64.sys 7D0520A12B31E6858B3BB7E675AFA34E
C:\Windows\System32\Drivers\exfat.sys FCD2C63754C2E739A8EEAD9BC63F9DDC
C:\Windows\System32\Drivers\fastfat.sys C077AA74EDDAF69985EB27597BCB342A
C:\Windows\System32\drivers\fdc.sys 99598ECA5E41996E005D5B9D9FF1EFA2
C:\Windows\System32\drivers\filecrypt.sys F44F666B0EACC3181544FFCF8CA0FFC7
C:\Windows\System32\drivers\fileinfo.sys 78A210DDFDF2C9EC884631D2DAA573F0
C:\Windows\System32\drivers\filetrace.sys 1A97DB5E701A186989F3795223C3BE39
C:\Windows\System32\drivers\flpydisk.sys 46626665F0E5906E45619B4EFD6186B8
C:\Windows\System32\drivers\fltmgr.sys FDA72ACA14D516D18C33AFCD0FD9260F
C:\Windows\System32\drivers\FsDepends.sys D152CCBFC8251670BF0AAFE00D6BC782
C:\Windows\System32\Drivers\Fs_Rec.sys 6D6BB5C7363CD35FA715E826F3D029EE
C:\Windows\System32\DRIVERS\fvevol.sys B719EAA1EC93586955B013BD7DD61356
C:\Windows\System32\drivers\vmgencounter.sys EF78034773CE506323655A868C949144
C:\Windows\System32\drivers\genericusbfn.sys B55FEBC6A00DAA1FE074F020B6907516
C:\Windows\System32\Drivers\msgpioclx.sys DDD8A8CDDC7F13EF57D1DAAE71865936
C:\Windows\System32\drivers\gpuenergydrv.sys 7ACD8F69B5D6EC97E6D2C006E19BED88
C:\Windows\system32\DRIVERS\HdAudio.sys 217230B984AB2954E2FA5E36578D7B08
C:\Windows\System32\drivers\HDAudBus.sys 10E3515FE5DBA6656FA62C29342EC4A1
C:\Windows\System32\drivers\HidBatt.sys B90D284B97CD4CA9DE7430AAAD887A56
C:\Windows\System32\drivers\hidbth.sys B2FE11643CC6ACDEE6C247DD36018FDB
C:\Windows\System32\drivers\hidi2c.sys D24355488A2D4D2323518EC1AC7A6D9E
C:\Windows\System32\drivers\hidinterrupt.sys 0AF9ABBA4F3F55C6C803890D64BC3C29
C:\Windows\System32\drivers\hidir.sys CDBCF8E9AB06D88A1E1191D32F320C5D
C:\Windows\System32\drivers\hidusb.sys 2B7002EEACFC2687788A34ADB204293D
C:\Windows\System32\drivers\HpSAMD.sys F5CA18197B4646E04DB9EB2D6642CC4D
C:\Windows\System32\drivers\HTTP.sys 65E358D604267CBAACB74A2598BBE22B
C:\Windows\System32\drivers\hvservice.sys 3756E15BB86689412775DF22A442FC46
C:\Windows\System32\drivers\hwpolicy.sys 771EDDA9830A3079F996F34D681FB6E5
C:\Windows\System32\drivers\hyperkbd.sys 3B9F315E7FA72CC25228EB097DD9C694
C:\Windows\System32\drivers\i8042prt.sys B54B30992620C97230013A74461C8517
C:\Windows\System32\drivers\iagpio.sys C6B8743B213F06AA60943D8366FE968F
C:\Windows\System32\drivers\iai2c.sys 9A2A2F3C69B9A30B6E78536F6D258BAD
C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys 5A0E850F8CD17791A3E6A3CF81D0CA28
C:\Windows\System32\drivers\iaLPSS2i_I2C.sys 7508F1096803385D6376BFD0BD473AC4
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\Windows\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\Windows\System32\drivers\iaStorAV.sys 97E553D03219D3D51705C7235D9EAEBD
C:\Windows\System32\drivers\iaStorV.sys 8350FE3BCDE3428BC040877BB7E9EAEB
C:\Windows\System32\drivers\ibbus.sys 3BA03F7C7700DDF4C383DDE9252F5817
C:\Program Files\Norton Security\NortonData\22.9.0.71\Definitions\IPSDefs\20180206.001\IDSvia64.sys 53C62B1F7DC9134130C688A2FCDEDADE
C:\Windows\system32\DRIVERS\igdkmd64.sys 32F5DCDDC3D4DF6DDA96CD29C8FC51A4
C:\Windows\system32\DRIVERS\ikeyenum.sys 73BA74701D8E14D1B431BAB1C75641AD
C:\Windows\system32\DRIVERS\ikeyifd.sys 4E7681D5A354396F95DF46C942733E4A
C:\Windows\System32\drivers\IndirectKmd.sys 2A01C96DF5802D3434634E55C91232D8
C:\Windows\system32\DRIVERS\IntcDAud.sys E300D1E37B737ED14F7A08CD5604E5D9
C:\Windows\System32\drivers\intelide.sys 9F7E87F6595D065A8A200A291043045E
C:\Windows\System32\drivers\intelpep.sys A6BD2E20AE1BC5CB2776C87C28E4F4CA
C:\Windows\System32\drivers\intelppm.sys 2A48DA39542636DB0FA3BA915385D1B3
C:\Windows\System32\drivers\iorate.sys 4A922CAB4AB5F29F1BECC9D95B4B7F05
C:\Windows\System32\DRIVERS\ipfltdrv.sys FE85D0A86CA7A5A99CF8CD04DE7F80AE
C:\Windows\System32\drivers\IPMIDrv.sys 450DBDD716C7911F83E05F78EE18BFA2
C:\Windows\System32\drivers\ipnat.sys F1DAECC3B3D6399875D4F10529D6A77C
C:\Windows\system32\drivers\irda.sys 7475A2903BB704B446AA6309E34D3362
C:\Windows\System32\drivers\irenum.sys 9725E7F0C64CE9916A5CDABE8D6E13C3
C:\Windows\System32\drivers\isapnp.sys 58040898883A96160D41739C80328BBF
C:\Windows\System32\drivers\msiscsi.sys C9FD02D62E09337B67B0C61EC8CA38CC
C:\Windows\System32\drivers\kbdclass.sys 210808437570BDDEE71A43535E3A2D30
C:\Windows\System32\drivers\kbdhid.sys 2D05785B0C58D90A34EA15032EADBBA9
C:\Windows\System32\drivers\kdnic.sys 813BA3EB2CE038F2A5382DDD75CAD60B
C:\Windows\System32\DRIVERS\KeyCrypt64.sys 547E9B25B4407A125D5F187E918BC217
C:\Windows\System32\drivers\e2xw10x64.sys 79FB15772614197065C6F8DF085125CA
C:\Windows\System32\Drivers\ksecdd.sys 9FA1B5D84F596F0664F0465F302044DC
C:\Windows\System32\Drivers\ksecpkg.sys ECC7F3CDF34AAA49C00504466FC2B698
C:\Windows\system32\drivers\ksthunk.sys 4ED115CD1A1099705F56B5E0FFF97CC6
C:\Windows\System32\drivers\lltdio.sys 5933A6673F00D8255C52957E40C2D601
C:\Windows\System32\drivers\lsi_sas.sys 8E1B0946948CCC0BC1FA3CB70374A795
C:\Windows\System32\drivers\lsi_sas2i.sys 4F68163FC04C973500DC4DA0946917B0
C:\Windows\System32\drivers\lsi_sas3i.sys E5AC5F2815938651CDCC27F425474673
C:\Windows\System32\drivers\lsi_sss.sys CCF6EC9FB9B8F18E05B4253E81013E48
C:\Windows\system32\drivers\luafv.sys C9579D32219E5B936AC3A48D470117EC
C:\Windows\System32\Drivers\MbamChameleon.sys C3C2C7E2EEFECD88A76FF626E72BF123
C:\Windows\system32\DRIVERS\farflt.sys 20046A5DB1466EBD0DCAEB84D00C5432
C:\Windows\system32\DRIVERS\mbam.sys 29BD0BB2CD7E37B8C248CFA933FBD1F4
C:\Windows\System32\Drivers\mbamswissarmy.sys B047B9CE5A0D800E6D713B43D0405221
C:\Windows\system32\DRIVERS\mwac.sys 482F6D603BDCC825768D86D8228BD65F
C:\Windows\System32\drivers\megasas.sys C3CDCCF07486BD2616A7B82946E07AC0
C:\Windows\System32\drivers\megasr.sys FADB2FE017E69EECE0E1BA78661C2E8C
C:\Windows\System32\drivers\TeeDriverW8x64.sys F1E754DEEB3369BCCE2228D5C10DE101
C:\Windows\System32\drivers\mlx4_bus.sys FD60818B66B2E8A5415EA840E99A9D8F
C:\Windows\system32\drivers\mmcss.sys 68F6977F1CFBAAC770D940A8C0326FA1
C:\Windows\System32\drivers\modem.sys D842ADDB5911945D51F61A0B1C8F36E3
C:\Windows\System32\drivers\monitor.sys 9CCCB7FC3EDADEBA461D78615A6011A6
C:\Windows\System32\drivers\mouclass.sys 27A07B2FB2E3057DA8DAEA4F25D843C7
C:\Windows\System32\drivers\mouhid.sys 7BD6E7F7C9001AB21B8362CFFEE80B25
C:\Windows\System32\drivers\mountmgr.sys F5BDAEE4B7D369D4C74668DCFBA3FF10
C:\Windows\System32\drivers\mpsdrv.sys 30844BD376F9D01E62C820BEF446F1F8
C:\Windows\system32\drivers\mrxdav.sys 50C2389CD04C5B8632E3DC2D733EF15D
C:\Windows\System32\DRIVERS\mrxsmb.sys C9BB4E2FCAB693FEB00CF940060D94F4
C:\Windows\System32\DRIVERS\mrxsmb10.sys 8F58AEAE00B39AC9AD93755E777B19D8
C:\Windows\System32\DRIVERS\mrxsmb20.sys 6C83C4A8278E48455DA13E554CEB45F1
C:\Windows\System32\drivers\bridge.sys 74C9D21523DAE0C18F413C196DF0058A
C:\Windows\System32\Drivers\Msfs.sys F01B849D9D4A8CEAF32D4FDBD0B83C92
C:\Windows\System32\drivers\msgpiowin32.sys 22ECD8F5D1DFADF2011BBB1700CB871D
C:\Windows\System32\drivers\mshidkmdf.sys FD870F6968A145E4D2BA8A8842686B03
C:\Windows\System32\drivers\mshidumdf.sys 30364757963A028CE5DF0FBAAC270173
C:\Windows\System32\drivers\msisadrv.sys 6BB0FEDDAE7135FA37FFAFF4D9E0E876
C:\Windows\system32\DRIVERS\MSKSSRV.sys 13D614E6B51ECF36746C48CE829FA7F6
C:\Windows\System32\drivers\mslldp.sys 642CDE46351D5D2D90311E77072AB46D
C:\Windows\system32\DRIVERS\MSPCLOCK.sys F2302A5CE63CA7673200FAFCEEEDB6AF
C:\Windows\system32\DRIVERS\MSPQM.sys 6114512EA26E835BA522C63635429DB5
C:\Windows\System32\Drivers\MsRPC.sys AA538E16E644D00E3BA5349BBA9598EC
C:\Windows\System32\drivers\mssecflt.sys 7ACFE7435317E791FF9EED2F49B402F2
C:\Windows\System32\drivers\mssmbios.sys 0543BEFD41EC4D25C7F7CF36409CEC7D
C:\Windows\system32\DRIVERS\MSTEE.sys C1569E4DB8EFE3617847BF041A3C842F
C:\Windows\System32\drivers\MTConfig.sys 130B16970154BA9876B09E5C4BAC63BE
C:\Windows\System32\Drivers\mup.sys 15D987C8F6CCD4AC94E070C5986762CB
C:\Windows\System32\drivers\mvumis.sys 3D2C5B4995CA0751D32DEA0DE9FDFE44
C:\Windows\System32\DRIVERS\nwifi.sys DB31EBB04C871F422C36A0962DA7D38B
C:\Windows\System32\drivers\ndfltr.sys 629CB21AC49C8867E0F29DF1C16DB7B4
C:\Windows\System32\drivers\ndis.sys 36DD2C614720EC2970CB5E870BA69D8D
C:\Windows\System32\drivers\ndiscap.sys 6DD605338FAAF6BA17662AA874E0D162
C:\Windows\System32\drivers\NdisImPlatform.sys E34196F285F8B8879E1FF36C31F7179E
C:\Windows\System32\DRIVERS\ndistapi.sys 1FAD2398673F30CEC616B89C46B7DCBA
C:\Windows\System32\drivers\ndisuio.sys AEB8ECBE66CC46854066CB1F5623E179
C:\Windows\System32\drivers\NdisVirtualBus.sys 7340104C2BF2F126714F7CDE85E63610
C:\Windows\System32\drivers\ndiswan.sys 07ADC1F8DCBEB8104D75129B11584B8C
C:\Windows\System32\DRIVERS\ndiswan.sys 07ADC1F8DCBEB8104D75129B11584B8C
C:\Windows\System32\DRIVERS\NDProxy.sys 78A12E3DF035B5D054986949B19BE43C
C:\Windows\System32\drivers\Ndu.sys 04C8859355C1DC9C0FA198D1894D71C2
C:\Windows\System32\drivers\NetAdapterCx.sys 6C76780A01FC2B885BD6E957B5C36B02
C:\Windows\System32\drivers\netbios.sys 5D1513BD6430307C9DB86C6E351372ED
C:\Windows\System32\DRIVERS\netbt.sys 6FEBB0A847FFD5F057B9AC8889F1B9A7
C:\Windows\System32\Drivers\Npfs.sys 001CBD7A2CD45C4EB39C01C3C677EF73
C:\Windows\System32\drivers\npsvctrig.sys 90F5DC9802AAA00CD0B6E2AD9E7FFADC
C:\Windows\System32\drivers\nsiproxy.sys 0C6218321A09A7B51BA7FFAFBA4CCB21
C:\Windows\System32\Drivers\NTFS.sys D1AF837A1555990602A51A3ED238EC80
C:\Windows\System32\Drivers\Null.sys 6E6DD6F9DD2A034CF85E94047DBDB992
C:\Windows\system32\drivers\nvhda64v.sys BF58D8D2DA50AF7A8E55567B7C73661A
C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7a39871618b19f06\nvlddmkm.sys C18DE336EFB00CC23FE87ADED9A9AA92
C:\Windows\System32\drivers\nvraid.sys D261DF41F0840F734856A2B4F5E072C7
C:\Windows\System32\drivers\nvstor.sys 23B702B555EB0436B9DAA0BC63DA65CE
C:\Windows\System32\drivers\nvstusb.sys 28ED9DA419D92A2C3C805DC3C0E2718F
C:\Windows\System32\drivers\parport.sys 6B81BF7853D161DB8AC62CD8B9C2DE6B
C:\Windows\System32\drivers\partmgr.sys F9C32E5ECA5D29852A93C3888A4CC4B2
C:\Windows\System32\drivers\pci.sys 55E45E0A89429AE9C62D728B9C4891C0
C:\Windows\System32\drivers\pciide.sys 214DCC87E3898F738075D1341252A552
C:\Windows\System32\drivers\pcmcia.sys AED76A3333B3A31536E430020E0226FC
C:\Windows\System32\drivers\pcw.sys E63FB38B6E75B39467492FBAD2CD512A
C:\Windows\System32\drivers\pdc.sys 2CCD68D8A6BBFF2DE0EC54F086C5F3BC
C:\Windows\System32\drivers\peauth.sys 1509A77F840AA9E72CF8247D0CF2FBDE
C:\Windows\System32\drivers\percsas2i.sys 540116170E2135FCD5DDE77702166B67
C:\Windows\System32\drivers\percsas3i.sys 8356F87553BF49C703CF382033815898
C:\Windows\System32\drivers\raspptp.sys 5645B9D9788CCA2C88B9534996ED2D6D
C:\Windows\System32\drivers\processr.sys 372913E12677A8CBBBABDD8311894F9D
C:\Windows\System32\drivers\pacer.sys FC98407B85A31161851FDE245517574F
C:\Windows\system32\drivers\qwavedrv.sys 819602BBBFDB0BD46DEA3715BF0DD452
C:\Windows\System32\DRIVERS\rasacd.sys CDF47037A0939F56D11F699629C276AD
C:\Windows\System32\drivers\AgileVpn.sys 28C2EA278070EE12701D0EDF8CB0EC36
C:\Windows\System32\drivers\rasl2tp.sys 17E565710172ED71B8531D8822E1C5D1
C:\Windows\System32\DRIVERS\raspppoe.sys 9387DF155233D45D4E010F4F2FB52A57
C:\Windows\System32\drivers\rassstp.sys F0F4EEDEEBEE7A4244FAFB96A16B5712
C:\Windows\System32\DRIVERS\rdbss.sys BBE0FC9C9E7C556DA6E6E6904739DF7E
C:\Windows\System32\drivers\rdpbus.sys 79A415E6FA915EFC00297DAB16EC2635
C:\Windows\System32\drivers\rdpdr.sys 7135785C21CA79D270D11037C43D3F19
C:\Windows\System32\drivers\rdpvideominiport.sys 97A61A3CB2B5CB4FC32B3224EF333448
C:\Windows\System32\drivers\rdyboost.sys 69BB204AE07EE84ECFAB1BF13C4BD04B
C:\Windows\System32\Drivers\ReFSv1.sys 940D6F5A2B0A61EE4170DF84F6C95C20
C:\Windows\System32\drivers\rspndr.sys 5FF28F097C9699097B473F8FC7C1AA7D
C:\Windows\System32\drivers\vms3cap.sys B5DAEE69BACA64D2BB004568E22D8756
C:\Windows\System32\drivers\sbp2port.sys 5E73FB63E2DBC75FE0C17DEB0010CE0E
C:\Windows\System32\DRIVERS\scfilter.sys 3D9A82B03C92D1FEC42CB171D6F57778
C:\Windows\System32\drivers\scmbus.sys 9055ADDFBA4C8B914C914CE693B55C0A
C:\Windows\System32\drivers\scmdisk0101.sys B6F2363584E62960846F7C3F00124A4F
C:\Windows\System32\drivers\sdbus.sys FCBB8A17B4437B2CA8CC8DA8CB1D306E
C:\Windows\System32\drivers\sdstor.sys 120DFCB71D6C502613A9E2D50E16850C
C:\Windows\System32\drivers\SerCx.sys 401D706DDC0A7AF18C3DD228ADF74551
C:\Windows\System32\drivers\SerCx2.sys 7084D11083F0CDCA8B5C76F9846ABF5D
C:\Windows\System32\drivers\serenum.sys 3FF478A8ED32A83C36581425F6282B6C
C:\Windows\System32\drivers\serial.sys 92509187AA171A80521528B36F753E1D
C:\Windows\System32\drivers\sermouse.sys 433D38FF6D08B993847EA2A10EB8CB52
C:\Windows\System32\drivers\sfloppy.sys 697D3EE0740AEAB62B66ABCA1C83D13B
C:\Windows\System32\drivers\SiSRaid2.sys A34CE1830E45DA98932295FDE4B7908A
C:\Windows\System32\drivers\sisraid4.sys A7B5C670770E908DA5FEF5BF1136E933
C:\Windows\System32\drivers\spaceport.sys 3DB9C2950439B61A038BF83E697C7A14
C:\Windows\System32\drivers\SpbCx.sys E03264C4C25B568F92ED1656AD541E64
C:\Windows\System32\Drivers\NSx64\160A000.055\SRTSP64.SYS 9225E5323704993E6C557F8ABCEF2A66
C:\Windows\system32\drivers\NSx64\160A000.055\SRTSPX64.SYS 96E5695385228F99509DD505EA4F1F37
C:\Windows\System32\DRIVERS\srv.sys EDCDCD95B916DB156A903AC6256F0CCF
C:\Windows\System32\DRIVERS\srv2.sys DF7147DE10921DBAAE9F9EEF94590E10
C:\Windows\System32\DRIVERS\srvnet.sys 416D224AF7481A4179F018FB1F9A5B6B
C:\Windows\System32\drivers\stexstor.sys 29D26E1347AE1BBD4201014E19880B2C
C:\Windows\System32\drivers\storahci.sys 0FE3B9A9E40DE1029B0AC2368A3F765D
C:\Windows\System32\drivers\vmstorfl.sys C5E0ACE4771F5575D9D5B457ABF3AD03
C:\Windows\System32\drivers\stornvme.sys C1CFB9C19BF1134D8B9A7CF89BEC0AD1
C:\Windows\System32\drivers\storqosflt.sys BEBF85EB4D90E6996047DA027D0ED26E
C:\Windows\System32\drivers\storufs.sys 8E73037A6F8938475692FFCC26EBF385
C:\Windows\System32\drivers\storvsc.sys 9D9DED47DA10E845EFF2DD57C94C809B
C:\Windows\System32\drivers\swenum.sys 505E0C40B5D0ADDCBB414640F59BD2E0
C:\Windows\System32\drivers\NSx64\160A000.055\SYMEFASI64.SYS 204B80C2C5B2E87E9558CC2D1C2D8BB5
C:\Windows\System32\drivers\NSx64\160A000.055\SymELAM.sys 3123BDBFE5CF061035D79CB3F3075F82
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 674908D3CE54EE5336DC545CB2A39702
C:\Windows\system32\drivers\NSx64\160A000.055\Ironx64.SYS EF84A42B86BCBDCB88F3C8849170492D
C:\Windows\System32\Drivers\NSx64\160A000.055\SYMNETS.SYS 8CF934DF2A8C1BDFA766D3E137A11986
C:\Windows\System32\drivers\Synth3dVsc.sys 32F46FB0F290D16DAA452B289C985795
C:\Windows\System32\drivers\tapnordvpn.sys 33956C0B1B809C416619E0526EA219F3
C:\Windows\System32\drivers\tcpip.sys 172B5A199F917B4BACB38F13BCAA11CB
C:\Windows\System32\drivers\tcpip.sys 172B5A199F917B4BACB38F13BCAA11CB
C:\Windows\System32\drivers\tcpipreg.sys 8DBB1BE20C36E6D19BCC89EEA00B953C
C:\Windows\system32\DRIVERS\tdx.sys 9D2DD64A0B51C56285512DC9454340F6
C:\Windows\System32\drivers\terminpt.sys 06130AFFECEB94525FC2352936576B70
C:\Windows\System32\drivers\tpm.sys 798C8CB861EB09C5AFB77468E5449BBB
C:\Windows\System32\drivers\TsUsbFlt.sys A6F4025664C9D4BC2A9EDAB4092706D7
C:\Windows\System32\drivers\TsUsbGD.sys 37A96AD493E110C0BF1EE0AC0F9E7DBD
C:\Windows\System32\drivers\tsusbhub.sys 5A91FDBA4D3FCB56DAEB8C091B3EB8E1
C:\Windows\System32\drivers\tunnel.sys 79E264287F17D56D768440B0270466DE
C:\Windows\System32\drivers\uaspstor.sys AA65954F512BA097DD190790876DD991
C:\Windows\System32\Drivers\UcmCx.sys AB6268022C3A5B529075A39C33904DA6
C:\Windows\System32\Drivers\UcmTcpciCx.sys 7ED2EDA43D21C7A5F589A7960E265C52
C:\Windows\System32\drivers\UcmUcsi.sys 169351463039B45F5CDED9768879F712
C:\Windows\System32\drivers\ucx01000.sys 08A9E3AD29B215484FBB68CDC175DF3A
C:\Windows\System32\drivers\udecx.sys DA70AEE267491AA56BC63AA0C0C96CA2
C:\Windows\System32\DRIVERS\udfs.sys FBC5ECF6D5A868D0B116C2DBB02B8168
C:\Windows\System32\drivers\UEFI.sys B918E40FAA9CD118CCA4AD388B748C98
C:\Windows\system32\drivers\UevAgentDriver.sys 166B17AE1DD24D8BA8CA474C7C31148F
C:\Windows\System32\drivers\ufx01000.sys 0FD75222C1AD2687AB365BEBEA400DD4
C:\Windows\System32\drivers\UfxChipidea.sys C1A78C53E01C641AE41BFA65797819F5
C:\Windows\System32\drivers\ufxsynopsys.sys 767307212110EBEFB93EC9A5BE9E85B9
C:\Windows\System32\drivers\umbus.sys DC460AAA18CA2342FBBFB2DF9B044472
C:\Windows\System32\drivers\umpass.sys C3CF0377917ECE6D65D7623E1E61568F
C:\Windows\System32\drivers\urschipidea.sys 6B46FC140C9AF68E6E7697D66D59CB4D
C:\Windows\System32\drivers\urscx01000.sys B4402E7F0923F660270442CE76877ABE
C:\Windows\System32\drivers\urssynopsys.sys 9DD431F1B94789CFB527E5D19261F124
C:\Windows\System32\drivers\usbccgp.sys C87E32B90F085970D9637FBAD45EF6FE
C:\Windows\System32\drivers\usbcir.sys 0B663856474AC41924D9E9112203858F
C:\Windows\System32\drivers\usbehci.sys F83D2250256203AC5DA5E8601C1AFDD7
C:\Windows\System32\drivers\usbhub.sys 7FFD26742321919590ED77FCA556D65F
C:\Windows\System32\drivers\UsbHub3.sys 7A749B2863B5561BE34B39E8E249AD8F
C:\Windows\System32\drivers\usbohci.sys D2109F1F4FEBF1DAC415CDC5DE876479
C:\Windows\System32\drivers\usbprint.sys 29C9572F2D061CFC3C0BD48A3163E343
C:\Windows\System32\drivers\usbser.sys 429477D6DEF3321FF7D3EF23CAAADA00
C:\Windows\System32\drivers\USBSTOR.SYS 0CC16F7B91C57AE9A4E44425A295FDAA
C:\Windows\System32\drivers\usbuhci.sys C917D09064CDBD18F75ADC9B2C48F847
C:\Windows\System32\drivers\USBXHCI.SYS 95BCCEFBC40D06484CF16144FE79B8A5
C:\Windows\System32\drivers\vdrvroot.sys 0CBDE344FB48E42D78E29469F202ADBC
C:\Windows\System32\drivers\VerifierExt.sys 723195568C8755CAD57F7933C5F2C5C2
C:\Windows\System32\drivers\vhdmp.sys C12B4859FC255AA6B3021CF8BB14A11F
C:\Windows\System32\drivers\vhf.sys 7929228F0E8B0C2FA0495A17A4FC27F6
C:\Windows\System32\drivers\vmbus.sys AEE432ED868831B1F068E373598F6D93
C:\Windows\System32\drivers\VMBusHID.sys 9444B23FC694B5F90F21B0FC7F10D8DD
C:\Windows\System32\drivers\vmgid.sys 4D0287F566B36536DD812A54C015FC4A
C:\Windows\System32\drivers\volmgr.sys 29075915F9BDC3437F8BED71C067D399
C:\Windows\System32\drivers\volmgrx.sys 6BDB6CE6D2D9E3D3F28F1C97E12B62E2
C:\Windows\System32\drivers\volsnap.sys BF2546583BB75F01DDA60A7921DFB230
C:\Windows\System32\drivers\volume.sys AC2E20A74D09D24485BE8396CE04F07B
C:\Windows\System32\drivers\vpci.sys 04BEC879AD7B3FDDD0339B19FECB0160
C:\Windows\System32\drivers\vsmraid.sys FD9BCB8920973CEAD4D49DC7A6D8A618
C:\Windows\System32\drivers\vstxraid.sys 0C111F220798CCE80484026E06822379
C:\Windows\System32\drivers\vwifibus.sys 607639716E9DB1CEF4E18B5B229293B4
C:\Windows\System32\drivers\vwififlt.sys B1ED64E628763148BF84FBE23F2AD711
C:\Windows\System32\drivers\wacompen.sys 55D00B785A7587F4263D125817871283
C:\Windows\System32\DRIVERS\wanarp.sys CEF3D306C09BEC1A800E9B4A06F859F6
C:\Windows\System32\DRIVERS\wanarp.sys CEF3D306C09BEC1A800E9B4A06F859F6
C:\Windows\system32\drivers\wcifs.sys CD24DEEA22152524CCFE859591D12A57
C:\Windows\system32\drivers\wcnfs.sys AEA1093B751339267D8C8C1EF3D669CF
C:\Windows\system32\drivers\WdBoot.sys D520B1B849B6D4D707AB31722B952C2D
C:\Windows\System32\drivers\Wdf01000.sys 5030C76047D756263093A47B82970868
C:\Windows\system32\drivers\WdFilter.sys 29FF9199EDEB4F5470BB134D1A2563D2
C:\Windows\System32\DRIVERS\wdiwifi.sys 373DF27CD5D5E50FFA2A90FEE0C0D994
C:\Windows\System32\Drivers\WdNisDrv.sys 17CF416CFF408190F5A4CBD79AB12E55
C:\Windows\System32\drivers\wfplwfs.sys E1785942AC51FEE6826CDF02075C5AA9
C:\Windows\System32\drivers\wimmount.sys 0CF79A0EACFFBB75A50A469A27696D02
C:\Windows\System32\drivers\WindowsTrustedRT.sys 0DE131733317EB4BE67028366B0CAAC6
C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys 92EB5D38BDF10C790450F3E46BF93A0E
C:\Windows\System32\drivers\winmad.sys F95DE20312ACCA7761446DE152BD1F7C
C:\Windows\System32\drivers\WinUSB.SYS 4EFB346BFDAEEB29316AA52BBB9852B1
C:\Windows\System32\drivers\winverbs.sys 8B9AFF5F08E66A6F1F1063DEC9457FB6
C:\Windows\System32\drivers\wmiacpi.sys 6F4F4F5A007D1710BD76FB311DA97C07
C:\Windows\System32\Drivers\Wof.sys EDADABA8665AB5C51BF59C4E2566BA7E
C:\Windows\System32\drivers\WpdUpFltr.sys 75A9284F01FE7CB1A7D5EAE5C1EB4F33
C:\Windows\system32\drivers\ws2ifsl.sys 36D7B73ADC3E10607ED6EC874AFB5D1E
C:\Windows\System32\drivers\WudfPf.sys AED7FE551E8672B824A56324076183EB
C:\Windows\System32\drivers\WudfRd.sys CEFAB17FD7DFCFA515626C306262E89D
C:\Windows\system32\DRIVERS\WUDFRd.sys CEFAB17FD7DFCFA515626C306262E89D
C:\Windows\System32\drivers\xboxgip.sys 59335CEA021FB89E07AD5DB5D17F09D0
C:\Windows\System32\drivers\xinputhid.sys 864F4209B03BE4267DDE09B067A165CA
C:\Windows\System32\drivers\zam64.sys 21E13F2CB269DEFEAE5E1D09887D47BB
C:\Windows\System32\drivers\zamguard64.sys 21E13F2CB269DEFEAE5E1D09887D47BB
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
 
 

==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-02-07 02:36 - 2018-02-07 02:36 - 000049497 _____ C:\Users\Danny\Desktop\FRST.txt
2018-02-07 02:35 - 2018-02-07 02:35 - 000145581 _____ C:\Users\Danny\Desktop\first frst.txt
2018-02-07 02:26 - 2018-02-07 02:26 - 000025667 _____ C:\Users\Danny\Desktop\core diagnostic 2.txt
2018-02-07 02:20 - 2018-02-07 02:36 - 000126148 _____ C:\Windows\ZAM.krnl.trace
2018-02-07 02:20 - 2018-02-07 02:36 - 000018472 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-02-07 02:20 - 2018-02-07 02:20 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2018-02-07 02:20 - 2018-02-07 02:20 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2018-02-07 02:20 - 2018-02-07 02:20 - 000001217 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2018-02-07 02:20 - 2018-02-07 02:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-02-07 02:20 - 2018-02-07 02:20 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-02-07 02:16 - 2018-02-07 02:16 - 000025159 _____ C:\Users\Danny\Desktop\core log.txt
2018-02-07 02:15 - 2018-02-07 02:15 - 000025635 _____ C:\Users\Danny\Desktop\wdwd.txt
2018-02-07 02:14 - 2018-02-07 02:14 - 000025637 _____ C:\Users\Danny\Desktop\RCSSD.txt
2018-02-07 02:13 - 2018-02-07 02:13 - 000000000 ____D C:\ProgramData\Reason
2018-02-07 02:12 - 2018-02-07 02:12 - 000291606 _____ C:\Users\Danny\Desktop\TCPView.zip
2018-02-07 02:12 - 2018-02-07 02:12 - 000003624 _____ C:\Windows\System32\Tasks\ReasonSecurityScheduledScan
2018-02-07 02:12 - 2018-02-07 02:12 - 000003474 _____ C:\Windows\System32\Tasks\ReasonSecurityStart
2018-02-07 02:12 - 2018-02-07 02:12 - 000000956 _____ C:\Users\Public\Desktop\Reason Core Security.lnk
2018-02-07 02:12 - 2018-02-07 02:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2018-02-07 02:12 - 2018-02-07 02:12 - 000000000 ____D C:\Program Files\Reason
2018-02-07 02:11 - 2018-02-07 02:11 - 004257344 _____ (Reason Software Company Inc.) C:\Users\Danny\Desktop\reason-core-security-setup.exe
2018-02-07 02:10 - 2018-02-07 02:11 - 006625600 _____ (Zemana Ltd. ) C:\Users\Danny\Desktop\Zemana.AntiMalware.Setup.exe
2018-02-07 02:06 - 2018-02-07 02:27 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2018-02-07 02:06 - 2018-02-07 02:06 - 000000937 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2018-02-07 02:06 - 2018-02-07 02:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2018-02-07 02:01 - 2018-02-07 02:01 - 000000036 _____ C:\Users\Danny\Desktop\e.txt
2018-02-07 01:59 - 2018-02-07 01:59 - 000001982 _____ C:\Users\Public\Desktop\NordVPN.lnk
2018-02-07 01:59 - 2018-02-07 01:59 - 000000000 ____D C:\ProgramData\NordVpn
2018-02-07 01:59 - 2018-02-07 01:59 - 000000000 ____D C:\ProgramData\Caphyon
2018-02-07 01:58 - 2018-02-07 01:59 - 000000000 ____D C:\Users\Danny\AppData\Local\NordVPN
2018-02-07 01:58 - 2018-02-07 01:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
2018-02-07 01:58 - 2018-02-07 01:58 - 000000000 ____D C:\Program Files\TAP-NordVPN
2018-02-07 01:58 - 2018-02-07 01:58 - 000000000 ____D C:\Program Files (x86)\NordVPN
2018-02-07 01:57 - 2018-02-07 01:59 - 000000000 ____D C:\Users\Danny\AppData\Roaming\NordVPN
2018-02-07 01:54 - 2018-02-07 02:04 - 000000036 _____ C:\Users\Danny\Desktop\weweew.txt
2018-02-07 01:54 - 2018-02-07 01:54 - 012822632 _____ (NordVPN) C:\Users\Danny\Desktop\NordVPNSetup.exe
2018-02-07 01:46 - 2018-02-07 02:01 - 000000036 _____ C:\Users\Danny\Desktop\mbytesscan2-7.txt
2018-02-07 01:40 - 2017-12-31 23:51 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usoapi.dll
2018-02-07 01:40 - 2017-12-31 23:49 - 000073728 _____ (Microsoft Corporation) C:\Windows\system32\usoapi.dll
2018-02-07 01:40 - 2017-12-31 23:49 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
2018-02-07 01:40 - 2017-12-31 23:48 - 000310784 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2018-02-07 01:40 - 2017-12-31 23:48 - 000135168 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2018-02-07 01:40 - 2017-12-31 23:41 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2018-02-07 01:40 - 2017-12-31 23:39 - 000557568 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2018-02-07 01:40 - 2017-11-17 22:29 - 002321408 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-02-07 01:40 - 2017-11-01 17:12 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\UsoClient.exe
2018-02-07 01:40 - 2017-11-01 17:05 - 000297984 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2018-02-07 01:40 - 2017-10-08 20:44 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2018-02-07 01:40 - 2017-10-08 20:43 - 001231360 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2018-02-07 01:40 - 2017-09-17 21:27 - 000326656 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2018-02-07 01:40 - 2017-09-07 00:53 - 000180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2018-02-07 01:40 - 2017-09-07 00:52 - 000557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2018-02-07 01:40 - 2017-09-07 00:51 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2018-02-07 01:40 - 2017-09-07 00:18 - 000211968 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2018-02-07 01:40 - 2017-09-07 00:16 - 000748544 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2018-02-07 01:40 - 2017-09-07 00:15 - 000260608 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe
2018-02-07 01:40 - 2017-08-22 00:09 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2018-02-07 01:40 - 2017-08-22 00:08 - 000079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2018-02-07 01:40 - 2017-08-22 00:06 - 000093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2018-02-07 01:40 - 2017-08-22 00:05 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\wuautoappupdate.dll
2018-02-07 01:40 - 2017-08-22 00:04 - 000165376 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2018-02-07 01:40 - 2017-08-21 23:57 - 000711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-02-07 01:40 - 2017-08-21 23:47 - 000869888 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-02-07 01:40 - 2017-07-12 00:23 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2018-02-07 01:40 - 2017-07-12 00:12 - 000091648 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2018-02-07 01:40 - 2017-06-21 01:50 - 001054208 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2018-02-07 01:40 - 2017-03-04 01:36 - 000101888 _____ (Microsoft Corporation) C:\Windows\system32\DuCsps.dll
2018-02-07 01:40 - 2016-11-11 04:23 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\EAMProgressHandler.dll
2018-02-07 01:40 - 2016-08-05 23:16 - 000026408 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-02-07 01:40 - 2016-08-05 22:48 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2018-02-07 01:39 - 2016-12-21 02:08 - 000142848 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2018-02-07 01:39 - 2016-12-20 23:44 - 000120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2018-02-07 01:37 - 2018-02-07 01:38 - 002793472 _____ C:\Users\Danny\Desktop\cShieldAgent (2).msi
2018-02-07 01:34 - 2018-02-07 01:35 - 002793472 _____ C:\Users\Danny\Desktop\cShieldAgent (1).msi
2018-02-07 01:33 - 2018-02-07 02:36 - 000000000 ____D C:\FRST
2018-02-07 01:32 - 2018-02-07 01:32 - 001159168 _____ C:\Users\Danny\Desktop\cShieldIpUpdaterAgent.msi
2018-02-07 01:32 - 2018-02-07 01:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2018-02-07 01:31 - 2018-02-07 01:33 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2018-02-07 01:31 - 2018-02-06 23:29 - 000000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2018-02-07 01:30 - 2018-02-07 01:30 - 001875480 _____ (Malwarebytes ) C:\Users\Danny\Desktop\mbae-setup-1.10.1.41.exe
2018-02-07 01:27 - 2018-02-07 01:32 - 000000000 ____D C:\AdwCleaner
2018-02-07 01:26 - 2018-02-07 01:26 - 000000000 ____D C:\Windows\system32\appmgmt
2018-02-07 01:25 - 2018-02-07 01:50 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts.bak
2018-02-07 01:25 - 2018-02-07 01:32 - 000000000 ____D C:\Program Files (x86)\COMODO
2018-02-07 01:24 - 2018-02-07 01:24 - 002793472 _____ C:\Users\Danny\Desktop\cShieldAgent.msi
2018-02-07 01:10 - 2018-02-07 02:27 - 000000000 ____D C:\ProgramData\Emsisoft
2018-02-07 01:07 - 2018-02-07 01:23 - 000000000 ____D C:\EEK
2018-02-07 01:06 - 2018-01-09 16:44 - 000108584 _____ (Microsoft Corporation) C:\Windows\system32\osrss.dll
2018-02-07 01:05 - 2018-02-07 01:53 - 1574456320 _____ C:\Users\Danny\Desktop\domefirewall.ova
2018-02-07 01:04 - 2018-02-07 01:51 - 1149382656 _____ C:\Users\Danny\Desktop\domefirewall.iso
2018-02-07 01:03 - 2018-02-07 02:07 - 000000000 ____D C:\Users\Danny\AppData\Local\NPE
2018-02-07 01:02 - 2018-02-07 01:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SafeNet
2018-02-07 01:02 - 2018-02-07 01:02 - 000000000 ____D C:\Program Files\SafeNet
2018-02-07 01:02 - 2017-03-29 12:52 - 000062632 _____ (Aladdin Knowledge Systems, Ltd.) C:\Windows\system32\Drivers\aksifdh.sys
2018-02-07 01:02 - 2017-03-29 12:52 - 000044712 _____ (Aladdin Knowledge Systems, Ltd.) C:\Windows\system32\Drivers\aksup.sys
2018-02-07 00:59 - 2018-02-07 01:00 - 014661632 _____ C:\Users\Danny\Desktop\SafeNetAuthenticationClient-x64-10.3.msi
2018-02-07 00:59 - 2018-02-07 00:59 - 011384320 _____ C:\Users\Danny\Desktop\SafeNetAuthenticationClient-x32-10.3.msi
2018-02-07 00:59 - 2018-02-07 00:59 - 000717017 _____ C:\Users\Danny\Desktop\comodocertificateautoinstaller (1).pdf
2018-02-07 00:58 - 2018-02-07 00:58 - 000001911 _____ C:\Users\Danny\Desktop\comodosha256extendedvalidationsecureserverca (1).crt
2018-02-07 00:58 - 2018-02-07 00:58 - 000001684 _____ C:\Users\Danny\Desktop\comodosha256clientauthenticationandsecureemailca (1).crt
2018-02-07 00:57 - 2018-02-07 00:57 - 000001911 _____ C:\Users\Danny\Desktop\comodosha256extendedvalidationsecureserverca.crt
2018-02-07 00:56 - 2018-02-07 00:56 - 000001858 _____ C:\Users\Danny\Desktop\comodosha256domainvalidationsecureserverca.crt
2018-02-07 00:56 - 2018-02-07 00:56 - 000001858 _____ C:\Users\Danny\Desktop\comodosha256domainvalidationsecureserverca (2).crt
2018-02-07 00:55 - 2018-02-07 00:55 - 000001684 _____ C:\Users\Danny\Desktop\comodosha256clientauthenticationandsecureemailca.crt
2018-02-07 00:55 - 2018-02-07 00:55 - 000001635 _____ C:\Users\Danny\Desktop\comodosha256codesigningca.crt
2018-02-07 00:55 - 2018-02-07 00:55 - 000001521 _____ C:\Users\Danny\Desktop\addtrustexternalcaroot (4).crt
2018-02-07 00:55 - 2018-02-07 00:55 - 000001521 _____ C:\Users\Danny\Desktop\addtrustexternalcaroot (3).crt
2018-02-07 00:54 - 2018-02-07 00:54 - 000002114 _____ C:\Users\Danny\Desktop\incommonrsacodesigningca.crt
2018-02-07 00:54 - 2018-02-07 00:54 - 000001956 _____ C:\Users\Danny\Desktop\usertrustrsaaddtrustca (1).crt
2018-02-07 00:54 - 2018-02-07 00:54 - 000001521 _____ C:\Users\Danny\Desktop\addtrustexternalcaroot (2).crt
2018-02-07 00:53 - 2018-02-07 00:53 - 000005608 _____ C:\Users\Danny\Desktop\incommonrsaserverca-bundle.crt
2018-02-07 00:53 - 2018-02-07 00:53 - 000005593 _____ C:\Users\Danny\Desktop\incommonrsacodesigning-bundle.crt
2018-02-07 00:53 - 2018-02-07 00:53 - 000001956 _____ C:\Users\Danny\Desktop\usertrustrsaaddtrustca.crt
2018-02-07 00:52 - 2018-02-07 00:52 - 000002130 _____ C:\Users\Danny\Desktop\incommonrsaserverca_2.crt
2018-02-07 00:52 - 2018-02-07 00:52 - 000002098 _____ C:\Users\Danny\Desktop\comodorsacodesigningca (1).crt
2018-02-07 00:52 - 2018-02-07 00:52 - 000001952 _____ C:\Users\Danny\Desktop\comodorsaaddtrustca.crt
2018-02-07 00:52 - 2018-02-07 00:52 - 000001521 _____ C:\Users\Danny\Desktop\addtrustexternalcaroot.crt
2018-02-07 00:52 - 2018-02-07 00:52 - 000001521 _____ C:\Users\Danny\Desktop\addtrustexternalcaroot (1).crt
2018-02-07 00:51 - 2018-02-07 00:51 - 000002098 _____ C:\Users\Danny\Desktop\comodorsacodesigningca.crt
2018-02-07 00:49 - 2018-02-07 00:49 - 000000837 _____ C:\Users\Public\Desktop\UCheck.lnk
2018-02-07 00:49 - 2018-02-07 00:49 - 000000000 ____D C:\ProgramData\UCheck
2018-02-07 00:49 - 2018-02-07 00:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UCheck
2018-02-07 00:49 - 2018-02-07 00:49 - 000000000 ____D C:\Program Files\UCheck
2018-02-07 00:48 - 2018-02-07 00:48 - 000000000 ____D C:\ProgramData\Sophos
2018-02-07 00:40 - 2018-02-07 00:40 - 000102608 _____ (Symantec Corporation) C:\Windows\SMSS-PFRO342f.tmp
2018-02-07 00:40 - 2018-02-07 00:40 - 000000000 ____D C:\Program Files\Norton Security
2018-02-07 00:40 - 2018-02-07 00:40 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared
2018-02-07 00:40 - 2018-02-06 23:41 - 000002326 _____ C:\Users\Public\Desktop\Norton Security.lnk
2018-02-07 00:40 - 2018-02-06 23:41 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2018-02-07 00:40 - 2018-02-06 23:41 - 000000000 ____D C:\Windows\system32\Drivers\NSx64
2018-02-07 00:40 - 2018-02-06 23:06 - 000102568 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2018-02-07 00:40 - 2018-02-06 23:06 - 000008309 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2018-02-07 00:38 - 2018-02-07 01:44 - 000094144 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-02-07 00:37 - 2018-02-07 01:46 - 000193464 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-02-07 00:37 - 2018-02-07 00:37 - 000000000 ____D C:\Users\Danny\AppData\Local\CrashDumps
2018-02-07 00:37 - 2018-02-06 23:40 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-02-07 00:34 - 2018-02-07 00:34 - 000000000 ____D C:\Users\Public\Downloads\Norton
2018-02-07 00:33 - 2018-02-07 00:37 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2018-02-07 00:33 - 2018-02-07 00:33 - 000004344 _____ C:\Windows\System32\Tasks\Norton Security Scan for Danny
2018-02-07 00:33 - 2018-02-07 00:33 - 000001537 _____ C:\Users\Public\Desktop\Norton Security Scan.LNK
2018-02-07 00:33 - 2018-02-07 00:33 - 000000000 ____D C:\Windows\system32\Drivers\NSSx64
2018-02-07 00:33 - 2018-02-07 00:33 - 000000000 ____D C:\ProgramData\NortonInstaller
2018-02-07 00:33 - 2018-02-07 00:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2018-02-07 00:33 - 2018-02-07 00:33 - 000000000 ____D C:\Program Files (x86)\Norton Security Scan
2018-02-07 00:32 - 2018-02-07 01:03 - 000000000 ____D C:\ProgramData\Norton
2018-02-07 00:32 - 2018-02-07 00:32 - 000000000 ____D C:\ProgramData\Downloaded Installations
2018-02-07 00:32 - 2018-02-07 00:32 - 000000000 ____D C:\Program Files\Killer Networking
2018-02-07 00:32 - 2018-02-07 00:32 - 000000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2018-02-07 00:31 - 2018-02-07 00:31 - 000000000 ____D C:\ProgramData\Google
2018-02-07 00:31 - 2018-02-07 00:31 - 000000000 ____D C:\Program Files\Google
2018-02-07 00:30 - 2018-02-07 00:30 - 000000000 ___HD C:\Program Files (x86)\Temp
2018-02-07 00:30 - 2018-02-07 00:30 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-02-07 00:30 - 2018-02-06 23:49 - 000000000 ____D C:\ProgramData\Package Cache
2018-02-07 00:26 - 2018-02-07 00:40 - 316743568 _____ C:\Users\Danny\Desktop\EmsisoftEmergencyKit.exe
2018-02-07 00:25 - 2018-02-07 00:34 - 190709032 _____ (Sophos Limited) C:\Users\Danny\Desktop\Sophos Virus Removal Tool.exe
2018-02-07 00:25 - 2018-02-07 00:25 - 021003576 _____ (Adlice Software ) C:\Users\Danny\Desktop\UCheck_setup.exe
2018-02-07 00:13 - 2018-02-07 00:24 - 253383016 _____ (Emsisoft Ltd. ) C:\Users\Danny\Desktop\EmsisoftAntiMalwareSetup_bc.exe
2018-02-07 00:13 - 2018-02-06 23:40 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-02-07 00:12 - 2018-02-07 00:19 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-02-07 00:12 - 2018-02-07 00:12 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-07 00:12 - 2018-02-07 00:12 - 000000000 ____D C:\Windows\System32\Tasks\Remediation
2018-02-07 00:12 - 2018-02-07 00:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-07 00:12 - 2018-02-07 00:12 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-07 00:12 - 2018-02-07 00:12 - 000000000 ____D C:\Program Files\Malwarebytes
2018-02-07 00:12 - 2018-02-07 00:12 - 000000000 ____D C:\Program Files\Common Files\AV
2018-02-07 00:12 - 2018-02-06 23:40 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-02-07 00:11 - 2018-02-07 00:11 - 000003340 _____ C:\Windows\System32\Tasks\MSI_Toast_Server
2018-02-07 00:11 - 2018-02-07 00:11 - 000002104 _____ C:\Users\Public\Desktop\MSI Live Update 6.lnk
2018-02-07 00:11 - 2018-02-07 00:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2018-02-07 00:11 - 2018-02-07 00:11 - 000000000 ____D C:\Program Files (x86)\MSI
2018-02-07 00:11 - 2018-02-07 00:11 - 000000000 ____D C:\MSI
2018-02-07 00:11 - 2014-04-30 16:23 - 000011248 _____ (Windows ® Win 7 DDK provider) C:\Windows\acpimof.dll
2018-02-07 00:10 - 2018-02-07 00:35 - 000003642 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2018-02-07 00:10 - 2018-02-07 00:10 - 000000000 ____D C:\Users\Danny\Desktop\LiveUpdate
2018-02-07 00:10 - 2018-02-07 00:10 - 000000000 ____D C:\Users\Danny\AppData\Roaming\WinRAR
2018-02-07 00:09 - 2018-02-07 00:09 - 002220872 _____ C:\Users\Danny\Desktop\winrar-x64-550.exe
2018-02-07 00:09 - 2018-02-07 00:09 - 000000000 ____D C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-02-07 00:09 - 2018-02-07 00:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-02-07 00:09 - 2018-02-07 00:09 - 000000000 ____D C:\Program Files\WinRAR
2018-02-07 00:08 - 2018-02-07 00:30 - 000840384 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-02-07 00:08 - 2018-02-07 00:08 - 013317720 _____ C:\Users\Danny\Desktop\LiveUpdate.zip
2018-02-07 00:08 - 2018-02-07 00:08 - 002393088 _____ (Farbar) C:\Users\Danny\Desktop\FRST64.exe
2018-02-07 00:07 - 2018-02-07 02:12 - 000000000 ____D C:\Users\Danny\AppData\Local\Zemana
2018-02-07 00:07 - 2018-02-07 00:07 - 000001209 _____ C:\Users\Public\Desktop\AntiLogger Free.lnk
2018-02-07 00:07 - 2018-02-07 00:07 - 000000000 ____D C:\Users\Danny\AppData\Local\AntiLogger Free
2018-02-07 00:07 - 2018-02-07 00:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2018-02-07 00:07 - 2018-02-07 00:07 - 000000000 ____D C:\Program Files (x86)\Zemana AntiLogger Free
2018-02-07 00:07 - 2018-02-07 00:07 - 000000000 ____D C:\Program Files (x86)\KeyCryptSDK
2018-02-07 00:07 - 2015-11-05 15:00 - 000143904 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2018-02-07 00:06 - 2018-02-07 00:11 - 083316440 _____ (Malwarebytes ) C:\Users\Danny\Desktop\mb3-setup-1878.1878-3.3.1.2183.exe
2018-02-07 00:06 - 2018-02-07 00:06 - 003719928 _____ (Zemana Ltd. ) C:\Users\Danny\Desktop\AntiLoggerFree_Setup.exe
2018-02-07 00:05 - 2018-02-07 00:05 - 000000207 _____ C:\Windows\tweaking.com-regbackup-DANNY-PC-Windows-10-Pro-(64-bit).dat
2018-02-07 00:02 - 2018-02-07 00:02 - 000002232 _____ C:\Users\Danny\Desktop\Tweaking.com - Windows Repair.lnk
2018-02-07 00:00 - 2018-02-07 00:00 - 000003768 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2018-02-07 00:00 - 2018-02-07 00:00 - 000000000 ____D C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-02-06 23:59 - 2018-02-07 00:02 - 000194554 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2018-02-06 23:59 - 2018-02-06 23:59 - 038149352 _____ (Tweaking.com) C:\Users\Danny\Desktop\tweaking.com_windows_repair_aio_setup.exe
2018-02-06 23:59 - 2018-02-06 23:59 - 008206624 _____ (Malwarebytes) C:\Users\Danny\Desktop\AdwCleaner.exe
2018-02-06 23:59 - 2018-02-06 23:59 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-02-06 23:58 - 2018-02-07 00:10 - 000000000 ____D C:\Users\Danny\AppData\Local\DisconnectDesktop
2018-02-06 23:58 - 2018-02-06 23:58 - 038149352 _____ (Tweaking.com) C:\Users\Danny\Downloads\tweaking.com_windows_repair_aio_setup.exe
2018-02-06 23:58 - 2018-02-06 23:58 - 000000000 ____D C:\Users\Danny\AppData\Roaming\Disconnect
2018-02-06 23:58 - 2018-02-06 23:58 - 000000000 ____D C:\Users\Danny\AppData\Local\PeerDistRepub
2018-02-06 23:58 - 2018-02-06 23:58 - 000000000 ____D C:\Users\Danny\AppData\Local\Caphyon
2018-02-06 23:57 - 2018-02-06 23:58 - 070839856 _____ (Disconnect) C:\Users\Danny\Downloads\Disconnect+Desktop.exe
2018-02-06 23:53 - 2018-02-06 23:53 - 000000000 ____D C:\IndexDatta
2018-02-06 23:52 - 2018-02-07 00:31 - 000000000 ____D C:\Program Files (x86)\Google
2018-02-06 23:52 - 2018-02-06 23:52 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-02-06 23:52 - 2018-02-06 23:52 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-02-06 23:52 - 2018-02-06 23:52 - 000002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-06 23:52 - 2018-02-06 23:52 - 000002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-06 23:52 - 2018-02-06 23:14 - 000000000 ____D C:\Users\Danny\AppData\Local\Google
2018-02-06 23:51 - 2018-02-06 23:51 - 001129816 _____ (Google Inc.) C:\Users\Danny\Desktop\ChromeSetup.exe
2018-02-06 23:51 - 2018-02-06 23:51 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-02-06 23:51 - 2018-01-23 19:23 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2018-02-06 23:51 - 2017-11-02 15:15 - 000928568 _____ C:\Windows\system32\vulkan-1.dll
2018-02-06 23:51 - 2017-11-02 15:15 - 000798520 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-02-06 23:51 - 2017-11-02 15:15 - 000490808 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-02-06 23:51 - 2017-11-02 15:14 - 000591672 _____ C:\Windows\system32\vulkaninfo.exe
2018-02-06 23:50 - 2018-02-06 23:50 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2018-02-06 23:49 - 2018-02-06 23:49 - 000000000 ____D C:\Users\Danny\AppData\Local\MicrosoftEdge
2018-02-06 23:49 - 2018-01-23 19:23 - 040269808 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 035180016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 019796336 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 016449872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 013444552 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 012843496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 011026080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 010900248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 004308976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 003894304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 003709424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 001976120 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439077.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 001673616 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439077.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 001325384 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 001134768 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 001126888 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 001054704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 001043128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 000988464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 000939832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 000885680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 000795928 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 000740336 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 000635248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 000616240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 000599352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 000506864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-02-06 23:49 - 2018-01-23 19:23 - 000045600 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2018-02-06 23:46 - 2018-02-06 23:46 - 000000000 ____D C:\Windows\System32\Tasks\Norton Security
2018-02-06 23:46 - 2018-02-06 23:46 - 000000000 ____D C:\NVIDIA
2018-02-06 23:43 - 2018-02-06 23:43 - 000000000 ____D C:\Users\Danny\AppData\Local\ElevatedDiagnostics
2018-02-06 23:41 - 2018-02-06 23:41 - 000003376 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2018-02-06 23:35 - 2018-02-06 23:44 - 000000799 _____ C:\Users\Danny\Desktop\Windows 10 Update Assistant.lnk
2018-02-06 23:35 - 2018-02-06 23:35 - 000000811 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2018-02-06 23:34 - 2018-02-06 23:34 - 000000000 ____D C:\Users\Danny\AppData\Local\Comms
2018-02-06 23:27 - 2018-02-06 23:34 - 452923096 _____ (NVIDIA Corporation) C:\Users\Danny\Desktop\390.77-desktop-win10-64bit-international-whql.exe
2018-02-06 23:24 - 2018-02-06 23:25 - 000000000 ____D C:\Windows\system32\MRT
2018-02-06 23:23 - 2018-02-06 23:33 - 000000000 ____D C:\Program Files\rempl
2018-02-06 23:23 - 2018-02-06 23:24 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-02-06 23:23 - 2018-02-06 23:24 - 000000000 ____D C:\Program Files\UNP
2018-02-06 23:23 - 2018-02-06 23:23 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-02-06 23:23 - 2018-02-06 23:23 - 000119960 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR520.SYS.bak
2018-02-06 23:23 - 2018-02-06 23:23 - 000000000 ____D C:\Windows\UpdateAssistant
2018-02-06 23:23 - 2018-02-06 23:23 - 000000000 ____D C:\Windows\system32\UNP
2018-02-06 23:22 - 2017-10-12 01:31 - 002032480 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-02-06 23:22 - 2017-10-12 01:31 - 001578848 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-02-06 23:22 - 2017-10-12 01:31 - 000678752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-02-06 23:22 - 2017-10-12 01:31 - 000613728 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-02-06 23:22 - 2017-10-12 01:31 - 000612192 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-02-06 23:22 - 2017-10-12 01:31 - 000484192 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2018-02-06 23:22 - 2017-10-12 01:31 - 000379232 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-02-06 23:22 - 2017-10-12 01:31 - 000259936 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-02-06 23:22 - 2017-10-12 01:31 - 000190304 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-02-06 23:22 - 2017-10-12 01:31 - 000136032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-02-06 23:22 - 2017-10-12 01:31 - 000067928 _____ (Microsoft Corporation) C:\Windows\system32\win32appinventorycsp.dll
2018-02-06 23:22 - 2017-10-12 01:31 - 000034648 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2018-02-06 23:22 - 2017-10-12 01:21 - 000223584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2018-02-06 23:22 - 2017-10-12 01:20 - 000484192 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2018-02-06 23:21 - 2018-02-06 23:21 - 000003374 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-282559497-451337721-2173362044-1001
2018-02-06 23:20 - 2018-02-07 02:14 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-02-06 23:20 - 2018-02-06 23:20 - 006242320 _____ (Microsoft Corporation) C:\Users\Danny\Desktop\Windows10Upgrade9252.exe
2018-02-06 23:19 - 2018-02-07 00:26 - 000000000 ____D C:\Windows10Upgrade
2018-02-06 23:19 - 2018-02-06 23:21 - 000002363 _____ C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-02-06 23:19 - 2018-02-06 23:21 - 000000000 ___RD C:\Users\Danny\OneDrive
2018-02-06 23:19 - 2018-02-06 23:19 - 000000000 ___HD C:\$GetCurrent
2018-02-06 23:19 - 2018-02-06 23:19 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-02-06 23:18 - 2018-02-06 23:51 - 000000000 ____D C:\Users\Danny\AppData\Local\ConnectedDevicesPlatform
2018-02-06 23:18 - 2018-02-06 23:40 - 000000000 __SHD C:\Users\Danny\IntelGraphicsProfiles
2018-02-06 23:18 - 2018-02-06 23:36 - 000000000 ____D C:\Users\Danny\AppData\Local\Packages
2018-02-06 23:18 - 2018-02-06 23:18 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-02-06 23:18 - 2018-02-06 23:18 - 000000000 ____D C:\Users\Danny\AppData\Roaming\Adobe
2018-02-06 23:18 - 2018-02-06 23:18 - 000000000 ____D C:\Users\Danny\AppData\Local\VirtualStore
2018-02-06 23:18 - 2018-02-06 23:18 - 000000000 ____D C:\Users\Danny\AppData\Local\TileDataLayer
2018-02-06 23:18 - 2018-02-06 23:18 - 000000000 ____D C:\Users\Danny\AppData\Local\Publishers
2018-02-06 23:17 - 2018-02-07 02:22 - 000000000 ____D C:\Users\Danny
2018-02-06 23:17 - 2018-02-06 23:17 - 000000020 ___SH C:\Users\Danny\ntuser.ini
2018-02-06 23:17 - 2018-02-06 23:17 - 000000000 __SHD C:\Users\defaultuser0\IntelGraphicsProfiles
2018-02-06 23:17 - 2018-02-06 23:17 - 000000000 ___SD C:\Windows\UpdateAssistantV2
2018-02-06 23:17 - 2018-02-06 23:17 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\VirtualStore
2018-02-06 23:17 - 2018-02-06 23:17 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\TileDataLayer
2018-02-06 23:17 - 2018-02-06 23:17 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2018-02-06 23:17 - 2018-02-06 23:17 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\ConnectedDevicesPlatform
2018-02-06 23:16 - 2018-02-06 23:44 - 000844208 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-06 23:16 - 2018-02-06 23:17 - 000000000 ____D C:\Users\defaultuser0
2018-02-06 23:16 - 2018-02-06 23:16 - 000000020 ___SH C:\Users\defaultuser0\ntuser.ini
2018-02-06 23:16 - 2017-11-17 23:23 - 000038744 _____ (Microsoft Corporation) C:\Windows\system32\OOBEUpdater.exe
2018-02-06 23:14 - 2018-02-06 23:14 - 000000000 ____D C:\Users\Danny\AppData\Roaming\Google
2018-02-06 23:14 - 2016-07-16 06:41 - 002716672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2018-02-06 23:12 - 2018-02-06 23:12 - 000000000 _SHDL C:\Users\Default User
2018-02-06 23:12 - 2018-02-06 23:12 - 000000000 _SHDL C:\Users\All Users
2018-02-06 23:12 - 2018-02-06 23:12 - 000000000 _SHDL C:\Documents and Settings
2018-02-06 23:11 - 2018-02-07 00:39 - 000000000 ____D C:\ProgramData\NVIDIA
2018-02-06 23:11 - 2018-02-07 00:31 - 000000000 ____D C:\Program Files\Intel
2018-02-06 23:11 - 2018-02-06 23:40 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-02-06 23:11 - 2018-02-06 23:17 - 000000000 ____D C:\Intel
2018-02-06 23:11 - 2018-02-06 23:11 - 000000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2018-02-06 23:11 - 2018-02-06 23:11 - 000000000 ____D C:\ProgramData\USOShared
2018-02-06 23:11 - 2018-02-06 23:11 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
2018-02-06 23:11 - 2018-01-23 19:23 - 000532040 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2018-02-06 23:11 - 2018-01-23 18:11 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-02-06 23:11 - 2018-01-23 17:57 - 005950024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-02-06 23:11 - 2018-01-23 17:57 - 002589168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-02-06 23:11 - 2018-01-23 17:57 - 001766288 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-02-06 23:11 - 2018-01-23 17:57 - 000633328 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-02-06 23:11 - 2018-01-23 17:57 - 000450352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-02-06 23:11 - 2018-01-23 17:57 - 000122768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-02-06 23:11 - 2018-01-23 17:57 - 000082744 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-02-06 23:11 - 2018-01-22 00:46 - 007947791 _____ C:\Windows\system32\nvcoproc.bin
2018-02-06 23:10 - 2018-02-07 01:32 - 000194192 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-06 23:10 - 2018-02-07 00:39 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-02-06 23:10 - 2018-02-06 23:51 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-02-06 23:10 - 2018-02-06 23:51 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-02-06 23:10 - 2018-02-06 23:40 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-06 23:10 - 2018-02-06 23:10 - 000012856 ____N C:\bootsqm.dat
2018-02-06 23:10 - 2018-02-06 23:10 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2018-02-06 23:10 - 2018-02-06 23:10 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-02-06 23:10 - 2018-02-06 23:10 - 000000000 ____D C:\Windows\ServiceProfiles
2018-02-06 22:18 - 2018-02-07 02:16 - 000000000 ___DC C:\Windows\Panther
2018-02-06 22:18 - 2018-02-06 22:41 - 000000000 ____D C:\Windows.old
2018-02-06 22:18 - 2018-02-06 22:18 - 000008192 _____ C:\Windows\system32\config\userdiff
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\winrm
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\WCN
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\sysprep
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\slmgr
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\0409
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\winrm
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\WCN
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\slmgr
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\0409
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\Setup
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\OCR
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\InfusedApps
2018-02-06 22:18 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\DigitalLocker
2018-02-06 22:17 - 2018-02-02 15:18 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-02-06 22:17 - 2018-02-02 15:18 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-06 22:16 - 2018-02-07 02:21 - 000000000 ____D C:\Windows\system32\config\systemprofile
2018-02-06 22:16 - 2018-02-07 01:43 - 000000000 ____D C:\Windows\AppReadiness
2018-02-06 22:16 - 2018-02-07 01:24 - 000000000 ____D C:\Windows\system32\NDF
2018-02-06 22:16 - 2018-02-07 01:02 - 000000000 ____D C:\Windows\system32\setup
2018-02-06 22:16 - 2018-02-07 00:10 - 000000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_571
2018-02-06 22:16 - 2018-02-06 23:41 - 000000000 ___HD C:\Windows\ELAMBKUP
2018-02-06 22:16 - 2018-02-06 23:40 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2018-02-06 22:16 - 2018-02-06 23:40 - 000000000 ____D C:\Windows\system32\appraiser
2018-02-06 22:16 - 2018-02-06 23:40 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-02-06 22:16 - 2018-02-06 23:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-06 22:16 - 2018-02-06 23:33 - 000000000 ____D C:\Windows\appcompat
2018-02-06 22:16 - 2018-02-06 23:17 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2018-02-06 22:16 - 2018-02-06 23:17 - 000000000 ____D C:\Windows\system32\oobe
2018-02-06 22:16 - 2018-02-06 23:14 - 000000000 ____D C:\Windows\system32\spool
2018-02-06 22:16 - 2018-02-06 23:14 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-02-06 22:16 - 2018-02-06 23:13 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-02-06 22:16 - 2018-02-06 23:11 - 000000000 ___RD C:\Windows\PrintDialog
2018-02-06 22:16 - 2018-02-06 23:11 - 000000000 ___RD C:\Windows\MiracastView
2018-02-06 22:16 - 2018-02-06 23:11 - 000000000 ____D C:\Windows\system32\Sysprep
2018-02-06 22:16 - 2018-02-06 23:11 - 000000000 ____D C:\Windows\Help
2018-02-06 22:16 - 2018-02-06 23:11 - 000000000 ____D C:\Windows\CSC
2018-02-06 22:16 - 2018-02-06 23:11 - 000000000 ____D C:\ProgramData\USOPrivate
2018-02-06 22:16 - 2018-02-06 23:10 - 000000000 ____D C:\Windows\system32\config\TxR
2018-02-06 22:16 - 2018-02-06 23:10 - 000000000 ____D C:\Windows\system32\config\RegBack
2018-02-06 22:16 - 2018-02-06 22:40 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ___SD C:\Windows\SysWOW64\F12
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ___SD C:\Windows\system32\F12
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ___SD C:\Windows\system32\dsc
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\setup
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\oobe
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\MUI
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\Dism
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SysWOW64\Com
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\SystemApps
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\MUI
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\migwiz
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\Dism
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\system32\Com
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\IME
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Program Files\Windows Defender
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Program Files\Common Files\System
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-02-06 22:16 - 2018-02-06 22:18 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 __SHD C:\Program Files\Windows Sidebar
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 __RSD C:\Windows\Media
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 __RHD C:\Users\Public\Libraries
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ___SD C:\Windows\SysWOW64\Nui
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ___SD C:\Windows\SysWOW64\Configuration
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ___SD C:\Windows\system32\Nui
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ___SD C:\Windows\system32\Configuration
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ___SD C:\Windows\Downloaded Program Files
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ___RD C:\Windows\Offline Web Pages
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\Web
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\Vss
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\tracing
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\TAPI
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\SMI
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\ras
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\NDF
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\MsDtc
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\migwiz
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\MailContactsCalendarSync
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\Ipmi
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\InputMethod
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\inetsrv
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\IME
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\icsxml
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicyUsers
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\FxsTmp
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\downlevel
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\Bthprops
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\AppLocker
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SystemResources
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\WinMetadata
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\winevt
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\ras
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\ProximityToast
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\PointOfService
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\MsDtc
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\MailContactsCalendarSync
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\Macromed
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\Ipmi
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\InputMethod
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\inetsrv
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\IME
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\icsxml
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\ias
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\downlevel
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\DDFs
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\config\Journal
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\Bthprops
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\AppLocker
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\System
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SKB
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\ShellExperiences
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\security
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\schemas
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\SchCache
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\Resources
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\rescache
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\RemotePackages
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\Registration
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\Provisioning
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\PLA
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\Performance
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\ModemLogs
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\LiveKernelReports
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\L2Schemas
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\InputMethod
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\Globalization
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\GameBarPresenceWriter
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\Cursors
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\Branding
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\bcastdvr
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\addins
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\ProgramData\Comms
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Program Files\Windows Portable Devices
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Program Files\Windows NT
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Program Files\Common Files\Services
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Program Files (x86)\Windows NT
2018-02-06 22:16 - 2018-02-06 22:16 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2018-02-06 22:16 - 2018-02-06 22:15 - 000231424 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2018-02-06 22:16 - 2018-02-06 22:15 - 000215943 _____ C:\Windows\SysWOW64\dssec.dat
2018-02-06 22:16 - 2018-02-06 22:15 - 000215943 _____ C:\Windows\system32\dssec.dat
2018-02-06 22:16 - 2018-02-06 22:15 - 000209408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2018-02-06 22:16 - 2018-02-06 22:15 - 000017463 _____ C:\Windows\system32\Drivers\etc\services
2018-02-06 22:16 - 2018-02-06 22:15 - 000015462 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2018-02-06 22:16 - 2018-02-06 22:15 - 000004096 _____ C:\Windows\system32\config\VSMIDK
2018-02-06 22:16 - 2018-02-06 22:15 - 000003683 _____ C:\Windows\system32\Drivers\etc\lmhosts.sam
2018-02-06 22:16 - 2018-02-06 22:15 - 000001358 _____ C:\Windows\system32\Drivers\etc\protocol
2018-02-06 22:16 - 2018-02-06 22:15 - 000000858 _____ C:\Windows\system32\DefaultQuestions.json
2018-02-06 22:16 - 2018-02-06 22:15 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts_bak_288
2018-02-06 22:16 - 2018-02-06 22:15 - 000000741 _____ C:\Windows\SysWOW64\NOISE.DAT
2018-02-06 22:16 - 2018-02-06 22:15 - 000000741 _____ C:\Windows\system32\NOISE.DAT
2018-02-06 22:16 - 2018-02-06 22:15 - 000000407 _____ C:\Windows\system32\Drivers\etc\networks
2018-02-06 22:16 - 2018-02-06 22:15 - 000000219 _____ C:\Windows\system.ini
2018-02-06 22:16 - 2018-02-06 22:15 - 000000092 _____ C:\Windows\win.ini
2018-02-06 22:16 - 2018-01-23 19:23 - 000438768 _____ (Khronos Group) C:\Windows\SysWOW64\opencl.dll
2018-02-06 22:15 - 2018-02-07 01:02 - 000000000 ____D C:\Windows\INF
2018-02-06 22:13 - 2018-02-07 02:20 - 000000000 ___RD C:\Program Files (x86)
2018-02-06 22:13 - 2018-02-07 01:06 - 000000000 ____D C:\Windows\CbsTemp
2018-02-06 22:13 - 2018-02-06 23:41 - 000032768 _____ C:\Windows\system32\config\ELAM
2018-02-06 22:13 - 2018-02-06 23:40 - 071041024 _____ C:\Windows\system32\config\SOFTWARE
2018-02-06 22:13 - 2018-02-06 23:40 - 013107200 _____ C:\Windows\system32\config\SYSTEM
2018-02-06 22:13 - 2018-02-06 23:40 - 000524288 _____ C:\Windows\system32\config\DEFAULT
2018-02-06 22:13 - 2018-02-06 23:40 - 000262144 _____ C:\Windows\system32\config\BBI
2018-02-06 22:13 - 2018-02-06 23:40 - 000065536 _____ C:\Windows\system32\config\SECURITY
2018-02-06 22:13 - 2018-02-06 23:09 - 000000000 ___HD C:\$SysReset
2018-02-06 22:13 - 2018-02-06 22:18 - 000000000 ____D C:\Windows\servicing
2018-02-06 22:13 - 2018-02-06 22:17 - 000065536 _____ C:\Windows\system32\config\SAM
2018-02-06 22:13 - 2018-02-06 22:16 - 000000000 ____D C:\Windows\system32\SMI
2018-01-09 19:33 - 2016-09-28 20:15 - 000162120 _____ (Qualcomm Atheros, Inc.) C:\Windows\system32\Drivers\e2xw10x64.sys
2017-12-14 01:05 - 2018-02-07 02:27 - 000000000 ___HD C:\$WINDOWS.~BT
2017-11-09 04:41 - 2017-11-09 04:41 - 000504360 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstusb.sys
2017-11-09 04:40 - 2017-11-09 04:40 - 001630248 _____ (NVIDIA Corporation) C:\Windows\system32\nvir3dgenco64.dll
2017-11-09 04:38 - 2018-01-23 19:23 - 001682288 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-11-09 04:38 - 2018-01-23 19:23 - 000226760 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-11-09 04:38 - 2017-11-09 04:38 - 001997752 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438813.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 001682544 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438813.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 001624168 _____ (NVIDIA Corporation) C:\Windows\system32\SET293.tmp
2017-11-09 04:38 - 2017-11-09 04:38 - 000233904 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\SET1C5.tmp
2017-11-09 04:25 - 2018-01-23 19:23 - 004580832 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-11-09 04:25 - 2017-11-09 04:25 - 004533184 _____ (NVIDIA Corporation) C:\Windows\system32\SET65F8.tmp
2017-11-09 03:57 - 2018-01-23 19:23 - 000048407 _____ C:\Windows\system32\nvinfo.pb
 
==================== Three Months Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
 
Some files in TEMP:
====================
2018-02-07 02:12 - 2018-02-07 02:13 - 001069856 _____ () C:\Users\Danny\AppData\Local\Temp\rscp_setup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {35969b89-0b6b-11e8-a194-abe35755e710}
                        {263ba3c2-0b81-11e8-af9d-806e6f6e6963}
                        {263ba3c3-0b81-11e8-af9d-806e6f6e6963}
                        {263ba3c4-0b81-11e8-af9d-806e6f6e6963}
timeout                 1
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {35969b91-0b6b-11e8-a194-abe35755e710}
displayorder            {current}
bootsequence            {35969b90-0b6b-11e8-a194-abe35755e710}
toolsdisplayorder       {memdiag}
timeout                 0
 
Firmware Application (101fffff)
-------------------------------
identifier              {263ba3c2-0b81-11e8-af9d-806e6f6e6963}
description             UEFI:CD/DVD Drive
 
Firmware Application (101fffff)
-------------------------------
identifier              {263ba3c3-0b81-11e8-af9d-806e6f6e6963}
description             UEFI:Removable Device
 
Firmware Application (101fffff)
-------------------------------
identifier              {263ba3c4-0b81-11e8-af9d-806e6f6e6963}
description             UEFI:Network Device
 
Firmware Application (101fffff)
-------------------------------
identifier              {35969b89-0b6b-11e8-a194-abe35755e710}
description             UEFI: Built-in EFI Shell 
 
Windows Boot Loader
-------------------
identifier              {35969b8d-0b6b-11e8-a194-abe35755e710}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{35969b8e-0b6b-11e8-a194-abe35755e710}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{35969b8e-0b6b-11e8-a194-abe35755e710}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.efi
description             Windows 10
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {35969b8d-0b6b-11e8-a194-abe35755e710}
displaymessageoverride  Recovery
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \Windows
resumeobject            {35969b91-0b6b-11e8-a194-abe35755e710}
nx                      OptOut
bootmenupolicy          Standard
 
Resume from Hibernate
---------------------
identifier              {35969b91-0b6b-11e8-a194-abe35755e710}
device                  partition=C:
path                    \Windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {35969b8d-0b6b-11e8-a194-abe35755e710}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 No
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Local
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {35969b8e-0b6b-11e8-a194-abe35755e710}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
LastRegBack: 2018-02-06 23:10

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Danny (07-02-2018 02:36:52)
Running from C:\Users\Danny\Desktop
Windows 10 Pro Version 1607 (X64) (2018-02-07 04:17:14)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-282559497-451337721-2173362044-500 - Administrator - Disabled)
Danny (S-1-5-21-282559497-451337721-2173362044-1001 - Administrator - Enabled) => C:\Users\Danny
DefaultAccount (S-1-5-21-282559497-451337721-2173362044-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-282559497-451337721-2173362044-1000 - Limited - Disabled)
Guest (S-1-5-21-282559497-451337721-2173362044-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AntiLogger Free version 1.8.2.320 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.320 - Zemana Ltd.)
Comodo Dome Shield IP Updater Agent (HKLM-x32\...\{302BFEBD-A200-4588-A734-22D77AE90DD4}) (Version: 1.0.0.2 - COMODO)
Comodo Shield Agent (HKLM-x32\...\{89047C23-659B-4718-BD55-8950BC33353E}) (Version: 1.2.0.6 - COMODO)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 390.77 - NVIDIA Corporation) Hidden
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.4 - Emsisoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.140 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation)
Killer Bandwidth Control Filter Driver (HKLM\...\{5B7A2B7B-CEA9-4E50-B0E4-E82F204CBE78}) (Version: 1.1.57.1125 - Rivet Networks)
Killer E220x Drivers (HKLM\...\{77C95134-CA2D-4614-9C86-55B7A6A281AA}) (Version: 1.1.57.1125 - Rivet Networks)
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.57.1125 - Rivet Networks)
Malwarebytes Anti-Exploit version 1.11.1.48 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.11.1.48 - Malwarebytes)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-282559497-451337721-2173362044-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.27 - MSI)
MSIRegister (HKLM-x32\...\{80B995A4-3A86-4690-98A6-563F1A788835}_is1) (Version: 2.0.0.10 - MSI)
NordVPN (HKLM-x32\...\{268B3D75-199F-4844-9AFF-36A629814C8B}) (Version: 6.11.11 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.11.11) (Version: 6.11.11 - NordVPN)
Norton Security (HKLM-x32\...\NS) (Version: 22.10.0.85 - Symantec Corporation)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.6.1.145 - Symantec Corporation)
NVIDIA Graphics Driver 390.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 390.77 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Reason Core Security (HKLM-x32\...\Reason Core Security) (Version: 1.1.0.0 - Reason Software Company Inc.)
SafeNet Authentication Client 10.3 (HKLM\...\{2F50DC95-4FAE-4025-84F3-844C2100ABE5}) (Version: 10.3.25.0 - Gemalto)
TAP-NordVPN 9.21.2 (HKLM\...\TAP-NordVPN) (Version: 9.21.2 - NordVPN.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.13 - Tweaking.com)
UCheck version 2.3.2.0 (HKLM\...\C4E7EE54-826F-41C4-BE3C-375CC70DC1D8_is1) (Version: 2.3.2.0 - Adlice Software)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{7C070E60-8769-4763-BBD8-7537A28A60D4}) (Version: 1.10.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22350 - Microsoft Corporation)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-02-07] ()
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-01-23] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-02-07] ()
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.10.0.85\buShell.dll [2017-07-14] (Symantec Corporation)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.10.0.85\NavShExt.dll [2017-07-14] (Symantec Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0DE1C53F-E391-4716-B3CF-C43DB0921FAE} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {22C764B0-4DB2-4CCC-87AB-AA778CF31B3B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-06] (Google Inc.)
Task: {28C3C354-96C8-4844-ADE9-1DEAF435B8B8} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.10.0.85\SymErr.exe [2017-07-14] (Symantec Corporation)
Task: {34C3B638-9FC5-4374-A5DC-57C412591ED9} - System32\Tasks\Norton Security Scan for Danny => C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.145\Nss.exe [2017-12-15] (Symantec Corporation)
Task: {35A760EC-288D-4081-8CA2-32571CDFE70C} - System32\Tasks\ReasonSecurityScheduledScan => C:\Program Files\Reason\Security\rsUI.exe [2015-08-12] (Reason Software Company Inc.)
Task: {3732AD9F-0418-4A63-BF9F-A7AD3A301CD2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-06] (Google Inc.)
Task: {768EBD4A-2761-462A-B08D-591C319E75AC} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2017-07-14] (Symantec Corporation)
Task: {9599B2F8-3435-400F-8357-B7213FBAB6F6} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.10.0.85\SymErr.exe [2017-07-14] (Symantec Corporation)
Task: {C353E55C-EFDF-4BE4-8E65-9144E736B370} - System32\Tasks\MSI_Toast_Server => C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe [2017-07-10] (Micro-Star INT'L CO., LTD.)
Task: {C78FC94F-304B-4EFE-A806-99422B7786D6} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.10.0.85\WSCStub.exe [2017-07-14] (Symantec Corporation)
Task: {C7D003D8-1C1B-48A4-90DC-DCABFB782CA2} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.10.0.85\SymErr.exe [2017-07-14] (Symantec Corporation)
Task: {F63FC785-BFFA-4118-B902-F03525F9EAFD} - System32\Tasks\ReasonSecurityStart => C:\Program Files\Reason\Security\rsUI.exe [2015-08-12] (Reason Software Company Inc.)
Task: {F8E92E22-52ED-4039-A6BC-81BC655B7886} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 000231424 ____N () C:\Windows\SYSTEM32\ism32k.dll
2016-07-16 06:42 - 2016-07-16 06:42 - 002681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2018-02-07 00:12 - 2018-02-07 00:19 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-02-07 00:12 - 2018-02-07 00:19 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-02-05 07:29 - 2018-02-05 07:29 - 000420640 _____ () C:\Program Files (x86)\NordVPN\nordvpn-service.exe
2017-10-20 16:42 - 2017-10-20 16:42 - 000393200 _____ () C:\Windows\system32\igfxTray.exe
2018-01-22 05:26 - 2018-01-22 05:26 - 000217375 _____ () C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\liblzo2-2.dll
2018-01-22 05:26 - 2018-01-22 05:26 - 000118668 _____ () C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\libpkcs11-helper-1.dll
2018-01-18 14:25 - 2018-01-18 14:25 - 000158720 _____ () C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\Liberation.Native.OpenvpnFwHelperPlugin.dll
2018-01-18 14:25 - 2018-01-18 14:25 - 000305152 _____ () C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\Liberation.Native.Firewall.dll
2018-02-06 23:51 - 2018-01-23 19:23 - 000544240 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll
2018-02-06 23:11 - 2018-01-23 17:57 - 000133704 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-12-26 11:07 - 2017-12-26 11:07 - 000235520 _____ () C:\Program Files (x86)\COMODO\Shield Agent\dnscrypt-proxy.exe
2018-02-06 23:52 - 2018-02-01 01:13 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.140\libglesv2.dll
2018-02-06 23:52 - 2018-02-01 01:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.140\libegl.dll
2018-02-07 02:20 - 2018-02-07 02:20 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2016-07-16 06:42 - 2016-07-16 06:42 - 000130048 _____ () C:\Windows\SYSTEM32\CHARTV.dll
2016-07-16 06:42 - 2016-07-16 06:42 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-07-16 06:43 - 2016-07-16 06:43 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-07-16 06:43 - 2016-07-16 09:28 - 009761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-16 06:43 - 2016-07-16 09:28 - 001400320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-16 06:43 - 2016-07-16 09:28 - 000757248 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-07-16 06:43 - 2016-07-16 09:28 - 001033728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-07-16 06:43 - 2016-07-16 09:28 - 002438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-16 06:43 - 2016-07-16 09:28 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2018-02-07 00:11 - 2005-07-18 13:43 - 000160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2018-01-18 14:25 - 2018-01-18 14:25 - 000233472 _____ () C:\Program Files (x86)\NordVPN\Liberation.Native.Firewall.dll
2017-12-26 11:07 - 2017-12-26 11:07 - 000831511 _____ () C:\Program Files (x86)\COMODO\Shield Agent\libsodium-18.dll
2017-12-26 11:07 - 2017-12-26 11:07 - 000095232 _____ () C:\Program Files (x86)\COMODO\Shield Agent\libgcc_s_sjlj-1.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2018-02-06 22:16 - 2018-02-07 02:24 - 000000825 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-282559497-451337721-2173362044-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 103.86.99.99 - 103.86.96.96
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "MSIRegister"
HKU\S-1-5-21-282559497-451337721-2173362044-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{5C49212B-057E-4510-8D1B-76E2A28EB1F2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{62BE74E1-827D-4267-A0D6-249F15611F6A}] => (Allow) C:\Users\Danny\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpn.exe
FirewallRules: [{4573D824-F365-4633-9F88-ABCE778E3671}] => (Allow) C:\Users\Danny\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpnserv.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: Root Print Queue
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/07/2018 02:20:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: a2service.exe, version: 2018.1.0.8407, time stamp: 0x58fe0540
Faulting module name: ntdll.dll, version: 10.0.14393.0, time stamp: 0x578997b2
Exception code: 0xc0000374
Fault offset: 0x00000000000f73e3
Faulting process id: 0x2e60
Faulting application start time: 0x01d39fe24502ae7f
Faulting application path: C:\Program Files\Emsisoft Anti-Malware\a2service.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 3afeed84-ed2a-4374-b079-c3f5a5cb6949
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/06/2018 11:25:03 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (02/07/2018 01:23:27 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DANNY-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/07/2018 12:48:27 AM) (Source: MsiInstaller) (EventID: 11606) (User: DANNY-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.
 
Error: (02/07/2018 12:48:21 AM) (Source: MsiInstaller) (EventID: 11606) (User: DANNY-PC)
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.
 
Error: (02/07/2018 12:37:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.1284, time stamp: 0x5a15ab42
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00
Exception code: 0xc0000005
Fault offset: 0x001aa3b6
Faulting process id: 0x27f4
Faulting application start time: 0x01d39fd5bc8f3990
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 849c3fc3-e05e-43c7-ac88-0997205390f5
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/07/2018 12:37:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.0.0.1284, time stamp: 0x5a15a98e
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00
Exception code: 0xc0000005
Fault offset: 0x001aa3b6
Faulting process id: 0x2718
Faulting application start time: 0x01d39fd5bdd68853
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 770e9e3b-bb66-4748-8f56-6439b0a135eb
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/07/2018 12:36:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1023.
 
Error: (02/07/2018 12:36:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1023.
 
Error: (02/07/2018 12:36:11 AM) (Source: ESENT) (EventID: 455) (User: )
Description: Catalog Database (1308) Catalog Database: Error -1023 (0xfffffc01) occurred while opening logfile C:\Windows\system32\CatRoot2\edb.log.
 
 
System errors:
=============
Error: (02/07/2018 02:20:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Emsisoft Protection Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (02/07/2018 01:06:26 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Feature update to Windows 10, version 1709.
 
Error: (02/07/2018 01:02:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/07/2018 01:02:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/07/2018 01:02:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/07/2018 01:02:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/06/2018 11:45:42 PM) (Source: DCOM) (EventID: 10010) (User: DANNY-PC)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.
 
Error: (02/06/2018 11:44:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/06/2018 11:40:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WMPNetworkSvc service terminated with the following error: 
An attempt was made to reference a token that does not exist.
 
Error: (02/06/2018 11:40:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HvHost service terminated with the following error: 
A device attached to the system is not functioning.
 
 
CodeIntegrity:
===================================
  Date: 2018-02-07 02:20:36.781
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
 
  Date: 2018-02-07 02:18:04.527
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-02-07 02:16:54.749
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-02-07 02:13:11.054
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
 
  Date: 2018-02-07 02:07:45.873
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
 
  Date: 2018-02-07 02:07:30.530
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-02-06 23:44:14.886
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-02-07 01:34:54.294
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-02-07 01:33:02.087
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2018-02-07 01:08:08.070
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 36%
Total physical RAM: 15818.61 MB
Available physical RAM: 10090.99 MB
Total Virtual: 18762.61 MB
Available Virtual: 11920.08 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:223.02 GB) (Free:179.35 GB) NTFS
Drive d: () (Fixed) (Total:223.55 GB) (Free:223.38 GB) NTFS
Drive e: (RT-AC3100) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 843B38AA)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 223.6 GB) (Disk ID: D067D13D)
 
Partition: GPT.
 
 
==================== End of Addition.txt ============================
Users shortcut scan result (x64) Version: 27.01.2018
Ran by Danny (07-02-2018 02:37:05)
Running from C:\Users\Danny\Desktop
Boot Mode: Normal
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\Danny\Documents ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\Danny\Downloads ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\Danny\Music ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\Danny\Pictures ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\Danny\Videos ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\08 - Homegroup.lnk -> Microsoft.Windows.Homegroup
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\09 - Network.lnk -> Microsoft.Windows.Network
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\Danny ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk -> C:\Windows\MiracastView\MiracastView.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk -> C:\Windows\PrintDialog\PrintDialog.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware\Zemana AntiMalware.lnk -> C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free\AntiLogger Free.lnk -> C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe (Zemana Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free\Uninstall AntiLogger Free.lnk -> C:\Program Files (x86)\Zemana AntiLogger Free\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UCheck\UCheck.lnk -> C:\Program Files\UCheck\UCheck64.exe (Adlice Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SafeNet\SafeNet Authentication Client\SafeNet Authentication Client Tools.lnk -> C:\Program Files\SafeNet\Authentication\SAC\x64\SACTools.exe (Gemalto)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SafeNet\SafeNet Authentication Client\SafeNet Authentication Client.lnk -> C:\Program Files\SafeNet\Authentication\SAC\x64\SACMonitor.exe (Gemalto)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security\Reason Core Security.lnk -> C:\Program Files\Reason\Security\rsUI.exe (Reason Software Company Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan\Norton Security Scan.LNK -> C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.145\Nss.exe (Symantec Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN\NordVPN.lnk -> C:\Program Files (x86)\NordVPN\NordVPN.exe (NordVPN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI\MSIRegister\MSIRegister.lnk -> C:\MSI\MSIRegister\MSIRegister.exe (Micro-Star INT'L CO., LTD.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI\MSIRegister\Uninstall MSIRegister.lnk -> C:\MSI\MSIRegister\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI\Live Update\Live Update.lnk -> C:\Program Files (x86)\MSI\Live Update\Live Update.exe (Micro-Star INT'L CO., LTD.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI\Live Update\Uninstall Live Update.lnk -> C:\Program Files (x86)\MSI\Live Update\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware\Emsisoft Anti-Malware.lnk -> C:\Program Files\Emsisoft Anti-Malware\a2start.exe (Emsisoft Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware\Emsisoft Homepage.lnk -> C:\Program Files\Emsisoft Anti-Malware\Emsisoft.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware\Help.lnk -> C:\Program Files\Emsisoft Anti-Malware\en-us.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware\Uninstall.lnk -> C:\Program Files\Emsisoft Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo\Dome Shield Dynamic IP Updater\Shield IP Updater.lnk -> C:\Program Files (x86)\COMODO\Shield IP Updater\cShieldIpUpdater.exe (COMODO Security Solutions)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\syswow64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft® Windows® Operating System)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\Links\Desktop.lnk -> C:\Users\Danny\Desktop ()
Shortcut: C:\Users\Danny\Links\Downloads.lnk -> C:\Users\Danny\Downloads ()
Shortcut: C:\Users\Danny\Links\OneDrive.lnk -> C:\Users\Danny\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\Desktop\Tweaking.com - Windows Repair.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe (Tweaking.com)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Danny\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Open Windows Repair (WR) Tray Icon.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe (Tweaking.com)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Tweaking.com - Registry Backup.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\registry_backup_tool\TweakingRegistryBackup.exe (Tweaking.com)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Tweaking.com - Windows Repair.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe (Tweaking.com)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Windows Repair Help.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\help\windows_repair.chm ()
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\AntiLogger Free.lnk -> C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe (Zemana Ltd.)
Shortcut: C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk -> C:\Program Files\Emsisoft Anti-Malware\a2start.exe (Emsisoft Ltd)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\MSI Live Update 6.lnk -> C:\Program Files (x86)\MSI\Live Update\Live Update.exe (Micro-Star INT'L CO., LTD.)
Shortcut: C:\Users\Public\Desktop\NordVPN.lnk -> C:\Program Files (x86)\NordVPN\NordVPN.exe (NordVPN)
Shortcut: C:\Users\Public\Desktop\Norton Security Scan.LNK -> C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.145\Nss.exe (Symantec Corporation)
Shortcut: C:\Users\Public\Desktop\Reason Core Security.lnk -> C:\Program Files\Reason\Security\rsUI.exe (Reason Software Company Inc.)
Shortcut: C:\Users\Public\Desktop\UCheck.lnk -> C:\Program Files\UCheck\UCheck64.exe (Adlice Software)
Shortcut: C:\Users\Public\Desktop\Zemana AntiMalware.lnk -> C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk -> C:\Windows10Upgrade\Windows10UpgraderApp.exe (Microsoft Corporation) -> /ClientID "Win10Upgrade:VNL:EosWuV2:{}"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free\Generate Log File\Generate Log File.lnk -> C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe (Zemana Ltd.) -> /CRASH
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security\Norton Security.lnk -> C:\Program Files\Norton Security\Engine\22.10.0.85\uistub.exe (Symantec Corporation) -> /win8
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe () ->  /LOG
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Danny\Desktop\Windows 10 Update Assistant.lnk -> C:\Windows10Upgrade\Windows10UpgraderApp.exe (Microsoft Corporation) -> /ClientID "Win10Upgrade:VNL:EosWuV2:{}"
ShortcutWithArgument: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Uninstall Tweaking.com - Windows Repair.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\uninstall.exe (Indigo Rose Corporation) -> "/U:C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Uninstall\uninstall.xml"
ShortcutWithArgument: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsDefaults
ShortcutWithArgument: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemDevices
ShortcutWithArgument: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /0
ShortcutWithArgument: C:\Users\Danny\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsDefaults
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemDevices
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsDefaults
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemDevices
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /0
ShortcutWithArgument: C:\Users\defaultuser0\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Public\Desktop\Norton Security.lnk -> C:\Program Files\Norton Security\Engine\22.10.0.85\uistub.exe (Symantec Corporation) -> /win8
 
 
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free\AntiLogger Free on the Web.url -> URL: hxxp://www.zemana.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security\Reason Core Security on the Web.url -> URL: hxxp://www.reasoncoresecurity.com
InternetURL: C:\Users\Danny\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\Danny\Favorites\Links\Microsoft.com site search results (2).url -> BASEURL: hxxps://www.microsoft.com/en-us/search/result.aspx?q=chrome download windows 10 URL: hxxps://www.microsoft.com/en-us/search/result.aspx?q=chrome download windows 10#nav-downloads
InternetURL: C:\Users\Danny\Favorites\Links\Microsoft.com site search results.url -> BASEURL: hxxps://www.microsoft.com/en-us/search/result.aspx?q=chrome download windows 10 URL: hxxps://www.microsoft.com/en-us/search/result.aspx?q=chrome download windows 10#nav-downloads
 
==================== End of Shortcut.txt =============================


#11 frazz

frazz
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 09 February 2018 - 07:32 PM

Has anyone looked into this? It said it was next in the queue

#12 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:37 AM

Posted 12 February 2018 - 12:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/670151 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#13 frazz

frazz
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 15 February 2018 - 10:04 PM

---------------------------
Farbar Recovery Scan Tool (x64) Version: 12.02.2018
---------------------------
Addition.txt is saved in the same directory FRST is located.
---------------------------
OK   
---------------------------
---------------------------
Farbar Recovery Scan Tool (x64) Version: 12.02.2018
---------------------------
Shortcut.txt is saved in the same directory FRST is located.
---------------------------
OK   
---------------------------
 
Users shortcut scan result (x64) Version: 12.02.2018
Ran by Daanny (16-02-2018 01:04:22)
Running from C:\Users\Daanny\Desktop
Boot Mode: Normal
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear\TunnelBear website.lnk -> [LFXhSBi+00Bahttps://www.tunnelbear.com/]
 
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\Daanny\Documents ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\Daanny\Downloads ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\Daanny\Music ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\Daanny\Pictures ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\Daanny\Videos ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\08 - Homegroup.lnk -> Microsoft.Windows.Homegroup
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\09 - Network.lnk -> Microsoft.Windows.Network
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\Daanny ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{19589375-5C58-4AFA-842F-8B34744CCEAD}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear\TunnelBear.lnk -> C:\Program Files (x86)\TunnelBear\TunnelBear.UI.Launcher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI\MSIRegister\MSIRegister.lnk -> C:\MSI\MSIRegister\MSIRegister.exe (Micro-Star INT'L CO., LTD.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI\MSIRegister\Uninstall MSIRegister.lnk -> C:\MSI\MSIRegister\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Killer Networking\Network Manager\Killer Network Manager.lnk -> C:\Windows\Installer\{51B5A084-A40D-4F4B-90AA-EF8354EA7D96}\NetworkManager.exe_57A52662FCCD47C9AAA02E5E7FCEFD5C.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Security\ESET Security.lnk -> C:\Program Files\ESET\ESET Security\egui.exe (ESET)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\Daanny\Links\Desktop.lnk -> C:\Users\Daanny\Desktop ()
Shortcut: C:\Users\Daanny\Links\Downloads.lnk -> C:\Users\Daanny\Downloads ()
Shortcut: C:\Users\Daanny\Links\OneDrive.lnk -> C:\Users\Daanny\OneDrive ()
Shortcut: C:\Users\Daanny\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Daanny\Desktop\Help & Support.lnk -> C:\Program Files\Reimage\Reimage Repair\Reimage Repair.url ()
Shortcut: C:\Users\Daanny\Desktop\mbam - Shortcut.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Daanny\Desktop\Reimage Repair.lnk -> C:\Program Files\Reimage\Reimage Repair\ReimageRepair.exe (Reimage)
Shortcut: C:\Users\Daanny\Desktop\Run in safe mode.lnk -> C:\Program Files\Reimage\Reimage Repair\ReimageSafeMode.exe (Reimage)
Shortcut: C:\Users\Daanny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Daanny\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Daanny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\Daanny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\Daanny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\Daanny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\Daanny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Daanny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Daanny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Daanny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Daanny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Daanny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Daanny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Daanny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Daanny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Daanny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Daanny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Daanny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Daanny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Daanny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Daanny\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\Daanny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Daanny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Daanny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Daanny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer (2).lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Daanny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Daanny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Daanny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Daanny\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Daanny\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Daanny\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Daanny\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Daanny\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Daanny\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Daanny\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Daanny\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Daanny\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Public\Desktop\Killer Network Manager.lnk -> C:\Windows\Installer\{51B5A084-A40D-4F4B-90AA-EF8354EA7D96}\NetworkManager.exe_E38B8113745D486384C281C6EE6C49DB.exe (No File)
Shortcut: C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk -> C:\Program Files\Reimage\Reimage Repair\ReimageRepair.exe (Reimage)
Shortcut: C:\Users\Public\Desktop\TunnelBear.lnk -> C:\Program Files (x86)\TunnelBear\TunnelBear.UI.Launcher.exe ()
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe () ->  /LOG
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Security\ESET Banking & Payment protection.lnk -> C:\Program Files\ESET\ESET Security\ecmd.exe (ESET) -> /startprotectedbrowser
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Security\ESET SysInspector.lnk -> C:\Program Files\ESET\ESET Security\SysInspector.exe (ESET) -> /blank
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Daanny\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Daanny\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Daanny\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Daanny\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Daanny\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Daanny\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Daanny\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Daanny\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Daanny\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Daanny\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk -> C:\Program Files\ESET\ESET Security\ecmd.exe (ESET) -> /startprotectedbrowser
 
 
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url -> URL: hxxp://java.com/help
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url -> URL: hxxp://java.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> URL: hxxp://www.ccleaner.com/ccleaner
InternetURL: C:\Users\Daanny\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
 
==================== End of Shortcut.txt =============================
 


#14 frazz

frazz
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 15 February 2018 - 10:10 PM

Said it was too long to paste

Attached Files



#15 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 684 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:37 AM

Posted 17 February 2018 - 06:04 AM

Hi frazz and
Welcome to the Bleeping Computer! :)

My name is Slurppa and I will be handling your log(s) to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.


Please familiarize yourself with the following guidelines:

  • Complete all the steps in their given order.
  • Update me about the current state of your computer.
  • If you have any problems or questions please let me know. If your are unsure how to continue please let me know.
  • Do not run any other fixes/programs that I have not instructed.
  • Copy and paste all logs into your post directly unless otherwise instructed. Don't attach logs.
  • Lack of symptoms does not mean the computer is clean. Please stick with me until I give you green light.