shizen
17
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.11.2018
Ran by shizen (ATTENTION: The user is not administrator) on DESKTOP-2NQCCQ5 (14-11-2018 22:27:35)
Running from C:\Users\shizen\Desktop
Loaded Profiles: pkame & shizen (Available Profiles: pkame & shizen & invitadx & DefaultAppPool)
Platform: Windows 10 Pro Version 1803 17134.407 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> dwm.exe
Failed to access process -> ekrn.exe
Failed to access process -> svchost.exe
Failed to access process -> NVDisplay.Container.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spaceman.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> WinFLService.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> DbxSvc.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> pdisrvc.exe
Failed to access process -> atkexComSvc.exe
Failed to access process -> svchost.exe
Failed to access process -> armsvc.exe
Failed to access process -> oodag.exe
Failed to access process -> DTSRVC.exe
Failed to access process -> GfExperienceService.exe
Failed to access process -> svchost.exe
Failed to access process -> NvNetworkService.exe
Failed to access process -> SecurityHealthService.exe
Failed to access process -> svchost.exe
Failed to access process -> redis-server.exe
Failed to access process -> dasHost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SMSvcHost.exe
Failed to access process -> svchost.exe
Failed to access process -> NVDisplay.Container.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SgrmBroker.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Discord Inc.) C:\Users\shizen\AppData\Local\Discord\app-0.0.301\Discord.exe
Failed to access process -> DiscSoftBusService.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Philips Display\SmartControl\dthtml.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Users\shizen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System Transparency.exe
Failed to access process -> svchost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Portrait Displays Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
Failed to access process -> SearchIndexer.exe
(Discord Inc.) C:\Users\shizen\AppData\Local\Discord\app-0.0.301\Discord.exe
Failed to access process -> DPHelper.exe
Failed to access process -> DPHelper64.exe
(Discord Inc.) C:\Users\shizen\AppData\Local\Discord\app-0.0.301\Discord.exe
(Discord Inc.) C:\Users\shizen\AppData\Local\Discord\app-0.0.301\Discord.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
(O&O Software GmbH) C:\Users\shizen\Desktop\OODefragProfessional22ENU.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodcnt.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
Failed to access process -> svchost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Uderzo Software e Consulenza Informatica) C:\Users\shizen\Downloads\spacesniffer_1_3_0_2\SpaceSniffer.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Calculator.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> GoogleUpdate.exe
Failed to access process -> SpaceAgent.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8838400 2016-06-07] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\ecmds.exe [177928 2018-11-08] (ESET)
HKLM-x32\...\Run: [DT PLP] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [122384 2013-08-12] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3785536 2018-11-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKU\S-1-5-21-2371037255-1671942177-3171540955-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-2371037255-1671942177-3171540955-1002\...\Run: [Discord] => C:\Users\shizen\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-2371037255-1671942177-3171540955-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-2371037255-1671942177-3171540955-1002\...\Run: [EpicGamesLauncher] => "G:\juegos instalados\paragon\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
HKU\S-1-5-21-2371037255-1671942177-3171540955-1002\...\MountPoints2: {8aeeeb1d-61a0-11e6-8dec-382c4aafbadd} - "E:\SetZTyUC.exe"
AppInit_DLLs: C:\AeroGlass\UxThemeSignatureBypass\UxThemeSignatureBypass64.dll => C:\AeroGlass\UxThemeSignatureBypass\UxThemeSignatureBypass64.dll [131072 2014-11-25] (Big Muscle)
Lsa: [Authentication Packages] msv1_0 SshdPinAuthLsa
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2015-12-31]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk [2018-11-13]
ShortcutTarget: O&O Defrag Tray.lnk -> C:\Windows\Installer\{39CEBE6D-95CA-43A8-A4D8-9E2B18E3F786}\app_icon.exe ()
Startup: C:\Users\shizen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk [2018-05-16]
ShortcutTarget: DesktopVideoPlayer.lnk -> C:\Users\shizen\AppData\Local\vghd\bin\vghd.exe (Totem Entertainment)
Startup: C:\Users\shizen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iStripper.lnk [2018-01-10]
ShortcutTarget: iStripper.lnk -> C:\Users\shizen\AppData\Local\vghd\bin\vghd.exe (Totem Entertainment)
Startup: C:\Users\shizen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2018-01-13]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
Startup: C:\Users\shizen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System Transparency.exe [2010-02-21] ()
GroupPolicy: Restriction ? <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{6fa95107-9fd8-4726-b9fa-0c54422f7e87}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{af1c97cf-3555-4c31-b323-9b8d2a12895a}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{b0ad5a90-72d8-43bd-b640-1e4c3b1fc923}: [DhcpNameServer] 192.168.149.254
Tcpip\..\Interfaces\{c1ef8e46-3439-4342-a6f1-a85b5b14026c}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{c443a4d4-5776-49ca-88ed-1d49800da54e}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{c58ca409-258a-4dd5-a39e-aa4634fb9efb}: [DhcpNameServer] 192.168.100.1
Internet Explorer:
==================
URLSearchHook: [S-1-5-21-2371037255-1671942177-3171540955-1001] ATTENTION => Default URLSearchHook is missing
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-11-12] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-12] (Oracle Corporation)
FireFox:
========
FF DefaultProfile: o9rbacqe.default
FF ProfilePath: C:\Users\shizen\AppData\Roaming\Mozilla\Firefox\Profiles\o9rbacqe.default [2018-11-14]
FF Extension: (Firefox Monitor) - C:\Users\shizen\AppData\Roaming\Mozilla\Firefox\Profiles\o9rbacqe.default\features\{d695fb02-2437-449d-8f30-4e8e144e0c05}\[email protected] [2018-11-13]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_148.dll [2018-11-13] ()
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-12] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_148.dll [2018-11-13] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\shizen\AppData\Local\Google\Chrome\User Data\Default [2018-11-14]
CHR Extension: (Presentaciones) - C:\Users\shizen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Documentos) - C:\Users\shizen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\shizen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-28]
CHR Extension: (Galaxy Aero 1440p) - C:\Users\shizen\AppData\Local\Google\Chrome\User Data\Default\Extensions\baobdjafbehnhgceapbejnfcfebhoafb [2017-05-29]
CHR Extension: (YouTube) - C:\Users\shizen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-28]
CHR Extension: (Adblock Plus) - C:\Users\shizen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-11-05]
CHR Extension: (Save emails to PDF) - C:\Users\shizen\AppData\Local\Google\Chrome\User Data\Default\Extensions\dngbhajancmfmdnmhhdknhooljkddgnk [2018-10-04]
CHR Extension: (Share on Rabbit) - C:\Users\shizen\AppData\Local\Google\Chrome\User Data\Default\Extensions\dplabnbcafdgpcjmibgkekpaejlfhnkl [2017-11-20]
CHR Extension: (Session Buddy) - C:\Users\shizen\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2018-01-29]
CHR Extension: (Adobe Acrobat) - C:\Users\shizen\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-06-29]
CHR Extension: (Hojas de cálculo) - C:\Users\shizen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\shizen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-19]
CHR Extension: (MediaSave. Download music free) - C:\Users\shizen\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgbpkkdodfihabamnkhoaeamkdhnoec [2018-09-11]
CHR Extension: (Online Get them all) - C:\Users\shizen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdbendlehcinkcpbhikimkocbpknjgd [2017-11-17]
CHR Extension: (InstaG Downloader) - C:\Users\shizen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkdcmgmnegofdddphijckfagibepdlb [2018-07-11]
CHR Extension: (Video Downloader professional) - C:\Users\shizen\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmdldgcmokdpmacblnehppgkjphcbpnn [2018-09-26]
CHR Extension: (Bandcamp Saver) - C:\Users\shizen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkcjnkdkagdlpccdhohflbbaandekogh [2018-11-10]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\shizen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\shizen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-28]
CHR Extension: (Chrome Media Router) - C:\Users\shizen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-24]
CHR HKU\S-1-5-21-2371037255-1671942177-3171540955-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2015-12-31] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7356680 2018-09-25] ()
S3 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-11-23] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-11-23] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-11-06] (Dropbox, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2013-08-12] (Portrait Displays, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [784512 2018-09-12] (EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2302152 2018-11-08] (ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2302152 2018-11-08] (ESET)
R2 FLService; C:\WINDOWS\SysWow64\WinFLService.exe [94768 2017-05-04] (NewSoftwares.net)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
S3 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2018-06-11] (Hi-Rez Studios) [File not signed]
R3 lmhosts; C:\WINDOWS\System32\svchost.exe [51288 2018-04-12] (Microsoft Corporation)
R3 lmhosts; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation)
S3 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NlaSvc; C:\WINDOWS\System32\svchost.exe [51288 2018-04-12] (Microsoft Corporation)
R2 NlaSvc; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation)
R2 nsi; C:\WINDOWS\system32\svchost.exe [51288 2018-04-12] (Microsoft Corporation)
R2 nsi; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1719584 2018-09-18] (O&O Software GmbH)
R2 Redis; C:\Program Files\Redis\redis-server.exe [1553408 2016-07-01] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 SshBroker; C:\WINDOWS\system32\svchost.exe [51288 2018-04-12] (Microsoft Corporation)
S3 SshBroker; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation)
S3 sshd; C:\WINDOWS\System32\OpenSSH\sshd.exe [970240 2018-05-20] ()
S3 SshdBroker; C:\WINDOWS\system32\svchost.exe [51288 2018-04-12] (Microsoft Corporation)
S3 SshdBroker; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation)
S3 SshProxy; C:\WINDOWS\system32\svchost.exe [51288 2018-04-12] (Microsoft Corporation)
S3 SshProxy; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-12] (Microsoft Corporation)
S3 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-21] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2015-12-31] ()
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4320176 2017-04-16] (Qualcomm Atheros Communications, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2017-01-16] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-08-14] (Disc Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [143448 2018-11-08] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [107896 2018-11-08] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15872 2018-07-12] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [188832 2018-11-08] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50144 2018-11-08] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [82304 2018-11-08] (ESET)
S1 EpfwLWF; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [62640 2018-02-22] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [109864 2018-11-08] (ESET)
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2014-08-11] ()
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2018-02-19] (Glarysoft Ltd)
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-03-22] (LogMeIn Inc.)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [27552 2018-02-28] (REALiX(tm))
R2 NEWDRIVER; C:\WINDOWS\SysWow64\WinVDEdrv6.sys [197648 2017-05-04] ()
S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 PdiPorts; C:\WINDOWS\System32\drivers\PdiPorts.sys [20784 2012-04-16] (Portrait Displays, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-12] (Realtek )
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics Co., Ltd.)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [213080 2018-08-14] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [222864 2018-08-14] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)
R1 WinFLAdrv; C:\Windows\SysWow64\WinFLAdrv.sys [36472 2017-05-04] ()
R2 WinVDEDrv; C:\WINDOWS\SysWow64\WinVDEdrv.sys [225680 2017-05-04] (NewSoftwares.net, Inc.)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [55704 2018-11-11] (Wellbia.com Co., Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)