Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015 Ran by Isaac (administrator) on ISAAC-PC (02-11-2015 07:59:34) Running from C:\Users\Isaac\Desktop Loaded Profiles: Isaac (Available Profiles: Isaac) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Português (Brasil) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe () C:\Users\Isaac\AppData\Roaming\svchost.exe () C:\Users\Isaac\AppData\Roaming\javaw.exe (AVAST Software) C:\Program Files\AVAST Software\SecureLine\SecureLine.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe () C:\Users\Isaac\AppData\Roaming\winlogon.exe () C:\Users\Isaac\AppData\Local\Temp\Trojan.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe (Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\regedit.exe () C:\Users\Isaac\AppData\Local\Temp\winlrnich.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2010-09-21] (Realtek Semiconductor) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-10-13] (AVAST Software) HKLM-x32\...\Run: [GrooveMonitor] => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-09-16] (Oracle Corporation) HKLM-x32\...\Run: [WindowsDefender] => C:\Windows\Microsoft\Pluguin.exe HKLM-x32\...\Run: [1730ae3fba8277bb580bf81a7c52f7b2] => C:\Users\Isaac\AppData\Roaming\svchost.exe [28160 2015-11-02] () HKLM-x32\...\Run: [HKLM] => C:\Windows\InstallDir\svchost.exe HKLM-x32\...\Run: [WindowsUpdate] => C:\Users\Isaac\AppData\Local\Temp\temp\Windows Update.exe [106496 2015-11-01] () <===== ATTENTION HKLM-x32\...\Run: [8fec47ea2031d7c684beb0d0a36361b8] => C:\Users\Isaac\AppData\Roaming\winlogon.exe [29184 2015-11-01] () HKLM-x32\...\Run: [5cd8f17f4086744065eb0992a09e05a2] => C:\Users\Isaac\AppData\Local\Temp\Trojan.exe [28672 2015-10-29] () <===== ATTENTION HKLM-x32\...\Run: [2b92dd5c33f53d3a1070641c28143217] => "C:\Users\Isaac\AppData\Roaming\javaw.exe" .. HKLM-x32\...\Run: [23556fb1360f366337f97c924e76ead3] => C:\Users\Isaac\AppData\Roaming\svchost.exe [28160 2015-11-02] () HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\ProgramData\Microsoft\Windows\Start Menu\MSDCSC\msdcsc.exe,userinit.exe,C:\ProgramData\Microsoft\Windows\Start Menu\WindowsUpdate\bPyF3B5E17ZZ\WindowsUpdate.exe,C:\ProgramData\Microsoft\Windows\Start Menu\WindowsUpdate\hFEpBkV54QED\WindowsUpdate.exe,C:\ProgramData\Microsoft\Windows\Start Menu\WindowsUpdate\hFEpBkV54QED\hFEpBkV54QED\WindowsUpdate.exe,C:\ProgramData\Microsoft\Windows\Start Menu\WindowsUpdate\hFEpBkV54QED\hFEpBkV54QED\WindowsUpdate.exe,C:\ProgramData\Microsoft\Windows\Start Menu\WindowsUpdate\hFEpBkV54QED\hFEpBkV54QED\WindowsUpdate.exe,C:\ProgramData\Microsoft\Windows\Start Menu\WindowsUpdate\hFEpBkV54QED\hFEpBkV54QED\WindowsUpdate.exe,C:\ProgramData\Microsoft\Windows\Start Menu\WindowsUpdate\hFEpBkV54QED\WindowsUpdate.exe,C:\ProgramData\Microsoft\Windows\Start Menu\WindowsUpdate\hFEpBkV54QED\WindowsUpdate.exe,C:\ProgramData\Microsoft\Windows\Start Menu\WindowsUpdate\hFEpBkV54QED\hFEpBkV54QED\WindowsUpdate.exe,C:\ProgramData\Microsoft\Windows\Start Menu\WindowsUpdate\hFEpBkV54QED\hFEpBkV54QED\WindowsUpdate.exe,C:\ProgramData\Microsoft\Windows\Start Menu\WindowsUpdate\hFEpBkV54QED\WindowsUpdate.exe Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [MicrosoftComponents] => C:\Windows\Microsoft\Pluguin.exe HKU\S-1-5-21-1107036118-1761596048-3296712473-1000\...\Run: [WindowsMonitor] => C:\ProgramData\Microsoft\Windows\Start Menu\WindowsUpdate\bPyF3B5E17ZZ\WindowsUpdate.exe [348160 2015-11-02] (Microsoft Corp.) HKU\S-1-5-21-1107036118-1761596048-3296712473-1000\...\Run: [23556fb1360f366337f97c924e76ead3] => C:\Users\Isaac\AppData\Roaming\svchost.exe [28160 2015-11-02] () HKU\S-1-5-21-1107036118-1761596048-3296712473-1000\...\Run: [5cd8f17f4086744065eb0992a09e05a2] => C:\Users\Isaac\AppData\Local\Temp\Trojan.exe [28672 2015-10-29] () <===== ATTENTION HKU\S-1-5-21-1107036118-1761596048-3296712473-1000\...\Run: [2b92dd5c33f53d3a1070641c28143217] => "C:\Users\Isaac\AppData\Roaming\javaw.exe" .. HKU\S-1-5-21-1107036118-1761596048-3296712473-1000\...\Run: [8fec47ea2031d7c684beb0d0a36361b8] => C:\Users\Isaac\AppData\Roaming\winlogon.exe [29184 2015-11-01] () HKU\S-1-5-21-1107036118-1761596048-3296712473-1000\...\Policies\Explorer\Run: [MicrosoftComponents] => C:\Windows\Microsoft\Pluguin.exe HKU\S-1-5-21-1107036118-1761596048-3296712473-1000\...\Policies\system: [EnableLUA] 0 HKU\S-1-5-21-1107036118-1761596048-3296712473-1000\...\MountPoints2: {f5a8f79a-7103-11e5-8f4f-984be1924dbf} - E:\LGAutoRun.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-13] (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\avast! SecureLine.lnk [2015-10-21] ShortcutTarget: avast! SecureLine.lnk -> C:\Program Files\AVAST Software\SecureLine\SecureLine.exe (AVAST Software) Startup: C:\Users\Isaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\23556fb1360f366337f97c924e76ead3.exe [2015-11-02] () Startup: C:\Users\Isaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2b92dd5c33f53d3a1070641c28143217.exe [2015-10-29] () Startup: C:\Users\Isaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5cd8f17f4086744065eb0992a09e05a2.exe [2015-10-29] () Startup: C:\Users\Isaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8fec47ea2031d7c684beb0d0a36361b8.exe [2015-11-01] () AlternateShell: GroupPolicyScripts\User: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{7e8f23f3-8130-4089-a99a-9017fc8b546d} <======= ATTENTION (Restriction - IP) ProxyServer: [S-1-5-21-1107036118-1761596048-3296712473-1000] => 191.33.171.138:8080 AutoConfigURL: [S-1-5-21-1107036118-1761596048-3296712473-1000] => hxxp://www.remingtoncars.cz/images/banners/IMG_060b1o2s0s14_1202422cc.png Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{9228094F-F2D6-4E8D-B820-71F2CF5BFC8A}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-1107036118-1761596048-3296712473-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1444787971&z=c8a29dc143ea908c6f3cd40g7z9z9z5m5b5m2t5m4g&from=cor&uid=hitachixhts543232a7a384_e2436343dhl4rkdhl4rkx&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1444787971&z=c8a29dc143ea908c6f3cd40g7z9z9z5m5b5m2t5m4g&from=cor&uid=hitachixhts543232a7a384_e2436343dhl4rkdhl4rkx&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1444787971&z=c8a29dc143ea908c6f3cd40g7z9z9z5m5b5m2t5m4g&from=cor&uid=hitachixhts543232a7a384_e2436343dhl4rkdhl4rkx&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1444787971&z=c8a29dc143ea908c6f3cd40g7z9z9z5m5b5m2t5m4g&from=cor&uid=hitachixhts543232a7a384_e2436343dhl4rkdhl4rkx&q={searchTerms} HKU\S-1-5-21-1107036118-1761596048-3296712473-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-1107036118-1761596048-3296712473-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=blackbear15 HKU\S-1-5-21-1107036118-1761596048-3296712473-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006 SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKU\S-1-5-21-1107036118-1761596048-3296712473-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id={95E84B30-F1FF-4D97-9848-EA11CA9A5280}&gp=blackbear15 SearchScopes: HKU\S-1-5-21-1107036118-1761596048-3296712473-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-1107036118-1761596048-3296712473-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id={95E84B30-F1FF-4D97-9848-EA11CA9A5280}&gp=blackbear15 BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-10-13] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-12] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-10-13] (AVAST Software) BHO-x32: Auxiliar de Conexão de Conta da Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-12] (Oracle Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-12] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-12] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-12] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-12] (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-13] [not signed] Chrome: ======= CHR HomePage: Default -> hxxp://mail.ru/cnt/10445?gp=blackbear16 CHR StartupUrls: Default -> "hxxp://www.google.com.br/" CHR Profile: C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Super Noticias) - C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\cemclcfmknikcahmmjmhhfafmkgpfnbi [2015-10-29] CHR Extension: (Gotas de chuva(Non-Aero)) - C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpagcfbbmlebfnkeogkigellbgmfkjfg [2015-10-29] CHR Extension: (Wappalyzer) - C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppongmhjkpfnbhagpmjfkannfbllamg [2015-11-01] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-21] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-10-13] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 Apache2.2; C:\AppServ\Apache2.2\bin\httpd.exe [24635 2008-01-17] (Apache Software Foundation) [File not signed] S4 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-13] (AVAST Software) [File not signed] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation) S4 ihpmServer; C:\Program Files (x86)\RayDld\ihpmServer.exe [270568 2015-10-12] () S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed] S4 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [445240 2015-05-12] () S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-08-27] (Microsoft Corporation) S2 BrGuard; C:\Users\Isaac\Desktop\Hacking\Pack - Sasuke\Anti DDoS\BrGuard Anti-DDoS 4.0\BrGuardService.exe [X] S3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [X] S4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon90 [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 aswRvrt; no ImagePath S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-09-05] (The OpenVPN Project) S0 aswVmm; no ImagePath S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-02] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) S2 aswHwid; \SystemRoot\system32\drivers\aswHwid.sys [X] S2 aswMonFlt; \SystemRoot\system32\drivers\aswMonFlt.sys [X] S1 aswRdr; \SystemRoot\system32\drivers\aswRdr2.sys [X] S1 aswSnx; \SystemRoot\system32\drivers\aswSnx.sys [X] S1 aswSP; \SystemRoot\system32\drivers\aswSP.sys [X] S2 aswStm; \SystemRoot\system32\drivers\aswStm.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] S3 xspirit; \??\C:\Windows\xspirit.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)