Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by Zandoriel (administrator) on DESKTOP-RRGO9B9 (13-06-2018 15:13:53)
Running from C:\Users\Zandoriel\Downloads
Loaded Profiles: Zandoriel (Available Profiles: Zandoriel)
Platform: Windows 10 Home Version 1803 17134.112 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
(AMD) C:\Windows\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\atiesrxx.exe
(AMD) C:\Windows\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsservp.exe
() C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NordVPN) C:\Program Files (x86)\NordVPN\NordVPN.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Discord Inc.) C:\Users\Zandoriel\AppData\Local\Discord\app-0.0.301\Discord.exe
(Valve Corporation) F:\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(Discord Inc.) C:\Users\Zandoriel\AppData\Local\Discord\app-0.0.301\Discord.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(The OpenVPN Project) C:\Program Files (x86)\NordVPN\Resources\Binaries\64bit\openvpn-nordvpn.exe
(Valve Corporation) F:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) F:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Discord Inc.) C:\Users\Zandoriel\AppData\Local\Discord\app-0.0.301\Discord.exe
(Discord Inc.) C:\Users\Zandoriel\AppData\Local\Discord\app-0.0.301\Discord.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(Adlice Software) C:\Users\Zandoriel\Downloads\RogueKiller_portable64.exe
(Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18388928 2018-01-17] (Realtek Semiconductor)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2500004674-2714823259-1953053885-1001\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [5852920 2018-05-02] (NordVPN)
HKU\S-1-5-21-2500004674-2714823259-1953053885-1001\...\Run: [Discord] => C:\Users\Zandoriel\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-2500004674-2714823259-1953053885-1001\...\Run: [Steam] => F:\Steam\steam.exe [3201312 2018-06-08] (Valve Corporation)
HKU\S-1-5-21-2500004674-2714823259-1953053885-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27831240 2018-03-13] (Skype Technologies S.A.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 103.86.96.100 103.86.99.100
Tcpip\..\Interfaces\{2a0be794-96f8-4cf0-abea-ae748ec597d7}: [DhcpNameServer] 192.168.0.1 24.201.245.77 24.200.241.37
Tcpip\..\Interfaces\{671bfe65-1339-467a-8746-afc015977c6a}: [DhcpNameServer] 103.86.96.100 103.86.99.100
Internet Explorer:
==================
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-05-08] (Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-05-08] (Bitdefender)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-05-08] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-05-08] (Bitdefender)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff [2018-05-14]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2018-05-14] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-12] (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\Zandoriel\AppData\Local\Google\Chrome\User Data\Default [2018-06-13]
CHR Extension: (Slides) - C:\Users\Zandoriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-12]
CHR Extension: (Docs) - C:\Users\Zandoriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-12]
CHR Extension: (Google Drive) - C:\Users\Zandoriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-12]
CHR Extension: (YouTube) - C:\Users\Zandoriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-12]
CHR Extension: (Sheets) - C:\Users\Zandoriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-12]
CHR Extension: (Google Docs Offline) - C:\Users\Zandoriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-06-12]
CHR Extension: (AdBlock) - C:\Users\Zandoriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-06-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Zandoriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-12]
CHR Extension: (Gmail) - C:\Users\Zandoriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-12]
CHR Extension: (Chrome Media Router) - C:\Users\Zandoriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-12]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\atiesrxx.exe [481656 2018-05-22] (AMD)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2135032 2018-02-15] (Bitdefender)
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [105936 2018-05-08] (Bitdefender)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356904 2017-10-27] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [430840 2018-05-02] ()
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1275776 2018-05-16] (Bitdefender)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [112712 2018-05-08] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe [1001072 2018-05-09] (Bitdefender)
R2 vsservp; C:\Program Files\Bitdefender\Bitdefender Security\vsservp.exe [522624 2016-08-25] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-11] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\atikmdag.sys [44682104 2018-05-22] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0328911.inf_amd64_a81756cbffedb936\B328940\atikmpag.sys [552824 2018-05-22] (Advanced Micro Devices, Inc.)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1177008 2018-04-17] (BitDefender S.R.L. Bucharest, ROMANIA)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2017-11-21] (Advanced Micro Devices)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1723552 2018-04-17] (BitDefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23032 2018-04-19] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [130840 2018-04-20] (BitDefender LLC)
R0 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [45104 2018-04-20] (© Bitdefender SRL)
R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [96448 2018-04-27] (BitDefender)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-04-12] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-04-12] (Disc Soft Ltd)
R3 e1rexpress; C:\WINDOWS\system32\DRIVERS\e1r65x64.sys [548832 2017-10-31] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152184 2018-05-24] (Malwarebytes)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [189544 2018-04-18] (BitDefender LLC)
R0 iaStorE; C:\WINDOWS\System32\drivers\iaStorE.sys [1007712 2017-10-09] (Intel Corporation)
R0 Ignis; C:\WINDOWS\System32\DRIVERS\ignis.sys [191592 2018-05-04] (Bitdefender)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [190696 2018-06-13] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112872 2018-06-13] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-06-13] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-06-13] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103656 2018-06-13] (Malwarebytes)
S3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU Co., LTD.(
www.devguru.co.kr))
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU Co., LTD.(
www.devguru.co.kr))
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU Co., LTD.(
www.devguru.co.kr))
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640 2016-09-05] (QUALCOMM Incorporated)
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(
www.devguru.co.kr))
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU Co., LTD.)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [84432 2017-03-27] (The OpenVPN Project)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [607640 2018-06-13] (Bitdefender)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)