Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.05.2018
Ran by Saren (administrator) on DESKTOP-0AP91FB (14-05-2018 18:29:58)
Running from C:\Users\Saren\Desktop
Loaded Profiles: Saren (Available Profiles: Saren)
Platform: Windows 10 Home Version 1709 16299.431 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(HP Development Company, L.P.) C:\Program Files (x86)\HP\HPPhoenixCtrl\HPWMISVC.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.14.0.54\nortonsecurity.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.14.0.54\nortonsecurity.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
() C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(SmashLadder) C:\Users\Saren\AppData\Local\SmashladderDolphinLauncher\app-1.8.1\SmashladderLauncher.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(SmashLadder) C:\Users\Saren\AppData\Local\SmashladderDolphinLauncher\app-1.8.1\SmashladderLauncher.exe
(SmashLadder) C:\Users\Saren\AppData\Local\SmashladderDolphinLauncher\app-1.8.1\SmashladderLauncher.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Saren\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.428_none_1704c21831ffb4a8\TiWorker.exe
(Discord Inc.) C:\Users\Saren\AppData\Local\Discord\app-0.0.301\Discord.exe
(Discord Inc.) C:\Users\Saren\AppData\Local\Discord\app-0.0.301\Discord.exe
(Discord Inc.) C:\Users\Saren\AppData\Local\Discord\app-0.0.301\Discord.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9181696 2016-12-07] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-04-08] (Apple Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (HP Inc.)
HKLM-x32\...\Run: [HPMSGSVC] => C:\Program Files (x86)\HP\HPPhoenixCtrl\HPMSGSVC.exe [502032 2016-06-16] (HP Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596664 2018-01-15] (Razer Inc.)
HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\...\Run: [Discord] => C:\Users\Saren\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3199776 2018-04-02] (Valve Corporation)
HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5345672 2017-12-21] (Nota Inc.)
HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\...\Run: [com.squirrel.smashladderlauncher.SmashladderLauncher] => C:\Users\Saren\AppData\Local\SmashladderDolphinLauncher\Update.exe [1522688 2017-03-23] (GitHub)
GroupPolicy: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{f53b6f4e-58aa-4874-af8f-1600e1544381}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://
www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://
www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2557116828-1867652725-2878004429-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://
www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-04-29] (Microsoft Corporation)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.14.0.54\coIEPlg.dll [2018-04-03] (Symantec Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-04-29] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-04-07] (HP Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-04-29] (Microsoft Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.14.0.54\coIEPlg.dll [2018-04-03] (Symantec Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-04-29] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-04-07] (HP Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.14.0.54\coIEPlg.dll [2018-04-03] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.14.0.54\coIEPlg.dll [2018-04-03] (Symantec Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-29] (Microsoft Corporation)
FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-03-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-02] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-04-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-04-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-22] (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default [2018-05-14]
CHR Extension: (Slides) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-18]
CHR Extension: (BetterTTV) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2018-02-22]
CHR Extension: (Docs) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-18]
CHR Extension: (Google Drive) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-18]
CHR Extension: (YouTube) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-18]
CHR Extension: (Adblock Plus) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-04-19]
CHR Extension: (Norton Security Toolbar) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2018-04-20]
CHR Extension: (Disable HTML5 Autoplay) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\efdhoaajjjgckpbkoglidkeendpkolai [2018-02-18]
CHR Extension: (Sheets) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-18]
CHR Extension: (Google Docs Offline) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-02-18]
CHR Extension: (Norton Identity Safe) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2018-02-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Gmail) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-18]
CHR Extension: (Chrome Media Router) - C:\Users\Saren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-24]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.14.0.54\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.14.0.54\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5745672 2018-04-27] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8566448 2018-04-26] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-02-18] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-02-18] (Dropbox, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [610464 2018-01-18] (EasyAntiCheat Ltd)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2018-03-28] (Hi-Rez Studios) [File not signed]
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3421616 2017-06-20] (HP Inc.)
R2 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-07-28] (HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332656 2018-05-02] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HPPhoenixCtrl\HPWMISVC.exe [554768 2016-06-16] (HP Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542320 2017-12-06] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-09-21] (Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-09-21] (Intel(R) Corporation)
R2 IRMTService; C:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe [182896 2016-10-13] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [197264 2017-09-25] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.14.0.54\NortonSecurity.exe [328712 2018-04-03] (Symantec Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2017-07-19] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [322560 2016-12-07] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-04-18] (Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-04-18] (Apple Inc.)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.12.0.104\Definitions\BASHDefs\20180509.001\BHDrvx64.sys [1879632 2018-04-30] (Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\system32\drivers\NGCx64\160E000.036\ccSetx64.sys [187544 2018-04-03] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-03-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153168 2018-03-24] (Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76192 2018-03-19] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136128 2017-12-06] (Intel Corporation)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.12.0.104\Definitions\IPSDefs\20180514.061\IDSvia64.sys [1299024 2018-05-14] (Symantec Corporation)
R3 IntelReadyModeDriver; C:\WINDOWS\System32\drivers\IntelReadyModeDriver.sys [34720 2016-10-13] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193768 2018-05-12] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-05-14] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-05-14] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-05-14] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [102112 2018-05-14] (Malwarebytes)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8623040 2018-02-05] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhdci.inf_amd64_0e9216e219c27e8d\nvlddmkm.sys [17161872 2018-04-22] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31168 2018-03-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2017-12-14] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [58816 2018-03-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [946696 2016-11-28] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-10-12] (Realsil Semiconductor Corporation)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [45752 2017-07-19] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [139704 2017-08-19] (Razer, Inc.)
R3 SRTSP; C:\WINDOWS\System32\Drivers\NGCx64\160E000.036\SRTSP64.SYS [835664 2018-04-03] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NGCx64\160E000.036\SRTSPX64.SYS [49232 2018-04-03] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\160E000.036\SYMEFASI64.SYS [1942096 2018-04-03] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\160E000.036\SymELAM.sys [24608 2018-04-03] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-04-15] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NGCx64\160E000.036\Ironx64.SYS [307792 2018-04-03] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\NGCx64\160E000.036\SYMNETS.SYS [566936 2018-04-03] (Symantec Corporation)
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\system32\drivers\NGCx64\160E000.036\wpCtrlDrv.sys [1007592 2018-04-03] (Symantec Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-05-14 18:23 - 2018-05-14 18:23 - 000000000 ___HD C:\ProgramData\temp
2018-05-14 18:19 - 2018-05-14 18:22 - 000000000 ____D C:\AdwCleaner
2018-05-14 17:33 - 2018-05-14 17:33 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-05-14 17:32 - 2018-05-14 18:09 - 000000000 ____D C:\ProgramData\RogueKiller
2018-05-14 17:32 - 2018-05-14 17:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-05-14 17:32 - 2018-05-14 17:32 - 000000000 ____D C:\Program Files\RogueKiller
2018-05-14 17:17 - 2018-05-14 17:17 - 036678264 _____ (Adlice Software ) C:\Users\Saren\Desktop\RogueKiller_setup_ref3.exe
2018-05-14 17:17 - 2018-05-14 17:17 - 007271632 _____ (Malwarebytes) C:\Users\Saren\Desktop\AdwCleaner.exe
2018-05-14 17:16 - 2018-05-14 17:16 - 000000150 _____ C:\Users\Saren\Desktop\Over 60 svchost.exe's, Chrome being very slow, and other oddities - Virus, Trojan, Spyware, and Malware Removal Logs.url
2018-05-14 17:16 - 2018-05-14 17:16 - 000000138 _____ C:\Users\Saren\Desktop\Over 60 svchost.exe's, Chrome being very slow, and other oddities - TechSpot Forums.url
2018-05-14 11:05 - 2018-05-14 11:05 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2018-05-13 21:27 - 2018-05-13 21:28 - 000052238 _____ C:\Users\Saren\Desktop\Addition.txt
2018-05-13 21:27 - 2018-05-13 21:28 - 000001153 _____ C:\Users\Saren\Downloads\FRST.txt
2018-05-13 21:25 - 2018-05-14 18:30 - 000023842 _____ C:\Users\Saren\Desktop\FRST.txt
2018-05-13 21:25 - 2018-05-14 18:29 - 000000000 ____D C:\FRST
2018-05-13 21:25 - 2018-05-13 21:25 - 002404864 _____ (Farbar) C:\Users\Saren\Desktop\FRST64.exe
2018-05-13 21:25 - 2018-05-13 21:25 - 000000000 ____D C:\Users\Saren\Desktop\FRST-OlderVersion
2018-05-12 11:10 - 2018-05-12 11:10 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-05-12 10:56 - 2018-05-14 18:23 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-05-12 10:56 - 2018-05-14 18:23 - 000102112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-05-12 01:46 - 2018-05-14 18:23 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-05-12 01:46 - 2018-05-12 01:47 - 000193768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-05-12 01:32 - 2018-05-12 01:32 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-05-12 01:31 - 2018-05-12 11:10 - 000000000 ____D C:\ProgramData\AVAST Software
2018-05-12 01:29 - 2018-05-12 01:29 - 000000000 ____D C:\WINDOWS\Panther
2018-05-12 01:28 - 2018-05-12 01:29 - 000000000 ____D C:\Users\Saren\AppData\Local\ElevatedDiagnostics
2018-05-11 22:31 - 2018-05-12 01:30 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-05-11 22:30 - 2018-05-12 01:47 - 000465064 _____ C:\WINDOWS\ntbtlog.txt
2018-05-11 21:59 - 2018-05-11 21:59 - 000000056 _____ C:\Users\Saren\Desktop\CPU 20XX Battle #2 - Challonge.url
2018-05-11 19:41 - 2018-05-11 20:39 - 000017837 _____ C:\Users\Saren\Desktop\20xxcte.xlsx
2018-05-08 20:50 - 2018-05-03 00:57 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-05-08 20:50 - 2018-05-03 00:51 - 001056152 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-05-08 20:50 - 2018-05-03 00:48 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-05-08 20:50 - 2018-05-03 00:47 - 008600472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-08 20:50 - 2018-05-03 00:43 - 000373664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-08 20:50 - 2018-05-03 00:38 - 002574240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-05-08 20:50 - 2018-05-03 00:37 - 000749984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-05-08 20:50 - 2018-05-03 00:37 - 000408992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-05-08 20:50 - 2018-05-03 00:36 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-08 20:50 - 2018-05-03 00:36 - 000437664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-05-08 20:50 - 2018-05-03 00:32 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-05-08 20:50 - 2018-05-02 23:31 - 002193688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-08 20:50 - 2018-05-02 23:26 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-05-08 20:50 - 2018-05-02 23:19 - 003663360 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-05-08 20:50 - 2018-05-02 23:18 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-05-08 20:50 - 2018-05-02 23:18 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-05-08 20:50 - 2018-05-02 23:18 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-05-08 20:50 - 2018-05-02 23:16 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-05-08 20:50 - 2018-05-02 23:16 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-05-08 20:50 - 2018-05-02 23:16 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-05-08 20:50 - 2018-05-02 23:16 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2018-05-08 20:50 - 2018-05-02 23:16 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-08 20:50 - 2018-05-02 23:15 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-08 20:50 - 2018-05-02 23:15 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2018-05-08 20:50 - 2018-05-02 23:14 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-05-08 20:50 - 2018-05-02 23:13 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-05-08 20:50 - 2018-05-02 23:12 - 000816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-05-08 20:50 - 2018-05-02 23:12 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-08 20:50 - 2018-05-02 23:12 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-05-08 20:50 - 2018-05-02 23:11 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-08 20:50 - 2018-05-02 23:09 - 008068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-05-08 20:50 - 2018-05-02 23:09 - 004723712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-08 20:50 - 2018-05-02 23:09 - 003405824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-05-08 20:50 - 2018-05-02 23:09 - 002784256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-08 20:50 - 2018-05-02 23:09 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-05-08 20:50 - 2018-05-02 23:09 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-08 20:50 - 2018-05-02 23:08 - 000808960 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-08 20:50 - 2018-05-02 23:07 - 001822720 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-08 20:50 - 2018-05-02 23:05 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2018-05-08 20:50 - 2018-05-02 23:04 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-05-08 20:50 - 2018-05-02 23:02 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2018-05-08 20:50 - 2018-05-02 23:00 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-05-08 20:50 - 2018-05-02 23:00 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-05-08 20:50 - 2018-05-02 23:00 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll