Topic: How to stop hacker (using UAC)
View Single Post
  #8  
Old September 9th, 2017, 05:42 PM
Sonic Feathers Sonic Feathers is offline
Member
  
Join Date: Sep 2017
Posts: 53
Olgun, here is FRST 2.txt (4x the permitted length ???? Will have to do in 1/4's x 4)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2017
Ran by Darryl (administrator) on WIZARDS-PC (09-09-2017 17:49:07)
Running from C:\Users\Darryl\Desktop
Loaded Profiles: Darryl (Available Profiles: Darryl)
Platform: Microsoft Windows 7 Home Basic Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\MTN Online\ApplicationController.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.ex e
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
() C:\Program Files\HSPA USB Modem\Driver\DevMon.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdwtxag.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManage r.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics) C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe
(Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdwtxcr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe [304608 2017-08-31] (Bitdefender)
HKLM\...\Run: [DevMon] => C:\Program Files\HSPA USB Modem\Driver\DevMon.exe [45056 2013-12-06] ()
HKU\S-1-5-21-917511795-3256536166-560280740-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-917511795-3256536166-560280740-1000\...\MountPoints2: {607f1b2b-74b3-11e7-97a5-90a4de6a0dc0} - G:\autorun.exe
HKU\S-1-5-21-917511795-3256536166-560280740-1000\...\MountPoints2: {6becfb10-876c-11e7-9b5a-90a4de6a0dc0} - F:\setup.exe
HKU\S-1-5-21-917511795-3256536166-560280740-1000\...\MountPoints2: {6becfc34-876c-11e7-9b5a-90a4de6a0dc0} - F:\setup.exe
HKU\S-1-5-21-917511795-3256536166-560280740-1000\...\MountPoints2: {77038b86-6a48-11e7-bf5e-90a4de6a0dc0} - G:\setup.exe
HKU\S-1-5-21-917511795-3256536166-560280740-1000\...\MountPoints2: {8360031e-7f78-11e7-9ad5-90a4de6a0dc0} - F:\AutoRun.exe
HKU\S-1-5-21-917511795-3256536166-560280740-1000\...\MountPoints2: {afdbea82-90f2-11e7-96d7-90a4de6a0dc0} - F:\setup.exe
HKU\S-1-5-21-917511795-3256536166-560280740-1000\...\MountPoints2: {e0d0c9a4-6990-11e7-9fa4-90a4de6a0dc0} - F:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2017-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BdBkpFolder [2017-08-02] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 168.210.2.2 196.14.239.2 168.210.2.2 196.14.239.2
Tcpip\..\Interfaces\{86C1B4A6-2E7E-4EAC-B43D-5C24A8C91A30}: [DhcpNameServer] 168.210.2.2 196.14.239.2 168.210.2.2 196.14.239.2
Tcpip\..\Interfaces\{DD0E4987-FE7E-4B4E-BD96-BA9F8683CC36}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{F481106B-D2B0-446C-818C-5B39B3DF0A40}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-917511795-3256536166-560280740-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.loveme.com/pickoftheday.shtml
HKU\S-1-5-21-917511795-3256536166-560280740-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-917511795-3256536166-560280740-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2017-08-31] (Bitdefender)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-12] (Oracle Corporation)
BHO: W2PBrowser Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-08-23] ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-12] (Oracle Corporation)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2017-08-31] (Bitdefender)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff [2017-07-14]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2017-07-14] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1 .dll [2017-08-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-12] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-03-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-14] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.loveme.com/mp/PickOfTheDay.shtml"
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> global
CHR Profile: C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default [2017-09-09]
CHR Extension: (Google Slides) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2017-07-14]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aicjkkmjijnlncpkailhjcdfke chjbpl [2017-07-18]
CHR Extension: (Google Docs) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2017-07-14]
CHR Extension: (Google Drive) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2017-07-14]
CHR Extension: (YouTube) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2017-07-14]
CHR Extension: (Adblock Plus) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddi lifddb [2017-07-18]
CHR Extension: (Google Sheets) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2017-07-14]
CHR Extension: (Bitdefender Wallet) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigca poeebl [2017-07-16]
CHR Extension: (Google Docs Offline) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2017-07-15]
CHR Extension: (Windscribe - Free VPN and Ad Block) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcna nddlhb [2017-08-04]
CHR Extension: (Ubuntu light-themes scrollbars) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikdfeaeaecoffpjoodiihgejn bfigln [2017-07-18]
CHR Extension: (Webutation) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfclfmabiojpommfcalfdgjjea ahnjbj [2017-07-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2017-07-14]
CHR Extension: (Chrome Media Router) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2017-08-11]
CHR Profile: C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-09-08]
CHR Extension: (Google Slides) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-08]
CHR Extension: (Google Docs) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-08]
CHR Extension: (Google Drive) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-08]
CHR Extension: (YouTube) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-08]
CHR Extension: (Google Sheets) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-09-08]
CHR Extension: (Bitdefender Wallet) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2017-09-08]
CHR Extension: (Google Docs Offline) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-08]
CHR Extension: (Gmail) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-08]
CHR Extension: (Chrome Media Router) - C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-08]
CHR Profile: C:\Users\Darryl\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-08]
CHR HKLM\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [1847960 2017-08-30] (Bitdefender)
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [87472 2017-06-27] (Bitdefender)
R2 FLAME II MTN MODEM Service; C:\Program Files\MTN Online\ApplicationController.exe [574464 2015-12-15] () [File not signed]
S2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] ()
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1269824 2017-06-21] (Bitdefender)
S3 Samsung UPD Service; C:\windows\System32\SUPDSvc.exe [131888 2010-08-09] (Samsung Electronics CO., LTD.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10803440 2017-07-26] (TeamViewer GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [175768 2017-08-31] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe [1229856 2017-08-31] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 atc; C:\windows\System32\DRIVERS\atc.sys [740824 2017-06-07] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 avc3; C:\windows\System32\DRIVERS\avc3.sys [1290472 2017-04-19] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107168 2017-05-31] (BitDefender LLC)
R0 bdprivmon; C:\windows\System32\DRIVERS\bdprivmon.sys [43064 2017-05-11] (© Bitdefender SRL)
R1 BDVEDISK; C:\windows\System32\DRIVERS\bdvedisk.sys [83824 2015-12-04] (BitDefender)
R3 btwampfl; C:\windows\System32\drivers\btwampfl.sys [297000 2010-07-14] (Broadcom Corporation.)
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [94208 2010-08-10] (ELAN Microelectronics Corp.)
R0 gzflt; C:\windows\System32\DRIVERS\gzflt.sys [152784 2017-05-11] (BitDefender LLC)
S3 hwdatacard; C:\windows\System32\DRIVERS\ZDDriver.sys [106496 2010-01-14] (ZD Secret Incorporated)
R0 Ignis; C:\windows\System32\DRIVERS\ignis.sys [282712 2017-06-08] (Bitdefender)
S3 SCDModem; C:\windows\System32\DRIVERS\SCDModem.sys [22528 2016-02-01] (SCD-MBB Device)
S3 SCDSerials; C:\windows\System32\DRIVERS\SCDSerials.sys [22528 2016-02-01] (SCD-MBB Device)
S3 SCDUsbHub; C:\windows\System32\DRIVERS\SCDUsbHub.sys [15272 2016-02-01] (DriverCoding Incorporated.)
R3 teamviewervpn; C:\windows\System32\DRIVERS\teamviewervpn.sys [25088 2017-04-20] (TeamViewer GmbH)
R0 trufos; C:\windows\System32\DRIVERS\trufos.sys [376664 2017-04-11] (BitDefender S.R.L.)
R1 WinDetect; C:\windows\system32\Drivers\windetect.sys [16720 2017-02-26] (HeavenWard)

========================== Drivers MD5 =======================

C:\windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\windows\system32\drivers\afd.sys F582FC7976F1248AC5FBD6875C626B41
C:\windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\windows\system32\drivers\appid.sys 619005EB05113331F0081369C4488F9A
C:\windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\atc.sys F7E7D7B2C9A0C9F36A20EF637518D359
C:\windows\System32\DRIVERS\avc3.sys FD5BD88A850FECE0D2FFB384D016B0CD
C:\windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\bcmwl6.sys 9E209171C51B1D750F53777253B80E81
C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys 6421A76A7AA1C9EE60CAFD7C432F4510
C:\windows\System32\DRIVERS\bdprivmon.sys 6AAF1E936844721086009C83CE05B195
C:\windows\System32\DRIVERS\bdvedisk.sys 4ABE98479C0D30D36D1E5C15567F78D9
C:\windows\system32\Drivers\Beep.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\bowser.sys 28AF7D4427868B7CE4C00CAB1864C7F6
C:\windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\windows\system32\drivers\BthEnum.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\windows\system32\drivers\bthpan.sys F6AA1FE6ECB2C175E9BA14D30C739FD3
C:\windows\System32\Drivers\BTHport.sys 1153DE2E4F5941E10C399CB5592F78A1
C:\windows\System32\Drivers\BTHUSB.sys C81E9413A25A439F436B1D4B6A0CF9E9
C:\windows\System32\drivers\btwampfl.sys 525432CFD6D8C004860AF7ECD0A84234
C:\windows\System32\drivers\btwaudio.sys CF8799A563F734984D4E053CACEC1426
C:\windows\System32\drivers\btwavdt.sys 9ED9932043D599AEA04F6EA2D86964A1
C:\windows\System32\DRIVERS\btwl2cap.sys DE53089F0678CB5F0AFEB867ACB0FB05
C:\windows\System32\DRIVERS\btwrchid.sys 373D1BB0F7DC8F1931F9B7E0DE3E9A30
C:\windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\windows\System32\CLFS.sys 000B58009E5D0962C0A71D6477029A3F
C:\windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\windows\System32\Drivers\cng.sys 7F7D4B16389CEF932950F6B2604D2601
C:\windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\windows\System32\Drivers\dfsc.sys EA9DBD76CE9254C77BAAB4339DD4C4FB
C:\windows\System32\drivers\discache.sys ==> MD5 is legit
C:\windows\System32\drivers\disk.sys B7B470F163002A0D0E381EE45834BF6B
C:\windows\system32\drivers\drmkaud.sys A3F684B866A7D89AE396276CE7AFD416
C:\windows\System32\drivers\dxgkrnl.sys 897AE9430D037B056CF76A49CF588542
C:\windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\ETD.sys 8F08AF5E6C08A48D44D7E430637AEC2E
C:\windows\system32\Drivers\exfat.sys 53E8732CC70CC0991839DF9FC8996E4A
C:\windows\system32\Drivers\fastfat.sys 24F422E5D7517FEBDA2324116F1A7BE6
C:\windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\gzflt.sys 86F0B00670C9A92150D78F5ABB3C735E
C:\windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\windows\System32\drivers\HTTP.sys 2F50E2780F16E00369F1311B086C3E42
C:\windows\System32\DRIVERS\ZDDriver.sys 19F724C06078A6744C895B61F3AD4955
C:\windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\iaStor.sys EB3A2C773E202CED30595BBFAD24FEBF
C:\windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\windows\System32\DRIVERS\igdkmd32.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\ignis.sys 39E281DCE35E293F18DB32DE0A4CC939
C:\windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\windows\System32\drivers\RTKVHDA.sys 67365B1B9DB54734E9090137C77FB46C
C:\windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9
C:\windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\windows\System32\Drivers\ksecdd.sys 888EF30D8048546A3E80885838B67172
C:\windows\System32\Drivers\ksecpkg.sys F4774FD8CC540090B330658AD68A8C22
C:\windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\windows\System32\drivers\modem.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\windows\System32\drivers\mountmgr.sys 9664F55623B43FD85D5642A202976AEE
C:\windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\windows\system32\drivers\mrxdav.sys 06AC0310138E4B2C35AF7344D18BC686
C:\windows\System32\DRIVERS\mrxsmb.sys F99E3FCA0184ADBFF3DD323911BC9A96
C:\windows\System32\DRIVERS\mrxsmb10.sys 3BC83F9EBE675E40E3C62995A9A01F82
C:\windows\System32\DRIVERS\mrxsmb20.sys 11448B7D9A4848B6BA88849D03B87332
C:\windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\windows\system32\Drivers\Msfs.sys ==> MD5 is legit
C:\windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\windows\system32\Drivers\MsRPC.sys ==> MD5 is legit
C:\windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\windows\System32\drivers\ndis.sys 9804FB2E46077F2977552347DFCA7E05
C:\windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\windows\system32\Drivers\NDProxy.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\netbt.sys A00996C9BFEF29A93B9F21DBE1DC502D
C:\windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\windows\system32\Drivers\Npfs.sys ==> MD5 is legit
C:\windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\windows\system32\Drivers\Ntfs.sys 28B64D3792D4F692E45ECB0C3F98C19B
C:\windows\system32\Drivers\Null.sys ==> MD5 is legit
C:\windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\windows\System32\drivers\pci.sys ==> MD5 is legit
C:\windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\windows\System32\drivers\peauth.sys 0C941A3F148B4228867908F98F394461
C:\windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6
C:\windows\system32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693
C:\windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\rfcomm.sys CB928D9E6DAF51879DD6BA8D02F01321
C:\windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\Rt86win7.sys 7DFD48E24479B68B258D8770121155A0
C:\windows\system32\Drivers\SABI.sys 6E5FBB7CBAEC47038B945D5E9B144A64
C:\windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\SCDModem.sys 1E0C2621C6EBB3AA7B87B340A3E2127A
C:\windows\System32\DRIVERS\SCDSerials.sys 28DE4E70013FECA323558A0F2DAF4B54
C:\windows\System32\DRIVERS\SCDUsbHub.sys 36646E2678E5F5577DE6CFA122122CDC
C:\windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\windows\system32\Drivers\spldr.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\srv.sys EE337A0E80C2554D42487E29C4E41E24
C:\windows\System32\DRIVERS\srv2.sys 722EDCF256AFD35538E69A933A908CA2
C:\windows\System32\DRIVERS\srvnet.sys BDF998A504EED01787CCA371980EAEDE
C:\windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\windows\System32\drivers\tcpip.sys C25848DB4A86839A7EDD1077F62AD980
C:\windows\System32\DRIVERS\tcpip.sys C25848DB4A86839A7EDD1077F62AD980
C:\windows\System32\drivers\tcpipreg.sys A4BF8BE9D1F7D563C7868AC7B2561545
C:\windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\windows\System32\DRIVERS\tdx.sys 8F143F86FDD8CF4F7BD25973C5983F9D
C:\windows\System32\DRIVERS\teamviewervpn.sys 9101FFFCFCCD1A30E870A5B8A9091B10
C:\windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\trufos.sys F9668216E2E4FFD53AF1992DCA96B308
C:\windows\System32\DRIVERS\tssecsrv.sys B89F89A2308E9569A1022A50F78C5506
C:\windows\System32\drivers\tsusbflt.sys C6A5FBD4977305E1FA23E02C042DB463
C:\windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\usbccgp.sys 325A69967CC7B4BFB170F5636143A94A
C:\windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\windows\system32\drivers\usbehci.sys 5D57798CAE5A0DD0B8F61C52B8E7C3D1
C:\windows\system32\drivers\usbhub.sys 3835ECC1E928042F92D7AA1963D40523
C:\windows\system32\drivers\usbohci.sys 81E1E90305A4C7A13BADC5DFA22ABA37
C:\windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\USBSTOR.SYS 144DA53294922A84FFAA3D90B1453745
C:\windows\system32\drivers\usbuhci.sys B4A1789BE90403D9549EF9DBAD37A429
C:\windows\System32\Drivers\usbvideo.sys DE014425522610BEDCA3821BB8C0F1D5
C:\windows\System32\DRIVERS\usb8023x.sys AF77716205C97E902E6C5B78DECE2CCA
C:\windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\windows\System32\drivers\vga.sys ==> MD5 is legit
C:\windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\windows\System32\drivers\volmgrx.sys 21D83DD717E8D681364A5E44A5459717
C:\windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\vwififlt.sys 632F1B4B573B19CE0C80DF8432D1F65D
C:\windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\windows\system32\Drivers\windetect.sys 3D4DCA5D2F0B3DE8D18C742A66743042
C:\windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
C:\windows\System32\DRIVERS\yk62x86.sys 49D10B542DACFBB0E2EBF3E59F83EF21