Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.02.2018
Ran by James (administrator) on JAMES-PC (21-02-2018 21:28:05)
Running from C:\Users\James\Desktop\Downloads
Loaded Profiles: James (Available Profiles: James)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(TOSHIBA CORPORATION) C:\Windows\System32\lsskzctsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\Brnday\Brnday.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
() C:\Users\James\AppData\Local\glare.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
() C:\Program Files (x86)\Mansion\glare.exe
() C:\Users\James\AppData\Local\tenanted.exe
() C:\Program Files (x86)\Mansion\tenanted.exe
() C:\Program Files (x86)\labour\glare.exe
() C:\Program Files (x86)\Glissando\tenanted.exe
() C:\Users\James\AppData\Local\tenanted.exe
() C:\Program Files (x86)\labour\glare.exe
() C:\Program Files (x86)\Mansion\glare.exe
() C:\Program Files (x86)\Glissando\tenanted.exe
() C:\Users\James\AppData\Local\glare.exe
() C:\Program Files (x86)\Mansion\tenanted.exe
(Python Software Foundation) C:\Users\James\AppData\Roaming\MaxiBuy\python\pythonw.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files (x86)\Glissando\tenanted.exe
() C:\Program Files (x86)\labour\glare.exe
() C:\Program Files (x86)\Mansion\tenanted.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(BitTorrent Inc.) C:\Users\James\AppData\Roaming\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Glissando\tenanted.exe
() C:\Program Files (x86)\labour\glare.exe
() C:\Program Files (x86)\Mansion\tenanted.exe
() C:\Program Files (x86)\Glissando\tenanted.exe
() C:\Program Files (x86)\labour\glare.exe
() C:\Program Files (x86)\Mansion\tenanted.exe
() C:\Program Files (x86)\solarium\humanness.exe
() C:\Program Files (x86)\Glissando\tenanted.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\Glissando\tenanted.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\Glissando\tenanted.exe
() C:\Program Files (x86)\labour\glare.exe
() C:\Program Files (x86)\Mansion\tenanted.exe
() C:\Program Files (x86)\labour\glare.exe
() C:\Users\James\AppData\Local\cwczebh\cwczebh.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\James\AppData\Local\dsbczxv\vshnzrg.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Glissando\tenanted.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(BitTorrent Inc.) C:\Users\James\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe
(BitTorrent Inc.) C:\Users\James\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Glissando\tenanted.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [VizorHtmlDialog.exe] => C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1654992 2011-10-26] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [213824 2011-10-04] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [416992 2011-08-02] (Trend Micro Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM\...\Run: [marking] => C:\Program Files (x86)\Glissando\tenanted.exe [41984 2018-02-18] ()
HKLM\...\Run: [markingathenians] => C:\Program Files (x86)\labour\glare.exe [41984 2018-02-18] ()
HKLM\...\Run: [markingmarking] => C:\Program Files (x86)\Mansion\tenanted.exe [41984 2018-02-18] ()
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-03-06] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUS)
HKLM-x32\...\Run: [skeeters] => C:\Program Files (x86)\Glissando\tenanted.exe [41984 2018-02-18] ()
HKLM-x32\...\Run: [skeetersgreenbaum] => C:\Program Files (x86)\labour\glare.exe [41984 2018-02-18] ()
HKLM-x32\...\Run: [skeetersskeeters] => C:\Program Files (x86)\Mansion\tenanted.exe [41984 2018-02-18] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1555295380-1301480580-2791195162-1000\...\Run: [uTorrent] => C:\Users\James\AppData\Roaming\uTorrent\uTorrent.exe [1981624 2017-12-27] (BitTorrent Inc.)
HKU\S-1-5-21-1555295380-1301480580-2791195162-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [7706728 2018-02-02] (Lavasoft)
HKU\S-1-5-21-1555295380-1301480580-2791195162-1000\...\Run: [dkproc] => rundll32.exe "C:\Users\James\AppData\Local\dkproc.dll",dkproc <==== ATTENTION
HKU\S-1-5-21-1555295380-1301480580-2791195162-1000\...\Run: [greenbaum] => C:\Program Files (x86)\Glissando\tenanted.exe [41984 2018-02-18] ()
HKU\S-1-5-21-1555295380-1301480580-2791195162-1000\...\Run: [greenbaumskeeters] => C:\Program Files (x86)\labour\glare.exe [41984 2018-02-18] ()
HKU\S-1-5-21-1555295380-1301480580-2791195162-1000\...\Run: [greenbaumgreenbaum] => C:\Program Files (x86)\Mansion\tenanted.exe [41984 2018-02-18] ()
HKU\S-1-5-21-1555295380-1301480580-2791195162-1000\...\Run: [athenians] => C:\Program Files (x86)\Glissando\tenanted.exe [41984 2018-02-18] ()
HKU\S-1-5-21-1555295380-1301480580-2791195162-1000\...\Run: [atheniansmarking] => C:\Program Files (x86)\labour\glare.exe [41984 2018-02-18] ()
HKU\S-1-5-21-1555295380-1301480580-2791195162-1000\...\Run: [atheniansathenians] => C:\Program Files (x86)\Mansion\tenanted.exe [41984 2018-02-18] ()
HKU\S-1-5-21-1555295380-1301480580-2791195162-1000\...\Run: [humanness] => C:\Program Files (x86)\solarium\humanness.exe [66830 2018-02-18] ()
HKU\S-1-5-21-1555295380-1301480580-2791195162-1000\...\Run: [eyeblink] => C:\Program Files (x86)\Glissando\tenanted.exe [41984 2018-02-18] ()
HKU\S-1-5-21-1555295380-1301480580-2791195162-1000\...\Run: [MaxiBuy] => C:\Users\James\AppData\Roaming\MaxiBuy\python\pythonw.exe [96408 2017-07-07] (Python Software Foundation) <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-03-06]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2017-08-03]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\АsusVibеLаunchеr.lnk [2018-02-18]
ShortcutTarget: АsusVibеLаunchеr.lnk -> C:\Users\James\AppData\Roaming\Browsers\exe.rehcnualebivsusa.bat (No File)
Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecker.lnk [2018-02-18]
ShortcutTarget: ecker.lnk -> C:\Program Files (x86)\Glissando\tenanted.exe ()
Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eckerecker.lnk [2018-02-18]
ShortcutTarget: eckerecker.lnk -> C:\Program Files (x86)\labour\glare.exe ()
GroupPolicy: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{351380A2-3E6E-45B7-9212-77D01EDBA615}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{D81FC0BE-8AED-4378-AC7D-A442A06BE8B7}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{F463552A-7D14-4F0A-9A03-3B2F88BAF1C5}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{F463552A-7D14-4F0A-9A03-3B2F88BAF1C5}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1555295380-1301480580-2791195162-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://page-ups.com/all/
HKU\S-1-5-21-1555295380-1301480580-2791195162-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1555295380-1301480580-2791195162-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1555295380-1301480580-2791195162-1000 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311517¶m1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC3wup8FAVUGi1L%2F%2F9R6DSxlP888VqK6A%2F4Yaj5IiL6FbA0ejv8GjtYktEdZVdcAPTrSq1SyZ9PYpoVFzQ2kYh9E8Rq6w8JMAx19yJ5so2rtN5Zv9Agy5LnI1IgdkHgrBsyQBu%2Bk3ZTSBlIFeT2cFv%2BXazNEE4YEcxkOSbChavYJh7w8rY8yU1tuVM1Gb3loWBffHqI3wNuLMjId8EbW37cHfOG4JFRGK0E7RshFoe1eLg%3D%3D&p={searchTerms}
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll [2011-09-29] (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe64.dll [2011-08-02] (Trend Micro Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16] (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll [2011-09-29] (Trend Micro Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll [2011-08-02] (Trend Micro Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe64.dll [2011-08-02] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll [2011-08-02] (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll [2011-09-29] (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll [2011-09-29] (Trend Micro Inc.)
FireFox:
========
FF DefaultProfile: 77rsud6q.default
FF ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\77rsud6q.default [2018-02-21]
FF Homepage: Mozilla\Firefox\Profiles\77rsud6q.default -> moz-extension://5ab5ec77-9e5f-49e7-abfa-ac17ed3c5ea2/newtab/newtab.html
FF NewTabOverride: Mozilla\Firefox\Profiles\77rsud6q.default -> Enabled: web@Template
FF NewTabOverride: Mozilla\Firefox\Profiles\77rsud6q.default -> Enabled: web@eBooks
FF Extension: (LottaDeals) - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\77rsud6q.default\Extensions\@lottadeals.xpi [2018-01-31]
FF Extension: (Browser Safety) - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\77rsud6q.default\Extensions\extension@browser-safety.org.xpi [2018-02-18]
FF Extension: (eBooks) - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\77rsud6q.default\Extensions\web@eBooks.xpi [2018-02-08]
FF Extension: (Template) - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\77rsud6q.default\Extensions\web@Template.xpi [2018-02-13]
FF SearchPlugin: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\77rsud6q.default\searchplugins\bing-lavasoft.xml [2017-12-20]
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension
FF Extension: (Trend Micro BEP Firefox Extension) - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension [2012-03-06] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: (Trend Micro NSC Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2012-03-06] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-31] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\firefox.js [2018-02-18]
Chrome:
=======
CHR HomePage: Default -> hxxp://
www.google.com
CHR Profile: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default [2018-02-02]
CHR Extension: (Slides) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-31]
CHR Extension: (Docs) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-31]
CHR Extension: (Google Drive) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-31]
CHR Extension: (YouTube) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-31]
CHR Extension: (Sheets) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-31]
CHR Extension: (Google Docs Offline) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-31]
CHR Extension: (Gmail) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-31]
CHR Extension: (Chrome Media Router) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-31]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
HKLM\SYSTEM\CurrentControlSet\Services\osbhxzt <==== ATTENTION (Rootkit!)
"Brnday" => service was unlocked. <==== ATTENTION
S3 Amsp; C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [275912 2011-08-02] (Trend Micro Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUS)
R2 Brnday; C:\ProgramData\Brnday\Brnday.exe [672096 2017-12-19] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [247072 2011-08-02] (Trend Micro Inc.)
S2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25704 2018-02-02] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 dg_ssudbus; C:\windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [193968 2018-02-18] (Malwarebytes)
R1 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-18] (Malwarebytes)
S3 ssudmdm; C:\windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 tmactmon; C:\windows\System32\DRIVERS\tmactmon.sys [91920 2011-08-11] (Trend Micro Inc.)
R1 tmcomm; C:\windows\System32\DRIVERS\tmcomm.sys [167696 2011-08-11] (Trend Micro Inc.)
R1 tmevtmgr; C:\windows\System32\DRIVERS\tmevtmgr.sys [70928 2011-08-11] (Trend Micro Inc.)
R1 tmtdi; C:\windows\System32\DRIVERS\tmtdi.sys [105744 2011-09-29] (Trend Micro Inc.)
S3 kknnnq; system32\drivers\ddhhhk.sys [X]
R3 xaehkn; system32\drivers\ehknru.sys [X]
========================== Drivers MD5 =======================
C:\windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\windows\system32\drivers\afd.sys 0DC2A9882540DEA4A55B08785E09D8FC
C:\windows\System32\DRIVERS\agrsm64.sys 98022774D9930ECBB292E70DB7601DF6
C:\windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\windows\System32\drivers\AmUStor.SYS 92A848F962DA91C631147D566414BB7E
C:\windows\system32\drivers\appid.sys C16B5B379A2A79702CC5FF923EAAE3FD
C:\windows\system32\drivers\arc.sys ==> MD5 is legit
C:\windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 4C016FD76ED5C05E84CA8CAB77993961
C:\windows\System32\DRIVERS\asmthub3.sys 8569AF4C73747671194EA9EBB2F2D6CF
C:\windows\System32\DRIVERS\asmtxhci.sys 073716FBFFAC7057CD5FF00A1B558331
C:\windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\athrx.sys E857EEE6B92AAA473EBB3465ADD8F7E7
C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys 41CEAFFCF3550785E59E3EC9BEE8D97A
C:\windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\bowser.sys ABA3984C822E4D3F889699912D85D6C5
C:\windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\windows\system32\drivers\bthpan.sys 5A8951D195AFEF979C4AB02A129EBC37
C:\windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\windows\System32\CLFS.sys 3963FEC1892368DD500E6ED1F5C286CE
C:\windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\windows\System32\Drivers\cng.sys A98CED39AD91B445E2E442A9BD67E8B4
C:\windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\windows\System32\Drivers\dfsc.sys 9B38580063D281A99E68EF5813022A5F
C:\windows\System32\DRIVERS\ssudbus.sys 5F78930AAB3900102EA8ACDD38F97324
C:\windows\System32\drivers\discache.sys ==> MD5 is legit
C:\windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC
C:\windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\windows\System32\drivers\dxgkrnl.sys 5CEF80AE869336376F550ECAE91E424A
C:\windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\windows\system32\drivers\mbae64.sys 680AF1647150CF9B061FF40E71C7396A
C:\windows\System32\DRIVERS\ETD.sys 4C120D2B2EA269EAE7A5744794EB6DB1
C:\Windows\System32\Drivers\exfat.sys 7E45F8B117419ABA3BB26579F6E70324
C:\Windows\System32\Drivers\fastfat.sys 6EDFA237D25433C03F42FBFDB16BDD24
C:\windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\fssfltr.sys DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\windows\System32\drivers\HTTP.sys CF5C9BD985120781200D35FD445D0BD5
C:\windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\iaStor.sys 26CF4275034214ECEDD8EC17B0A18A99
C:\windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\windows\System32\DRIVERS\igdkmd64.sys 0089B53F1BEFD34B7D8CA4AB021335FA
C:\windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\windows\System32\drivers\RTKVHD64.sys 651972B4061F940DC154C6F7B948B76A
C:\windows\System32\DRIVERS\IntcDAud.sys AE594CC17C33AC146739494615E14851
C:\windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\kbfiltr.sys E63EF8C3271D014F14E2469CE75FECB4
C:\windows\System32\Drivers\ksecdd.sys DFE85B031220F8E0271716BBB3C4C8FF
C:\windows\System32\Drivers\ksecpkg.sys 70D7302DD70B979637179BFD8295C924
C:\windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\L1C62x64.sys A4A9CA24E54E81C6C3E469EAEB4B3F42
C:\windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\windows\System32\Drivers\MbamChameleon.sys 5C3083CDE45F25797F6B4310BF916394
C:\windows\System32\Drivers\mbamswissarmy.sys B047B9CE5A0D800E6D713B43D0405221
C:\windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\windows\System32\drivers\modem.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\windows\system32\drivers\mouhid.sys ==> MD5 is legit
C:\windows\System32\drivers\mountmgr.sys 072D8646E23ECF8A3F5F0157017B4DB6
C:\windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\windows\system32\drivers\mrxdav.sys 98DB1790F0A584E0A2528B92B052417F
C:\windows\System32\DRIVERS\mrxsmb.sys 767C6DF04C5758B9F0790D400541B44F
C:\windows\System32\DRIVERS\mrxsmb10.sys BD55F604FFABC911F8E5500186AE70E5
C:\windows\System32\DRIVERS\mrxsmb20.sys 92EECFB046D4706A4B8D699A4069B6EC
C:\windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\nwifi.sys 9FB2A095B1166CB3C9A06651863B3452
C:\windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\netbt.sys 734837208CAFD6E0959A7A0333C95C9D
C:\windows\System32\DRIVERS\netr28x.sys FB21D47BA5606A4EDBBAC353D4BD06F0
C:\windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\windows\System32\drivers\nsiproxy.sys BE313E566EEA2A4B7F9AAC9782A567D4
C:\Windows\System32\Drivers\Ntfs.sys 96FEB18D7FFA4DC10F0C3CC4EF41500E
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\windows\system32\drivers\parport.sys ==> MD5 is legit
C:\windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\windows\System32\drivers\pci.sys ==> MD5 is legit
C:\windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\windows\System32\drivers\peauth.sys EA4D67448BE493D543F1730D6CD04694
C:\windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\windows\system32\drivers\processr.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\windows\system32\drivers\serial.sys ==> MD5 is legit
C:\windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\Sftfslh.sys 21AB491BBCC8C1B26FDC402A374AB196
C:\windows\System32\DRIVERS\Sftplaylh.sys 3B8D43FEEFF7A187534DDDFD675FE123
C:\windows\System32\DRIVERS\Sftredirlh.sys F1D1B1DC7A8765A09D7640FBF8D20970
C:\windows\System32\DRIVERS\Sftvollh.sys B3B9ADE7F8C4AF0C20E712E040588543
C:\windows\System32\DRIVERS\SiSG664.sys 1BC348CF6BAA90EC8E533EF6E6A69933