Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keyloggers, Slow computer, Pup, And who knowsmore?


  • This topic is locked This topic is locked
28 replies to this topic

#1 Fransky

Fransky

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 17 May 2018 - 03:09 AM

Good afternoon Reader.

 

My name is Fransky.

 

Operating system Windows 10.

 

About a week ago my computer became very slow, Sometimes even freeze.

 

I dit a scan and found 3 keyloggers.

 

Keyloggers, Slow computer who even freeze from time to time, Pup and who knows more

 

Also my mousse is dancing sometimes over the screen, And some bookmark icons in Firefox are changed in a globe.

 

Other scans, Malwarebyte, Kaspersky, Zonealarm, Superantispyware, Zemanalogger, And a few more I even don't remember now.

 

I also had a FRST scan, Please see attachment.

 

It would be great to have someone take a look in this report and help me further.

 

Thanks in advance,

 

Fransky.

 

Not able to post attachments?


Edited by Fransky, 17 May 2018 - 11:12 PM.


BC AdBot (Login to Remove)

 


#2 polskamachina

polskamachina

  • Malware Response Team
  • 3,994 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 18 May 2018 - 09:42 AM

Hi Fransky,

 

My name is polskamachina and I would like to :welcome: you to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.
 
I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-7 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine. Running any additional tools may detect false positives, interfere with our tools, cause unforeseen damage, or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text into your replies to me.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Let's begin :)

 

The preferred method of posting logs in this forum is to copy and paste them into your replies. After you run a FRST scan, two logs named FRST.txt and Addition.txt will open into two separate Notepad windows. Can you please copy and paste those two logs into your next reply to me?

 

In summary I will need from you the following two logs copied and pasted into your next reply to me:

  • FRST.txt
  • Addition.txt

Let me know if you have any questions.

 

polskamachina



#3 Fransky

Fransky
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 18 May 2018 - 11:13 PM

Hello Polskamachina,

 

I live in Cambodia. When 9 Pm in your time zone it will be here in Cambodia 10.55 Am.

 

I am glad with your fast response, And like to thank you for this.

 

Here are the logs where you asking fore.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by User (administrator) on DESKTOP-M57FM9M (19-05-2018 10:39:00)
Running from C:\Users\User\Desktop\FRST
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 10 Pro Version 1511 10586.456 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(SUPERAntiSpyware.com) D:\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiLogger\ZAM.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
() C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiLogger\ZAM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2654512 2015-10-03] (NVIDIA Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiLogger\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [144240 2018-02-19] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [ZaAntiRansomware] => C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe [4305776 2018-05-08] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-05-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1702161164-850424020-3531705571-1001\...\MountPoints2: {36ed5771-0c4b-11e6-a92b-74c63b30ef2c} - "I:\DriverPackSolution.exe"
HKU\S-1-5-21-1702161164-850424020-3531705571-1001\...\MountPoints2: {5726ac38-ec54-11e6-a96c-9c5c8ed576f4} - "F:\Autorun.exe"
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll [94568 2017-01-19] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(1).dll [85864 2017-01-19] (Zemana Ltd.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-05-21]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{dcac8d3d-e591-4d4e-a077-2cb39335c5e1}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2017-09-12] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: n0doidc8.default-1497850579374
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\n0doidc8.default-1497850579374 [2018-05-19]
FF Homepage: Mozilla\Firefox\Profiles\n0doidc8.default-1497850579374 -> about:home
FF Extension: (German Dictionary) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\n0doidc8.default-1497850579374\Extensions\de-DE@dictionaries.addons.mozilla.org [2017-06-21] [Legacy]
FF Extension: (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\n0doidc8.default-1497850579374\Extensions\de_DE@dicts.j3e.de [2018-04-10] [Legacy]
FF Extension: (United States English Spellchecker) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\n0doidc8.default-1497850579374\Extensions\en-US@dictionaries.addons.mozilla.org [2017-06-21] [Legacy]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\n0doidc8.default-1497850579374\Extensions\langpack-de@firefox.mozilla.org.xpi [2018-05-10]
FF Extension: (English (GB) Language Pack) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\n0doidc8.default-1497850579374\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2018-05-10]
FF Extension: (Français Language Pack) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\n0doidc8.default-1497850579374\Extensions\langpack-fr@firefox.mozilla.org.xpi [2018-05-10]
FF Extension: (Nederlands (NL) Language Pack) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\n0doidc8.default-1497850579374\Extensions\langpack-nl@firefox.mozilla.org.xpi [2018-05-10]
FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\n0doidc8.default-1497850579374\Extensions\marcoagpinto@mail.telepac.pt [2018-04-27] [Legacy]
FF Extension: (Woordenboek Nederlands) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\n0doidc8.default-1497850579374\Extensions\nl-NL@dictionaries.addons.mozilla.org [2017-06-23] [Legacy] [not signed]
FF Extension: (Norton Safe Web) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\n0doidc8.default-1497850579374\Extensions\nortonsafeweb@symantec.com.xpi [2018-05-12]
FF Extension: (No Coin - Block miners on the web!) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\n0doidc8.default-1497850579374\Extensions\{5657c026-efc3-4860-b43b-16e4eaa8a9aa}.xpi [2018-02-26]
FF Extension: (Adblock Plus) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\n0doidc8.default-1497850579374\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-05-17]
FF HKU\S-1-5-21-1702161164-850424020-3531705571-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-09] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1232202.dll [2018-03-09] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-02-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; D:\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-07-30] (Windows ® Win 7 DDK provider) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [451288 2018-05-16] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [345504 2018-04-23] (Avira Operations GmbH & Co. KG)
R2 CPEFR; C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe [2498296 2018-04-11] (Check Point Software Technologies Ltd.)
R2 CpSbaCipolla; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [35064 2018-03-20] ()
R2 CpSbaUpdater; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [35064 2018-03-20] ()
R2 esifsvc; C:\Windows\system32\Intel\DPTF\esif_uf.exe [1700968 2018-01-01] (Intel Corporation)
R2 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-20] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-20] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 RemediationService; C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe [17656 2018-03-22] (Check Point Software Technologies Ltd.)
S2 RtkBtManServ; C:\Windows\RtkBtManServ.exe [281536 2018-04-23] (Realtek Semiconductor Corp.)
R2 TESvc; C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe [196344 2018-04-23] (Check Point Software Technologies Ltd.)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4202320 2018-02-19] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-18] (Microsoft Corporation)
R2 ZAARUpdateService; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe [45936 2018-05-08] ()
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiLogger\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2018-02-16] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1057648 2018-02-19] (Check Point Software Technologies Ltd.)
S2 FoxitReaderService; "C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe" [X]
S4 KMS-R@1n;  [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AsusSGDrv; C:\Windows\system32\DRIVERS\AsusSGDrv.sys [139752 2015-08-18] (ASUS Corporation)
S3 athr; C:\Windows\System32\drivers\athw10x.sys [4317808 2015-07-15] (Qualcomm Atheros Communications, Inc.)
R2 cpbak; C:\Windows\System32\DRIVERS\cpbak.sys [61592 2018-04-11] (Check Point Software Technologies Ltd.)
R1 CPEPMon; C:\Windows\System32\DRIVERS\CPEPMon.sys [68280 2018-04-09] (Check Point Software Technologies Ltd.)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [69560 2018-02-23] (Intel Corporation)
S3 dptf_pch; C:\Windows\System32\drivers\dptf_pch.sys [50696 2015-08-17] (Intel Corporation)
R1 epnetflt; C:\Windows\system32\drivers\epnetflt.sys [117400 2017-12-10] (Check Point Software Technologies)
R1 epp; C:\EEK\bin64\epp.sys [142448 2018-05-13] (Emsisoft Ltd)
R1 epregflt; C:\Windows\system32\drivers\epregflt.sys [101552 2017-10-23] (Check Point Software Technologies)
S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [181160 2017-06-28] (ESET)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [382392 2018-01-01] (Intel Corporation)
R3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [32840 2017-08-04] (ELAN Microelectronic Corp.)
R3 HIDSwitch; C:\Windows\System32\drivers\AsRadioControl.sys [31112 2017-11-19] (ASUS)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-08-04] (REALiX™)
R3 iagpioe; C:\Windows\System32\drivers\iagpioe.sys [41984 2017-08-04] (Intel® Corporation)
R3 iai2ce; C:\Windows\System32\drivers\iai2ce.sys [90104 2017-08-04] (Intel® Corporation)
S3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [46856 2015-06-15] (Intel Corporation)
S3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [132360 2015-06-15] (Intel Corporation)
R3 igfxLP; C:\Windows\system32\DRIVERS\igdkmd64lp.sys [7357944 2017-08-04] (Intel Corporation)
S0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [88256 2015-06-26] (Intel Corporation)
R2 ISWKL; C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\Bin\ISWKL.sys [65264 2018-03-11] (Check Point Software Technologies Ltd.)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [161408 2017-03-22] (Zemana Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554408 2018-02-16] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29208 2018-02-16] (AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [219104 2018-02-16] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [598752 2018-02-16] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1061848 2018-02-16] (AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [231312 2018-05-10] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [87584 2018-05-10] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [252600 2018-05-11] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [107656 2018-05-10] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [174664 2018-05-10] (AO Kaspersky Lab)
R3 phantomtap; C:\Windows\System32\drivers\phantomtap.sys [45056 2018-03-26] (The OpenVPN Project)
S3 PROLiNKusbdiag; C:\Windows\system32\DRIVERS\PROLiNKusbdiag.sys [123648 2010-07-29] (PROLiNK Corporation) [File not signed]
S3 PROLiNKusbmodem; C:\Windows\system32\DRIVERS\PROLiNKusbmodem.sys [123648 2010-07-29] (PROLiNK Corporation) [File not signed]
S3 PROLiNKusbnmea; C:\Windows\system32\DRIVERS\PROLiNKusbnmea.sys [123648 2010-07-29] (PROLiNK Corporation) [File not signed]
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1026896 2018-04-14] (Realtek )
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [756672 2018-04-23] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [7959408 2018-02-23] (Realtek Semiconductor Corporation )
R1 SASDIFSV; D:\\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; D:\\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [148240 2017-08-04] (Intel Corporation)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [461240 2018-02-19] (Check Point Software Technologies Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2018-05-11] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2018-05-11] (Zemana Ltd.)
S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
U3 iswSvc; no ImagePath
S3 massfilter; \SystemRoot\System32\drivers\massfilter.sys [X]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\1394ohci.sys DF1C3D7E6C7929AD83BE22852B5B08CB
C:\Windows\System32\drivers\3ware.sys 2C5B3035B86770ADD2FE9BFBAF5B35A4
C:\Windows\System32\drivers\ACPI.sys 469441BAE3FF8A16826FC62C51EF5E18
C:\Windows\System32\Drivers\acpiex.sys 7EADED8087C392876521F7EBCE846EF4
C:\Windows\System32\drivers\acpipagr.sys C498887123327CDFD73A05E7A2780920
C:\Windows\System32\drivers\acpipmi.sys C8DBE6EFFCF014CAA010B9BDDAC833EC
C:\Windows\System32\drivers\acpitime.sys 17039DBEB3B7B9ADCDB4B4533AA9771F
C:\Windows\System32\drivers\ADP80XX.SYS F7D0CD345D2DA42E7042ABCD73662403
C:\Windows\system32\drivers\afd.sys 70148EFA9A562E7185B75BBE7D376BF7
C:\Windows\System32\drivers\agp440.sys 870F1A2C936F92B5D053DF7EC75B352F
C:\Windows\System32\DRIVERS\ahcache.sys 3DF7751D5DC6525E7DC6617FBB45054F
C:\Windows\System32\DRIVERS\AiCharger.sys 50910888109FA9C041D9256541BE70EC
C:\Windows\System32\drivers\amdk8.sys B70F0F2F54B4A4DB6E9C830454752F5A
C:\Windows\System32\drivers\amdppm.sys 35E890482C9728DD5C552B85DA8A5AB2
C:\Windows\System32\drivers\amdsata.sys 5B30BCFE6E02E45D3EE268FF001BC5E0
C:\Windows\System32\drivers\amdsbs.sys F20B30F35A5C7888441B4DCA001ECF8E
C:\Windows\System32\drivers\amdxata.sys AFE838D7576C581D6483529621AB10CC
C:\Windows\System32\drivers\appid.sys EDDB0D726DBECDFC1DBCC6DB464E5A13
C:\Windows\System32\drivers\arcsas.sys E3FE8F610B1CC12BC3B2E6BC43DC97E2
C:\Windows\system32\DRIVERS\AsusSGDrv.sys 01CEC55B7297AE90C1D0739014AAE210
C:\Windows\System32\drivers\asyncmac.sys 5E00748A1AD246CAECBBB7553BED36CC
C:\Windows\System32\drivers\atapi.sys 492B99D2E3D5D7BFD5F0AE1BE7BD37DD
C:\Windows\System32\drivers\athw10x.sys 6CCA54D9875198E34D47ACCF58BCED31
C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys 0E717D7FED23731863EC44B4031DC268
C:\Windows\System32\drivers\bxvbda.sys 6447BA6FA709514B6C803D159B4C7D1E
C:\Windows\System32\drivers\BasicDisplay.sys B4AC08B1D04D0CE085435E5CD0E663C5
C:\Windows\System32\drivers\BasicRender.sys 25B5BB369DEE2BAE4BF459C978FF9035
C:\Windows\System32\drivers\bcmfn.sys 3F5523DCEFE42B385659C5CB46A6B810
C:\Windows\System32\drivers\bcmfn2.sys 0B750A6A6D847E73CA48ADD7A0F5A393
C:\Windows\System32\Drivers\Beep.sys 5A88834AEE15D97695FAE0837B73B3E4
C:\Windows\System32\DRIVERS\bowser.sys DA2C6F7ACE392193C424FEA975C5BFFB
C:\Windows\system32\DRIVERS\btfilter.sys 4D59C931D65393D48B3A058315D9C6F1
C:\Windows\system32\drivers\BthA2DP.sys FF4E89D75628B3780716CB6C87AC1CE2
C:\Windows\System32\drivers\BthAvrcpTg.sys CAEC7BC11AF69A181AF7932E636E09E4
C:\Windows\System32\drivers\BthEnum.sys B02E21CBB398C100129EC258E28F5957
C:\Windows\System32\drivers\bthhfenum.sys 5F2B4B32E986C058525D3BA2A475A16C
C:\Windows\System32\drivers\BthHFHid.sys 5406289E8AE2CB52FC408154E0A64BA7
C:\Windows\System32\drivers\BthLEEnum.sys 3B3BF88BB54CB9A18DE1EF07292B5A3D
C:\Windows\System32\drivers\bthmodem.sys A76F20CCCA31895A1DA78A875E50F946
C:\Windows\System32\drivers\bthpan.sys 09C3DB1B137B269A822F941D867A6BB6
C:\Windows\System32\drivers\BTHport.sys B205CA9FC2FB938DCB43DE851FD6A010
C:\Windows\System32\drivers\BTHUSB.sys 5964D5AC22AACA790CD182A91269D13E
C:\Windows\System32\drivers\buttonconverter.sys BF89BDBA5D3A0B4256D3F6FC8D31880D
C:\Windows\System32\drivers\capimg.sys C24C27FDF93B85A4EFCF25F830253AA2
C:\Windows\System32\DRIVERS\cdfs.sys 7F9C7226D743B232907ED2537B8A574F
C:\Windows\System32\drivers\cdrom.sys 82D97776BF982AA143BDC7DFB5054EA8
C:\Windows\System32\drivers\circlass.sys 0505C1D991D0F9D47F3353BB98597C7E
C:\Windows\System32\drivers\CLFS.sys 8B4B39C507ABA09AAFE8E3932D1B392C
C:\Windows\System32\drivers\CmBatt.sys 95832B049E2833B9F5189823CDF946C7
C:\Windows\System32\Drivers\cng.sys 46A4B82771DE8E9298D09988B720EF4A
C:\Windows\System32\DRIVERS\cnghwassist.sys 58D640BC2294C71BDE0953F12D4B432F
C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys 14F9883588398A1BDE49C75098C75DE6
C:\Windows\System32\drivers\condrv.sys 02B8E49148DE5E0A2F6FDF28CE94A6AC
C:\Windows\System32\DRIVERS\cpbak.sys 1A223414B80BE5C55B49E759A7C90696
C:\Windows\System32\DRIVERS\CPEPMon.sys 3147B8EB546A450470C31AB2E62654E3
C:\Windows\System32\drivers\csc.sys 5D578EAAFB6FD4F59523E5878B541296
C:\Windows\System32\drivers\dam.sys 2619DC483579DB9FE804044C1ADFFD1A
C:\Windows\System32\Drivers\dfsc.sys 935823F79CBEDB91637B63D37E3A5A36
C:\Windows\System32\drivers\disk.sys 4904B152E4942BF700F2D73228B4D477
C:\Windows\System32\drivers\dmvsc.sys 0197AE4B9790A4E73751CACFAA480126
C:\Windows\System32\drivers\dptf_cpu.sys 613F27A650A460AEAE233F4753ED8A22
C:\Windows\System32\drivers\dptf_pch.sys DB81D7A6BD9B191A09199D534E8BBEAB
C:\Windows\System32\drivers\drmkaud.sys 25FA06D3B49D6ADF8E874FFCDCD76B50
C:\Windows\System32\drivers\dxgkrnl.sys 302C226BF99C1838F987909BE4E12E13
C:\Windows\System32\drivers\evbda.sys 491275B864B704B54EC08168344E0F38
C:\Windows\System32\drivers\EhStorClass.sys CEF108FCE06892CFA5F1B49527D4BF49
C:\Windows\System32\drivers\EhStorTcgDrv.sys 5B1EAAE3001A7A320C106FC3859F4111
C:\Windows\system32\drivers\epnetflt.sys 44745C0A7BB5E507E2A289AC87EAA9C9
C:\EEK\bin64\epp.sys 4B302604189A4BF55ED774A79ECD58D0
C:\Windows\system32\drivers\epregflt.sys 1ED0C588E2060915530FEE69278F390A
C:\Windows\System32\drivers\errdev.sys 7A2705148A4BB3CA255F81624338B461
C:\Windows\system32\Drivers\ESETCleanersDriver.sys 926B2B7400E15FFA9630170C1B26E1AC
C:\Windows\system32\DRIVERS\esif_lf.sys 97FF6B87084ACD54EA811649B852F2B2
C:\Windows\System32\drivers\ETDSMBus.sys C08347A4F534C9E00FC7468AD2FDEC61
C:\Windows\System32\Drivers\exfat.sys DFE8A33FBCF6F38182631A4D6097B92D
C:\Windows\System32\Drivers\fastfat.sys C330883C06E2D4CE4F6982F048265D37
C:\Windows\System32\drivers\fdc.sys 9D299AE86D671488926126A84DF77BFD
C:\Windows\System32\drivers\filecrypt.sys 8F2523C9D8F1448FF2156452AF60FA00
C:\Windows\System32\drivers\fileinfo.sys 92ECCFA58C8195B8EA33ED942469D4E6
C:\Windows\System32\drivers\filetrace.sys 87C51FDD50C17882BA93E28BBABB9847
C:\Windows\System32\drivers\flpydisk.sys E99261DD76D1C9E05AF575939CAE5AC5
C:\Windows\System32\drivers\fltmgr.sys 25D7A58625E1453E40D36825DE74E4F1
C:\Windows\System32\drivers\FsDepends.sys B4175E8BE60B099686FF55CA7D692316
C:\Windows\System32\Drivers\Fs_Rec.sys CC71372CEB811A72F1DC99089C5CBF53
C:\Windows\System32\DRIVERS\fvevol.sys 50DFE05C698E9B0A63D95E3D669A105C
C:\Windows\System32\drivers\gagp30kx.sys B9981A4CB9F728B3312A3885BFAA7204
C:\Windows\System32\drivers\vmgencounter.sys 77555B11B264991DDC26872FFCF1AB97
C:\Windows\System32\drivers\genericusbfn.sys F3AC9652D88BF87BA6596CBEA28CE10F
C:\Windows\System32\Drivers\msgpioclx.sys F802FBABF0C4DF1BAA733187B2E476F5
C:\Windows\System32\drivers\gpuenergydrv.sys D011B0ADB15F4815310CE1BF4780B33E
C:\Windows\system32\DRIVERS\HdAudio.sys 0F93EBE9071A6BB1548BF0F816EEA24B
C:\Windows\System32\drivers\HDAudBus.sys 84BC034B6BB763733C1949B7B9BAF976
C:\Windows\System32\drivers\HidBatt.sys 6B8CB114B8E64C0636EB49F7B914D1FC
C:\Windows\System32\drivers\hidbth.sys D1AD197CCDAAC0CB4819DA1D6EB17BAE
C:\Windows\System32\drivers\hidi2c.sys 64909DECCFCC6FB5D9A5BAFDCCB31FEE
C:\Windows\System32\drivers\hidinterrupt.sys F510F7B7BF61DEAAC04E65C3B65E8D59
C:\Windows\System32\drivers\hidir.sys 90F3ED42D423C942BA5EA54E2FFE7AC7
C:\Windows\System32\drivers\AsRadioControl.sys D479BA2CD2E72C8C011BDB0357A2F0D0
C:\Windows\System32\drivers\hidusb.sys 128DEDDD61915DBA4D451D91D21F0513
C:\Windows\System32\drivers\HpSAMD.sys FF442DCDCE1F6E9FAA9C8AD0CD1D199B
C:\Windows\System32\drivers\HTTP.sys 63C3F74DC398A1C1A77E39DFB9C312CA
C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS EF558A02D734A1403583E95CCEEC2487
C:\Windows\System32\drivers\hwpolicy.sys CBA5E88A0F0475B7F49653BB72150BEF
C:\Windows\System32\drivers\hyperkbd.sys D668FAB4B0397B426EE3D41683B9A1C0
C:\Windows\system32\DRIVERS\HyperVideo.sys 40115A0F8E7FF9E786EBBD1D33D39AD7
C:\Windows\System32\drivers\i8042prt.sys 53FDD9E69189E546DE4740F8C4D8AB2F
C:\Windows\System32\drivers\iagpioe.sys CA9AF9CC68B852B5C59A0E290C3C0F0B
C:\Windows\System32\drivers\iai2c.sys 9A2A2F3C69B9A30B6E78536F6D258BAD
C:\Windows\System32\drivers\iai2ce.sys 2E6073DA70F98A69B9740FE6663B7B38
C:\Windows\System32\drivers\iaLPSS2i_I2C.sys 59A20F5AD9F4AE54098154359519408E
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\Windows\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\Windows\System32\drivers\iaLPSS_GPIO.sys 8FD3487A6AE70321404C34AC278840D8
C:\Windows\System32\drivers\iaLPSS_I2C.sys 4D962133CAB3A8555E7B1FD8D6BF38EA
C:\Windows\System32\drivers\iaStorA.sys 5F6CA62BE8ECC4D0E1F5D4D4A02B456B
C:\Windows\System32\drivers\iaStorAV.sys 6B0029A0253098CCE28EACCFDB9E7208
C:\Windows\System32\drivers\iaStorV.sys 9652E1E35A92D8C75710C17A63B15796
C:\Windows\System32\drivers\ibbus.sys FFADF691F7BF727AF5C863454A372723
C:\Windows\system32\DRIVERS\igdkmd64.sys EF69F1374D1214947AE94B3E63B8965B
C:\Windows\system32\DRIVERS\igdkmd64lp.sys 7E7B89BC2B14F44CF9A00FECC3B04EFB
C:\Windows\system32\drivers\RTKVHD64.sys 33F372B7B210D7E2FBAD70ED58A86D3C
C:\Windows\system32\DRIVERS\IntcDAud.sys 3B7A082F5D593663164F7540D42CCED3
C:\Windows\System32\drivers\IntelPcc.sys 72586E6D6DD4144D0C4CBD9D2653BBED
C:\Windows\System32\drivers\intelide.sys ECDB27420D3A98424666904525A8562A
C:\Windows\System32\drivers\intelpep.sys 8FF1978643EFD219C5BA49690191D701
C:\Windows\System32\drivers\intelppm.sys B61B60F36E1C8022FA8166ABF0F66B07
C:\Windows\System32\drivers\ioqos.sys CA0D42029AFFC4514D295E1EF823D02D
C:\Windows\System32\DRIVERS\ipfltdrv.sys 6E3F9D95235DFC9417384080A216F310
C:\Windows\System32\drivers\IPMIDrv.sys 4F527ECB5EAB47D8EAF34A469666C469
C:\Windows\System32\drivers\ipnat.sys 9E5E8F2A1996F23B7E9687846AA81B01
C:\Windows\System32\drivers\irenum.sys C317EB660138BC9CBFE37CCDE56351AE
C:\Windows\System32\drivers\isapnp.sys 531994A6D9399D9B74BE12B5BB58A81E
C:\Windows\System32\drivers\msiscsi.sys 68D5354A4A9692EEC24664C60F47D4A2
C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\Bin\ISWKL.sys DA51C62E8701BBD6667E5FA600DCF691
C:\Windows\System32\drivers\kbdclass.sys 701D7DB13B0815E7076EF4CB4CE981F8
C:\Windows\System32\drivers\kbdhid.sys 884EBBDDBF5968003B40185BD96FF0E6
C:\Windows\System32\drivers\kdnic.sys 6B3A0C7902811E6372643447E41F7048
C:\Windows\System32\DRIVERS\KeyCrypt64.sys BF0E0B7DE4E9BC8E0515779F66ACA853
C:\Windows\System32\DRIVERS\kl1.sys 025177EB96DDB40DBA3CD003AD54D90B
C:\Windows\System32\DRIVERS\klelam.sys 3635709CDF9CDCEF55DFE04EA99D4314
C:\Windows\system32\DRIVERS\klflt.sys 40F406456AEBD36BB95712F5C3B161E5
C:\Windows\system32\DRIVERS\klhk.sys BEDB4E41DD87FF85DB45624CD9615F07
C:\Windows\System32\DRIVERS\klif.sys 3B550F0509903D0BFB2AF63BB25B5B42
C:\Windows\System32\Drivers\klupd_klif_arkmon.sys 5DF80B8ED56F8865D0AD904F3199F08D
C:\Windows\System32\Drivers\klupd_klif_kimul.sys 34D207C9300529BE5E29267922483778
C:\Windows\System32\Drivers\klupd_klif_klark.sys 0EA41015CD1B41AFCCC896A916E8617A
C:\Windows\System32\Drivers\klupd_klif_klbg.sys DA3C0A419D56B332FADF15546EF5FC04
C:\Windows\System32\Drivers\klupd_klif_mark.sys F31EC261ECC09DB51EE6EDC03A415140
C:\Windows\System32\Drivers\ksecdd.sys 982C795DE20CED7AEDD2E7899B5D9BC1
C:\Windows\System32\Drivers\ksecpkg.sys 72DA8D559411D9464AC594C6966749A8
C:\Windows\system32\drivers\ksthunk.sys E9BB0023D730701BB5D9839B44F5E6B5
C:\Windows\System32\drivers\lltdio.sys EC34EED89C34B27C292166B725AC7A7B
C:\Windows\System32\drivers\lsi_sas.sys 961F28D879D345BFA50AF51285C90F2E
C:\Windows\System32\drivers\lsi_sas2i.sys 6BFB8D1B3407518BE06B6F81F92FA0F5
C:\Windows\System32\drivers\lsi_sas3i.sys BE0E47988D78F731DEC2C0CB03E765CB
C:\Windows\System32\drivers\lsi_sss.sys F99BF02BE9219986817BF094981EEB18
C:\Windows\system32\drivers\luafv.sys 2FCF837196082864F66CFD9CAB256275
C:\Windows\System32\drivers\megasas.sys 2ED29B635F35E31A1C0D3DDB7DD2AD03
C:\Windows\System32\drivers\megasr.sys 22E3CB85870879CBAE13C5095A8B12E3
C:\Windows\System32\drivers\TeeDriverW8x64.sys 296C443FCC228EA643ED310465772820
C:\Windows\System32\drivers\mlx4_bus.sys D41920FBFFF2BBCBBC69A5B383AD022E
C:\Windows\system32\drivers\mmcss.sys 64BD0C87064EA20C2D3DC4199F9C239C
C:\Windows\System32\drivers\modem.sys 8D4B46FA84A3A3702EDADD37FAC6EDBA
C:\Windows\System32\drivers\monitor.sys 78FEC1BDB168370F131BFBFEA0A04E9D
C:\Windows\System32\drivers\mouclass.sys D1CC0833CFBC4222A95CAA5D0C8C78FF
C:\Windows\System32\drivers\mouhid.sys C2E05EC6B80BCF5AE362DA873E1BCE64
C:\Windows\System32\drivers\mountmgr.sys D5B7668A8F6C67C51FA5C6C513396D6C
C:\Windows\System32\drivers\mpsdrv.sys 5FBCB85D127BE21E3A9DAF11A13C00EA
C:\Windows\system32\drivers\mrxdav.sys BF6CA7EA5ECD6CF72D3D76652A9B8280
C:\Windows\System32\DRIVERS\mrxsmb.sys 0B3B0C1D86050355676640488FA897D3
C:\Windows\System32\DRIVERS\mrxsmb10.sys 1A490555FD330CA2764D89191177C867
C:\Windows\System32\DRIVERS\mrxsmb20.sys 0F47A6C09F0A7FB5513D322A2B9BE4EC
C:\Windows\System32\drivers\bridge.sys A4411C522D41707D5BCA817A5BB9E30B
C:\Windows\System32\Drivers\Msfs.sys D123343DDB02E372B02BF2C4293F835F
C:\Windows\System32\drivers\msgpiowin32.sys B3358F380BA3F29F56BE0F7734C24D5F
C:\Windows\System32\drivers\mshidkmdf.sys B2044D5D125F249680508EC0B2AAEFAC
C:\Windows\System32\drivers\mshidumdf.sys 36ABE7FC80BED4FE44754AE5CFB51432
C:\Windows\System32\drivers\msisadrv.sys 59307FEAFC9E72EEEC56B7FD7D294F4C
C:\Windows\system32\DRIVERS\MSKSSRV.sys E9457EDFEBC774199F907395C6D09CA2
C:\Windows\System32\drivers\mslldp.sys C85D79735641D27C5821C35ECDDC2334
C:\Windows\system32\DRIVERS\MSPCLOCK.sys EF75184B64356850D0F04D049C253526
C:\Windows\system32\DRIVERS\MSPQM.sys 543933D166C618E7588EA77707EC1683
C:\Windows\System32\Drivers\MsRPC.sys 182711E9DDF70121A20EBB61B2DFB9E8
C:\Windows\System32\drivers\mssmbios.sys E887FFDD6734C496407E9219225CB6FF
C:\Windows\system32\DRIVERS\MSTEE.sys 83A2AB75951000D681FABDB80C07AEFC
C:\Windows\System32\drivers\MTConfig.sys 4FA0483896FC16583851EFB733FCB083
C:\Windows\System32\Drivers\mup.sys 60F88248608315E13391C2F1C3B4473F
C:\Windows\System32\drivers\mvumis.sys 218705233D02776AE4D19CC37D985C1B
C:\Windows\System32\DRIVERS\nwifi.sys FF0C49717D353218FDB16E03B7E05512
C:\Windows\System32\drivers\ndfltr.sys B57CE307DA101C739885B7CC0678077F
C:\Windows\System32\drivers\ndis.sys E582DA849A58524E645545FB68B6625D
C:\Windows\System32\drivers\ndiscap.sys 202260E7CDD731A32AF62ABD1ABEE008
C:\Windows\System32\drivers\NdisImPlatform.sys A1D473D0CF10561F29B58EA7C5412A92
C:\Windows\System32\DRIVERS\ndistapi.sys 1A0AE283B8DE6BB76412A0F8213D45AC
C:\Windows\System32\drivers\ndisuio.sys A74EE2D2C0BFF5EC3A6185791868C4CA
C:\Windows\System32\drivers\NdisVirtualBus.sys 32A9BD1342640D48AD85C8B3E812B984
C:\Windows\System32\drivers\ndiswan.sys 6A6A8CF5EE61801375A38EBB871D4057
C:\Windows\System32\DRIVERS\ndiswan.sys 6A6A8CF5EE61801375A38EBB871D4057
C:\Windows\System32\DRIVERS\NDProxy.sys 50AEF8EF0064A91ABB08D858D039C9DE
C:\Windows\System32\drivers\Ndu.sys 883A36E2FF7FA3E1281CB575579FE3AF
C:\Windows\System32\drivers\netbios.sys 026618ECF6C4BEBDCB7885D42EC0DBE4
C:\Windows\System32\DRIVERS\netbt.sys C03E926B0E7D66D68994067231DC3246
C:\Windows\System32\drivers\netvsc.sys 2BB62723C835F75F0C7C9E6A736881FB
C:\Windows\System32\Drivers\Npfs.sys 465DC580170CD844206D7E3EF1DBF2A1
C:\Windows\System32\drivers\npsvctrig.sys 29395C214D2CD4C81F73166AB988A797
C:\Windows\System32\drivers\nsiproxy.sys 2871225495F832A8C8A7DD1A17EDB3DC
C:\Windows\System32\Drivers\NTFS.sys 19BD8A88AAC580592668B070AC0727D9
C:\Windows\System32\Drivers\Null.sys 6DBD703320484C37CEA9E4E2D266A8CE
C:\Windows\system32\DRIVERS\nvlddmkm.sys 1490720DD0606D8B5E61C4CCB0F8CD55
C:\Windows\System32\drivers\nvraid.sys 604D27CC38CC23493F218D0BB834B3FF
C:\Windows\System32\drivers\nvstor.sys 8B50D897657AB4A15FD9E251BBF7D107
C:\Windows\System32\drivers\nv_agp.sys 31F990B2B6B91E9D7A667405CE12FCB1
C:\Windows\System32\drivers\parport.sys 7D0FC96264C0F8F2C1321E33E8EB646C
C:\Windows\System32\drivers\partmgr.sys D330D74B5F99309B5CCA30AE41C57CDE
C:\Windows\System32\drivers\pci.sys AE48BEBD9CD5D45EFB1AEA204CCE08BE
C:\Windows\System32\drivers\pciide.sys 2B4D98DF0CA57FB9536DBC80D2449D1F
C:\Windows\System32\drivers\pcmcia.sys F4D5793BF2E58AF15C6CF2FEEF9E73EB
C:\Windows\System32\drivers\pcw.sys 22A53744CEEADFFFD33BA010FAD95229
C:\Windows\System32\drivers\pdc.sys 67B9684B8272D5EBD1CCBB1DBD425EC8
C:\Windows\System32\drivers\peauth.sys E2F8376F9731D12A009C522036C6073A
C:\Windows\System32\drivers\percsas2i.sys 1398A85E59698067CBBE1D66A9C13ADF
C:\Windows\System32\drivers\percsas3i.sys 35F7C7AD709D909D618D9EDF987FC3ED
C:\Windows\System32\drivers\phantomtap.sys 419F10BCF592762A22821AACBF5B629D
C:\Windows\System32\drivers\raspptp.sys 5BA6B9AD03B81546BA64E488C4EF9D17
C:\Windows\System32\drivers\processr.sys 21AECFF3EB5748CBE12538A2500EFDE5
C:\Windows\system32\DRIVERS\PROLiNKusbdiag.sys E7EB2C975DAF86B185D10663354C3386
C:\Windows\system32\DRIVERS\PROLiNKusbmodem.sys E7EB2C975DAF86B185D10663354C3386
C:\Windows\system32\DRIVERS\PROLiNKusbnmea.sys E7EB2C975DAF86B185D10663354C3386
C:\Windows\System32\drivers\pacer.sys 596FB6C5A72F34B7566930985E543806
C:\Windows\System32\DRIVERS\PSKMAD.sys D271C14EE0EEEA27359CD9E14E49F0DE
C:\Windows\system32\drivers\qwavedrv.sys CFBA9C976CBF6796E5DC39EF59984021
C:\Windows\System32\DRIVERS\rasacd.sys 7B2AD8C55217B514C14281AB97B4E21D
C:\Windows\System32\drivers\AgileVpn.sys E15A9CE1E2E7D1C8DF97A4FC1FFE6289
C:\Windows\System32\drivers\rasl2tp.sys E3C82823B22463BC38AA4F8ADA852624
C:\Windows\System32\drivers\raspppoe.sys 3369023EB5790A75BA7DABA14B75D922
C:\Windows\System32\drivers\rassstp.sys 1E32A8CD65C4AD0A827CFEB13034DA29
C:\Windows\System32\DRIVERS\rdbss.sys 2B648363E4C5E34B469C58596F377DD9
C:\Windows\System32\drivers\rdpbus.sys D0221C13960E274CC539D72D5A842ED0
C:\Windows\System32\drivers\rdpdr.sys 1DC2CC74B51E4DC4CD5A20C1021E4010
C:\Windows\System32\drivers\rdpvideominiport.sys 177DF954D0DEC0465A380C75F6E7F65F
C:\Windows\System32\drivers\rdyboost.sys 5D1680871054D2B0B8A971BC8AB3B837
C:\Windows\System32\Drivers\ReFSv1.sys 341E6830DA70F65730300DAB4CB0B490
C:\Windows\System32\drivers\rfcomm.sys AEEF76F938188EBF27DF70C1806877F2
C:\Windows\system32\DRIVERS\RtsBaStor.sys 6D3832F14F53C886528FB1CA4C2EC2A6
C:\Windows\System32\drivers\rspndr.sys 0AC5FCDC29ED97ECDEF1276425EE2059
C:\Windows\System32\drivers\rt640x64.sys 8409F8E6134095A9C01A29D639B73A7A
C:\Windows\system32\DRIVERS\RtkBtfilter.sys CB0B9DDF6F2B6AEB2563D02B9A33A791
C:\Windows\system32\DRIVERS\rtwlane.sys A04D9405BCA9F13360234B4EAF1AB1B9
C:\Windows\System32\drivers\vms3cap.sys 044890BB0D6CF1E23C1087234D320509
D:\\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
D:\\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\Windows\System32\drivers\sbp2port.sys 530F797129776AA7E81994783A97E2AD
C:\Windows\System32\DRIVERS\scfilter.sys 9B6B1D4DB35A3D9BEAF023BC95E1F49D
C:\Windows\System32\drivers\sdbus.sys 44C6CCAD811D9491B24A49464C214570
C:\Windows\System32\drivers\sdstor.sys DE6D7DC78D956928F59F7415A0F41E13
C:\Windows\System32\drivers\SerCx.sys 67585C295FF2D221679E376B68893B35
C:\Windows\System32\drivers\SerCx2.sys B8C4852CBCAAC1374C08EC7445443824
C:\Windows\System32\drivers\serenum.sys D3A103944A8FCD78FD48B2B19092790C
C:\Windows\System32\drivers\serial.sys 249A563C48DFD9E42A37587653E003BB
C:\Windows\System32\drivers\sermouse.sys 0F5B43074AE731D2C6F061241C9D84A6
C:\Windows\System32\drivers\sfloppy.sys D9FE59276BD56A9643C32D5FACE2F251
C:\Windows\System32\drivers\SiSRaid2.sys ABBE803FE0BDAE0E5BE74DDEFBE62F23
C:\Windows\System32\drivers\sisraid4.sys 6043DF55CFE3C7ACF477645FA64DEA98
C:\Windows\System32\drivers\spaceport.sys 1A6CB30F0EFC1632E6F1B852CA892583
C:\Windows\System32\drivers\SpbCx.sys E1C158F6C00359278727A2CEE5D2ED71
C:\Windows\System32\DRIVERS\srv.sys BE88248427A6AA548A904FD867667F70
C:\Windows\System32\DRIVERS\srv2.sys 2568B86F6A50D254324CB89022CA9EFC
C:\Windows\System32\DRIVERS\srvnet.sys 6E520D6B16EA8AE23D1F81C1194F00C8
C:\Windows\System32\drivers\stexstor.sys CCDA497C880AD16D87EDFAEFCFB2EDF5
C:\Windows\System32\drivers\storahci.sys BF8EA6FC3358C2F69678E3E94F764F84
C:\Windows\System32\drivers\vmstorfl.sys 32FF460DA8C1F370F5C08B7654899B73
C:\Windows\System32\drivers\stornvme.sys CC21DB3EF619B9480FE31A4EFE92CBEB
C:\Windows\System32\drivers\storqosflt.sys 390B8A75768E2689586539C224520895
C:\Windows\System32\drivers\storufs.sys 770A92D9D3A0BF61C97C3AFCB36847D9
C:\Windows\System32\drivers\storvsc.sys 736A2418E3E7F3DB3CF6EB0A55D1D581
C:\Windows\System32\drivers\swenum.sys BD98B0225BCD49E8A62F4F8EE1D1F613
C:\Windows\System32\drivers\Synth3dVsc.sys CAE4B27B469C583131EA5AAE622F5D76
C:\Windows\system32\drivers\tbhsd.sys E432A6F8725F29514144C0CB62CA5A96
C:\Windows\System32\drivers\tcpip.sys E69F3CF1123F137872CCB9D7E900C085
C:\Windows\System32\drivers\tcpip.sys E69F3CF1123F137872CCB9D7E900C085
C:\Windows\System32\drivers\tcpipreg.sys 17F37EC9042D84561C550620643D9A85
C:\Windows\system32\DRIVERS\tdx.sys 91D3F2A6253EF83EFBD7903028F58C4D
C:\Windows\System32\drivers\terminpt.sys E730D0EB1B84EBC98423FC8D285EDBC0
C:\Windows\System32\drivers\tpm.sys 87B9ABB965F7AF987D52791F0DD1663D
C:\Windows\System32\drivers\TsUsbFlt.sys 48E828C66AB016E48F2CB4DD585315FD
C:\Windows\System32\drivers\TsUsbGD.sys 267C76EE60736EA5A1811A53FA02AABE
C:\Windows\System32\drivers\tunnel.sys 8CE72F094B822AD5EE9C3A3AFC0C16B6
C:\Windows\System32\drivers\TXEIx64.sys E3EE491C761BFF18B4F9AC55C530BD90
C:\Windows\System32\drivers\uagp35.sys 42C546414F80BD6C0137FC3A106F8A69
C:\Windows\System32\drivers\uaspstor.sys 1686DBC81748B096232B15F16C302985
C:\Windows\System32\Drivers\UcmCx.sys 82D3B1F4D80057826AA649D78147DE36
C:\Windows\System32\drivers\UcmUcsi.sys 1C95F7CE37D9EFB90EBE987A9712356C
C:\Windows\System32\drivers\ucx01000.sys AED081772091C98173905E2DF28C223B
C:\Windows\System32\drivers\udecx.sys DCA34A111C29E4578DF2B8CEA3C7CDBD
C:\Windows\System32\DRIVERS\udfs.sys 718A956AE00CE086F381044AB66CC29C
C:\Windows\System32\drivers\UEFI.sys BA760F8E66428BA9FF1E8BFBC6248136
C:\Windows\System32\drivers\ufx01000.sys 05DD22294A4F3F89E52351C7721E6D2C
C:\Windows\System32\drivers\UfxChipidea.sys 2B1DABA97DDF5365FC66EE7DEDD86A13
C:\Windows\System32\drivers\ufxsynopsys.sys 2A87EA182EA333D79AA0B03833EA67F2
C:\Windows\System32\drivers\uliagpkx.sys 6DE78C04BF32ECA7AF3064F53687C9A5
C:\Windows\System32\drivers\umbus.sys 67D1E0E6E4D5D33AF0AEF0E33B4DA0F4
C:\Windows\System32\drivers\umpass.sys 11680607944A719EF20E0E740785712A
C:\Windows\System32\drivers\urschipidea.sys 2410A0C20D21A25E6C01979FA886BE90
C:\Windows\System32\drivers\urscx01000.sys 6E59CE43B6BA5AA1ADCF36A4DBBB92BB
C:\Windows\System32\drivers\urssynopsys.sys E8A59FA109A22FC07E44BDFCC9727DBD
C:\Windows\system32\drivers\usbaudio.sys 9F9D5E2086BB9AEEA96E9BF73B7B2D32
C:\Windows\System32\drivers\usbccgp.sys D8A44550ECE102B6443F5D54DCE7DAB3
C:\Windows\System32\drivers\usbcir.sys 66B3D22DAB5312FF238ABF5C6D9F8FAB
C:\Windows\System32\drivers\usbehci.sys 3E4F20DB902D2E2914F3FF3DB9772200
C:\Windows\System32\drivers\usbhub.sys 41F7F00D76904416EF1F9EFA1A4C37A2
C:\Windows\System32\drivers\UsbHub3.sys E7463CE8579A0418A98BE9BE42C647D7
C:\Windows\System32\drivers\usbohci.sys DAB35CCA86F5FBE77D870A40089BC4A1
C:\Windows\System32\drivers\usbprint.sys 21162F65C7756AAECAEBED9E67D0A5FE
C:\Windows\system32\DRIVERS\usbscan.sys D67B6A4A6FB99D29444C2DBA2B636799
C:\Windows\System32\drivers\usbser.sys 4AAD6547953D373A1EB5B2DF583D868B
C:\Windows\System32\drivers\USBSTOR.SYS 8949F77132A4F8F3BA17C6727099F002
C:\Windows\System32\drivers\usbuhci.sys 8B3E458A8851F9A3B2109B1680EE1159
C:\Windows\System32\Drivers\usbvideo.sys 4B13B61CBB9CC3CB373C60B930D648F5
C:\Windows\System32\drivers\USBXHCI.SYS 9E9D58F5E1702955B2F4D62996F80E8E
C:\Windows\System32\drivers\vdrvroot.sys E1BE37312785A71862516F66B3FD24CE
C:\Windows\System32\drivers\VerifierExt.sys E42C0F2850735FF9D908B9DB581E6314
C:\Windows\System32\drivers\vhdmp.sys EC15FD6A28757793E2DA394CD94ABD52
C:\Windows\System32\drivers\vhf.sys D0C9632C350F46786643A069251BC249
C:\Windows\System32\drivers\vmbus.sys E886CB75DA2B6EB35469EF10135624C7
C:\Windows\System32\drivers\VMBusHID.sys 46D2EC27820EC0F798F85821E53C2942
C:\Windows\System32\drivers\volmgr.sys B9265F47E7A354BAAA0AF5CBA3F8F7CE
C:\Windows\System32\drivers\volmgrx.sys BEE9C8B72AB752B794F69C2B9B3678AA
C:\Windows\System32\drivers\volsnap.sys E1F91A727A04C9F8199D04FF3BBBF63C
C:\Windows\System32\drivers\vpci.sys F7B1B1101271E31F43CC76E890704F51
C:\Windows\System32\drivers\vsdatant.sys B0395671CD4A1B046BC7269A37C8E089
C:\Windows\System32\drivers\vsmraid.sys D48ED0A08BD2FD25A833E6AC99623091
C:\Windows\System32\drivers\vstxraid.sys 6990D4AFDF545669D4E6C232F26DE1FB
C:\Windows\System32\drivers\vwifibus.sys 1EE11F0508C58EF081F4176E66D6970B
C:\Windows\System32\drivers\vwififlt.sys 938E4EF58E42D252B742B0E243011B90
C:\Windows\System32\drivers\vwifimp.sys 3BE5AAC930447FD18D4A8255A2FEC95C
C:\Windows\System32\drivers\wacompen.sys 00C27B64C758C111E5D78A70DE6CA2B6
C:\Windows\System32\DRIVERS\wanarp.sys 8CB53620B2C2F0641DD7563EA0FDF491
C:\Windows\System32\DRIVERS\wanarp.sys 8CB53620B2C2F0641DD7563EA0FDF491
C:\Windows\system32\drivers\WdBoot.sys 069D3D6E20AD753B34FCE856F0436869
C:\Windows\System32\drivers\Wdf01000.sys 6CC727E94CD84E9720FDCDA8089CABCC
C:\Windows\System32\drivers\WdFilter.sys E3E97151A1D1E87BB2D5371F66C5F169
C:\Windows\System32\DRIVERS\wdiwifi.sys 2BC2E99623119521EEF7910A11D0FDE0
C:\Windows\System32\Drivers\WdNisDrv.sys 07B043160399AF4009054E2EA3464BF4
C:\Windows\System32\drivers\wfplwfs.sys C11272713719922DE5711094333BD166
C:\Windows\System32\drivers\wimmount.sys EF536C54AB9281FDC4E83B07279FCFC4
C:\Windows\System32\drivers\WindowsTrustedRT.sys D8966A76408107224C6013993135DD78
C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys 8B102A7B6CE326FD4208CC7C2D183343
C:\Windows\System32\drivers\winmad.sys 4A53441C1C4D2878BEF27E381138BB2D
C:\Windows\System32\drivers\WinUSB.SYS 260907CE034FE327AC99BDA4153AB22F
C:\Windows\System32\drivers\winverbs.sys 40A3E8D729F458B2C9A8BD9380FF83D5
C:\Windows\System32\drivers\wmiacpi.sys 8F010BF65238F3F822D22BA12831796E
C:\Windows\System32\Drivers\Wof.sys 2A9650FCC696DB28E45EA8B33B99B8E6
C:\Windows\System32\DRIVERS\wpcfltr.sys 22C52D7EE7C7D0E02C8EFD8CAE8E3A71
C:\Windows\System32\drivers\WpdUpFltr.sys 1C08E424CBDD5065BB7266F8C048C1B1
C:\Windows\system32\drivers\ws2ifsl.sys 638B43D39A3D0B47024555CF1095E6F1
C:\Windows\System32\drivers\WudfPf.sys A928F25CB62232F413EE655352856E10
C:\Windows\System32\drivers\WUDFRd.sys A932391623D5CEC4EF4A2A17D3CEBFCD
C:\Windows\system32\DRIVERS\WUDFRd.sys A932391623D5CEC4EF4A2A17D3CEBFCD
C:\Windows\System32\drivers\xboxgip.sys F279536122B83FD0D8E158AA753E1B7C
C:\Windows\System32\drivers\xinputhid.sys DA0807D87A62D076C29C4E30F1E84F46
C:\Windows\System32\drivers\zam64.sys 21E13F2CB269DEFEAE5E1D09887D47BB
C:\Windows\System32\drivers\zamguard64.sys 21E13F2CB269DEFEAE5E1D09887D47BB

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-17 15:20 - 2018-05-17 15:20 - 000001115 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2018-05-17 15:17 - 2018-05-17 15:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-05-17 15:17 - 2018-05-17 15:20 - 000000000 ____D C:\ProgramData\Avira
2018-05-17 15:17 - 2018-05-17 15:17 - 000001263 _____ C:\Users\Public\Desktop\Avira.lnk
2018-05-17 13:50 - 2018-05-17 13:57 - 000924140 _____ C:\TDSSKiller.3.1.0.17_17.05.2018_13.50.55_log.txt
2018-05-17 13:33 - 2018-05-17 13:45 - 000272094 _____ C:\TDSSKiller.3.1.0.17_17.05.2018_13.33.43_log.txt
2018-05-16 22:02 - 2018-05-19 10:39 - 000000000 ____D C:\FRST
2018-05-16 22:01 - 2018-05-19 10:39 - 000000000 ____D C:\Users\User\Desktop\FRST
2018-05-16 18:37 - 2018-05-16 18:37 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-05-16 09:05 - 2018-05-16 09:13 - 080067584 _____ (Soda Player) C:\Users\User\Desktop\SodaPlayerSetup 1.3.8.exe
2018-05-15 10:17 - 2018-05-15 10:17 - 000000000 ____D C:\Users\User\AppData\Roaming\WizTree3
2018-05-14 16:28 - 2018-05-14 16:28 - 000000000 ____D C:\Windows\SysWOW64\Adobe
2018-05-13 13:54 - 2018-05-13 13:54 - 000000000 ____D C:\Users\User\AppData\Local\CrashRpt
2018-05-12 09:00 - 2018-05-13 17:03 - 000000000 ___HD C:\SandBlastBackup
2018-05-12 08:07 - 2018-05-12 08:09 - 000000000 ____D C:\KVRT_Data
2018-05-11 15:00 - 2018-05-11 15:00 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2018-05-11 14:59 - 2018-05-16 14:54 - 000001224 _____ C:\Users\Public\Desktop\Zemana AntiLogger.lnk
2018-05-11 14:59 - 2018-05-11 15:01 - 000000000 ____D C:\Program Files (x86)\Zemana AntiLogger
2018-05-11 14:59 - 2018-05-11 14:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger
2018-05-11 14:59 - 2018-05-11 14:59 - 000000000 ____D C:\Program Files (x86)\KeyCryptSDK
2018-05-11 14:59 - 2017-03-22 12:44 - 000161408 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2018-05-11 12:50 - 2018-05-19 10:42 - 001191516 _____ C:\Windows\ZAM.krnl.trace
2018-05-11 12:50 - 2018-05-19 10:42 - 000295984 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-05-11 12:50 - 2018-05-11 12:50 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2018-05-11 12:48 - 2018-05-11 15:01 - 000000000 ____D C:\Users\User\AppData\Local\Zemana
2018-05-11 11:24 - 2018-05-11 11:24 - 000000000 ___SD C:\Users\User\Documents\Sandblast Agent!System!Data!Don'tDiscard
2018-05-11 11:24 - 2018-05-11 11:24 - 000000000 ___SD C:\Users\Public\Documents\-Sandblast AgentSystem-DataDon't-Discard
2018-05-11 11:22 - 2018-05-11 11:24 - 000000496 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2018-05-11 11:21 - 2018-04-11 08:17 - 000061592 _____ (Check Point Software Technologies Ltd.) C:\Windows\system32\Drivers\cpbak.sys
2018-05-11 11:21 - 2018-04-09 13:53 - 000068280 _____ (Check Point Software Technologies Ltd.) C:\Windows\system32\Drivers\CPEPMon.sys
2018-05-11 10:57 - 2018-05-11 10:57 - 000252600 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klark.sys
2018-05-11 10:47 - 2018-05-11 10:47 - 000000000 ____D C:\Windows\system32\%LOCALAPPDATA%
2018-05-10 21:59 - 2018-05-10 21:59 - 000231312 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_arkmon.sys
2018-05-10 21:59 - 2018-05-10 21:59 - 000174664 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_mark.sys
2018-05-10 21:59 - 2018-05-10 21:59 - 000107656 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klbg.sys
2018-05-10 21:59 - 2018-05-10 21:59 - 000087584 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_kimul.sys
2018-05-10 18:06 - 2018-05-10 18:06 - 000000000 _____ C:\Windows\system32\Drivers\etc\lmhosts
2018-05-10 18:02 - 2018-05-10 18:03 - 000441294 _____ C:\Windows\system32\Drivers\vsconfig.xml
2018-05-10 18:02 - 2018-02-16 22:59 - 000598752 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2018-05-10 18:02 - 2018-02-16 22:59 - 000554408 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kl1.sys
2018-05-10 18:02 - 2018-02-16 22:59 - 000151864 _____ (AO Kaspersky Lab) C:\Windows\system32\klhkum.dll
2018-05-10 18:00 - 2018-05-16 14:54 - 000000778 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2018-05-10 18:00 - 2018-05-10 18:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2018-05-10 17:34 - 2018-05-11 11:19 - 000000000 ____D C:\Program Files (x86)\CheckPoint
2018-05-10 17:19 - 2018-05-11 11:22 - 000000000 ____D C:\ProgramData\CheckPoint
2018-05-10 17:13 - 2018-05-10 18:24 - 000313560 _____ (Mozilla) C:\Users\User\Downloads\Firefox Installer.exe
2018-05-10 09:27 - 2018-05-10 17:23 - 000000000 ____D C:\Users\User\Downloads\backups
2018-05-10 03:11 - 2018-05-10 03:11 - 000000010 _____ C:\Users\User\AppData\Local\sponge.last.runtime.cache
2018-05-10 02:58 - 2018-05-10 02:58 - 000000000 ____D C:\Windows\Trend Micro
2018-05-09 21:21 - 2017-10-18 00:40 - 000334488 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2018-05-09 19:05 - 2018-05-09 19:05 - 000000000 ____D C:\Users\User\AppData\Roaming\Abelssoft
2018-05-09 19:05 - 2018-05-09 19:05 - 000000000 ____D C:\ProgramData\XDMessagingv4
2018-05-09 18:54 - 2018-05-10 02:38 - 000000000 ____D C:\Users\User\Doctor Web
2018-05-08 11:20 - 2018-05-08 11:20 - 000000000 ____D C:\Users\User\AppData\Local\Avira_Operations_Gmbh_&_C
2018-05-08 10:44 - 2018-05-08 10:44 - 000268257 _____ C:\Windows\system32\Drivers\cposfw.xml
2018-05-02 10:04 - 2018-05-02 10:04 - 000000000 ____D C:\Users\User\AppData\Local\AviraSpeedup
2018-05-02 10:03 - 2018-05-02 10:05 - 000016390 _____ C:\Windows\SysWOW64\Defrag.debuglog
2018-04-23 15:57 - 2018-04-23 15:57 - 000074188 _____ C:\Windows\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_8192ee_new.dll
2018-04-23 15:57 - 2018-04-23 15:57 - 000064412 _____ C:\Windows\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_new.dll
2018-04-23 15:57 - 2018-04-23 15:57 - 000055388 _____ C:\Windows\rtl8723d_mp_chip_bt40_fw_asic_rom_patch_new.dll
2018-04-23 15:57 - 2018-04-23 15:57 - 000051432 _____ C:\Windows\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_8812ae_new.dll
2018-04-23 15:57 - 2018-04-23 15:57 - 000051168 _____ C:\Windows\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_8814ae_new.dll
2018-04-23 15:57 - 2018-04-23 15:57 - 000051076 _____ C:\Windows\rtl8723b_mp_chip_bt40_fw_asic_rom_patch_new.dll
2018-04-23 15:57 - 2018-04-23 15:57 - 000051024 _____ C:\Windows\rtl8723b_mp_chip_bt40_fw_asic_rom_patch_new_s1.dll
2018-04-23 15:57 - 2018-04-23 15:57 - 000047408 _____ C:\Windows\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_8192eu_new.dll
2018-04-23 15:57 - 2018-04-23 15:57 - 000047152 _____ C:\Windows\rtl8822b_mp_chip_bt40_fw_asic_rom_patch_new.dll
2018-04-23 15:57 - 2018-04-23 15:57 - 000042856 _____ C:\Windows\rtl8821c_mp_chip_bt40_fw_asic_rom_patch_new.dll
2018-04-23 15:57 - 2018-04-23 15:57 - 000038120 _____ C:\Windows\rtl8821a_mp_chip_bt40_fw_asic_rom_patch_new.dll
2018-04-23 15:57 - 2018-04-23 15:57 - 000037100 _____ C:\Windows\rlt8723a_chip_bt40_fw_asic_rom_patch.dll
2018-04-23 15:57 - 2018-04-23 15:57 - 000002856 _____ C:\Windows\PidVid_List.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 072520672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2018-04-23 15:40 - 2018-04-23 15:40 - 015988192 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2018-04-23 15:40 - 2018-04-23 15:40 - 007178432 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 007101704 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 006270160 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 005346960 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 004074912 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 003677120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2018-04-23 15:40 - 2018-04-23 15:40 - 003452112 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 003410280 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 003306776 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 003214664 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 003198528 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 003121080 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 002939720 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 002444648 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 002197936 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 001971328 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 001965120 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 001780576 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 001591024 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 001544216 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOProp.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 001508896 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 001448736 _____ (Dolby Laboratories) C:\Windows\system32\DolbyAPOv251gm.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 001435096 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 001382192 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 001372352 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOv251.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 001353280 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 001337600 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 001327848 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 001266344 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 001259688 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOvlldp.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 001175168 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 001164584 _____ (Dolby Laboratories) C:\Windows\system32\DolbyAPOvlldpgm.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 001159144 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 001133048 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 001027600 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000999008 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000986952 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000964984 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000873424 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000852096 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000743928 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000727400 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000708272 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000691640 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000604760 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000532336 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000504272 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000467112 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000453240 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000447136 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000445360 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000441232 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000416472 _____ (Harman) C:\Windows\system32\HMUI.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000406416 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2APIPCLL.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000392840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000381368 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000378344 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000367576 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000366088 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000360304 _____ (Harman) C:\Windows\system32\HMClariFi.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000343672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000341104 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000341104 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000332976 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000327232 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000327232 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000315944 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000278240 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000258824 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000253864 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000253824 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000252840 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000231872 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000221928 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000220344 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000209496 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000203800 _____ (Harman) C:\Windows\system32\HMHVS.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000190896 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000190896 _____ (Harman) C:\Windows\system32\HMEQ.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000179560 _____ (Harman) C:\Windows\system32\HMLimiter.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000166168 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000158656 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000157304 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000154328 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000139720 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000122280 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000118552 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000116496 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000105272 _____ C:\Windows\system32\audioLibVc.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000093864 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000090872 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000090136 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000088280 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000083584 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2018-04-23 15:40 - 2018-04-23 15:40 - 000075496 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2018-04-23 15:33 - 2018-04-23 15:33 - 000154776 _____ (Check Point Software Technologies) C:\Windows\system32\Drivers\epklib.sys
2018-04-21 09:46 - 2018-03-21 15:15 - 000026400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-04-21 09:46 - 2018-03-21 14:03 - 000032256 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2018-04-21 09:46 - 2018-03-21 13:34 - 000209408 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2018-04-21 09:46 - 2018-03-21 13:10 - 000381952 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2018-04-21 09:46 - 2018-03-21 12:40 - 002279936 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-04-21 09:46 - 2018-03-01 15:37 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\wuapihost.exe
2018-04-21 09:46 - 2018-03-01 15:32 - 000048128 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2018-04-21 09:46 - 2018-03-01 14:45 - 000023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2018-04-21 09:46 - 2018-03-01 14:39 - 000848896 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-04-21 09:46 - 2018-03-01 14:35 - 000270848 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2018-04-21 09:46 - 2018-03-01 14:01 - 000706048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-04-21 09:46 - 2018-01-15 06:31 - 001110016 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2018-04-21 09:46 - 2017-10-16 11:36 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2018-04-21 09:46 - 2017-10-16 11:20 - 000379392 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2018-04-21 09:46 - 2017-09-14 15:08 - 000199168 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2018-04-21 09:46 - 2017-09-14 14:55 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2018-04-21 09:46 - 2017-09-14 14:38 - 000161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2018-04-21 09:46 - 2017-09-05 14:06 - 000320000 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2018-04-21 09:46 - 2017-09-05 13:10 - 001096192 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2018-04-20 14:18 - 2018-05-08 11:20 - 000000000 ____D C:\Windows\System32\Tasks\Avira
2018-04-20 13:39 - 2018-04-20 13:39 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2018-04-19 13:09 - 2018-05-18 10:24 - 000004210 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-04-19 12:51 - 2018-04-19 12:51 - 000000918 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-04-19 12:51 - 2018-04-19 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-04-19 12:50 - 2018-04-19 12:50 - 000000000 ____D C:\Program Files\VideoLAN
2018-04-18 13:25 - 2018-04-18 13:25 - 000000000 ____D C:\ProgramData\IsolatedStorage
2018-04-18 13:10 - 2018-05-17 15:19 - 000000000 ____D C:\Program Files (x86)\Avira
2018-04-14 16:31 - 2018-04-14 16:31 - 002070056 _____ (TODO: <Company name>) C:\Windows\wlanCliDLL.dll
2018-04-14 16:31 - 2018-04-14 16:31 - 000491496 _____ (Realtek Semiconductor Corp.) C:\Windows\WlanCLI.exe
2018-03-26 17:51 - 2018-03-26 17:51 - 000045056 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\phantomtap.sys
2018-03-20 10:13 - 2018-05-09 14:49 - 000004586 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-03-17 16:18 - 2018-03-17 16:57 - 000131072 _____ C:\Windows\system32\Ikeext.etl
2018-02-23 18:43 - 2018-02-23 18:43 - 001804672 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2018-02-23 18:42 - 2018-02-23 18:42 - 000003216 _____ C:\Windows\System32\Tasks\RTKCPL
2018-02-23 18:42 - 2018-02-23 18:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2018-02-21 01:09 - 2018-02-21 01:09 - 000000000 ____D C:\Windows\SoftwareDistribution-WinUpdFix-Old
2018-02-19 08:07 - 2018-02-19 08:07 - 000461240 _____ (Check Point Software Technologies Ltd.) C:\Windows\system32\Drivers\vsdatant.sys

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-19 10:38 - 2017-05-11 16:05 - 000000360 _____ C:\Windows\Tasks\HPCeeScheduleForUser.job
2018-05-19 10:36 - 2017-01-10 19:10 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2018-05-19 10:25 - 2017-05-28 11:19 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-05-19 10:25 - 2016-04-27 15:48 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-05-19 10:25 - 2016-04-27 15:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-19 10:08 - 2015-10-30 15:21 - 000000000 ____D C:\Windows\INF
2018-05-19 09:00 - 2015-10-30 15:24 - 000000000 ____D C:\Windows\system32\NDF
2018-05-18 14:39 - 2015-10-30 15:24 - 000000000 ____D C:\Windows\AppReadiness
2018-05-18 14:36 - 2017-05-23 18:13 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2018-05-18 10:26 - 2017-06-25 09:41 - 000000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2018-05-18 10:26 - 2016-04-27 14:34 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-18 10:24 - 2015-10-30 14:28 - 000524288 ___SH C:\Windows\system32\config\BBI
2018-05-17 18:20 - 2017-03-19 13:30 - 000000000 ____D C:\Users\User\AppData\Roaming\Skype
2018-05-17 15:16 - 2016-04-27 14:01 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-17 12:01 - 2016-04-27 13:56 - 000879220 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-16 19:52 - 2017-01-07 13:58 - 000004164 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8590E055-12AE-4DFF-B1EA-858C5ED94981}
2018-05-16 14:30 - 2016-04-27 15:09 - 000000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2018-05-16 13:53 - 2017-05-31 15:44 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2018-05-15 10:57 - 2017-01-07 18:16 - 000000000 ____D C:\Users\User\Desktop\Veiligheid
2018-05-14 10:39 - 2017-05-11 16:05 - 000003248 _____ C:\Windows\System32\Tasks\HPCeeScheduleForUser
2018-05-13 18:28 - 2017-05-23 20:26 - 000000000 ____D C:\EEK
2018-05-12 07:37 - 2015-10-30 15:24 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-10 21:26 - 2017-01-10 17:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-05-10 18:02 - 2015-10-30 14:28 - 000032768 ___SH C:\Windows\system32\config\ELAM
2018-05-10 14:16 - 2017-09-16 16:57 - 000000000 ____D C:\Users\User\AppData\Local\Abelssoft
2018-05-10 09:22 - 2016-04-27 13:53 - 000000000 ____D C:\Users\User\AppData\Local\VirtualStore
2018-05-09 14:48 - 2015-10-30 15:24 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-05-09 14:48 - 2015-10-30 15:24 - 000000000 ____D C:\Windows\system32\Macromed
2018-05-03 14:09 - 2017-08-04 15:49 - 000000000 ____D C:\Users\User\AppData\Roaming\IObit
2018-05-03 12:03 - 2017-02-18 13:34 - 000000000 ___HD C:\temp
2018-05-03 12:02 - 2015-10-30 15:24 - 000000000 ____D C:\Windows\tracing
2018-05-03 11:50 - 2017-01-30 18:57 - 000003354 __RSH C:\ProgramData\ntuser.pol
2018-05-01 11:03 - 2017-08-04 15:56 - 000000000 ____D C:\ProgramData\ProductData
2018-05-01 11:01 - 2017-11-25 22:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 5
2018-04-23 15:57 - 2017-05-18 06:24 - 000281536 _____ (Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
2018-04-23 15:57 - 2015-08-06 09:54 - 000756672 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\Drivers\RtkBtfilter.sys
2018-04-23 15:45 - 2017-08-04 16:37 - 000000000 ____D C:\Windows\system32\DAX3
2018-04-23 15:45 - 2016-04-27 14:41 - 000000000 ____D C:\Windows\system32\DAX2
2018-04-23 15:44 - 2016-04-27 14:40 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2018-04-23 15:41 - 2015-12-11 06:15 - 006161344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2018-04-23 15:40 - 2015-12-11 06:25 - 003632496 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2018-04-23 15:40 - 2015-12-11 06:25 - 000192944 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2018-04-23 15:40 - 2015-12-11 06:22 - 000688936 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2018-04-23 15:40 - 2015-12-11 06:14 - 000023656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2018-04-22 08:27 - 2015-10-30 15:11 - 000000000 ____D C:\Windows\CbsTemp
2018-04-21 09:47 - 2015-10-30 15:17 - 000203264 _____ (Microsoft Corporation) C:\Windows\system32\SIHClient.exe
2018-04-20 12:10 - 2017-02-10 11:48 - 000000000 ____D C:\Users\User\Documents\Adobe
2018-04-20 12:10 - 2016-12-25 10:15 - 000000000 __SHD C:\found.000
2018-04-20 12:10 - 2016-04-27 13:58 - 000000000 ____D C:\Windows\Log
2018-04-20 12:10 - 2015-10-30 15:24 - 000000000 ____D C:\Windows\system32\MsDtc
2018-04-20 12:10 - 2015-10-30 15:24 - 000000000 ____D C:\Windows\system32\Catroot2.bak
2018-04-20 11:06 - 2015-10-30 15:24 - 000000000 ___HD C:\Windows\ELAMBKUP
2018-04-19 13:09 - 2017-09-19 11:52 - 000000000 ____D C:\Program Files\CCleaner

==================== Files in the root of some directories =======

2017-05-24 14:09 - 2017-05-24 14:09 - 000127160 _____ () C:\Users\User\AppData\Local\ars.cache
2017-05-24 14:11 - 2017-05-24 14:11 - 000350290 _____ () C:\Users\User\AppData\Local\census.cache
2018-01-02 23:15 - 2018-04-05 12:55 - 000004608 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-05-24 12:09 - 2017-05-24 12:09 - 000000036 _____ () C:\Users\User\AppData\Local\housecall.guid.cache
2017-01-14 20:19 - 2017-01-14 20:19 - 000000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
2018-05-10 03:11 - 2018-05-10 03:11 - 000000010 _____ () C:\Users\User\AppData\Local\sponge.last.runtime.cache

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {ddfdab3c-daba-11e5-9c2c-f2e642637314}
timeout                 1

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume3
path                    \EFI\MICROSOFT\BOOT\BOOTMGFW.EFI
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {ddfdab3d-daba-11e5-9c2c-f2e642637314}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Firmware Application (101fffff)
-------------------------------
identifier              {ddfdab3c-daba-11e5-9c2c-f2e642637314}
device                  partition=\Device\HarddiskVolume3
path                    \EFI\MICROSOFT\BOOT\BOOTMGFW.EFI
description             CD/DVD Drive

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.efi
description             Windows 10
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {ddfdab3f-daba-11e5-9c2c-f2e642637314}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \Windows
resumeobject            {ddfdab3d-daba-11e5-9c2c-f2e642637314}
nx                      OptIn
bootmenupolicy          Legacy
bootlog                 No

Windows Boot Loader
-------------------
identifier              {ddfdab3f-daba-11e5-9c2c-f2e642637314}
device                  ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{ddfdab40-daba-11e5-9c2c-f2e642637314}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{ddfdab40-daba-11e5-9c2c-f2e642637314}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {ddfdab3d-daba-11e5-9c2c-f2e642637314}
device                  partition=C:
path                    \Windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {ddfdab3f-daba-11e5-9c2c-f2e642637314}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume3
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 No

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {ddfdab40-daba-11e5-9c2c-f2e642637314}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume2
ramdisksdipath          \Recovery\WindowsRE\boot.sdi


LastRegBack: 2018-05-14 14:39

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by User (19-05-2018 10:44:30)
Running from C:\Users\User\Desktop\FRST
Windows 10 Pro Version 1511 10586.456 (X64) (2016-04-27 05:51:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1702161164-850424020-3531705571-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1702161164-850424020-3531705571-503 - Limited - Disabled)
Guest (S-1-5-21-1702161164-850424020-3531705571-501 - Limited - Disabled)
User (S-1-5-21-1702161164-850424020-3531705571-1001 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ZoneAlarm Antivirus (Enabled - Up to date) {0683CCA9-024E-F5E0-0687-81040471DC5A}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {BDE22D4D-2474-FA6E-3C37-BA767FF696E7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall (Enabled) {3EB84D8C-4821-F4B8-2DD8-2831FAA29B21}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.2.202 - Adobe Systems, Inc.)
ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
Avira (HKLM-x32\...\{24589b47-78b2-4e0c-a9b3-3cf985a7da18}) (Version: 1.2.113.21021 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{45C4E5C6-9601-4B10-AD5D-B63990639767}) (Version: 1.2.113.21021 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.13.1.30846 - Avira Operations GmbH & Co. KG)
CCleaner (HKLM\...\CCleaner) (Version: 5.42 - Piriform)
Check Point SBA (HKLM\...\{CF47471E-A933-409A-AC94-E7A64913A186}) (Version: 86.4.4022 - Check Point Software Technologies Ltd.) Hidden
Combined Community Codec Pack 2015-10-18 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2015.10.19.0 - CCCP Project)
Cooltweak (HKLM\...\{5844F1BF-0003-0003-0000-F1452DAF087A}) (Version: 3.3.0 - Gueven)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Driver Booster 5 (HKLM-x32\...\Driver Booster_is1) (Version: 5.3.0 - IObit)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.3.0.14878 - Foxit Software Inc.)
Free Video Call Recorder for Skype (HKLM-x32\...\Free Video Call Recorder for Skype_is1) (Version: 1.2.69.1027 - Digital Wave Ltd)
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Icecream Screen Recorder versie 4.85 (HKLM-x32\...\{7ADEC622-3230-4C9A-9DCE-9BD462B74095}_is1) (Version: 4.85 - Icecream Apps)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.253.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
IrfanView 4.50 (64-bit) (HKLM\...\IrfanView64) (Version: 4.50 - Irfan Skiljan)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
KB4023057 (HKLM\...\{F2D7A08E-6B70-4336-AC4F-C7F765068281}) (Version: 1.0.1.0 - Microsoft Corporation)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1702161164-850424020-3531705571-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft_VC100_CRT_x86 (HKLM-x32\...\{6FDDB201-2CA0-42BD-973F-7B2C4A61EA3F}) (Version: 1.0.0 - Microsoft)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 60.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 60.0.1 (x86 en-US)) (Version: 60.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0 - Mozilla)
NVIDIA Graphics Driver 353.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.84 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{1F895C18-6A2F-4A9E-BBE9-246783070F37}) (Version: 4.0.16 - dotPDN LLC)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.2 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10130.27054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.18.526.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8372 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 11.9.1 - ShareX Team)
Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1242 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version:  - )
UpdateAssistant (HKLM-x32\...\{4E67FF7F-C24E-4279-9AB2-C26D57B53742}) (Version: 1.3.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinRAR 5.50 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.4 - win.rar GmbH)
Zemana AntiLogger (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
ZoneAlarm Anti-Ransomware (HKLM-x32\...\{0B8C3231-9818-4CB9-8213-4AB839836791}) (Version: 1.001.0533 - Check Point Software) Hidden
ZoneAlarm Antivirus (HKLM-x32\...\{878B0A44-05F0-444A-A337-300290444DD5}) (Version: 15.2.053.17581 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (HKLM-x32\...\{8EBC1C58-53F5-4338-BDE4-642C199CC948}) (Version: 15.2.053.17581 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 15.2.053.17581 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{B4C419B7-534C-46AA-A7CB-7C9A6867D7A5}) (Version: 15.2.053.17581 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiLogger\ZAMShellExt64.dll [2018-05-11] ()
ContextMenuHandlers1: [Cooltweak 3.3.0] -> {33e12c16-0003-0003-0000-ff4694a6914b} => C:\Windows\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-03-31] (Foxit Software Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-06-16] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-06-16] (Alexander Roshal)
ContextMenuHandlers1-x32: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2018-02-19] (Check Point Software Technologies Ltd.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [Cooltweak 3.3.0] -> {33e12c16-0003-0003-0000-ff4694a6914b} => C:\Windows\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-08-08] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiLogger\ZAMShellExt64.dll [2018-05-11] ()
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-03-31] (Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-06-16] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-06-16] (Alexander Roshal)
ContextMenuHandlers6-x32: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2018-02-19] (Check Point Software Technologies Ltd.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {15A2305A-9C91-48D3-844E-F874C457AEEF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {34964FA9-29C8-443C-8FA8-5E42B394458D} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
Task: {383A0510-03DB-4AB0-94A5-2A3932C0E24F} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Users\User\Desktop\WR_Tray_Icon.exe
Task: {3F27C8BD-B72D-4E75-9725-B79D5D22C679} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_Plugin.exe [2018-05-09] (Adobe Systems Incorporated)
Task: {43AD847B-0083-4E09-9D64-91C65D09C111} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {45BD6B41-6531-4D41-832A-EA00E342E756} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {4B301991-CC58-4283-831B-2FB23B170303} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {530C0BC8-7582-4D2C-AAC2-739384B149C3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-09] (Adobe Systems Incorporated)
Task: {547DA09F-EA41-498F-A02D-FA659D25415C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-04-13] (Piriform Ltd)
Task: {561B6B85-4DDE-442C-91EE-5F92D1187283} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {5AD1E5A7-7F56-4F62-A90E-34A8C3B7AAE1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {6155502B-609A-401A-86DD-585629E4D66F} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-sawadees@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {716B9530-C02B-46CE-B5B8-D37BD0BA82C6} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2018-04-23] (Realtek Semiconductor)
Task: {7B3AE1BC-EC62-43E8-838B-E822EB78F756} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-26] (ASUSTek Computer Inc.)
Task: {7FEC9178-1EF9-45BB-A3B6-80939CC47B40} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
Task: {80E3D3B7-D016-4F19-88D7-1831C67D2481} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2018-04-23] (Realtek Semiconductor)
Task: {9626CE31-9193-4FE8-8EF6-FF6CBE6C74FA} - System32\Tasks\Avira\Safe Shopping\Update => C:\Program Files (x86)\Avira\Safe Shopping\Updater\Updater.exe
Task: {9EF3F282-A0A6-4BF5-A7CF-2DE4BDFE28E1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-04-13] (Piriform Ltd)
Task: {ACCD3E3B-415D-41A8-BDDA-086C8B369A04} - System32\Tasks\Avira\Safe Shopping\Launch => C:\Program Files (x86)\Avira\Safe Shopping\Updater\Updater.exe
Task: {AE7C99C6-8212-4393-8C99-824224B9D6D5} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
Task: {C03A4077-6303-4F62-804B-9A44FA265642} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic [Argument = path SoftwareLicensingProduct where (ID="b322da9c-a2e2-4058-9e4e-f59a6970bd69") call Activate]
Task: {C5BA8292-279A-4D05-8F98-7B6E31907C66} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {D563B519-9E97-4D08-BE92-E6B19A3E0923} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
Task: {DF508FE5-C0E6-4C7E-981C-7BCAC20828BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {DF9354E6-D820-4F58-9038-9CA2B52752F8} - System32\Tasks\Avira\Safe Shopping\Check => C:\Program Files (x86)\Avira\Safe Shopping\Updater\Updater.exe
Task: {EDDBD69F-BB31-4E09-BD3A-F82E2C954628} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe
Task: {F619595A-69DD-43BF-B193-236F31E5C627} - System32\Tasks\HPCeeScheduleForUser => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\HPCeeScheduleForUser.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-03-20 08:49 - 2018-03-20 08:49 - 000035064 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe
2018-05-08 10:50 - 2018-05-08 10:50 - 000045936 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe
2015-10-30 15:18 - 2015-10-30 15:18 - 000185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-01-27 11:45 - 2016-06-18 13:57 - 002656408 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-02-23 00:56 - 2017-02-23 00:56 - 008911560 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2018-05-11 15:01 - 2018-05-11 15:01 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiLogger\ZAMShellExt64.dll
2016-04-27 14:10 - 2016-04-27 14:10 - 000093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2017-01-27 11:47 - 2016-06-18 12:54 - 000472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2017-01-27 11:47 - 2016-06-18 12:32 - 007992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-27 11:47 - 2016-06-18 12:27 - 000591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-27 11:47 - 2016-06-18 12:28 - 002483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-27 11:47 - 2016-06-18 12:30 - 004089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2018-02-16 22:59 - 2018-02-16 22:59 - 000591984 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\dblite.dll
2018-02-16 22:59 - 2018-02-16 22:59 - 000863592 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\kpcengine.2.3.dll
2015-08-07 16:09 - 2015-08-07 16:09 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2018-03-22 19:42 - 2018-03-22 19:42 - 000153336 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\TPCommonCLI.dll
2015-07-20 11:26 - 2015-07-20 11:26 - 001058320 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CloudServices.dll
2018-03-22 19:42 - 2018-03-22 19:42 - 000096504 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationProxyWrapperLib.dll
2018-03-22 19:42 - 2018-03-22 19:42 - 000063224 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\FileOperationsWrapperLib.dll
2018-03-22 19:42 - 2018-03-22 19:42 - 000059128 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\FileOperationsLib.dll
2016-04-27 14:31 - 2015-10-03 10:24 - 000012080 ____R () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\55906125.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\89588385.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\55906125.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\89588385.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 15:24 - 2017-05-23 19:06 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1702161164-850424020-3531705571-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-1702161164-850424020-3531705571-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1702161164-850424020-3531705571-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-1702161164-850424020-3531705571-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1702161164-850424020-3531705571-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1702161164-850424020-3531705571-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1702161164-850424020-3531705571-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-1702161164-850424020-3531705571-1001\...\StartupApproved\Run: => "Yahoo Messenger Updater"
HKU\S-1-5-21-1702161164-850424020-3531705571-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1D984834-97C9-4730-8D74-4724F246CA37}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{00D8CB56-DE45-41F1-A344-1B9DA6E6EBCA}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{B0A63DBA-7A71-4639-AB78-82CDE6EBF230}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{7302B642-6963-412C-ADCA-088EDAA43F83}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{B8A310A1-8123-463D-ADEC-8B1ECF2DB5EA}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{792DE84B-34E4-4994-B4A6-CA387A3338CB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A4BD6544-FFB4-432B-AE0F-5A7958684D0A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B5E3B6E3-D55C-40E7-B786-3A6EAC3F7A60}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{7B792BEC-3CDE-42FD-941E-FD10E01DFB6F}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{87187E60-F64E-4EFC-922F-A5506ABAF400}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{FF4EFFA2-94C4-4255-AF5B-816F1332D3AF}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{414FD4E6-302E-41DB-A542-51030F513FF4}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{2E54E6C1-292F-44AB-B6D8-F00C1669AC6B}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [TCP Query User{2C4E7D1B-3E38-41A2-A043-82820070F967}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B80BD50A-5178-4537-8792-C57F76BCAFD4}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{551C8B96-DCEE-4542-A446-297CC8FE371A}] => (Allow) D:\Driver Booster\5.3.0\DriverBooster.exe
FirewallRules: [{BE1BF34C-7A7C-457C-AE08-B224105683E2}] => (Allow) D:\Driver Booster\5.3.0\DriverBooster.exe
FirewallRules: [{F3D3E627-DF35-48C8-91AA-6ABADEC0438C}] => (Allow) D:\Driver Booster\5.3.0\DBDownloader.exe
FirewallRules: [{DD9ED829-4D66-4756-86C8-ADAFA71C74C2}] => (Allow) D:\Driver Booster\5.3.0\DBDownloader.exe
FirewallRules: [{6B7828AE-C351-4A44-B03F-FC25AAF7FE4B}] => (Allow) D:\Driver Booster\5.3.0\AutoUpdate.exe
FirewallRules: [{450E0708-69CC-4B88-A4A2-1D1899303313}] => (Allow) D:\Driver Booster\5.3.0\AutoUpdate.exe
FirewallRules: [{E909E60A-0DF7-42A5-91E0-0FFC3C15594C}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{DE5C3B22-6BDA-4263-AFE1-2A1774476218}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{9278C731-3AB1-4EF9-B2FD-9CAA6F459E73}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{F88F61F5-E7C9-4416-8C43-CE41198AE2AA}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

==================== Restore Points =========================

20-04-2018 12:09:19 Avira System Speedup Optimization
23-04-2018 15:38:30 Driver Booster : Realtek High Definition Audio
03-05-2018 12:01:36 Avira System Speedup Optimization
03-05-2018 14:16:25 Revo Uninstaller's restore point - 5KPlayer
03-05-2018 14:26:04 Revo Uninstaller's restore point - AudioWizard
03-05-2018 14:31:11 Removed AudioWizard.
08-05-2018 15:03:42 Checkpoint by HitmanPro
09-05-2018 13:00:13 Revo Uninstaller's restore point - HitmanPro 3.8
10-05-2018 13:10:32 Revo Uninstaller's restore point - Avira Safe Shopping
10-05-2018 14:08:16 Revo Uninstaller's restore point - YouTube Song Downloader 2017
10-05-2018 15:32:29 Revo Uninstaller's restore point - Avira
10-05-2018 15:41:56 Revo Uninstaller's restore point - Avira Antivirus
10-05-2018 15:44:44 Revo Uninstaller's restore point - Avira Antivirus
10-05-2018 15:55:22 Revo Uninstaller's restore point - Avira Phantom VPN
10-05-2018 16:01:57 Revo Uninstaller's restore point - Avira Home Guard
10-05-2018 16:09:44 Revo Uninstaller's restore point - Avira System Speedup
10-05-2018 16:27:29 Revo Uninstaller's restore point - Avira Safe Shopping
10-05-2018 16:56:03 Revo Uninstaller's restore point - Avira
10-05-2018 20:28:25 Revo Uninstaller's restore point - GridinSoft Anti-Malware
11-05-2018 12:49:29 Revo Uninstaller's restore point - Avast Cleanup Premium
11-05-2018 13:01:18 Revo Uninstaller's restore point - Avast Cleanup Premium
11-05-2018 14:17:03 Revo Uninstaller's restore point - Avast Cleanup Premium
11-05-2018 14:22:46 Revo Uninstaller's restore point - Avast Browser Cleanup
11-05-2018 14:33:54 Revo Uninstaller's restore point - Zemana AntiMalware
11-05-2018 15:01:29 Revo Uninstaller's restore point - AntiLogger
13-05-2018 15:24:26 Revo Uninstaller's restore point - UltraISO Premium V9.3
13-05-2018 15:33:14 Revo Uninstaller's restore point - FileHippo App Manager
13-05-2018 15:58:27 Revo Uninstaller's restore point - Camfrog Video Chat 6.20
14-05-2018 16:16:11 Revo Uninstaller's restore point - Adobe Shockwave Player 12.3
15-05-2018 10:29:19 Revo Uninstaller's restore point - WizTree v3.21
16-05-2018 21:34:10 Revo Uninstaller's restore point - RogueKiller version 12.12.17.0

==================== Faulty Device Manager Devices =============

Name: Intel® Trusted Execution Engine Interface
Description: Intel® Trusted Execution Engine Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: TXEIx64
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/19/2018 10:10:18 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/19/2018 10:09:56 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/19/2018 09:14:36 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkQuarantineRetry

Error: (05/19/2018 09:14:36 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/19/2018 09:14:35 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (05/19/2018 09:14:11 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/19/2018 08:57:23 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/19/2018 08:56:25 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=2


System errors:
=============
Error: (05/18/2018 03:08:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_1444e5 service to connect.

Error: (05/18/2018 03:08:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_1444e5 service to connect.

Error: (05/18/2018 03:08:54 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Data Storage_1444e5 service, but this action failed with the following error:
An instance of the service is already running.

Error: (05/18/2018 03:08:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_1444e5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/18/2018 03:08:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_1444e5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/18/2018 03:08:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_1444e5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/18/2018 03:08:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_1444e5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/18/2018 03:08:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-05-10 17:49:56.264
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {C31133FB-36BC-4D6C-BD89-01841C7E8EE4}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-20 12:25:11.347
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {4711D916-919F-4142-AE29-7B1ADD7101A3}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-20 11:52:57.150
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {610A47E2-F3FD-42EC-9065-2CADEC00AA1F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2017-11-19 13:07:45.079
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=PWS:Win32/Delf&threatid=2147504976&enterprise=0
Name: PWS:Win32/Delf
ID: 2147504976
Severity: Severe
Category: Password Stealer
Path: file:_D:\recall\recall.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\ESET\ESET Security\ekrn.exe
Signature Version: AV: 1.245.180.0, AS: 1.245.180.0, NIS: 116.97.0.0
Engine Version: AM: 1.1.13804.0, NIS: 2.1.12706.0

Date: 2017-11-19 13:07:22.750
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=PWS:Win32/Delf&threatid=2147504976&enterprise=0
Name: PWS:Win32/Delf
ID: 2147504976
Severity: Severe
Category: Password Stealer
Path: file:_D:\recall\recall.exe;regkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\recALL_is1;uninstall:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\recALL_is1
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\rundll32.exe
Signature Version: AV: 1.245.180.0, AS: 1.245.180.0, NIS: 116.97.0.0
Engine Version: AM: 1.1.13804.0, NIS: 2.1.12706.0

Date: 2018-05-10 17:25:34.085
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-05-10 17:25:33.894
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.257.660.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14306.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-05-10 17:25:33.893
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.257.660.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14306.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-05-10 17:25:33.445
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.257.660.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14306.0
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode

Date: 2018-05-10 17:25:20.219
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===================================

Date: 2018-05-11 12:40:36.484
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-05-10 17:52:20.995
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-04-22 08:45:37.024
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-04-20 11:53:01.273
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-01-29 07:45:33.326
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-12-28 14:15:49.041
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-12-15 00:41:45.211
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-09-04 13:35:47.448
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Celeron® CPU N3050 @ 1.60GHz
Percentage of memory in use: 75%
Total physical RAM: 1948.97 MB
Available physical RAM: 468.36 MB
Total Virtual: 5432.19 MB
Available Virtual: 2977.35 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:103.38 GB) (Free:19.64 GB) NTFS
Drive d: (DATA) (Fixed) (Total:361.72 GB) (Free:357.18 GB) NTFS

\\?\Volume{8fde0295-445f-47ca-9d45-d9be94a566cf}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: DAD5097B)

Partition: GPT.

==================== End of Addition.txt ============================



#4 polskamachina

polskamachina

  • Malware Response Team
  • 3,994 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 18 May 2018 - 11:44 PM

Hi Fransky,
 
Good job posting the FRST logs. :thumbup2:  I see we are on opposite sides of the globe so I will do my best to respond quickly to your replies.
 
Please try the following:
 
zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and save it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    5ace519a6ff4a_Dashboard-firstrun.png.567
  • Once the cleaning process is complete, AdwCleaner will ask you to restart your computer, Save any open files that you are currently working on and then proceed with the restart.
  • After the restart, the AdwCleaner log will open. Please copy and paste the contents of that log into your next reply to me.

In summary I will need from you:

  • AdwCleaner clean log (C:\AdwCleaner\Logs\AdwCleaner[C00])
  • How is your computer performing now? Is it still slow?

Let me know if you have any questions.
 
polskamachina



#5 Fransky

Fransky
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 20 May 2018 - 12:26 AM

Good evening Polskamachina,

 

I have followed your instruction and on the end of the scan there where no malicious treats found.

 

On the bottom of the ADW interface there was a option to run a basic repair witch I have done,And restart.

 

Here are the two logs.

 

Maybe it to early to mention how my computer is doing now. And the problems I described above in first post are not occurred all the time but periodic t..

 

I have run this scan before about a couple of days ago and there where 2 PUPs found. Don`t remember there names.

 

# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build:    04-27-2018
# Database: 2018-05-18.2
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    05-20-2018
# Duration: 00:01:43
# OS:       Windows 10 Pro
# Scanned:  40905
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

 

Second Log >>>

 

# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build:    04-27-2018
# Database: 2018-05-18.2
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    05-20-2018
# Duration: 00:00:19
# OS:       Windows 10 Pro
# Cleaned:  0
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************


########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

 

 

 

 

   

 



#6 polskamachina

polskamachina

  • Malware Response Team
  • 3,994 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 21 May 2018 - 06:56 PM

Hi Fransky :)

 

Since we corresponded a few days ago, I was going over your FRST logs again and noticed there is evidence that illegal software was once installed on your computer. The purpose of this software is to bypass Microsoft activation checks. I would like to remove the remnants of this illegal software. Would you be agreeable to performing a procedure that would remove these remnants? If your cracked software is still operational, most likely this procedure will disable it if it was installed without a legitimate product key. If you do not agree to this, unfortunately I will not be be able to continue to assist you with your computer's issues.

 

Please let me know if you have any questions.

 

polskamachina

 



#7 Fransky

Fransky
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 22 May 2018 - 12:10 AM

Good evening Polskamachina,

 

Yes I like to, But here in Cambodia most software installed on computers is illegal.

 

If this procedure to delete the remnants, Also delete Windows 10 then I am stuck.

 

Any advice on this?

 

To be clear, I already try to install Linux Mint, But this computer refuse to install a other operation system, Possible the have done something in the shop where i buy it!

 

About the other question, Yes the problems still exist.

 

Fransky.



#8 polskamachina

polskamachina

  • Malware Response Team
  • 3,994 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 22 May 2018 - 12:11 PM

Hi Fransky :)
 
I don't want you to be stuck with a computer that will not operate if its illegal software has been removed. Before we do any removing, please perform the following steps which should indicate whether or not your copy of Windows 10 is legitimate.
 
Highlight the text below and press Ctrl-C to copy it:

slmgr.vbs -xp
  • Type cmd into the Windows search box
  • cmd.exe should appear as one of the found items
  • Right-click cmd.exe and select Run as administrator
  • The black command prompt window will appear
  • Right-click your mouse anywhere inside the command prompt window and select Paste
  • slmgr.vbs -xp should appear at the command prompt
  • Press the Enter key
  • A log will appear named slmgr.vbs.txt in a Notepad window with the results of the inquiry
  • Copy and paste that log into your next reply to me. If it is too large to copy and paste, you may attach the file with the attach button found at the bottom of the reply box.

Let me know if you have any questions.

polskamachina



#9 Fransky

Fransky
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 22 May 2018 - 11:30 PM

Good afternoon Polskamachina.

 

I have follow your instruction several times, But No notepad window go open.

 

Instead a windows script host go open starting with the message; Unrecognized  option : - xp

 

Then I have to click 5 times to close the following windows from script host.

 

I have made some screenshots from this, But not sure If I`am allowed to post them here?

 

Fransky.


Edited by Fransky, 22 May 2018 - 11:49 PM.


#10 polskamachina

polskamachina

  • Malware Response Team
  • 3,994 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 23 May 2018 - 02:02 AM

Hi Fransky :)

I have follow your instruction several times, But No notepad window go open. Instead a windows script host go open starting with the message; Unrecognized  option : - xp

Sorry to hear this did not work out as planned, Let me investigate this further.

 

polskamachina



#11 polskamachina

polskamachina

  • Malware Response Team
  • 3,994 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 23 May 2018 - 03:22 AM

Hi Fransky :)

 

I would like you try the procedure again as I have made one minor change to the script. For now, you don't need to send me any screenshots.

Highlight the text below and press Ctrl-C to copy it:

slmgr.vbs -dlv
  • Type cmd into the Windows search box
  • cmd.exe should appear as one of the found items
  • Right-click cmd.exe and select Run as administrator
  • The black command prompt window will appear
  • Right-click your mouse anywhere inside the command prompt window and select Paste
  • slmgr.vbs -dlv should appear at the command prompt
  • Press the Enter key
  • A log should appear of your software details
  • Copy and paste that log into your next reply to me. If it is too large to copy and paste, you may attach the file with the attach button found at the bottom of the reply box
  • If for some reason you're still having difficulties, try the procedure again but this time try the following command to copy and paste into the command prompt window:
slmgr.vbs -dli

In summary I will need from you:

  • A copy of the log that appeared after you ran the script in the command prompt window

Let me know if you have any questions.

 

polskamachina



#12 Fransky

Fransky
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 24 May 2018 - 12:28 AM

Good evening Polskamachina,

 

I have done what you have asked me and it give the same result as yesterday, No log appeared beside the 2 windows script host for .slmgr.vbs -dlv and slmgr.vbs -dli

 

I also took a screenshot from this in case ...

 

Thank you for your time to help me, It is much appreciated.

 

Fransky.



#13 polskamachina

polskamachina

  • Malware Response Team
  • 3,994 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 24 May 2018 - 10:42 AM

Hi Fransky :)

 

You're welcome for the help. Let's continue....

 

The following script may produce the same results but it will put the results (errors) into a text file, Fixlog.txt, which you can copy and paste into your next reply to me.

 

Highlight the text below and press Ctrl-C to copy it:

Start::
cmd: slmgr.vbs
End::
  • Run FRST64
  • Allow the tool to update
  • Click on the Fix button
  • Notepad may or may not open with the results
  • Fixlog.txt will be created on your Desktop
  • Please copy and paste the contents of Fixlog.txt and Notepad (if it does open) into your next reply to me

 

In summary I will need from you these one or two items copied and pasted into your next reply to me:

  • The contents of the Notepad window (if it opened)
  • Fixlog.txt

Let me know if you have any questions.

 

polskamachina



#14 Fransky

Fransky
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 24 May 2018 - 11:28 PM

Hello Polskamachina.

 

slmgr.vbs give as result a Windows script host which start with the words; invalid combination of command parameters.

 

And then I have to close 5 windows from script host.

 

FRST 64 give after fix, The  message; No fixlist found. The fixlist.txt should be in the same folder directory the tool is located.

 

Now this is in the same directory a map on my desktop.

 

Fransky.



#15 polskamachina

polskamachina

  • Malware Response Team
  • 3,994 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 25 May 2018 - 12:00 AM

HI Fransky :)

 

Sorry that your still having trouble with this issue. I will consult with other staff as to how to proceed from here. I'll check back with you soon.

 

polskamachina






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users